$30 off During Our Annual Pro Sale. View Details »

DevOps principles to build your lean startup

DevOps principles to build your lean startup

DevOps is one of the new buzzwords that describes how the IT world moves towards combining increased skills, automation, tools and organisational culture. In the session we will see how DevOps can to build a scientific approach to creating and managing startup's development process and get a product into customers' hands faster. Throughout the session, we will be discussing different approaches and use cases to help you better understand how you can use DevOps to build a lean startup. At the end of the session, we will see the entire DevOps work-flow demonstration; from code to production. At the end of the session you will also be given a valuable DevOps check-list and lots of references to get started with DevOps and Security for your business.

Madhu Akula

June 27, 2017
Tweet

More Decks by Madhu Akula

Other Decks in Technology

Transcript

  1. DEVOPS PRINCIPLES
    TO BUILD YOUR LEAN
    STARTUP
    STARTUP LEADERSHIP PROGRAM ONLINE
    WEBINAR
    Madhu Akula, Automation Ninja
    Appsecco

    View Slide

  2. ABOUT ME
    Automation Ninja at Appsecco
    Interested in Security, DevOps and Cloud
    Speaker & Trainer: Defcon, DevSecCon, All Day DevOps,
    DevOps Days, etc
    Found bugs in Google, Microso , Yahoo, etc
    Never ending learner!
    Follow me (or) Tweet to me @madhuakula

    View Slide

  3. DISCLAIMER
    This talk is my view of DevOps

    View Slide

  4. WHAT IS DEVOPS?
    DevOps - Implementing a culture of sharing
    between development and operations
    There are many definitions for this term.
    I personally follow CAMS by Damon Edwards
    Culture
    Automation
    Measurement
    Sharing

    View Slide

  5. WHAT ARE LEAN STARTUP PRINCIPLES?

    View Slide

  6. WHAT ARE THE PROBLEMS WITH
    TRADITIONAL STUFF?
    Insufficient time
    Unstable and unpredictable infrastructure
    Lack of Documentation & Updated
    Inventory

    View Slide

  7. WHY DEVOPS?
    High-performing IT organizations deploy more frequently,
    fail less, and recover faster
    Automation is a huge boon to organizations
    Loosely coupled architectures and teams are the
    strongest predictor of continuous delivery
    Lean product management drives higher organizational
    performance

    View Slide

  8. DEVOPS ADOPTION
    https://puppet.com/system/files/2017-06/2017-state-of-devops-report_3.pdf

    View Slide

  9. CHANGES IN IT PERFORMANCE, 2016 TO 2017
    https://puppet.com/system/files/2017-06/2017-state-of-devops-report_3.pdf

    View Slide

  10. COMPARISON BETWEEN TRADITIONAL IT VS
    DEVOPS PROCESS
    https://devops.com/comparing-devops-traditional-eight-key-differences/

    View Slide

  11. PAUL GRAHAM’S STARTUP CURVE
    Source: https://medium.com/agorapulse-stories/running-a-startup-with-lean-devops-culture-
    df50825b110b

    View Slide

  12. INTRODUCING CLOUD COMPUTING AND IT'S
    SERVICES
    Cloud computing and it's services will help
    to save immense amount of time and
    money with additional facilities.

    View Slide

  13. CLOUD COMPUTING AND IT'S SERVICES
    (CONT.D)
    Costs (pay-as-you-go)
    Access to multiple services
    IAAS (Infrastructure as a
    service)
    PAAS (Platform as a service)
    SAAS (So ware as a service)
    Scalability
    Mobility

    View Slide

  14. DEVOPS LIFE CYCLE
    source: https://blog.appdynamics.com/engineering/devops-scares-me-part-4-dev-and-ops-
    collaborate-across-the-lifecycle

    View Slide

  15. AGILE VS WATERFALL
    source: https://blog.ganttpro.com/en/waterfall-vs-agile-with-advantages-and-disadvantages/

    View Slide

  16. AGILE VS WATERFALL (CONTD.)
    With waterfall development, frozen
    business plan and silos between teams,
    getting an idea delivered to customers took
    months or even years.

    View Slide

  17. AGILE VS WATERFALL (CONTD.)
    source: https://blog.ganttpro.com/en/waterfall-vs-agile-with-advantages-and-disadvantages/

    View Slide

  18. DEVOPS STARTUP ANATOMY
    Early days Dev/Ops/Security will be the same
    person/team
    Time is critical asset, focus on product
    Cloud and modern tools give you a huge amount of
    possibilities

    View Slide

  19. MODERN OPERATIONS

    View Slide

  20. VERSION CONTROL
    Version controlling gives the power of
    moving traditional IT operations to modern
    DevOps shops

    View Slide

  21. VERSION CONTROL (CONTD.)
    Management of things is super easy and efficient
    Github, Bitbucket, Gitlab, Gogs, etc
    Some of things can be done with version control
    includes
    Documentation, Presentations, References, etc
    Configurations, Playbooks, Scripts, Code, etc
    Many more

    View Slide

  22. DOCUMENTATION
    Documentation is the solution for multiple
    problem, which gives ample amount of
    time to solve other problems

    View Slide

  23. DOCUMENTATION (CONTD.)
    Text format (Human & Machine readable format)
    Markdown is one of the simple and powerful format
    It provides valuable amount of use cases, which includes
    Building Knowledge Base (MKDocs, Raneto, Gitbooks,
    etc)
    Generating presentations (reveal.js, impress.js, etc)
    Giving solutions and how to guide playbooks
    Many more

    View Slide

  24. CONFIGURATION MANAGEMENT
    Infrastructure as code (aims to take the confusion and
    error-prone aspect of manual processes and make it more
    efficient, and productive)
    Version control, Continuous integration, Code review and
    Automated testing
    Inventory using configuration management
    database(CMDB)
    Tools (Terraform, Ansible, Puppet, Chef, etc)

    View Slide

  25. CONFIGURATION MANAGEMENT
    To get started with

    View Slide

  26. CONFIGURATION MANAGEMENT (EXAMPLE)
    Install nginx and start the
    server
    ---
    - name: install and start nginx webserver
    hosts: webserver
    user: madhu
    become: yes
    task:
    name: install nginx
    apt: name=nginx state=present update_cache=yes
    name: start nginx
    service: name=nginx state=running

    View Slide

  27. MONITORING & ALERTING
    The key to making informed decisions and
    quickly troubleshooting issues is having
    extensive monitoring in place before
    catastrophe strikes.

    View Slide

  28. MONITORING & ALERTING (CONTD.)
    Host level monitoring & alerting (health checks, file
    integrity, etc)
    Security events monitoring & alerting (logs, events, many
    more)
    Monitoring will give you the situational awareness needed
    to quickly diagnose issues and recover quickly
    Tools like (Ngaios, Icinga, ELK, Prometheus, Newrelic,
    Datadog, Splunk, Slack, Pagerduty, Victorops, OSSEC,
    Osquery, etc)

    View Slide

  29. MONITORING & ALERTING (CONTD.)
    To get started with

    View Slide

  30. PROJECT MANAGEMENT & PLANNING
    Break requirements into actionable steps with possible
    human resource implications
    Like who would do the work
    An estimate of how long it will take

    View Slide

  31. PROJECT MANAGEMENT & PLANNING
    (CONTD.)
    You can share and assign to team members and get
    feedback before the solution is delivered
    When similar projects appear, you will already have a
    useful template.
    Tools like (Trello, JIRA, Asana, etc)

    View Slide

  32. SECRETS STORAGE & SHARING
    Managing secrets and keys should be your primary goal
    Not just for your infrastructure, but things like domain
    registrars, support sites for various hardware and so ware
    vendors, etc.

    View Slide

  33. SECRETS STORAGE & SHARING (CONTD.)
    A password safe is like a central database you can share
    with your team and it will allow you to collect and
    securely store this data
    Some of the tools like (Vault, Lastpass, Keepass, Many
    more)

    View Slide

  34. BACKUPS & SECURE STORAGE
    Learn how to use backup so ware and then automate it.
    Having good backups, that you test once and awhile, will
    likely save you some day
    Snapshots, Incremental, Differential, Full

    View Slide

  35. BACKUPS & SECURE STORAGE (CONT.D)
    Securing backup data & storage is really important (in
    motion and rest)
    Using encryption for possible data
    Options like (s3, Dropbox, Duply, Minio, etc)

    View Slide

  36. CONTINUOUS INTEGRATION
    Continuous Integration is a so ware
    development practice where members of a
    team integrate their work frequently,
    usually each person integrates at least
    daily - leading to multiple integrations per
    day. Each integration is verified by an
    automated build (including test) to detect
    integration errors as quickly as possible.

    View Slide

  37. CONTINUOUS DELIVERY
    Continuous Delivery is the ability to get
    changes of all types—including new
    features, configuration changes, bug fixes
    and experiments—into production, or into
    the hands of users, safely and quickly in a
    sustainable way.

    View Slide

  38. CONTINUOUS INTEGRATION & DELIVERY
    Connect your builds and webhooks to CI/CD pipelines
    Automate the test cases & validation checks
    Running your integration, build tools
    Tools like (Jenkins, Travis CI, Cricle CI, Bitbucket Pipelines,
    Gitlab Builds, etc)

    View Slide

  39. CONTINUOUS INTEGRATION & DELIVERY
    (CONTD.) - 10 FACTOR CI

    View Slide

  40. 10 FACTOR CI (CONTD.)

    View Slide

  41. COLLABORATION & COMMUNICATION
    Building collaboration is key part of DevOps.
    Making awareness across teams (Cross Functional
    Teams)
    On-call rotations & activities

    View Slide

  42. COLLABORATION & COMMUNICATION
    (CONTD.)
    Chat bots and Slack
    Gamification, Building internal
    champions
    Community events and participation

    View Slide

  43. CENTRALISATION
    Centralised Inventory & Asset Management (So ware &
    Hardware)
    Centralised Monitoring & Alerting (Health, Service,
    Applications & Security)
    Centralised Repositories (Gitlab, Private Registry, Nexus,
    etc)

    View Slide

  44. MODERN TECHNOLOGIES & TRENDS

    View Slide

  45. MODERN TECHNOLOGIES & TRENDS -
    CONTAINERS
    Containers allow you to package and isolate applications
    with their entire runtime environment
    Containers ensure that applications deploy quickly,
    reliably, and consistently regardless of deployment
    environment(dev/test/prod/etc.)

    View Slide

  46. CONTAINERS (CONTD.)
    Containers has been for a while. But, Docker made the
    revolution of container ecosystem by it's simplicity
    Containers share the same kernel of the host system, this
    gives powerful performance compared to VM's.

    View Slide

  47. MODERN TECHNOLOGIES & TRENDS -
    CONTAINERS (EXAMPLE)
    Running wordpress application stack is as simple as
    running single command
    version: '3'
    services:
    db:
    image: mysql:5.7
    volumes:
    - db_data:/var/lib/mysql
    restart: always
    environment:
    MYSQL_ROOT_PASSWORD: somewordpress
    MYSQL_DATABASE: wordpress
    MYSQL_USER: wordpress
    MYSQL_PASSWORD: wordpress
    wordpress:
    depends_on:
    - db

    View Slide

  48. MODERN TECHNOLOGIES & TRENDS -
    CONTAINERS (CONTD.)
    Managing containers at scale made simple by solutions
    like , , , and many other.
    To know more about
    To play around bunch of these new stuff
    Kubernetes Mesos DC/OS Swarm
    The New Stack Book series
    Katacoda

    View Slide

  49. MODERN TECHNOLOGIES & TRENDS -
    SERVERLESS
    Serverless computing, also known as
    Function as a Service (FaaS), is a cloud
    computing code execution model in which
    the cloud provider fully manages virtual
    machines as necessary to serve requests
    and where requests are billed by an
    abstract measure of the resources required
    to satisfy the request, rather than per
    virtual machine, per hour.
    Source: https://en.wikipedia.org/wiki/Serverless_computing

    View Slide

  50. SERVERLESS (CONTD.)
    All three biggies , and have a service
    around this and if you are sold on in-prem then look at
    IBM’s .
    Simpler frameworks such as , , ,
    Many more.
    AWS Google Azure
    OpenWhisk
    Serverless Chalice Zappa

    View Slide

  51. SERVERLESS (CONTD.)
    AWS Lambda charges start at $0.20 per 1
    million API requests. Making this fairly
    cheap and infinitely scalable
    The essence of the serverless trend is the absence of the
    server concept during so ware development.

    View Slide

  52. HIRING OPS FOR YOUR STARTUP
    Comfortable with chaos
    Knows when to solve 80% and move
    on
    Total responsibility for outcomes
    Good judgement
    Highly reactive and technical breadth
    Related to your real problems
    More about it by Charity Majors

    View Slide

  53. DEMO
    code to prod
    IDE -> Version Control -> Pipe Line -> Container -> Application

    View Slide

  54. FURTHER READING & REFERENCES

    View Slide

  55. PERIODIC TABLE OF DEVOPS TOOLS BY
    XEBIALABS
    https://xebialabs.com/periodic-table-of-devops-tools/

    View Slide

  56. 12 FACTOR APP
    A methodology for building modern, scalable,
    maintainable so ware-as-a-service apps.

    View Slide

  57. SEGMENT STACK
    https://segment.com/blog/the-segment-aws-stack/

    View Slide

  58. BOOKS TO READ
    The Phoenix Project
    The Practice of System and Network
    Administration
    The Visible Ops Handbook
    Continuous Delivery
    DevOps Handbook
    Google SRE
    The Lean Startup
    The Manager's Path

    View Slide

  59. REPOSITORIES, LINKS & BOOKMARKS
    Awesome Sysadmin
    Awesome DevOps
    Awesome SRE
    DevOps Training
    Materials
    Awesome DevSecOps

    View Slide

  60. REPOSITORIES, LINKS & BOOKMARKS
    (CONTD.)
    The Open Guide to Amazon Web
    Services
    DevOps Bookmarks
    Ops school
    Sysadmin Casts

    View Slide

  61. THE SAAS CTO SECURITY CHECKLIST

    View Slide

  62. THE DEVOPS SECURITY CHECKLIST

    View Slide

  63. ALL DAY DEVOPS
    All Day DevOps is an online community
    responsible for creating the world's largest
    DevOps conference.

    View Slide

  64. ALL DAY DEVOPS
    https://www.alldaydevops.com/

    View Slide

  65. REFERENCES
    http://www.alldaydevops.com/blog/devops-for-small-organizations-lessons-from-ed-1
    https://speakerdeck.com/armon/devops-for-startups
    https://medium.com/@larsfronius/devops-for-startups-b7fadd54c1b2
    https://medium.com/agorapulse-stories/running-a-startup-with-lean-devops-culture-
    df50825b110b
    https://www.linkedin.com/pulse/devops-lean-startups-read-cry-more-sonu-meena
    http://www.programmersparadox.com/2011/10/03/devops-and-the-lean-startup/
    https://dzone.com/articles/adapting-devops-culture-with-calms
    https://readwrite.com/2014/01/01/three-reasons-your-startup-needs-devops-or-else/
    https://devops.com/comparing-devops-traditional-eight-key-differences/
    https://puppet.com/system/files/2017-06/2017-state-of-devops-report_3.pdf
    https://www.linkedin.com/learning/devops-foundations/
    https://sysadmincasts.com/episodes/25-bits-sysadmins-should-know
    http://microservices.io/
    https://www.martinfowler.com/articles/continuousIntegration.html

    View Slide

  66. THANKS
    @madhuakula
    https://appsecco.com

    View Slide