Operating GOV.UK

Operating GOV.UK

Talk for Refresh Cambridge about some of the approaches the Government Digital Service has used in running GOV.UK.

98234c645fe8c935edc0fec0186d28b8?s=128

Gareth Rushgrove

September 02, 2013
Tweet

Transcript

  1. GDS Gareth Rushgrove Operating GOV.UK people, processes and tools behind

    large websites
  2. Who (Who is this person?) GDS Gareth Rushgrove

  3. GDS Gareth Rushgrove Gareth Rushgrove Technical Architect Government Digital Service

    @garethr
  4. @garethr GDS Gareth Rushgrove

  5. GDS Gareth Rushgrove

  6. GDS Gareth Rushgrove

  7. GDS Gareth Rushgrove Last code I wrote

  8. GDS Gareth Rushgrove

  9. GDS Gareth Rushgrove

  10. GDS Gareth Rushgrove

  11. What (What will I get from this talk?) GDS Gareth

    Rushgrove
  12. GDS Gareth Rushgrove Working on a large site or app

    1
  13. GDS Gareth Rushgrove Working in a large team or organisation

    2
  14. GDS Gareth Rushgrove A bit about change control, auditing, config

    management, monitoring and support 3
  15. Background (Government and GOV.UK) GDS Gareth Rushgrove

  16. GDS Gareth Rushgrove October 2010

  17. GDS Gareth Rushgrove June 2011

  18. GDS Gareth Rushgrove January 2012

  19. GDS (Government Digital Service) GDS Gareth Rushgrove

  20. GDS Gareth Rushgrove

  21. GDS Gareth Rushgrove October 2012

  22. GDS Gareth Rushgrove Tools as well as content

  23. GDS Gareth Rushgrove Award winning

  24. By the numbers (The size of the thing) GDS Gareth

    Rushgrove
  25. 38 GDS Gareth Rushgrove Weeks since launch

  26. 2 GDS Gareth Rushgrove Sites closed on day one

  27. GDS Gareth Rushgrove 59 Sites closed since

  28. 222 GDS Gareth Rushgrove Subdomains closed

  29. GDS Gareth Rushgrove 139 Million visits since launch

  30. 300 GDS Gareth Rushgrove Thousand redirects

  31. GDS Gareth Rushgrove 100 Members of the team ~

  32. Start with principles (What do you stand for?) GDS Gareth

    Rushgrove
  33. GDS Gareth Rushgrove http://www.flickr.com/photos/psd/9120523574

  34. GDS Gareth Rushgrove http://www.flickr.com/photos/psd/9116635297

  35. GDS Gareth Rushgrove http://www.flickr.com/photos/psd/9104280608

  36. GDS Gareth Rushgrove http://www.flickr.com/photos/psd/9122642253

  37. GDS Gareth Rushgrove http://www.flickr.com/photos/psd/9099796942

  38. GDS Gareth Rushgrove

  39. Support (Everyone owns your uptime) GDS Gareth Rushgrove

  40. GDS Gareth Rushgrove 24x7x365

  41. User support GDS Gareth Rushgrove

  42. Technical support GDS Gareth Rushgrove

  43. Unless you engage with process it will be imposed on

    you GDS Gareth Rushgrove
  44. GDS Gareth Rushgrove Share language

  45. Monitoring (Watch everything) GDS Gareth Rushgrove

  46. 30,000+ metrics collected, many every second GDS Gareth Rushgrove

  47. GDS Gareth Rushgrove

  48. ~2000 monitoring checks, most every minute GDS Gareth Rushgrove

  49. GDS Gareth Rushgrove http://www.flickr.com/photos/psd/8756580339 Lots of information on dashboards

  50. GDS Gareth Rushgrove Performance data

  51. GDS Gareth Rushgrove

  52. GDS Gareth Rushgrove

  53. Security and auditing (Keeping everything safe) GDS Gareth Rushgrove

  54. Engage with risk management GDS Gareth Rushgrove

  55. Confidentiality, integrity, availability GDS Gareth Rushgrove

  56. Penetration testing is only part of the answer GDS Gareth

    Rushgrove
  57. Read the source material GDS Gareth Rushgrove Yes, all of

    it
  58. Change control (Deploy all the things) GDS Gareth Rushgrove

  59. GDS Gareth Rushgrove

  60. GDS Gareth Rushgrove Average about 6 releases a day over

    6 months
  61. GDS Gareth Rushgrove We changed less software on the day

    of launch than probably any day before or since
  62. GDS Gareth Rushgrove Regular releases reduce risk

  63. Configuration management (know everything about everything) GDS Gareth Rushgrove

  64. GDS Gareth Rushgrove

  65. GDS Gareth Rushgrove package { 'apache2': ensure => latest, }

    service { 'apache2': ensure => running, provider => upstart, require => Package['apache2'] } Infrastructure as code
  66. class govuk::apps::calendars( $port = 3011 ) { govuk::app { 'calendars':

    app_type => 'rack', port => $port, health_check_path => ‘/bank-holidays’, } } GDS Gareth Rushgrove Higher level constructs
  67. GDS Gareth Rushgrove Infrastructure not just configuration

  68. GDS Gareth Rushgrove Fog Libcloud VCloud AWS Used at different

    times
  69. require 'rubygems' require 'nat' nat do snat :interface => "Client

    Data", :original => { :ip => "10.0.0.0/xx" }, :translated => { :ip => "xx.xx.xx.xx" }, :desc => "Outbound internet traffic" dnat :interface => "Client Data", :original => { :ip => "xx.xx.xx.xx", :port => 22 }, :translated => { :ip => "10.0.0.xx", :port => 22 }, :desc => "jumpbox-1 SSH" dnat :interface => "Client Data", :original => { :ip => "xx.xx.xx.xx", :port => 80 },, :translated => { :ip => "10.0.0.xx", :port => 80 }, :desc => "jenkins, logging, monitoring HTTP" GDS Gareth Rushgrove Network in code
  70. require 'rubygems' require 'firewall' firewall do # internal rules rule

    "ssh access to jumpbox1" do source :ip => "Any" destination :ip => "xx.xx.xx.xx", :port => 22 end rule "http to backend applications" do source :ip => "Any" destination :ip => "xx.xx.xx.xx", :port => 80 end rule "https to backend applications" do GDS Gareth Rushgrove Firewalls in code
  71. Find out more (Lots of reading for everyone) GDS Gareth

    Rushgrove
  72. GDS Gareth Rushgrove

  73. GDS Gareth Rushgrove Government Service Design Manual

  74. GDS Gareth Rushgrove Even contains a definition of devops

  75. GDS Gareth Rushgrove

  76. GDS Gareth Rushgrove

  77. GDS Gareth Rushgrove

  78. GDS Gareth Rushgrove

  79. GDS Gareth Rushgrove

  80. Questions? (and thanks for listening) GDS Gareth Rushgrove

  81. GDS Gareth Rushgrove Gareth Rushgrove Technical Architect Government Digital Service

    @garethr