Upgrade to Pro — share decks privately, control downloads, hide ads and more …

DevOps principles to build your lean startup

DevOps principles to build your lean startup

DevOps is one of the new buzzwords that describes how the IT world moves towards combining increased skills, automation, tools and organisational culture. In the session we will see how DevOps can to build a scientific approach to creating and managing startup's development process and get a product into customers' hands faster. Throughout the session, we will be discussing different approaches and use cases to help you better understand how you can use DevOps to build a lean startup. At the end of the session, we will see the entire DevOps work-flow demonstration; from code to production. At the end of the session you will also be given a valuable DevOps check-list and lots of references to get started with DevOps and Security for your business.

Madhu Akula

June 27, 2017

More Decks by Madhu Akula

Other Decks in Technology



    ONLINE WEBINAR Madhu Akula, Automation Ninja Appsecco
  2. ABOUT ME Automation Ninja at Appsecco Interested in Security, DevOps

    and Cloud Speaker & Trainer: Defcon, DevSecCon, All Day DevOps, DevOps Days, etc Found bugs in Google, Microso , Yahoo, etc Never ending learner! Follow me (or) Tweet to me @madhuakula
  3. WHAT IS DEVOPS? DevOps - Implementing a culture of sharing

    between development and operations There are many definitions for this term. I personally follow CAMS by Damon Edwards Culture Automation Measurement Sharing

    and unpredictable infrastructure Lack of Documentation & Updated Inventory
  5. WHY DEVOPS? High-performing IT organizations deploy more frequently, fail less,

    and recover faster Automation is a huge boon to organizations Loosely coupled architectures and teams are the strongest predictor of continuous delivery Lean product management drives higher organizational performance

    services will help to save immense amount of time and money with additional facilities.
  7. CLOUD COMPUTING AND IT'S SERVICES (CONT.D) Costs (pay-as-you-go) Access to

    multiple services IAAS (Infrastructure as a service) PAAS (Platform as a service) SAAS (So ware as a service) Scalability Mobility
  8. AGILE VS WATERFALL (CONTD.) With waterfall development, frozen business plan

    and silos between teams, getting an idea delivered to customers took months or even years.
  9. DEVOPS STARTUP ANATOMY Early days Dev/Ops/Security will be the same

    person/team Time is critical asset, focus on product Cloud and modern tools give you a huge amount of possibilities
  10. VERSION CONTROL (CONTD.) Management of things is super easy and

    efficient Github, Bitbucket, Gitlab, Gogs, etc Some of things can be done with version control includes Documentation, Presentations, References, etc Configurations, Playbooks, Scripts, Code, etc Many more
  11. DOCUMENTATION (CONTD.) Text format (Human & Machine readable format) Markdown

    is one of the simple and powerful format It provides valuable amount of use cases, which includes Building Knowledge Base (MKDocs, Raneto, Gitbooks, etc) Generating presentations (reveal.js, impress.js, etc) Giving solutions and how to guide playbooks Many more
  12. CONFIGURATION MANAGEMENT Infrastructure as code (aims to take the confusion

    and error-prone aspect of manual processes and make it more efficient, and productive) Version control, Continuous integration, Code review and Automated testing Inventory using configuration management database(CMDB) Tools (Terraform, Ansible, Puppet, Chef, etc)
  13. CONFIGURATION MANAGEMENT (EXAMPLE) Install nginx and start the server ---

    - name: install and start nginx webserver hosts: webserver user: madhu become: yes task: name: install nginx apt: name=nginx state=present update_cache=yes name: start nginx service: name=nginx state=running
  14. MONITORING & ALERTING The key to making informed decisions and

    quickly troubleshooting issues is having extensive monitoring in place before catastrophe strikes.
  15. MONITORING & ALERTING (CONTD.) Host level monitoring & alerting (health

    checks, file integrity, etc) Security events monitoring & alerting (logs, events, many more) Monitoring will give you the situational awareness needed to quickly diagnose issues and recover quickly Tools like (Ngaios, Icinga, ELK, Prometheus, Newrelic, Datadog, Splunk, Slack, Pagerduty, Victorops, OSSEC, Osquery, etc)
  16. PROJECT MANAGEMENT & PLANNING Break requirements into actionable steps with

    possible human resource implications Like who would do the work An estimate of how long it will take
  17. PROJECT MANAGEMENT & PLANNING (CONTD.) You can share and assign

    to team members and get feedback before the solution is delivered When similar projects appear, you will already have a useful template. Tools like (Trello, JIRA, Asana, etc)
  18. SECRETS STORAGE & SHARING Managing secrets and keys should be

    your primary goal Not just for your infrastructure, but things like domain registrars, support sites for various hardware and so ware vendors, etc.
  19. SECRETS STORAGE & SHARING (CONTD.) A password safe is like

    a central database you can share with your team and it will allow you to collect and securely store this data Some of the tools like (Vault, Lastpass, Keepass, Many more)
  20. BACKUPS & SECURE STORAGE Learn how to use backup so

    ware and then automate it. Having good backups, that you test once and awhile, will likely save you some day Snapshots, Incremental, Differential, Full
  21. BACKUPS & SECURE STORAGE (CONT.D) Securing backup data & storage

    is really important (in motion and rest) Using encryption for possible data Options like (s3, Dropbox, Duply, Minio, etc)
  22. CONTINUOUS INTEGRATION Continuous Integration is a so ware development practice

    where members of a team integrate their work frequently, usually each person integrates at least daily - leading to multiple integrations per day. Each integration is verified by an automated build (including test) to detect integration errors as quickly as possible.
  23. CONTINUOUS DELIVERY Continuous Delivery is the ability to get changes

    of all types—including new features, configuration changes, bug fixes and experiments—into production, or into the hands of users, safely and quickly in a sustainable way.
  24. CONTINUOUS INTEGRATION & DELIVERY Connect your builds and webhooks to

    CI/CD pipelines Automate the test cases & validation checks Running your integration, build tools Tools like (Jenkins, Travis CI, Cricle CI, Bitbucket Pipelines, Gitlab Builds, etc)
  25. COLLABORATION & COMMUNICATION Building collaboration is key part of DevOps.

    Making awareness across teams (Cross Functional Teams) On-call rotations & activities
  26. COLLABORATION & COMMUNICATION (CONTD.) Chat bots and Slack Gamification, Building

    internal champions Community events and participation
  27. CENTRALISATION Centralised Inventory & Asset Management (So ware & Hardware)

    Centralised Monitoring & Alerting (Health, Service, Applications & Security) Centralised Repositories (Gitlab, Private Registry, Nexus, etc)
  28. MODERN TECHNOLOGIES & TRENDS - CONTAINERS Containers allow you to

    package and isolate applications with their entire runtime environment Containers ensure that applications deploy quickly, reliably, and consistently regardless of deployment environment(dev/test/prod/etc.)
  29. CONTAINERS (CONTD.) Containers has been for a while. But, Docker

    made the revolution of container ecosystem by it's simplicity Containers share the same kernel of the host system, this gives powerful performance compared to VM's.
  30. MODERN TECHNOLOGIES & TRENDS - CONTAINERS (EXAMPLE) Running wordpress application

    stack is as simple as running single command version: '3' services: db: image: mysql:5.7 volumes: - db_data:/var/lib/mysql restart: always environment: MYSQL_ROOT_PASSWORD: somewordpress MYSQL_DATABASE: wordpress MYSQL_USER: wordpress MYSQL_PASSWORD: wordpress wordpress: depends_on: - db

    scale made simple by solutions like , , , and many other. To know more about To play around bunch of these new stuff Kubernetes Mesos DC/OS Swarm The New Stack Book series Katacoda
  32. MODERN TECHNOLOGIES & TRENDS - SERVERLESS Serverless computing, also known

    as Function as a Service (FaaS), is a cloud computing code execution model in which the cloud provider fully manages virtual machines as necessary to serve requests and where requests are billed by an abstract measure of the resources required to satisfy the request, rather than per virtual machine, per hour. Source: https://en.wikipedia.org/wiki/Serverless_computing
  33. SERVERLESS (CONTD.) All three biggies , and have a service

    around this and if you are sold on in-prem then look at IBM’s . Simpler frameworks such as , , , Many more. AWS Google Azure OpenWhisk Serverless Chalice Zappa
  34. SERVERLESS (CONTD.) AWS Lambda charges start at $0.20 per 1

    million API requests. Making this fairly cheap and infinitely scalable The essence of the serverless trend is the absence of the server concept during so ware development.
  35. HIRING OPS FOR YOUR STARTUP Comfortable with chaos Knows when

    to solve 80% and move on Total responsibility for outcomes Good judgement Highly reactive and technical breadth Related to your real problems More about it by Charity Majors
  36. DEMO code to prod IDE -> Version Control -> Pipe

    Line -> Container -> Application
  37. BOOKS TO READ The Phoenix Project The Practice of System

    and Network Administration The Visible Ops Handbook Continuous Delivery DevOps Handbook Google SRE The Lean Startup The Manager's Path
  38. REPOSITORIES, LINKS & BOOKMARKS (CONTD.) The Open Guide to Amazon

    Web Services DevOps Bookmarks Ops school Sysadmin Casts
  39. ALL DAY DEVOPS All Day DevOps is an online community

    responsible for creating the world's largest DevOps conference.