Strategy & Technical Considerations for Successful Enterprise DevOps
Credit: metamorworks
By Jon Collins Strategy & Technical Considerations for Successful Enterprise DevOps 09/18/2018
Table of Contents 1. Summary 2. Why Enterprise DevOps and What Makes It So Hard? 3. Shift to Customer-Centricity 4. Deliver Agile Best Practice 5. Connect Data and Services 6. Automate Development and Delivery 7. Orchestrate and Operate Infrastructure 8. Conclusion 9. About Jon Collins 10. About GigaOm 11. Copyright
Strategy & Technical Considerations for Successful Enterprise DevOps 2 1 Summary
This report covers enterprise drivers, pain points, and contextual factors that make DevOps both essential and difficult to achieve in larger organizations.
DevOps brings a number of benefits to enterprises looking to deliver technology-based solutions more quickly. It can increase business value and reduce costs by: enabling new ideas to be tested, adopted or adapted; bringing engineering and business teams together; reducing time to market; shortening development cycles; increasing responsiveness to new requirements, incidents, and threats; and reinforcing a brand’s position as leading-edge and customer-focused.
The five fundamental pillars to Enterprise DevOps enable the model to broaden outside of individual initiatives. They include: considering the need to shift to customer-centricity; delivering agile best practice; connecting data and services; automating deployment and delivery; and finally, orchestrating operations infrastructure.
In each of these areas, the challenges of enterprise business-as-usual cause what might be termed “DevOps Friction,” that is, overheads that risk slowing down DevOps cycles and therefore undermining the benefits it can bring. A wide range of tools and technology vendors exists to respond to each of these challenges.
While many tools exist to support DevOps, the litmus test for their effectiveness is how much friction they remove from the development pipeline, increasing efficiency without undermining governance, for example, through self-service or rules-based decisions.
In order to deliver a comprehensive DevOps solution, enterprise decision makers must evaluate their breadth of needs over the next one to three years. Then they must limit their field of vision to the subset of capabilities that will meet the majority of their requirements, which includes setting a target platform strategy, a delivery strategy, and a toolchain strategy in response.
The DevOps approach is fundamental to what is currently being called digital transformation. To be clear, a transformation to the digitally-enabled enterprise is also a transformation to using DevOps: either both will succeed, or both will fail. And just as digital transformation requires executive buy-in, so does DevOps.
In the future, it is likely that a common set of practices and standards will emerge from DevOps; that the market landscape for tools will consolidate and simplify; and that infrastructure
Strategy & Technical Considerations for Successful Enterprise DevOps 3 platforms will become increasingly automated; a symptom of all three will be the increasing use of AI. We would therefore advise any enterprise to embrace the principles of DevOps, which are unlikely to change, whilst seeing any toolchain as an enabler to delivering on DevOps today.
Strategy & Technical Considerations for Successful Enterprise DevOps 4 2 Why Enterprise DevOps and What Makes It So Hard?
Today’s enterprises are under pressure to deliver a consistent return to investors while satisfying existing customers and maintaining brand awareness and reputation. CMOs and other lines of business are increasingly responsible for large parts of the technology budget. At the same time, boardrooms face an onslaught of digital propaganda—from media, consulting firms and indeed, analysts—who tell them they need to transform if they are to keep up with the competition.
Against this background, technology has become its own worst enemy. Repeated deployments of infrastructure and software have created legacy environments that slow rather than enable progress. Cloud-based solutions have the potential to unblock this bottleneck, and many enterprises look enviously at organizations, which are unencumbered by existing infrastructure and processes, that have come from nowhere to become a competitive threat.
Enterprises know they have to deliver technology-based solutions more quickly, if they are to stay relevant. In principle, rapid delivery:
• enables new ideas to be tested, adopted, or adapted based on evolving customer need
• brings engineering and business teams together, enabling more customer-centric outcomes
• reduces time to market, delivering a first-mover advantage and increasing revenues
• shortens development cycles, increasing productivity and reducing delivery costs
• increases responsiveness to new requirements, incidents, and threats
• reinforces a brand’s position as leading-edge and customer-focused
Software development practices have been evolving for many years to enable these benefits; however, a gulf has remained between enterprise developers and operations teams. The goal of DevOps is to close this gap through the use of automated deployment, shared information, and increased collaboration. This models the way in which newer startups tend to work, unlocking the benefits of rapid delivery.
While the reasons to adopt DevOps—deliver faster and with higher quality, increase business value, and reduce cost—are increasingly well-established, larger organizations can struggle to move beyond the application team’s DevOps initiative to a broader, business-wide adoption.
Strategy & Technical Considerations for Successful Enterprise DevOps 5 The journey to enterprise DevOps can hit a number of bottlenecks, notably around governance, quality assurance, and communication, each of which creates what we might term “DevOps Friction.”
DevOps Friction is not something that can be smoothed away with best practice or automation, as it goes to the heart of what make an enterprise tick. In this report, we distill down the results of multiple conversations and briefings with enterprise organizations, best practice experts and indeed, tools vendors, into five enablers that need to be considered in order to successfully expand the role of DevOps in the enterprise. Their order is deliberate:
1. Shift to customer-centricity.If DevOps is about speeding up delivery, we must start with what is being delivered, and why. Across verticals, today’s business success stories are no longer about brand, product, selection, model, or any other historical factor alone, but in how they enable customers to succeed and achieve their own goals.
2. Deliver best practice.DevOps marks a cultural shift from slower, linear practices, to faster approaches that bring in rapid iteration and parallelism. Its procedures and steps are one part of a greater mindset shift, without which progress will be slowed and organizations risk reverting to old ways of doing things.
3. Connect data and services.In terms of deliverables, DevOps success depends on how well platforms of data and existing/new services can be brought along, not just for the ride but in a way that adapts to changing circumstances.
Strategy & Technical Considerations for Successful Enterprise DevOps 6 4. Automate deployment.Automation, the traditional heartland of DevOps tooling, remains important. However, it needs to be considered in the context of the first three enablers, to ensure that any progress made in automation is not undermined by challenges in other areas.
5. Operate and orchestrate resources.Finally, the availability of a commoditized, flexible platform is becoming table stakes for DevOps success. As platform and operational efficiency increases, so does the effectiveness of DevOps overall. Or in layperson’s terms, it’s easier to build more things, more quickly, if your pools of resources are more stable and flexible.
We look at each enabler in the sections below. Following a problem statement, we cover some of the challenges causing DevOps Friction, due to the additional effort they cause across the pipeline. We also cover a number of tools available today in response. Given the complexity of the tooling landscape, the report does not present an exhaustive feature comparison for each tool; rather, it focuses on what areas stand out.
Strategy & Technical Considerations for Successful Enterprise DevOps 7 3 Shift to Customer-Centricity
DevOps best practices serve a singular purpose, namely delivering technology-based applications and services that fit the evolving needs of the customer.
Enterprises as a whole will confirm that customers are hugely important; however, DevOps teams and structures may not be organized in such a way that they can respond to rapidly changing customer demand.
Enabling a shift to customer centricity requires three areas to be addressed across the DevOps cycle:
1. Optimize customer experience
2. Assure security and privacy
3. Test quality and non-functional criteria
We look at each below.
Strategy & Technical Considerations for Successful Enterprise DevOps 8 3.1. Optimize Customer Experience
Strategy & Business Considerations
As customers engage more directly with the enterprise, through online and mobile apps as well as customer service channels, customer experience has moved from being a nice-to-have to an essential need. This is as true in business-to-business (B2B) scenarios as in business-to- consumer; for example, in B2B, partner enterprises have increasing expectations in terms of the connectors and APIs available for their use.
Technology Challenges
Customer experience (CX) encompasses the requirement to be met, the mechanisms used to address it, and the look and feel of the interface (often called user experience, UX). For the enterprise, the challenges of delivering on their CX needs in the DevOps context include:
• Maintaining a picture of requirements.In DevOps terms, this means managing user stories, design requirements and so on, mapping these onto releases so decision makers can know when they are delivered.
• Presenting multiple versions of a service.In an ideal world, each group of customers would have a solution (services and software) optimized for the group, or indeed personalized to an individual. If a minimum viable product (MVP) is to be created, what features does this include?
• Meeting customer experience expectations.CX and UX combine to assure customers that they can engage with the organization in the ways they expect.
Overall, the feedback we have heard from the field can be summarized this way: there is no point in delivering software faster if it is not the right software.
Technology Landscape & Key Players
Requirements management is an established area of application lifecycle management (ALM), but few vendors offer tools that align CX with the needs of DevOps, while also integrating with the CI/CD pipeline. For example, the Perforce toolset incorporates requirements management features. Blueprint’s Storyteller product enables stakeholders to define customer-based needs collaboratively.
In terms of delivering on CX and UX needs, the Outsystems “low code” platform has been designed around creating customer-centric user experiences. Meanwhile, the Experitest and
Strategy & Technical Considerations for Successful Enterprise DevOps 9 Applitools platforms enable visual testing of interfaces, the latter with a cross-platform comparison capability.
3.2. Test Quality and Non-functional Criteria
Strategy & Business Considerations
Software testing ensures that a particular application or service is fit for its purpose, both in terms of functions (what the software does) and non-functional criteria (how well it does it). In this evolving world, in which competitive success hinges increasingly on rapid innovation, this can be easier said than done. Quality must remain high even if is not clear what the requirements are: models such as “test-and-learn” and “fail fast” have come into existence to recognize that an answer may only emerge by trying something out.
Technology Challenges
The continuous development, integration, and deployment elements of DevOps best practice require continuous testing, or the latter will become a bottleneck. In DevOps circles, this has driven a need to “shift left,” incorporating testing as early as possible in the development lifecycle. Meanwhile, testing requires testing environments compatible with the deployment targets for the application or service, both during and (for regression testing) post deployment. These factors create the following challenges:
• Dealing with the test execution bottleneck.Testing is not always treated as a first priority in DevOps pilot studies or initiatives; however. it becomes important if prototypes become products (sometimes unintentionally). If testing is not integrated into the lifecycle, progress can slow to a standstill.
• Complexities of managing multiple testing environments.The potential for DevOps to deliver broader functionality increases the testing load exponentially, across architectures and targets: A/B testing on multiple platforms requires four times the effort, for example.
• Managing multiple, collaborative stakeholders.In traditional development approaches, developers developed, and testers tested. Both shift left and more collaborative approaches makes everyone a potential tester: internal or external, IT, or the business.
However complex things might get, decision makers and collaborating stakeholders need a clear picture of the state of the application or service, and its quality: green, amber, or red.
Strategy & Technical Considerations for Successful Enterprise DevOps 10 Technology Landscape & Key Players
Testing automation is an established area of application lifecycle management (ALM), and it is fair to say that it helps respond to challenges of the DevOps testing bottleneck. The number of vendors of therefore quite broad, and are more about the integrations than the philosophy: Ranorex test automation integrates with Jenkins, for example, and the Mendix Automated Tested Suite (ATS) is based on Selenium.
Vendors directly addressing continuous testing and automation needs of DevOps include “AI- driven” Appvance, Chef (with InSpec), Experitest, Parasoft, QASymphony, Sauce Labs, ThoughtWorks, Tricentis, and Zephyr. Special mention is given to SmartBear, whose focus is on API testing.
Some tools focus on one specific aspect, for example Applitools’ AI-powered visual test management integrates with continuous delivery; BrowserStack and Perfecto helps extend testing into the app and distributed world; and CodeFresh offers testing for built for Kubernetes target environment.
Meanwhile, companies offering broader toolsets may incorporate testing automation, for example, IBM (with UrbanCode), Chef, CircleCI, Micro Focus (with Silk), Puppet, and indeed Plutora, which offers test environment management as an adjunct to its release management capabilities.
Other vendors include security testing companies mentioned in Section 3.3. (this goes both ways – security testing is also aided by more general quality testing) and broader automation providers reviewed in Section 6.1. below.
3.3. Assure Security and Privacy
Strategy and Business Considerations
Technology’s increased role, together with new regulations, such as the General Data Protection Regulation (GDPR) in Europe, have increased the potential for technology-related security, compliance, and reputational risk in the digital enterprise. Organizations need to ensure all applications and services are low-risk and compliant by design. This includes assuring security of externally sourced capabilities, such as open source libraries, external microservices, and cloud-based platforms, which provide the foundation for a significant proportion of applications and services built using DevOps approaches.
Strategy & Technical Considerations for Successful Enterprise DevOps 11 Technology Challenges
Security, privacy, and other areas of risk must be considered “by design” as early as possible in the service development and delivery cycle. In DevOps circles, this requirement has also been referenced as “shifting left,” incorporating risk-related considerations on the left-hand side of the development lifecycle. The challenges of scaling this model include:
• Dealing with the security bottleneck. Bluntly, security and other risk aversion can be seen to slow development, interrupting thought processes, and getting in the way of innovation. In the worst-case scenario, it undoes the very principle of rapid, iterative, test-and-learn development cycles.
• Responding to increased risk surface.The pace of DevOps can weaken security if is not top-of-mind in development decision making, particularly when utilizing external software and platforms. This challenge is further magnified as the threat landscape is rapidly changing, with new threats and vulnerabilities.
• Connecting dev and ops with security professionals.Security and risk bring other disciplines and experts into the mix. While the principle of collaboration is sound (spawning the area known as DevSecOps), in practice this means clashing with risk-averse mindsets and approaches.
The bottom line is that security and other risk areas need to work at the pace of DevOps, making repeatability and automation fundamental to their testing.
Technology Landscape & Key Players
Tooling for automated security testing of code has existed for decades; in general, this has evolved to meet the needs of each generation of development, in terms of languages, methodologies, and integration platforms. DevOps is no exception; for example, vendors such as Anchore, Tripwire, and Twistlock integrate with the CI/CD pipeline. Tools traditionally aimed at helping security professionals analyze code, such as Veracode (from CA Technologies) and Qualys, are now looking to aid what has become known as DevSecOps; JFrog’s Xray also offers an analysis-based capability, whereas Prevoty follows a code-hardening approach, baking security features into runtime applications.
While open source software was once considered secure by transparency (if there was a vulnerability, someone would have found it), it has become a clear area of focus. A number of vendors are looking at this area, including Synopsys with its Black Duck Software acquisition; and Sonatype offers both general security testing and audit of open source modules and libraries.
Strategy & Technical Considerations for Successful Enterprise DevOps 12 A number of tools focus on secure data access and authentication, such as DBMaestro, Hashicorp, and RedGate. While Alcide.io is more on the operational side, it is notable in that it offers security policy as code, enabling security information to be managed alongside software programs. Also from an operational standpoint, Threat Stack’s Cloud security monitoring integrates with DevOps, whilst Wallarm offers security testing for operations “with AI protection,” implying a data-driven automation capability. See 4.2 and 6.3 for more discussion on this topic.
Meanwhile multiple vendors offer access and identity management across the continuous delivery pipeline, but this is a feature in many tools, so it has not been called out explicitly.
Strategy & Technical Considerations for Successful Enterprise DevOps 13 4 Deliver Agile Best Practice
The fundamental heart of DevOps has to do with embracing and leveraging lean and agile best practices not only within IT development and operations departments, but across the business. Experience suggests that an enterprise can’t simply adopt DevOps, as the ability to do this reflects the organization’s mindset and ethos. Tools and technologies can help support and catalyze adoption of DevOps, but they cannot exist isolated from the journey towards better business and operating models.
Enabling delivery of DevOps best practice requires the following areas to be addressed:
1. Assure process governance
2. Augment decision making
3. Catalyze collaboration
We look at each below.
Strategy & Technical Considerations for Successful Enterprise DevOps 14 4.1. Assure Process Governance
Strategy & Business Considerations
DevOps builds upon principles learned from lean engineering and manufacturing, alongside other models in which timeliness, not completeness (as espoused by Waterfall models), is the defining criterion. Agile software development, articulated through scrum-based delivery cycles and optimized through activity-based models, such as Value Stream Management and Kanban, goes hand in hand with the efficient operations models incorporating ITIL criteria, such as configuration management, performance management, and event management. All are important, and all need to work together, consistently and repeatably.
Technology Challenges
Stakeholders involved in the creation and deployment of apps and services need to follow a shared, highly disciplined approach across the development and operational lifecycle. The short-lifecycle approach to DevOps nonetheless requires strict governance, enforceable through the use of tools. In the enterprise, however, the complexity of the environment can quickly become too much for tools designed for simpler contexts. Enterprise challenges include:
• Enforcing methodology without slowing process.Software tools may reflect a methodology or a particular flavor of one, guiding through steps and gateways. However, as methodologies adapt to meet the needs of the enterprise over time, so must the tools that represent and automate them.
• Enabling access from different stakeholder groups. Just as DevOps enables multiple roles and business areas to collaborate, so tools need to offer a role-based interface to each group; this also helps gain and retain buy-in from groups including senior leadership.
• Aligning process steps with process outputs.As an approach changes over time, or based on specific project needs, it is useful to retain a picture of the process steps used to deliver a particular product or service. For example, some applications may require different kinds of testing than others.
In the enterprise, process governance needs to be both rigid and able to change according to needs. Otherwise, it becomes onerous, or worse, it risks being ignored.
Technology Landscape & Key Players
If DevOps prescribed a particular methodology, no doubt we would already see a plethora of tools for developers (such as in the field of ALM) but this is not the case. Similarly for operations,
Strategy & Technical Considerations for Successful Enterprise DevOps 15 which is already a well-established market for governance tooling around (say) ITIL, but DevOps less so.
This being said, many DevOps tools vendors deliver on elements of development process governance, particularly those who offer automation (see section 6) or comprehensive toolsets across the DevOps lifecycle, such as IBM, MicroFocus, and Microsoft. Notable vendors focusing on process governance are Appian, Atlassian (with Jira), Chef, CollabNet, Electric Cloud, and GitLab, all of whom offer products specifically to control the development process. Meanwhile, Tasktop offers a value stream-based tool integration platform.
Special mentions go to New Relic, whose DevOps performance dashboards can be tuned to meet the needs of DevOps process managers; Koding, which offers “development environments as code,” enabling these to be brought under process and configuration control; and Moogsoft’s “knowledge capture and recycle” capability, identifying recurring situations and suggesting resolution steps.
Other vendors who incorporate governance elements in their offerings include AWS (with AWS Config) and PagerDuty (for incident management).
4.2. Augment Decision Making
Strategy & Business Considerations
Creating and deploying a new application or service involves a complex set of decisions, from finance to resourcing, requirements to results, which need to be managed across the process initial consideration to production and back into the innovation cycle. Stakeholders require the information they need to make the right decisions, presented in such a way that they can act quickly and correctly.
Technology Challenges
Data of a wide variety of forms may be available across the lifecycle, but enterprise DevOps involves a wide variety of stakeholders (business and IT). Challenges of delivering on this goal include:
• Presenting data in a usable form, depending on stakeholder.It is key to present data in a form it can be interpreted.
Strategy & Technical Considerations for Successful Enterprise DevOps 16 • Keeping clarity across a variety of work streams.From the decision maker’s perspective, DevOps is as much about what you leave out as what you put in; this means keeping tabs on a large number of tasks and making sure they are complete, or on hold.
• Tracing decisions across the lifecycle and into production.DevOps decisions shouldn’t just be about maximizing productivity, but also about ensuring that customer and business value are achieved, feeding consequences back into the development cycle.
While many packages offer the ability to visualize information, the business focus and the ability to trace decisions can be seen as the most important for scaling DevOps in the enterprise.
Technology Landscape & Key Players
A number of vendors offer a common management model and the ability to visualize data according to role. For example, XebiaLabs’ DevOps Intelligence offers goal-based KPIs, incorporating machine learning to support data visualization and recommend actions; both Sumo Logic and Dynatrace cover performance and usage/adoption information, feeding back to business and technology stakeholders; PagerDuty’s digital operations management platform integrates event and incident management with analytics and business-facing insight; and Sumo Logic’s telemetry can be applied to the build process as well as applications in deployment.
Meanwhile, some vendors offer additional insights for the areas they cover, for example QASymphony for software testing, or Planview LeanKit for workflow management; the Plutora platform integrates the popular Tableau to enable visualization of the information it holds. Splunk, New Relic, and Microsoft offer insights based on information across the lifecycle but these are covered in section 7.3.
4.3. Catalyze Collaboration
Strategy & Business Considerations
DevOps works best when clear, transparent, and proactive communication and co-ordination exists between resources. While this may be self-evident (as the adage goes, no problems were ever caused by having too much communication), the communications needs of DevOps are more critical due to the tight timescales involved.
Technology Challenges
As the scope of DevOps grows beyond IT and into the broader enterprise, it involves an ever- widening pool of stakeholders. This creates the following challenges:
Strategy & Technical Considerations for Successful Enterprise DevOps 17 • Aligning tools with the needs of non-technical stakeholders.In the main, DevOps tools are designed for a developer-centric, more technical audience.
• Coordinating plans with a broader group of people.Planning mechanisms need to simplify communications and enable efficient collaboration.
• Catalyzing participation outside of the project teams. It cannot be assumed (though it often is) that indirectly-involved stakeholders will automatically feel inclined to contribute to the project. Collaboration tools need to bring people on board, demonstrating and earning trust along the way.
In summary, collaboration cannot be seen as a given, but needs to be nurtured and developed. Tools need to help with this process, or they will get in the way.
Technology Landscape & Key Players
The field of DevOps tooling to support collaboration has become known as ChatOps. While all collaboration tools may be suitable for DevOps, some incorporate specific features to help DevOps run more smoothly. Slack is well-known in this area as an API-driven collaboration tool designed by and for DevOps engineers. Atlassian’s Confluence offers shared workspaces and notes areas.
Some vendors are linking existing collaboration and automation functionality more directly; for example, Perforce TeamHub offers integrations between collaboration and repository management tools; and Clarive directly offers collaborative Kanban boards, linking them to deployment automation tasks; Planview Leankit also supports Kanban, but it doesn’t talk DevOps directly.
From a collaborative planning perspective, Asana and Trello offer collaborative task management, team coordination, and planning. Other tools offer or integrate with collaboration capabilities, such as SmartBear for API management, StackStorm’s event-driven automation, and AppDynamics’ feedback based on performance monitoring. GitHub also handles team management and offers collaboration features.
The ultimate question becomes, where should messages and task-based exchanges appear, if people are to actually work together? Right now, we have a surfeit of choice, which is perhaps why do-one-thing-well tools such as Slack still hold sway.
Strategy & Technical Considerations for Successful Enterprise DevOps 18 5 Connect Data and Services
In today’s increasingly open world, applications and services need to access a wide variety of data sources, systems, and services, both internal and external, that include potentially large volumes of dynamic data. This means that data stores will have to align with DevOps methods of defining, accessing, and managing data.
Aligning data management with DevOps requires the following areas to be addressed:
• Integrate and connect with existing systems
• Create and manage scalable data repositories
• Manage services and APIs
We look at each below.
Strategy & Technical Considerations for Successful Enterprise DevOps 19 5.1. Integrate and Connect with Existing Systems
Strategy & Business Considerations
A commonly-used data source in an enterprise scenario will be an existing or legacy system, which needs to be integrated into the new application or service.
Technology Challenges
There can be a great deal to integrate with, particularly in terms of legacy systems. Challenges of doing this include:
• Delivering information from existing systems at scale. Legacy systems or data frameworks were not designed for rapid or streamed data access. Integration software needs to be capable of maximizing data flow without overloading data sources or causing a bottleneck to new systems.
• Keeping tabs on what data is being used from sources.Integrating a legacy system creates multiple dependencies, all of which need to be logged and managed.
• Working with teams on systems under maintenance.Existing systems may follow more traditional, slower development practices, or indeed, might not be updated at all. Maintenance teams and DBAs need to be treated as part of the extended DevOps organization.
Technology Landscape & Key Players
A number of vendors work in the legacy integration space and also offer DevOps solutions, notably IBM (with UrbanCode). Micro Focus also brings its legacy systems heritage to bear, as well as providing a toolset across DevOps by way of its HPE software portfolio acquisition. Meanwhile, Mulesoft offers legacy integration as well as API management (see 5.3 below), and AppOrbit provides an abstraction layer onto existing data sources.
Other vendors come to data and service integration from a broader cloud integration perspective: Skytap’s cloud based legacy offering integrates with continuous delivery approaches, and Jelastic offers a cloud platform designed for CI/CD. Platform integration company is also worth a mention; though it is not specific to DevOps, it is nonetheless useful to address the challenges stated above.
Strategy & Technical Considerations for Successful Enterprise DevOps 20 5.2. Create and Manage Scalable Data Repositories
Strategy & Business Considerations
The speed and customer drivers to DevOps also drive the kinds of repositories used as well as their methods of definition. While in-memory repositories and NoSQL models from the likes of Couchbase and MongoDB (which do not require schemas to be defined in advance) create new opportunities for data management, more traditional SQL-based approaches still have a place. Whichever option is chosen, data architecture definition needs to run in parallel with the continuous development, testing, and deployment approaches favored by DevOps. Meanwhile, data management has its own principles, which have to be re-learned due to the potential for in- memory storage and processing of large-scale, streamed data.
Technology Challenges
The challenge is less about enterprise legacy challenge, and more about a scaling challenge for organizations looking to leverage the vast data sources, for example, through streaming. Challenges to this include:
• Speeding up data architecture definition.The complexities and up-front effort required to define a data architecture can create a bottleneck on DevOps cycles.
• Applying continuous deployment to database delivery.Database deployment also needs to fit with the iterative nature of DevOps, enabling repeated yet high quality deployments of new models and data.
• Evolving data structures in parallel with functionality.In many cases, data architectures can be defined to fit a specific need; as that need changes, the data architecture may become inefficient for the task in hand.
Technology Landscape & Key Players
In this category, most notable are vendors who specifically apply DevOps principles to database design and management. DBMaestro does this, and Quest’s Toad product has been adapted to DevOps scenarios, while RedGate offers database deployment automation.
While some tools are not specifically built for DevOps, they nonetheless help, such as Hortonworks and Kasten for deployment, and Solarwinds’ Loggly, which offers database performance and log management. Tricentis’ continuous testing also includes database-related features.
Strategy & Technical Considerations for Successful Enterprise DevOps 21 Note also that by its nature, tooling designed to help with integration of existing systems (see 5.1 above) can help integrate with existing databases.
5.3. Manage External Services and APIs
Strategy & Business Considerations
While service and API management are not represented by any specific discipline, the principles of service interfaces—minimizing dependencies and maximizing cohesion—hark back to some of the earliest software development methodologies; configuration management appears in both software and hardware management best practice.
Technology Challenges
External APIs come with specific criteria, keys, and so on, which need to be maintained and controlled, including access controls. Challenges of doing this include:
• Simplifying access to third party APIs. While some APIs can be accessed via a simple RESTful interface, others add complexity particularly around authentication and authorization
• Keeping track of external services in use. Records need to be kept of the services, APIs, libraries, and other external inputs to an application, across versions in development and deployment, and across test and target environments.
• Assuring the security of external services. While security is covered in section 1, it is worth reiterating that external APIs also need to be considered as part of an application’s risk profile.
In response, the following vendors may be able to offer tools that can help:
Technology Landscape & Key Players
MuleSoft and SmartBear focus on the API management functionality, with MuleSoft also bringing legacy integration, and SmartBear bringing continuous testing to APIs. Kong also offers API management capabilities, but its offerings are not specific to DevOps (which is not necessarily a bad thing in this area).
Other vendors include platform integration company Jitterbit, though it is also not specific to DevOps.
Strategy & Technical Considerations for Successful Enterprise DevOps 22 6 Automate Development and Delivery
While in principle DevOps can exist in isolation of tools and technologies, the speed of innovation, and the need for consistency and repeatability drive the need for automation. Many organizations we speak to already have some kind of DevOps-related tooling in place, which may be in use to support non-DevOps approaches. As DevOps scales, so does the need for a comprehensive development and deployment environment. This is not just to enable faster or more frequent release cycles, but also to create new innovation opportunities, for example, through A/B testing or chaos engineering, both of which require additional development headroom.
Enabling delivery of DevOps best practice requires the following areas to be addressed:
1. Automate the development pipeline
2. Migrate and manage legacy systems
3. Enhance automation through AI
We look at each below.
Strategy & Technical Considerations for Successful Enterprise DevOps 23 6.1. Automate the Development Pipeline
Strategy & Business Considerations
Just as DevOps only works within a tight set of controls (such as agile sprints), so its pipeline needs to support creation and delivery of software assets, potentially rapidly changing, both consistently and repeatably. The keyword is continuous, be it in development, testing, integration, or delivery, none of which could exist without some level of automation.
Note that while delivery requires a target to deploy to, we draw the line at the automated allocation of infrastructure resources. This is covered in Section 7.1.
Technology Challenges
Moving the development pipeline beyond a cleanroom DevOps world and into the broader enterprise very quickly hits a number of bottlenecks, caused by the need to:
• Manage and coordinate multiple sets of releases.DevOps is potentially its worst enemy, in that it enables developers to increase the number of versions they are looking to deploy in parallel, creating a complexity and dependency problem.
• Work across different development languages and approaches.Ideally, a single automation pipeline could be in place for the entire organization; however, the needs of (say) mobile developers will be very different to those of back-office systems developers.
• Integrate a wide variety of task-specific technologies.Today’s fragmented, diversified nature of software development has resulted in a smorgasbord of tools, many of which (rightly) claim to be useful in a DevOps environment.
Ultimately, while many tools may exist, the litmus test is how much friction can be removed from the development pipeline without undermining its governance (as discussed in section 4.1), for example, through self-service or rules-based decisions.
Technology Landscape & Key Players
Technologies to automate continuous development, integration, and deployment can be seen as the traditional heartland of DevOps tooling. That is, many vendors offer tools to help. Companies specifically delivering on DevOps pipeline automation are CA Technologies (with automic), Chef, CircleCI, CloudBees (Jenkins and CodeShip) CollabNet VersionOne (Continuum), Electric Cloud, GitLab, Microsoft, Micro Focus, Oracle (Container Pipelines, now incorporating Wercker), Puppet, StackStorm, and XebiaLabs.
Strategy & Technical Considerations for Successful Enterprise DevOps 24 Some vendors are more broadly focused on the development and test environments, such as Plutora, and Koding, which offers development environments as code. BMC focuses on release management, and JFrog takes configuration management up a gear by offering secure management of artifacts (e.g. binaries) across the development cycle.
Other tools enable automation of specific areas; for example, Appian, Mendix, and OutSystems play in the low-code space; the widely used Gradle supports build management; and GitHub (acquired by Microsoft) is a go-to platform for the code management capability. While not strictly an automation provider, Tasktop offers visibility into automation across the tool-enabled value stream.
To repeat, while the above focuses mainly on the development pipeline pre-deployment, we note how development and deployment automation are often seen as part of the same tool; we cover the latter in 7.1. Nonetheless, we call out CodeFresh as offering pipeline automation for Kubernetes environments; and while cloud provider AWS offers automation pipelines targeting their own infrastructure, they enable integration with a wide variety of development environments.
6.2. Migrate and Manage Legacy Systems
Strategy & Business Considerations
Most, if not all enterprises have systems built in a different age, using inflexible or now-obsolete infrastructure even if they are algorithmically sound. Many existing production systems can, in principle, be moved onto lower cost infrastructure; DevOps automation can also be of benefit—even if maintenance updates are not required at DevOps speed (multiple deliveries per day), the model enables tighter control and higher levels of efficiency.
Technology Challenges
The challenges for DevOps with legacy systems come from taking systems built and deployed in one way and assuring their continued evolution in what is likely to be a highly complex enterprise environment. Specifically, this boils down to:
• Supporting the migration of existing legacy systems.While benefits of application migration or modernization may be achievable in principle, in practice the transition can be quite a hurdle.
• Dealing with legacy systems and environments in situ.Where it is not possible to migrate applications, DevOps practices and tools need to integrate with the tooling and infrastructure already in place.
Strategy & Technical Considerations for Successful Enterprise DevOps 25 • Helping legacy systems development teams adopt DevOps approaches.While the culture change required with DevOps can apply to any group, it can be more of a challenge to bring people used to working in ways that suit the systems in question, rather than the organization as a whole.
In summary, DevOps needs to align with ongoing tasks of legacy evolution, maintenance, and management, at the same time as it helps shift traditional mindsets, for many of whom ‘agile’ is synonymous with high-risk, anarchic, and insecure.
Technology Landscape & Key Players
While a number of vendors now offer legacy migration solutions and partnerships (VMware on AWS is a case in point), few offer tools aimed specifically at bringing existing systems into the DevOps world. AppOrbit’s template-based approach to application modernization lends itself to CI/CD; Cloudsoft AMP also brings a blueprint-based approach.
Meanwhile, Jelastic’s DevOps-oriented PaaS incorporates migration of enterprise Java applications; Skytap does the same for x86 and AIX based systems; Micro Focus offers migration and containerization tools alongside its DevOps portfolio. Quali offers a sandbox- based approach to migrate legacy applications into the DevOps pipeline.
6.3. Enhance Decision Making and Automation Through AI
Strategy & Business Considerations
Advances in artificial intelligence (AI) and machine learning are creating new opportunities for automation of routine decisions and interactions, as well as having the potential to support interaction, for example, through speech recognition. While this is true across the business, a clear opportunity exists to take data generated within the development cycle, using resulting insights to drive automation.
Technology Challenges
While the opportunity exists in principle to leverage AI, in practice it is difficult to take AI beyond domain specific initiatives, and DevOps is no exception. Challenges of incorporating AI and machine learning into DevOps at enterprise scale include:
Strategy & Technical Considerations for Successful Enterprise DevOps 26 • Assure data and models for machine learning.AI and machine learning rely on large quantities of information that need to be provided consistently, in a form suitable for ingestion. Meanwhile, externally sourced AI would have to be custom-built for each specific DevOps scenario.
• Catalyze growth of AI-related experience and skills.Despite its long heritage, AI still has yet to become an integrated part of mainstream technology capabilities; this drives the need for expertise, even as skills development is at an early stage.
• Account for the diversity of DevOps implementations.The current state of machine learning works best with defined models and rules. Given that there isn’t a single way to do DevOps, it is harder to bring machine learning across the pipeline.
Overall, AI needs to be able to deliver on specific areas of DevOps and cover the cycle as a whole.
Technology Landscape & Key Players
For many current DevOps tools, AI is a roadmap item and not a core function. Several vendors have added machine learning to their own tools; for example, MoogSoft offers what it terms AIOps for automated response and management of incidents; PagerDuty targets both incident, performance, and security; Appvance brings AI to testing automation and quality management; and Wallarm adds AI and behavioral analytics to security testing for operations.
Other vendors are looking at machine learning as a way of enhancing insights, such as IBM’s cognitive analytics; Logz.io incorporates a cognitive insights module to deliver focused insights based on log data; and Dynatrace offers AI-enhanced performance monitoring to support both Dev and Ops teams. AI capabilities are also being integrated with collaboration mechanisms, as seen with Slack’s use of bots.
As a final comment, we expect AI-for-DevOps category to grow as DevOps-related standards emerge in terms of both approach and tooling.
Strategy & Technical Considerations for Successful Enterprise DevOps 27 7 Orchestrate and Operate Infrastructure
While DevOps practices have existed in various forms for many years, the current surge of interest has been accelerated by the use of cloud-based infrastructure and software platforms, as they take much of the operations burden away and therefore encourage leaner, faster development approaches.
Cloud-based infrastructure can be used as virtual machines, as a platform of services, or indeed, at a programming level, as “functions as a service” or so-called “No-Ops.”
Enabling delivery of DevOps best practice requires the following areas to be addressed:
1. Orchestrate infrastructure
2. Monitor events and performance
3. Collate and report
We look at each below.
Strategy & Technical Considerations for Successful Enterprise DevOps 28 7.1. Orchestrate Infrastructure
Strategy & Business Considerations
Applications need to run somewhere. While this is obvious, less clear is how to make the target environment fit the needs of the application. While in many cases this will be straightforward case of using an off-the-shelf stack, other situations will demand scalability and/or elasticity.
Technology Challenges
DevOps practices lend themselves to the configuration and provisioning of server, storage, and networking resources through the use of configuration scripts, templates, or recipes. This approach is sometimes referred to as “infrastructure as code” and “software-defined data center.” While this can simplify use of infrastructure, some challenges can remain:
• Orchestrate complex operational architectures.The complexity of the enterprise environment does not always lend itself to automated orchestration, particularly in the non- virtualized legacy world. While many data centers may be built on a foundation of virtual machines, these can also suffer from complexity challenges such as sprawl.
• Manage deployment scripts alongside software. This sounds simple in principle, but enterprise complexity can cause the management of deployment scripts to become a challenge, both as existing infrastructure is brought in to orchestration, and as operational teams recognize they need to work within the constraint of following fixed deployment approaches.
• Manage deployment automation across hybrid environments.As applications get delivered at enterprise scale, they often involve both internal and external services, which need to be configured and accessed accordingly, wherever the target may be.
The bottom line is that infrastructure orchestration offers a source of opportunity; if it is easier to change the deployment target, it also becomes easier to test new options.
Technology Landscape & Key Players
A significant area of DevOps-related automation is around what is known as Infrastructure as Code, enabling infrastructure resources to be defined and stored under configuration management in parallel with software. Mirantis, Puppet, and Hashicorp all facilitate Infrastructure as Code approaches. Different vendors may have their own term for the definitions; for example, Chef talks about recipes while Ansible uses playbooks.
Strategy & Technical Considerations for Successful Enterprise DevOps 29 As this is one of the most established areas of DevOps tooling, the list of available vendors is unsurprisingly long. CA’s automic, Appian, CircleCI, Electric Cloud, Inedo, Microsoft, Octopus, and XebiaLabs play in this space; Clarive differentiates by offering a Kanban-based front end. SaltStack focuses on orchestration, integrating automated deployment tools, while Shippable focuses more on the pipeline, helping bring multiple deployment tasks into a single workflow.
Some vendors offer infrastructure orchestration for specific targets; for example, CodeFresh and Weaveworks target Kubernetes containers and microservices; AWS is a special case, as it enables orchestration across its own broad platform; Heroku, Jelastic, and Mesosphere also enable automated deployment to their own PaaS. Meanwhile, Platform.sh offers a cloning-based deployment and hosting model.
Some vendors focus on the broader infrastructure; for example, SnapRoute provides a link between CI/CD and network infrastructure, and NetApp/Solidfire does similar for storage: other vendors are also latching on to the integration potential between infrastructure and CI/CD pipelines.
Some, such as CFengine, Embotics, heptio, Pivotal and industry-standard Docker, are not specifically targeting DevOps, but can nonetheless help.
7.2. Monitor Events and Performance
Strategy & Business Considerations
Once an application is in production, it needs to deliver consistently and at desired service levels, with any incidents reported and dealt with as soon as possible after they happen. An emerging DevOps school of thought is around how to plan for failure, or more importantly, for fast recovery post-failure, something Google calls Site Reliability Engineering (SRE). While this has been standard practice in enterprise operations, it has increased in importance for DevOps in proportion to the customer-centricity of the apps being developed.
Technology Challenges
In the enterprise environment, the potential for failure increases in parallel with the scale of the impact. Organizations that have managed to deliver DevOps within a small, self-contained team may still find themselves ill-equipped to deal with the dynamism and responsiveness of enterprise operations. Specific challenges around assuring DevOps-related event and performance management include:
Strategy & Technical Considerations for Successful Enterprise DevOps 30 • Re-delivery in response to an adverse event.The ability to deliver a new release of software in response to an adverse event is a severe test of DevOps principles, as it requires the entire loop to work without error.
• Dealing with service requests from end to end.Service requests can come from an increasingly broad range of sources, which then need to be prioritized, analyzed, and fed back to development teams if applicable.
• Present event-related information to operations.Operational management needs an events dashboard to support its ability to plan capacity, manage service levels, and respond to adverse events.
While some of these needs are not DevOps specific, they nonetheless need to integrate with DevOps processes and practices, at enterprise scale.
Technology Landscape & Key Players
Event management is a well-established area of IT, but what is critical here is how well it enables information sharing, or indeed automated response, between operations and other stakeholders. For example, StackStorm and Rundeck offers event-driven automation to integrate with pipeline tools including ChatOps; and Mendix’ low-code platform builds in system alerts.
Enterprise management vendor BMC has monitoring as part of its core business, which it has extended to incorporate core business to CI/CD; Microsoft also offers a comprehensive monitor- to-developer capability; and MoogSoft also focuses on information sharing across the pipeline. PagerDuty enables incidents to be reported back into the development pipeline, and Qualys does similar for security event remediation.
While the ServiceNow service management portal and the Nagios monitoring tool are not specific to DevOps, they are nonetheless popular in these environments and integrate with other tools in the DevOps pipeline.
7.3. Collate and Report to Stakeholders
Strategy & Business Considerations
Reporting is key to the notion of the closed loop DevOps cycle, as it feeds information back from production into both development and management, guiding future decisions. Performance and other Information from operational management can be fed back into the DevOps cycle, driving continuous quality improvements. This need recognizes that the “wall of
Strategy & Technical Considerations for Successful Enterprise DevOps 31 confusion” doesn’t only exist between development and operations, but vice versa: by empowering operations to drive how development is done, the two groups can become actual peers in the service delivery lifecycle.
Technology Challenges
In many enterprises, the gap between development and operations remains wide post- deployment: reporting holds the key to closing this gap, by addressing the following challenges:
• Aligning operational metrics with DevOps best practice. Theperformance information needed by developers is not always captured in a useful way by operations, and the needs of operations (e.g. around security, risk and event management) are not always fully treated by developers.
• Collating information across a wide pool of sources.The distributed nature of modern systems, integrating both internal and external services and data sources, can leave gaps in performance and other information types.
• Present a refined view of management information.Management at enterprise-scale requires an overview of information and how it relates, as opposed to individual feeds of data that must then be collated and analyzed.
In summary, better information means that the DevOps cycle can run faster; conversely, poor information creates a DevOps bottleneck.
Technology Landscape & Key Players
As with incident and event management, the value-add comes from how well tools can feed information back into the DevOps pipeline. A number of vendors offer performance measurement; for example, IBM Netcool and Sumo Logic, as well as the aforementioned BMC, Dynatrace, Micro Focus, and Microsoft (with Azure DevOps); Datadog and New Relic integrate performance measurement information with the broader DevOps toolchain. Meanwhile, AppDynamics directly targets real-time feedback of application performance to development teams.
Log management has evolved as an important area of operations management. While some popular tools such as Nagios, Scalyr, and Solarwinds’ Loggly are not specifically DevOps, a number of players such as Logz.IO are now closing the loop. With its VictorOps acquisition, market-leading Splunk now enables direct feedback to Dev teams, based on log management information.
Strategy & Technical Considerations for Successful Enterprise DevOps 32 Some tools are target specific, such as StackDriver from Google and AWS CloudWatch, as well as the OutSystems low-code platform.
Strategy & Technical Considerations for Successful Enterprise DevOps 33 8 Conclusion
DevOps is not simply a mindset or a set of practices, but a different way of thinking about technology delivery. Done right, DevOps puts the customer first, creates applications and services collaboratively, and delivers a quality result as fast as practical. It is essential to have the right tools in place, as DevOps can’t succeed without enabling platforms, such as cloud, process, and performance insights to help decision making; and automation of repeated tasks that would otherwise become a bottleneck.
The dilemma for DevOps in general, and for its enabling technologies in particular, is that it is no one thing—enterprises may adopt its principles in different ways, according to their own needs. For example, the pipeline and toolchain involved in implementation of a customer-facing app or a distributed IoT solution might look similar at a high level, but will be very different in the detail. This goes some way to explaining why the market is so diverse—many vendors claim to offer DevOps tooling, but most are solving smaller challenges in a DevOps way, as opposed to delivering a DevOps solution.
For the enterprise, this is as much a curse as a blessing. Larger organizations struggle with familiar complexity, legacy, and business model challenges, which specific DevOps capabilities can respond to. However, the level of fragmentation and differentiation in the market, and therefore the number of options to solve each problem, each with its own plusses and minuses, adds another layer of complexity to the mix.
In practical terms, this drives the need for education, both in terms of target environments (stacks vs containers vs Kubernetes, for example) and the pipeline and toolchain to be used. Technology decision makers should be looking to understand their breadth of needs over the next one to three years, then limiting their field of vision to the subset of capabilities that will meet the majority of their requirements. In practical terms, this implies setting:
• a target platform strategy, i.e. what hybrid infrastructure will be required
• a delivery strategy, i.e. the DevOps-based processes and governance to apply
• a toolchain strategy, i.e. the technologies to support development, delivery and operation
With strategy comes responsibility and authority, which brings an additional cause of DevOps friction: the management. To repeat, DevOps is “simply” a way to deliver new applications and services quickly and collaboratively, involving both technology and business stakeholders; this approach is fundamental to what is currently being called digital transformation. To be clear, a transformation to the digitally-enabled enterprise is also a transformation to using DevOps:
Strategy & Technical Considerations for Successful Enterprise DevOps 34 either both will succeed, or both will fail. Just as digital transformation requires executive buy-in, so does DevOps.
The challenge for DevOps teams and middle management alike becomes: how to educate upper management, such that senior executives achieve the right level of epiphany? The answer is visibility, not just on individual DevOps successes, but also its failures and how the organization has been able to learn and move forward as a result. At each stage of the journey, it should be possible to prove the value of DevOps as a way of increasing benefit, lowering cost, or reducing risk.
Organizations will continue to mature and embrace DevOps principles, and related tools will continue to evolve. We have two predictions: first, that a common set of business-oriented practices and standards will emerge from DevOps (with a different name, it is likely); and second, that the market landscape for tools will consolidate and simplify. A symptom of both will be the increasing use of AI. We would therefore advise any enterprise to embrace the principles of DevOps, which are unlikely to change, whilst seeing any toolchain as a replaceable enabler to delivering on DevOps today.
DevOps success is not about arriving at a new place where the magic happens by default. It is about embracing learning, about being able to adapt to changing circumstances, rolling with the punches, and picking up again, all the time focused relentlessly on the customer. Our recommendation would be to start the process of educating senior stakeholders and gaining proof points, such that success stories can be built upon and interest grown as early as possible in the DevOps journey.
Strategy & Technical Considerations for Successful Enterprise DevOps 35 9 About Jon Collins
Jon Collins has advised the world’s largest technology companies in product and go to market strategy, acted as agile software consultant to a variety of Enterprise organisations, advised government departments on IT security and network management, led the development of a mobile healthcare app and successfully managed a rapidly expanding Enterprise IT environment. Jon is frequently called upon to offer direct and practical advice to support IT and digital transformation strategy, has served on the editorial board for the BearingPoint Institute thought leadership programme and is currently a columnist for IDG Connect.
Jon wrote the British Computer Society’s handbook for security architects and co-authored The Technology Garden, a book offering CIOs clear advice on the six principles of sustainable IT delivery. He has written innumerable papers and guides about getting the most out of technology, and is an accomplished speaker, facilitator and presenter.
Strategy & Technical Considerations for Successful Enterprise DevOps 36 10 About GigaOm
GigaOm provides technical, operational, and business advice for IT’s strategic digital enterprise and business initiatives. Enterprise business leaders, CIOs, and technology organizations partner with GigaOm for practical, actionable, strategic, and visionary advice for modernizing and transforming their business. GigaOm’s advice empowers enterprises to successfully compete in an increasingly complicated business atmosphere that requires a solid understanding of constantly changing customer demands.
GigaOm works directly with enterprises both inside and outside of the IT organization to apply proven research and methodologies designed to avoid pitfalls and roadblocks while balancing risk and innovation. Research methodologies include but are not limited to adoption and benchmarking surveys, use cases, interviews, ROI/TCO, market landscapes, strategic trends, and technical benchmarks. Our analysts possess 20+ years of experience advising a spectrum of clients from early adopters to mainstream enterprises.
GigaOm’s perspective is that of the unbiased enterprise practitioner. Through this perspective, GigaOm connects with engaged and loyal subscribers on a deep and meaningful level.
© Knowingly, Inc. 2018. "Strategy & Technical Considerations for Successful Enterprise DevOps" is a trademark of Knowingly, Inc.. For permission to reproduce this report, please contact [email protected].
Strategy & Technical Considerations for Successful Enterprise DevOps 37