DevOps principles to build your lean startup

DevOps principles to build your lean startup

DevOps is one of the new buzzwords that describes how the IT world moves towards combining increased skills, automation, tools and organisational culture. In the session we will see how DevOps can to build a scientific approach to creating and managing startup's development process and get a product into customers' hands faster. Throughout the session, we will be discussing different approaches and use cases to help you better understand how you can use DevOps to build a lean startup. At the end of the session, we will see the entire DevOps work-flow demonstration; from code to production. At the end of the session you will also be given a valuable DevOps check-list and lots of references to get started with DevOps and Security for your business.

A53edd970bfc4b815bad87323175367b?s=128

Madhu Akula

June 27, 2017
Tweet

Transcript

  1. DEVOPS PRINCIPLES TO BUILD YOUR LEAN STARTUP STARTUP LEADERSHIP PROGRAM

    ONLINE WEBINAR Madhu Akula, Automation Ninja Appsecco
  2. ABOUT ME Automation Ninja at Appsecco Interested in Security, DevOps

    and Cloud Speaker & Trainer: Defcon, DevSecCon, All Day DevOps, DevOps Days, etc Found bugs in Google, Microso , Yahoo, etc Never ending learner! Follow me (or) Tweet to me @madhuakula
  3. DISCLAIMER This talk is my view of DevOps

  4. WHAT IS DEVOPS? DevOps - Implementing a culture of sharing

    between development and operations There are many definitions for this term. I personally follow CAMS by Damon Edwards Culture Automation Measurement Sharing
  5. WHAT ARE LEAN STARTUP PRINCIPLES?

  6. WHAT ARE THE PROBLEMS WITH TRADITIONAL STUFF? Insufficient time Unstable

    and unpredictable infrastructure Lack of Documentation & Updated Inventory
  7. WHY DEVOPS? High-performing IT organizations deploy more frequently, fail less,

    and recover faster Automation is a huge boon to organizations Loosely coupled architectures and teams are the strongest predictor of continuous delivery Lean product management drives higher organizational performance
  8. DEVOPS ADOPTION https://puppet.com/system/files/2017-06/2017-state-of-devops-report_3.pdf

  9. CHANGES IN IT PERFORMANCE, 2016 TO 2017 https://puppet.com/system/files/2017-06/2017-state-of-devops-report_3.pdf

  10. COMPARISON BETWEEN TRADITIONAL IT VS DEVOPS PROCESS https://devops.com/comparing-devops-traditional-eight-key-differences/

  11. PAUL GRAHAM’S STARTUP CURVE Source: https://medium.com/agorapulse-stories/running-a-startup-with-lean-devops-culture- df50825b110b

  12. INTRODUCING CLOUD COMPUTING AND IT'S SERVICES Cloud computing and it's

    services will help to save immense amount of time and money with additional facilities.
  13. CLOUD COMPUTING AND IT'S SERVICES (CONT.D) Costs (pay-as-you-go) Access to

    multiple services IAAS (Infrastructure as a service) PAAS (Platform as a service) SAAS (So ware as a service) Scalability Mobility
  14. DEVOPS LIFE CYCLE source: https://blog.appdynamics.com/engineering/devops-scares-me-part-4-dev-and-ops- collaborate-across-the-lifecycle

  15. AGILE VS WATERFALL source: https://blog.ganttpro.com/en/waterfall-vs-agile-with-advantages-and-disadvantages/

  16. AGILE VS WATERFALL (CONTD.) With waterfall development, frozen business plan

    and silos between teams, getting an idea delivered to customers took months or even years.
  17. AGILE VS WATERFALL (CONTD.) source: https://blog.ganttpro.com/en/waterfall-vs-agile-with-advantages-and-disadvantages/

  18. DEVOPS STARTUP ANATOMY Early days Dev/Ops/Security will be the same

    person/team Time is critical asset, focus on product Cloud and modern tools give you a huge amount of possibilities
  19. MODERN OPERATIONS

  20. VERSION CONTROL Version controlling gives the power of moving traditional

    IT operations to modern DevOps shops
  21. VERSION CONTROL (CONTD.) Management of things is super easy and

    efficient Github, Bitbucket, Gitlab, Gogs, etc Some of things can be done with version control includes Documentation, Presentations, References, etc Configurations, Playbooks, Scripts, Code, etc Many more
  22. DOCUMENTATION Documentation is the solution for multiple problem, which gives

    ample amount of time to solve other problems
  23. DOCUMENTATION (CONTD.) Text format (Human & Machine readable format) Markdown

    is one of the simple and powerful format It provides valuable amount of use cases, which includes Building Knowledge Base (MKDocs, Raneto, Gitbooks, etc) Generating presentations (reveal.js, impress.js, etc) Giving solutions and how to guide playbooks Many more
  24. CONFIGURATION MANAGEMENT Infrastructure as code (aims to take the confusion

    and error-prone aspect of manual processes and make it more efficient, and productive) Version control, Continuous integration, Code review and Automated testing Inventory using configuration management database(CMDB) Tools (Terraform, Ansible, Puppet, Chef, etc)
  25. CONFIGURATION MANAGEMENT To get started with

  26. CONFIGURATION MANAGEMENT (EXAMPLE) Install nginx and start the server ---

    - name: install and start nginx webserver hosts: webserver user: madhu become: yes task: name: install nginx apt: name=nginx state=present update_cache=yes name: start nginx service: name=nginx state=running
  27. MONITORING & ALERTING The key to making informed decisions and

    quickly troubleshooting issues is having extensive monitoring in place before catastrophe strikes.
  28. MONITORING & ALERTING (CONTD.) Host level monitoring & alerting (health

    checks, file integrity, etc) Security events monitoring & alerting (logs, events, many more) Monitoring will give you the situational awareness needed to quickly diagnose issues and recover quickly Tools like (Ngaios, Icinga, ELK, Prometheus, Newrelic, Datadog, Splunk, Slack, Pagerduty, Victorops, OSSEC, Osquery, etc)
  29. MONITORING & ALERTING (CONTD.) To get started with

  30. PROJECT MANAGEMENT & PLANNING Break requirements into actionable steps with

    possible human resource implications Like who would do the work An estimate of how long it will take
  31. PROJECT MANAGEMENT & PLANNING (CONTD.) You can share and assign

    to team members and get feedback before the solution is delivered When similar projects appear, you will already have a useful template. Tools like (Trello, JIRA, Asana, etc)
  32. SECRETS STORAGE & SHARING Managing secrets and keys should be

    your primary goal Not just for your infrastructure, but things like domain registrars, support sites for various hardware and so ware vendors, etc.
  33. SECRETS STORAGE & SHARING (CONTD.) A password safe is like

    a central database you can share with your team and it will allow you to collect and securely store this data Some of the tools like (Vault, Lastpass, Keepass, Many more)
  34. BACKUPS & SECURE STORAGE Learn how to use backup so

    ware and then automate it. Having good backups, that you test once and awhile, will likely save you some day Snapshots, Incremental, Differential, Full
  35. BACKUPS & SECURE STORAGE (CONT.D) Securing backup data & storage

    is really important (in motion and rest) Using encryption for possible data Options like (s3, Dropbox, Duply, Minio, etc)
  36. CONTINUOUS INTEGRATION Continuous Integration is a so ware development practice

    where members of a team integrate their work frequently, usually each person integrates at least daily - leading to multiple integrations per day. Each integration is verified by an automated build (including test) to detect integration errors as quickly as possible.
  37. CONTINUOUS DELIVERY Continuous Delivery is the ability to get changes

    of all types—including new features, configuration changes, bug fixes and experiments—into production, or into the hands of users, safely and quickly in a sustainable way.
  38. CONTINUOUS INTEGRATION & DELIVERY Connect your builds and webhooks to

    CI/CD pipelines Automate the test cases & validation checks Running your integration, build tools Tools like (Jenkins, Travis CI, Cricle CI, Bitbucket Pipelines, Gitlab Builds, etc)
  39. CONTINUOUS INTEGRATION & DELIVERY (CONTD.) - 10 FACTOR CI

  40. 10 FACTOR CI (CONTD.)

  41. COLLABORATION & COMMUNICATION Building collaboration is key part of DevOps.

    Making awareness across teams (Cross Functional Teams) On-call rotations & activities
  42. COLLABORATION & COMMUNICATION (CONTD.) Chat bots and Slack Gamification, Building

    internal champions Community events and participation
  43. CENTRALISATION Centralised Inventory & Asset Management (So ware & Hardware)

    Centralised Monitoring & Alerting (Health, Service, Applications & Security) Centralised Repositories (Gitlab, Private Registry, Nexus, etc)
  44. MODERN TECHNOLOGIES & TRENDS

  45. MODERN TECHNOLOGIES & TRENDS - CONTAINERS Containers allow you to

    package and isolate applications with their entire runtime environment Containers ensure that applications deploy quickly, reliably, and consistently regardless of deployment environment(dev/test/prod/etc.)
  46. CONTAINERS (CONTD.) Containers has been for a while. But, Docker

    made the revolution of container ecosystem by it's simplicity Containers share the same kernel of the host system, this gives powerful performance compared to VM's.
  47. MODERN TECHNOLOGIES & TRENDS - CONTAINERS (EXAMPLE) Running wordpress application

    stack is as simple as running single command version: '3' services: db: image: mysql:5.7 volumes: - db_data:/var/lib/mysql restart: always environment: MYSQL_ROOT_PASSWORD: somewordpress MYSQL_DATABASE: wordpress MYSQL_USER: wordpress MYSQL_PASSWORD: wordpress wordpress: depends_on: - db
  48. MODERN TECHNOLOGIES & TRENDS - CONTAINERS (CONTD.) Managing containers at

    scale made simple by solutions like , , , and many other. To know more about To play around bunch of these new stuff Kubernetes Mesos DC/OS Swarm The New Stack Book series Katacoda
  49. MODERN TECHNOLOGIES & TRENDS - SERVERLESS Serverless computing, also known

    as Function as a Service (FaaS), is a cloud computing code execution model in which the cloud provider fully manages virtual machines as necessary to serve requests and where requests are billed by an abstract measure of the resources required to satisfy the request, rather than per virtual machine, per hour. Source: https://en.wikipedia.org/wiki/Serverless_computing
  50. SERVERLESS (CONTD.) All three biggies , and have a service

    around this and if you are sold on in-prem then look at IBM’s . Simpler frameworks such as , , , Many more. AWS Google Azure OpenWhisk Serverless Chalice Zappa
  51. SERVERLESS (CONTD.) AWS Lambda charges start at $0.20 per 1

    million API requests. Making this fairly cheap and infinitely scalable The essence of the serverless trend is the absence of the server concept during so ware development.
  52. HIRING OPS FOR YOUR STARTUP Comfortable with chaos Knows when

    to solve 80% and move on Total responsibility for outcomes Good judgement Highly reactive and technical breadth Related to your real problems More about it by Charity Majors
  53. DEMO code to prod IDE -> Version Control -> Pipe

    Line -> Container -> Application
  54. FURTHER READING & REFERENCES

  55. PERIODIC TABLE OF DEVOPS TOOLS BY XEBIALABS https://xebialabs.com/periodic-table-of-devops-tools/

  56. 12 FACTOR APP A methodology for building modern, scalable, maintainable

    so ware-as-a-service apps.
  57. SEGMENT STACK https://segment.com/blog/the-segment-aws-stack/

  58. BOOKS TO READ The Phoenix Project The Practice of System

    and Network Administration The Visible Ops Handbook Continuous Delivery DevOps Handbook Google SRE The Lean Startup The Manager's Path
  59. REPOSITORIES, LINKS & BOOKMARKS Awesome Sysadmin Awesome DevOps Awesome SRE

    DevOps Training Materials Awesome DevSecOps
  60. REPOSITORIES, LINKS & BOOKMARKS (CONTD.) The Open Guide to Amazon

    Web Services DevOps Bookmarks Ops school Sysadmin Casts
  61. THE SAAS CTO SECURITY CHECKLIST

  62. THE DEVOPS SECURITY CHECKLIST

  63. ALL DAY DEVOPS All Day DevOps is an online community

    responsible for creating the world's largest DevOps conference.
  64. ALL DAY DEVOPS https://www.alldaydevops.com/

  65. REFERENCES http://www.alldaydevops.com/blog/devops-for-small-organizations-lessons-from-ed-1 https://speakerdeck.com/armon/devops-for-startups https://medium.com/@larsfronius/devops-for-startups-b7fadd54c1b2 https://medium.com/agorapulse-stories/running-a-startup-with-lean-devops-culture- df50825b110b https://www.linkedin.com/pulse/devops-lean-startups-read-cry-more-sonu-meena http://www.programmersparadox.com/2011/10/03/devops-and-the-lean-startup/ https://dzone.com/articles/adapting-devops-culture-with-calms https://readwrite.com/2014/01/01/three-reasons-your-startup-needs-devops-or-else/

    https://devops.com/comparing-devops-traditional-eight-key-differences/ https://puppet.com/system/files/2017-06/2017-state-of-devops-report_3.pdf https://www.linkedin.com/learning/devops-foundations/ https://sysadmincasts.com/episodes/25-bits-sysadmins-should-know http://microservices.io/ https://www.martinfowler.com/articles/continuousIntegration.html
  66. THANKS @madhuakula https://appsecco.com