Digital meets IT

Transcript

1. GDS Digital meets IT Technology in Government Gareth Rushgrove

2. GDS Gareth Rushgrove Gareth Rushgrove Technical Architect Government Digital Service

   @garethr

3. What (Will I get from this workshop?) GDS Gareth Rushgrove

4. High level principles Focus on specific areas GDS Gareth Rushgrove

5. Government isn’t special Risk management in Government Sharing between services

   Service management isn’t new GDS Gareth Rushgrove

6. Hosting Support Legacy Making changes GDS Gareth Rushgrove

7. GDS Gareth Rushgrove

8. GDS Gareth Rushgrove

9. 2 Assemble a multidisciplinary team who can design, build and

   operate the service, led by a single, suitably skilled and empowered Service Manager GDS Gareth Rushgrove

10. 5 Consider the tools and systems they will be using

    to build, host, operate and measure their service, and how to procure them GDS Gareth Rushgrove

11. 14 Make sure you have the capacity and technical flexibility

    to update and improve the service on a very frequent basis GDS Gareth Rushgrove

12. 15 Make all new source code open and reuseable, and

    publish it under appropriate licences (or have provided a convincing explanation of why this cannot be done for specific subsets of the source code) GDS Gareth Rushgrove

13. Government isn’t special (Most of the time) GDS Gareth Rushgrove

14. GDS Gareth Rushgrove Large companies aren’t special

15. They used to be GDS Gareth Rushgrove

16. Today more computer power in my phone than the Apollo

    11 mission computer GDS Gareth Rushgrove

17. GDS Is 1 million a big number? GDS Gareth Rushgrove

18. No GDS Gareth Rushgrove

19. Is 1 billion a big number? GDS Gareth Rushgrove

20. Still no GDS Gareth Rushgrove

21. 662 Services http://transactionsexplorer.cabinetoffice.gov.uk/ GDS Gareth Rushgrove

22. 1.28bn transactions per year http://transactionsexplorer.cabinetoffice.gov.uk/ GDS Gareth Rushgrove

23. 1.2+bn tweets every 3 days GDS Gareth Rushgrove

24. Off-the-shelf software GDS Gareth Rushgrove

25. Off-the-shelf software isn’t always off-the- shelf GDS Gareth Rushgrove

26. Everyone is a software company GDS Gareth Rushgrove

27. Except where Government is different GDS Gareth Rushgrove

28. Risk GDS Gareth Rushgrove

29. Risk is better mitigated by people and processes GDS Gareth

    Rushgrove

30. Risk Management in Government (and Information Assurance) GDS Gareth Rushgrove

31. Assurance GDS Gareth Rushgrove

32. Accreditation GDS Gareth Rushgrove

33. Confidentiality Integrity Availability GDS Gareth Rushgrove

34. Protective marking scheme GDS Gareth Rushgrove

35. Existing: Top secret Secret Restricted Confidential Protect GDS Gareth Rushgrove

36. New: Top secret Secret Official GDS Gareth Rushgrove

37. Business Impact Levels GDS Gareth Rushgrove

38. The problem with IL GDS Gareth Rushgrove

39. GDS Gareth Rushgrove Information Security

40. GDS Gareth Rushgrove

41. Sharing between services (what and how) GDS Gareth Rushgrove

42. Sharing GDS Gareth Rushgrove

43. Sharing data GDS Gareth Rushgrove

44. Sharing code GDS Gareth Rushgrove

45. Sharing applications GDS Gareth Rushgrove

46. Sharing platforms GDS Gareth Rushgrove

47. Sharing expertise GDS Gareth Rushgrove

48. Sharing within departments GDS Gareth Rushgrove

49. Sharing across Government GDS Gareth Rushgrove

50. http://www.flickr.com/photos/psd/9122642253 GDS Gareth Rushgrove

51. Open standards GDS Gareth Rushgrove

52. GDS Gareth Rushgrove Standards Hub

53. Using open source GDS Gareth Rushgrove

54. GDS Gareth Rushgrove Using open source safely

55. GPG 38 - Open Source Software exploring the risk GDS

    Gareth Rushgrove

56. Creating open source GDS Gareth Rushgrove

57. GDS Gareth Rushgrove

58. GDS Gareth Rushgrove Open Source Guidelines

59. Not like-for-like with commercial products GDS Gareth Rushgrove

60. Not like-for-like with commercial systems GDS Gareth Rushgrove

61. Service Management isn’t new (ITIL and friends) GDS Gareth Rushgrove

62. GDS Gareth Rushgrove Share language

63. ITIL GDS Gareth Rushgrove

64. Information Technology Infrastructure Library GDS Gareth Rushgrove

65. 5 volumes 26 processes GDS Gareth Rushgrove

66. Service Strategy GDS Gareth Rushgrove

67. GDS Gareth Rushgrove 1. IT service management 2. Service portfolio

    management 3. Financial management for IT services 4. Demand management 5. Business relationship management

68. Service Design GDS Gareth Rushgrove

69. GDS Gareth Rushgrove 1. Design coordination 2. Service catalogue 3.

    Service level management 4. Availability management 5. Capacity management 6. Service continuity management 7. Information security management 8. Supplier management

70. Service Transition GDS Gareth Rushgrove

71. GDS Gareth Rushgrove 1. Transition planning and support 2. Change

    management 3. Asset and configuration management 4. Release and deployment management 5. Service validation and testing 6. Change evaluation 7. Knowledge management

72. Service Operation GDS Gareth Rushgrove

73. GDS Gareth Rushgrove 1. Event management 2. Incident management 3.

    Request fulfillment 4. Problem management 5. Access management

74. Continual Service Improvement GDS Gareth Rushgrove

75. GDS Gareth Rushgrove

76. GDS Gareth Rushgrove

77. ITIL and Waterfall GDS Gareth Rushgrove

78. ITIL and Agile? GDS Gareth Rushgrove

79. From: Manual, process and documentation heavy GDS Gareth Rushgrove

80. To: Automated, metrics driven, collaborative GDS Gareth Rushgrove

81. Exercise: Features vs Stability GDS Gareth Rushgrove

82. GDS Gareth Rushgrove A Sample Service Interstellar spacecraft license Space

    interstellar-spacecraft-license

83. Developers 5 reasons to focus on features GDS Gareth Rushgrove

84. Operations 5 reasons to focus on stability GDS Gareth Rushgrove

85. Developers vs Operations GDS Gareth Rushgrove

86. Digital vs IT? GDS Gareth Rushgrove

87. Antagonistic organisational structures GDS Gareth Rushgrove

88. Misaligned incentives GDS Gareth Rushgrove

89. Hosting (many things to many people) GDS Gareth Rushgrove

90. Infrastructure your service runs on, and tools that support it

    GDS Gareth Rushgrove

91. Infrastructure as a Service GDS Gareth Rushgrove

92. Platform as a Service GDS Gareth Rushgrove

93. G-Cloud procurement framework GDS Gareth Rushgrove

94. Cloud First policy GDS Gareth Rushgrove

95. Hosting hides lots of process and technical work GDS Gareth

    Rushgrove

96. 14 areas GDS Gareth Rushgrove

97. GDS Gareth Rushgrove Process Shared services Policy Design Components Monitoring

    Logging Config management Deployment Access control Provisioning Security controls Testing Operating systems

98. 93 themes GDS Gareth Rushgrove

99. GDS Gareth Rushgrove Source code hosting Capacity planning Network architecture

    Application metrics Security clearances HTTP caching Intrusion detection Internal DNS Operations manual Database backups Log storage File systems User directory ...

100. 105 sample stories GDS Gareth Rushgrove

101. Bring your own acceptance criteria GDS Gareth Rushgrove

102. Usage guidelines GDS Gareth Rushgrove

103. Support (day to day responsibility) GDS Gareth Rushgrove

104. Real bugs happen in production GDS Gareth Rushgrove

105. Help desk GDS Gareth Rushgrove

106. Operating hours GDS Gareth Rushgrove

107. Out-of-hours GDS Gareth Rushgrove

108. Change control GDS Gareth Rushgrove

109. Unexpected events GDS Gareth Rushgrove

110. GDS Gareth Rushgrove Security advisories

111. Expected events GDS Gareth Rushgrove

112. GDS Gareth Rushgrove

113. GDS Gareth Rushgrove

114. Systems administration GDS Gareth Rushgrove

115. Reporting GDS Gareth Rushgrove

116. GDS Gareth Rushgrove Sometimes shorted to SIAM

117. Suitable support models based on criticality GDS Gareth Rushgrove

118. Avoid ambiguity of responsibility GDS Gareth Rushgrove

119. End-to-end performance incentives GDS Gareth Rushgrove

120. Usage based charging GDS Gareth Rushgrove

121. Legacy (existing IT systems and components) GDS Gareth Rushgrove

122. Digital public services GDS Gareth Rushgrove Mission IT Desktop, infrastructure,

     connectivity Back office, shared services

123. Digital public services GDS Gareth Rushgrove Mission IT Desktop, infrastructure,

     connectivity Back office, shared services

124. Digital public services GDS Gareth Rushgrove Mission IT Desktop, infrastructure,

     connectivity Back office, shared services

125. Technology GDS Gareth Rushgrove

126. Suppliers GDS Gareth Rushgrove

127. Contracts GDS Gareth Rushgrove

128. Wrapping systems with open interfaces GDS Gareth Rushgrove

129. Engaging on a technical level with existing suppliers GDS Gareth

     Rushgrove

130. Support from the Office of the Government CTO GDS Gareth

     Rushgrove

131. Making changes (Going fast, reducing risk) GDS Gareth Rushgrove

132. GDS Gareth Rushgrove On launching GOV.UK

133. GDS Gareth Rushgrove

134. GDS Gareth Rushgrove Average about 6 releases a day over

     6 months

135. GDS Gareth Rushgrove We changed less software on the day

     of launch than probably any day before or since

136. GDS Gareth Rushgrove Regular releases reduce risk

137. GDS Gareth Rushgrove One click deploy

138. GDS Gareth Rushgrove Single place to deploy

139. GDS Gareth Rushgrove Change one thing at once

140. GDS Gareth Rushgrove http://www.flickr.com/photos/fatty/9158066939 We use a physical token

141. GDS Gareth Rushgrove Developers want Visibility of deploys

142. GDS Gareth Rushgrove Organisation want auditability of deploys

143. GDS Gareth Rushgrove App showing deploys

144. GDS Gareth Rushgrove Not just applications

145. GDS Gareth Rushgrove Configuration management

146. GDS Gareth Rushgrove

147. GDS Gareth Rushgrove package { 'apache2': ensure => latest, }

     service { 'apache2': ensure => running, provider => upstart, require => Package['apache2'] } Infrastructure as code

148. GDS Gareth Rushgrove Infrastructure not just configuration

149. GDS Gareth Rushgrove Infrastructure as a Service

150. GDS Gareth Rushgrove Network, Compute and Storage via an API

151. require 'rubygems' require 'nat' nat do snat :interface => "Client

     Data", :original => { :ip => "10.0.0.0/xx" }, :translated => { :ip => "xx.xx.xx.xx" }, :desc => "Outbound internet traffic" dnat :interface => "Client Data", :original => { :ip => "xx.xx.xx.xx", :port => 22 }, :translated => { :ip => "10.0.0.xx", :port => 22 }, :desc => "jumpbox-1 SSH" dnat :interface => "Client Data", :original => { :ip => "xx.xx.xx.xx", :port => 80 },, :translated => { :ip => "10.0.0.xx", :port => 80 }, :desc => "jenkins, logging, monitoring HTTP" GDS Gareth Rushgrove Network as code

152. require 'rubygems' require 'firewall' firewall do # internal rules rule

     "ssh access to jumpbox1" do source :ip => "Any" destination :ip => "xx.xx.xx.xx", :port => 22 end rule "http to backend applications" do source :ip => "Any" destination :ip => "xx.xx.xx.xx", :port => 80 end rule "https to backend applications" do GDS Gareth Rushgrove Firewalls as code

153. GDS Gareth Rushgrove Embrace process discussions

154. GDS Gareth Rushgrove Change control

155. GDS Gareth Rushgrove Optimise only as far as needed

156. Exercise: What to monitor? GDS Gareth Rushgrove

157. GDS Gareth Rushgrove Example GOV.UK

158. 30,000+ metrics collected, many every second GDS Gareth Rushgrove

159. ~2000 checks, most every few minutes GDS Gareth Rushgrove

160. GDS Gareth Rushgrove http://www.flickr.com/photos/psd/8756580339 Lots of information on dashboards

161. GDS Gareth Rushgrove What would you monitor? Interstellar spacecraft license

     Space interstellar-spacecraft-license

162. Next steps (Further reading) GDS Gareth Rushgrove

163. GDS Gareth Rushgrove CTO Guidance

164. GDS Gareth Rushgrove Choosing Technology

165. GDS Gareth Rushgrove

166. GDS Gareth Rushgrove

167. GDS Gareth Rushgrove

168. GDS Gareth Rushgrove

169. GDS Gareth Rushgrove

170. Questions? (And thanks for listening) GDS Gareth Rushgrove

171. GDS Gareth Rushgrove Gareth Rushgrove Technical Architect Government Digital Service

     @garethr