Operating GOV.UK

Transcript

1. GDS Gareth Rushgrove Operating GOV.UK people, processes and tools behind

   large websites

2. Who (Who is this person?) GDS Gareth Rushgrove

3. GDS Gareth Rushgrove Gareth Rushgrove Technical Architect Government Digital Service

   @garethr

4. @garethr GDS Gareth Rushgrove

5. GDS Gareth Rushgrove

6. GDS Gareth Rushgrove

7. GDS Gareth Rushgrove Last code I wrote

8. GDS Gareth Rushgrove

9. GDS Gareth Rushgrove

10. GDS Gareth Rushgrove

11. What (What will I get from this talk?) GDS Gareth

    Rushgrove

12. GDS Gareth Rushgrove Working on a large site or app

    1

13. GDS Gareth Rushgrove Working in a large team or organisation

    2

14. GDS Gareth Rushgrove A bit about change control, auditing, config

    management, monitoring and support 3

15. Background (Government and GOV.UK) GDS Gareth Rushgrove

16. GDS Gareth Rushgrove October 2010

17. GDS Gareth Rushgrove June 2011

18. GDS Gareth Rushgrove January 2012

19. GDS (Government Digital Service) GDS Gareth Rushgrove

20. GDS Gareth Rushgrove

21. GDS Gareth Rushgrove October 2012

22. GDS Gareth Rushgrove Tools as well as content

23. GDS Gareth Rushgrove Award winning

24. By the numbers (The size of the thing) GDS Gareth

    Rushgrove

25. 38 GDS Gareth Rushgrove Weeks since launch

26. 2 GDS Gareth Rushgrove Sites closed on day one

27. GDS Gareth Rushgrove 59 Sites closed since

28. 222 GDS Gareth Rushgrove Subdomains closed

29. GDS Gareth Rushgrove 139 Million visits since launch

30. 300 GDS Gareth Rushgrove Thousand redirects

31. GDS Gareth Rushgrove 100 Members of the team ~

32. Start with principles (What do you stand for?) GDS Gareth

    Rushgrove

33. GDS Gareth Rushgrove http://www.flickr.com/photos/psd/9120523574

34. GDS Gareth Rushgrove http://www.flickr.com/photos/psd/9116635297

35. GDS Gareth Rushgrove http://www.flickr.com/photos/psd/9104280608

36. GDS Gareth Rushgrove http://www.flickr.com/photos/psd/9122642253

37. GDS Gareth Rushgrove http://www.flickr.com/photos/psd/9099796942

38. GDS Gareth Rushgrove

39. Support (Everyone owns your uptime) GDS Gareth Rushgrove

40. GDS Gareth Rushgrove 24x7x365

41. User support GDS Gareth Rushgrove

42. Technical support GDS Gareth Rushgrove

43. Unless you engage with process it will be imposed on

    you GDS Gareth Rushgrove

44. GDS Gareth Rushgrove Share language

45. Monitoring (Watch everything) GDS Gareth Rushgrove

46. 30,000+ metrics collected, many every second GDS Gareth Rushgrove

47. GDS Gareth Rushgrove

48. ~2000 monitoring checks, most every minute GDS Gareth Rushgrove

49. GDS Gareth Rushgrove http://www.flickr.com/photos/psd/8756580339 Lots of information on dashboards

50. GDS Gareth Rushgrove Performance data

51. GDS Gareth Rushgrove

52. GDS Gareth Rushgrove

53. Security and auditing (Keeping everything safe) GDS Gareth Rushgrove

54. Engage with risk management GDS Gareth Rushgrove

55. Confidentiality, integrity, availability GDS Gareth Rushgrove

56. Penetration testing is only part of the answer GDS Gareth

    Rushgrove

57. Read the source material GDS Gareth Rushgrove Yes, all of

    it

58. Change control (Deploy all the things) GDS Gareth Rushgrove

59. GDS Gareth Rushgrove

60. GDS Gareth Rushgrove Average about 6 releases a day over

    6 months

61. GDS Gareth Rushgrove We changed less software on the day

    of launch than probably any day before or since

62. GDS Gareth Rushgrove Regular releases reduce risk

63. Configuration management (know everything about everything) GDS Gareth Rushgrove

64. GDS Gareth Rushgrove

65. GDS Gareth Rushgrove package { 'apache2': ensure => latest, }

    service { 'apache2': ensure => running, provider => upstart, require => Package['apache2'] } Infrastructure as code

66. class govuk::apps::calendars( $port = 3011 ) { govuk::app { 'calendars':

    app_type => 'rack', port => $port, health_check_path => ‘/bank-holidays’, } } GDS Gareth Rushgrove Higher level constructs

67. GDS Gareth Rushgrove Infrastructure not just configuration

68. GDS Gareth Rushgrove Fog Libcloud VCloud AWS Used at different

    times

69. require 'rubygems' require 'nat' nat do snat :interface => "Client

    Data", :original => { :ip => "10.0.0.0/xx" }, :translated => { :ip => "xx.xx.xx.xx" }, :desc => "Outbound internet traffic" dnat :interface => "Client Data", :original => { :ip => "xx.xx.xx.xx", :port => 22 }, :translated => { :ip => "10.0.0.xx", :port => 22 }, :desc => "jumpbox-1 SSH" dnat :interface => "Client Data", :original => { :ip => "xx.xx.xx.xx", :port => 80 },, :translated => { :ip => "10.0.0.xx", :port => 80 }, :desc => "jenkins, logging, monitoring HTTP" GDS Gareth Rushgrove Network in code

70. require 'rubygems' require 'firewall' firewall do # internal rules rule

    "ssh access to jumpbox1" do source :ip => "Any" destination :ip => "xx.xx.xx.xx", :port => 22 end rule "http to backend applications" do source :ip => "Any" destination :ip => "xx.xx.xx.xx", :port => 80 end rule "https to backend applications" do GDS Gareth Rushgrove Firewalls in code

71. Find out more (Lots of reading for everyone) GDS Gareth

    Rushgrove

72. GDS Gareth Rushgrove

73. GDS Gareth Rushgrove Government Service Design Manual

74. GDS Gareth Rushgrove Even contains a definition of devops

75. GDS Gareth Rushgrove

76. GDS Gareth Rushgrove

77. GDS Gareth Rushgrove

78. GDS Gareth Rushgrove

79. GDS Gareth Rushgrove

80. Questions? (and thanks for listening) GDS Gareth Rushgrove

81. GDS Gareth Rushgrove Gareth Rushgrove Technical Architect Government Digital Service

    @garethr