Slide 1

Slide 1 text

DevOps for Startups

Slide 2

Slide 2 text

Armon Dadgar @armon

Slide 3

Slide 3 text

No content

Slide 4

Slide 4 text

No content

Slide 5

Slide 5 text

What is DevOps?

Slide 6

Slide 6 text

DevOps Definitions • “DevOps is you have developers do everything” • “DevOps is you get rid of operations” • “DevOps is a cultural movement” • “DevOps is …”

Slide 7

Slide 7 text

Delivering an Application • Software organization is a system like any other • Composed of people, processes, and tools • Processes used to organize people • Tools used to support people and process • Output is applications

Slide 8

Slide 8 text

People  Specialized Knowledge Limited time

Slide 9

Slide 9 text

People  Programming Languages Frameworks Design Patterns Application Architecture … Developer

Slide 10

Slide 10 text

People  Programming Languages Frameworks Design Patterns Application Architecture … Developer  Threat Modeling Cryptography Security Patterns Compliance … Security  Cloud APIs System Administration Infrastructure Architecture Networking … Operator

Slide 11

Slide 11 text

Unicorn Developers • “Developers should do it all!” • Unicorns are in short supply, not a good business decision • Specialization of Knowledge is real • Some knowledge can be outsourced, still exists!

Slide 12

Slide 12 text

Process  Developer  Security  Operator

Slide 13

Slide 13 text

Process  Developer  Security  Operator

Slide 14

Slide 14 text

Process  Developer  Security  Operator

Slide 15

Slide 15 text

Process  Developer  Security  Operator

Slide 16

Slide 16 text

Amdahl’s Law • The theoretical throughput of a system is limited by serial latency • Organization is a system that is creating an application • Output is limited by serial coordination • Empowering individuals to work independently improves throughput

Slide 17

Slide 17 text

Fundamental Steps • Write the application • Test the application • Package for staging / production • Provisioning infrastructure resources • Deploying an application to the infrastructure • Monitoring applications and infrastructure • Securing applications and infrastructure

Slide 18

Slide 18 text

DevOps Defined • Process to fulfill the fundamental steps optimizing for throughput • Reduce coordination, empower individuals, focus on delivery time • Use tools to coordinate between steps instead of people • Clean separation of responsibilities

Slide 19

Slide 19 text

No content

Slide 20

Slide 20 text

DevOps Process  Developer  Security  Operator Write and Test Consume Secrets Deploy Monitor Apps Automate Packaging Provision Infrastructure Provide Deployment Tools Monitor Infrastructure Model Organization Manage Secrets Delegate Access Compliance

Slide 21

Slide 21 text

Caveats • With great power, comes great responsibility! • Developers become owners of application • More discipline around testing • Requires investment in tooling and education

Slide 22

Slide 22 text

Ask your Doctor • Every process makes assumptions and optimizes for different metrics • DevOps optimizes for agility, assumes cost of mistake is low and risk tolerance is high • Waterfall optimizes for risk management, assumes cost of mistake is high and risk tolerance is low • Avionics software poorly suited for DevOps • Very high cost of mistakes, very low risk tolerance, low iteration speed

Slide 23

Slide 23 text

DevOps for Startups

Slide 24

Slide 24 text

Scaling down DevOps • That sounded very Enterprise-y • Startups have (many) fewer people • Impacts process and tools

Slide 25

Slide 25 text

Startup Anatomy • Fewer specializations and less teams • Unlikely to have dedicated QA, Security, Compliance, etc • In the early days, may not have any operators

Slide 26

Slide 26 text

Startup Constraints • Burn rate, it’s a race against the clock! • Focus on core product, everything else is a cost center • Outsource where possible • High risk tolerance, default is failure

Slide 27

Slide 27 text

Doing DevOps • Usually happens naturally because of lack of specialization! • All developers empowered to deploy in the early days • As you start specializing, stay conscious of the delivery process

Slide 28

Slide 28 text

Pragmatism • Build for 1x, Design for 10x, Plan for 100x • You are not Google, nor will you be next year • Business and product may change, reduce sunk costs • Stay flexible to change, without building into a cul-de-sac

Slide 29

Slide 29 text

No content

Slide 30

Slide 30 text

Provisioning • Pick a cloud! • Large credits available to incentivize usage ($10K-$100K+) • Leverage the expertise of your people • Make it easy to spin up multiple environments (prod, stage, dev) • Terraform, Infrastructure-as-Code, etc

Slide 31

Slide 31 text

Security • Focus on the low hanging fruit • Enable 2FA everywhere • Build a network perimeter (private network + bastion host) • Avoid secrets / credentials in code (Vault) • Encrypt sensitive data (Vault) • Use security monitoring (evident.io)

Slide 32

Slide 32 text

Runtime • Focus on developer productivity • Cost is likely a red herring relative to payroll • Assume ~0 operators • Outsource logging (Cloud), metrics (NewRelic, DataDog), exception tracking (Sentry), alerting (PagerDuty) • Leverage platforms like ECS, Nomad, K8S

Slide 33

Slide 33 text

Note on Schedulers • Schedulers are fantastic, but not silver bullets • Complex software has complex failure modes • Keep It Simple Stupid • Dedicated operator almost a requirement for more advanced systems • Ask: Why do we need it?

Slide 34

Slide 34 text

Starting with Segment Stack • Segment is a streaming analytics startup • Published their full AWS stack configuration • https://github.com/segmentio/stack • Leverages Terraform, AWS, Docker, and ECS

Slide 35

Slide 35 text

No content

Slide 36

Slide 36 text

Segment Stack Features • Secure networking by default • Basic auto-scaling • Deployment handled by ECS • Uses CloudWatch for logging and metrics • Up and running in 10 minutes

Slide 37

Slide 37 text

Growing Up

Slide 38

Slide 38 text

Growing into scale • If all goes well, the startup will grow • More people eventually forces a specialization of knowledge • Starts to look more like the Enterprise-y process • Allows for more sophistication if done right

Slide 39

Slide 39 text

Dedicated Operations • Owns the Infrastructure / Security / Runtime core • Provide a platform to developers (write, test, deploy, monitor) • Evaluate fancier schedulers (Nomad, K8S, Swarm) • Richer tooling (deployment, observability, tracing, etc) • Performance of the infrastructure • Blue/Green, shadow traffic, enable better testing rigor

Slide 40

Slide 40 text

Dedicated Security Team • Reduce the surface area of access • Locking down SSH access • Mutual TLS for services • Data privacy • Compliance

Slide 41

Slide 41 text

Splitting Development Teams • Dividing the application into services owned by teams • Reduces coordination between teams, increases operational demand • Need better deployment and observability tooling • More disciple around testing required, more moving pieces

Slide 42

Slide 42 text

Conclusion

Slide 43

Slide 43 text

DevOps for Startups • DevOps is a process focused on agility, aligns with constraints of startups! • Clouds and modern tools give you a huge amount of leverage • Avoid BIY, almost always a cost center, doesn’t add product value • Go forth and build!

Slide 44

Slide 44 text

Thanks!

Slide 45

Slide 45 text

Resources • DevOps Defined: https://www.hashicorp.com/devops.html • Segment Stack: https://segment.com/blog/the-segment-aws-stack/ • https://github.com/segmentio/stack • Terraform: https://www.terraform.io