A core concept in SRE is that we learn from major system failures, using the experience gained to improve resiliency of our systems. If we are successful at this, we avoid repeating the same customer impact the next time our systems fail in a similar way. This is wonderful, but there is a frightening corollary: when the next big failure happens, it will often be a novel problem. This talk will focus on how to prepare for novel large scale failures. I will start by summarizing common methods of incident training. This includes simulated disaster scenarios, and live system exercises that test the response of our systems and engineering teams to controlled but real production system failures. I will outline the benefits of each approach, and our experience in employing them over the years as our company has grown. Our SRE team has grown from about 40 three years ago to 120 today, and the methods we used in the past became less effective as both our systems and team organization grew more complex and distributed. While simple playbooks and fallbacks once worked in the past, we have found that with complexity came a greater need for creativity and coordination of larger teams to fight problems effectively. High trust, communication, and psychological safety are now central ingredients to an effective response, leading us to seek more novel forms of offline training. This talk will wrap up with a summary of one such large scale incident exercise we ran involving a hundred people, an office building, and 20,000 pieces of lego.
jarthorn
bkuhlmann
sonatard
sanfrecce_osaka
seike460
kasacchiful
stewemetal
tatamiya
hinakko2
kangnux
ttskch
kosmosebi
speakerdeck
productmarketing
skipperchong
lemiorhan
malarkey
reverentgeek
eileencodes
bluesmoon
lara
samanthasiow
nonsquared
chriscoyier
