Digital meets IT - Speaker Deck

Slide 1

Slide 1 text

GDS Digital meets IT Technology in Government Gareth Rushgrove

Slide 2

Slide 2 text

GDS Gareth Rushgrove Gareth Rushgrove Technical Architect Government Digital Service @garethr

Slide 3

Slide 3 text

What (Will I get from this workshop?) GDS Gareth Rushgrove

Slide 4

Slide 4 text

High level principles Focus on speciﬁc areas GDS Gareth Rushgrove

Slide 5

Slide 5 text

Government isn’t special Risk management in Government Sharing between services Service management isn’t new GDS Gareth Rushgrove

Slide 6

Slide 6 text

Hosting Support Legacy Making changes GDS Gareth Rushgrove

Slide 7

Slide 7 text

GDS Gareth Rushgrove

Slide 8

Slide 8 text

GDS Gareth Rushgrove

Slide 9

Slide 9 text

2 Assemble a multidisciplinary team who can design, build and operate the service, led by a single, suitably skilled and empowered Service Manager GDS Gareth Rushgrove

Slide 10

Slide 10 text

5 Consider the tools and systems they will be using to build, host, operate and measure their service, and how to procure them GDS Gareth Rushgrove

Slide 11

Slide 11 text

14 Make sure you have the capacity and technical ﬂexibility to update and improve the service on a very frequent basis GDS Gareth Rushgrove

Slide 12

Slide 12 text

15 Make all new source code open and reuseable, and publish it under appropriate licences (or have provided a convincing explanation of why this cannot be done for speciﬁc subsets of the source code) GDS Gareth Rushgrove

Slide 13

Slide 13 text

Government isn’t special (Most of the time) GDS Gareth Rushgrove

Slide 14

Slide 14 text

GDS Gareth Rushgrove Large companies aren’t special

Slide 15

Slide 15 text

They used to be GDS Gareth Rushgrove

Slide 16

Slide 16 text

Today more computer power in my phone than the Apollo 11 mission computer GDS Gareth Rushgrove

Slide 17

Slide 17 text

GDS Is 1 million a big number? GDS Gareth Rushgrove

Slide 18

Slide 18 text

No GDS Gareth Rushgrove

Slide 19

Slide 19 text

Is 1 billion a big number? GDS Gareth Rushgrove

Slide 20

Slide 20 text

Still no GDS Gareth Rushgrove

Slide 21

Slide 21 text

662 Services http://transactionsexplorer.cabinetofﬁce.gov.uk/ GDS Gareth Rushgrove

Slide 22

Slide 22 text

1.28bn transactions per year http://transactionsexplorer.cabinetofﬁce.gov.uk/ GDS Gareth Rushgrove

Slide 23

Slide 23 text

1.2+bn tweets every 3 days GDS Gareth Rushgrove

Slide 24

Slide 24 text

Off-the-shelf software GDS Gareth Rushgrove

Slide 25

Slide 25 text

Off-the-shelf software isn’t always off-the- shelf GDS Gareth Rushgrove

Slide 26

Slide 26 text

Everyone is a software company GDS Gareth Rushgrove

Slide 27

Slide 27 text

Except where Government is different GDS Gareth Rushgrove

Slide 28

Slide 28 text

Risk GDS Gareth Rushgrove

Slide 29

Slide 29 text

Risk is better mitigated by people and processes GDS Gareth Rushgrove

Slide 30

Slide 30 text

Risk Management in Government (and Information Assurance) GDS Gareth Rushgrove

Slide 31

Slide 31 text

Assurance GDS Gareth Rushgrove

Slide 32

Slide 32 text

Accreditation GDS Gareth Rushgrove

Slide 33

Slide 33 text

Conﬁdentiality Integrity Availability GDS Gareth Rushgrove

Slide 34

Slide 34 text

Protective marking scheme GDS Gareth Rushgrove

Slide 35

Slide 35 text

Existing: Top secret Secret Restricted Conﬁdential Protect GDS Gareth Rushgrove

Slide 36

Slide 36 text

New: Top secret Secret Ofﬁcial GDS Gareth Rushgrove

Slide 37

Slide 37 text

Business Impact Levels GDS Gareth Rushgrove

Slide 38

Slide 38 text

The problem with IL GDS Gareth Rushgrove

Slide 39

Slide 39 text

GDS Gareth Rushgrove Information Security

Slide 40

Slide 40 text

GDS Gareth Rushgrove

Slide 41

Slide 41 text

Sharing between services (what and how) GDS Gareth Rushgrove

Slide 42

Slide 42 text

Sharing GDS Gareth Rushgrove

Slide 43

Slide 43 text

Sharing data GDS Gareth Rushgrove

Slide 44

Slide 44 text

Sharing code GDS Gareth Rushgrove

Slide 45

Slide 45 text

Sharing applications GDS Gareth Rushgrove

Slide 46

Slide 46 text

Sharing platforms GDS Gareth Rushgrove

Slide 47

Slide 47 text

Sharing expertise GDS Gareth Rushgrove

Slide 48

Slide 48 text

Sharing within departments GDS Gareth Rushgrove

Slide 49

Slide 49 text

Sharing across Government GDS Gareth Rushgrove

Slide 50

Slide 50 text

http://www.flickr.com/photos/psd/9122642253 GDS Gareth Rushgrove

Slide 51

Slide 51 text

Open standards GDS Gareth Rushgrove

Slide 52

Slide 52 text

GDS Gareth Rushgrove Standards Hub

Slide 53

Slide 53 text

Using open source GDS Gareth Rushgrove

Slide 54

Slide 54 text

GDS Gareth Rushgrove Using open source safely

Slide 55

Slide 55 text

GPG 38 - Open Source Software exploring the risk GDS Gareth Rushgrove

Slide 56

Slide 56 text

Creating open source GDS Gareth Rushgrove

Slide 57

Slide 57 text

GDS Gareth Rushgrove

Slide 58

Slide 58 text

GDS Gareth Rushgrove Open Source Guidelines

Slide 59

Slide 59 text

Not like-for-like with commercial products GDS Gareth Rushgrove

Slide 60

Slide 60 text

Not like-for-like with commercial systems GDS Gareth Rushgrove

Slide 61

Slide 61 text

Service Management isn’t new (ITIL and friends) GDS Gareth Rushgrove

Slide 62

Slide 62 text

GDS Gareth Rushgrove Share language

Slide 63

Slide 63 text

ITIL GDS Gareth Rushgrove

Slide 64

Slide 64 text

Information Technology Infrastructure Library GDS Gareth Rushgrove

Slide 65

Slide 65 text

5 volumes 26 processes GDS Gareth Rushgrove

Slide 66

Slide 66 text

Service Strategy GDS Gareth Rushgrove

Slide 67

Slide 67 text

GDS Gareth Rushgrove 1. IT service management 2. Service portfolio management 3. Financial management for IT services 4. Demand management 5. Business relationship management

Slide 68

Slide 68 text

Service Design GDS Gareth Rushgrove

Slide 69

Slide 69 text

GDS Gareth Rushgrove 1. Design coordination 2. Service catalogue 3. Service level management 4. Availability management 5. Capacity management 6. Service continuity management 7. Information security management 8. Supplier management

Slide 70

Slide 70 text

Service Transition GDS Gareth Rushgrove

Slide 71

Slide 71 text

GDS Gareth Rushgrove 1. Transition planning and support 2. Change management 3. Asset and conﬁguration management 4. Release and deployment management 5. Service validation and testing 6. Change evaluation 7. Knowledge management

Slide 72

Slide 72 text

Service Operation GDS Gareth Rushgrove

Slide 73

Slide 73 text

GDS Gareth Rushgrove 1. Event management 2. Incident management 3. Request fulﬁllment 4. Problem management 5. Access management

Slide 74

Slide 74 text

Continual Service Improvement GDS Gareth Rushgrove

Slide 75

Slide 75 text

GDS Gareth Rushgrove

Slide 76

Slide 76 text

GDS Gareth Rushgrove

Slide 77

Slide 77 text

ITIL and Waterfall GDS Gareth Rushgrove

Slide 78

Slide 78 text

ITIL and Agile? GDS Gareth Rushgrove

Slide 79

Slide 79 text

From: Manual, process and documentation heavy GDS Gareth Rushgrove

Slide 80

Slide 80 text

To: Automated, metrics driven, collaborative GDS Gareth Rushgrove

Slide 81

Slide 81 text

Exercise: Features vs Stability GDS Gareth Rushgrove

Slide 82

Slide 82 text

GDS Gareth Rushgrove A Sample Service Interstellar spacecraft license Space interstellar-spacecraft-license

Slide 83

Slide 83 text

Developers 5 reasons to focus on features GDS Gareth Rushgrove

Slide 84

Slide 84 text

Operations 5 reasons to focus on stability GDS Gareth Rushgrove

Slide 85

Slide 85 text

Developers vs Operations GDS Gareth Rushgrove

Slide 86

Slide 86 text

Digital vs IT? GDS Gareth Rushgrove

Slide 87

Slide 87 text

Antagonistic organisational structures GDS Gareth Rushgrove

Slide 88

Slide 88 text

Misaligned incentives GDS Gareth Rushgrove

Slide 89

Slide 89 text

Hosting (many things to many people) GDS Gareth Rushgrove

Slide 90

Slide 90 text

Infrastructure your service runs on, and tools that support it GDS Gareth Rushgrove

Slide 91

Slide 91 text

Infrastructure as a Service GDS Gareth Rushgrove

Slide 92

Slide 92 text

Platform as a Service GDS Gareth Rushgrove

Slide 93

Slide 93 text

G-Cloud procurement framework GDS Gareth Rushgrove

Slide 94

Slide 94 text

Cloud First policy GDS Gareth Rushgrove

Slide 95

Slide 95 text

Hosting hides lots of process and technical work GDS Gareth Rushgrove

Slide 96

Slide 96 text

14 areas GDS Gareth Rushgrove

Slide 97

Slide 97 text

GDS Gareth Rushgrove Process Shared services Policy Design Components Monitoring Logging Conﬁg management Deployment Access control Provisioning Security controls Testing Operating systems

Slide 98

Slide 98 text

93 themes GDS Gareth Rushgrove

Slide 99

Slide 99 text

GDS Gareth Rushgrove Source code hosting Capacity planning Network architecture Application metrics Security clearances HTTP caching Intrusion detection Internal DNS Operations manual Database backups Log storage File systems User directory ...

Slide 100

Slide 100 text

105 sample stories GDS Gareth Rushgrove

Slide 101

Slide 101 text

Bring your own acceptance criteria GDS Gareth Rushgrove

Slide 102

Slide 102 text

Usage guidelines GDS Gareth Rushgrove

Slide 103

Slide 103 text

Support (day to day responsibility) GDS Gareth Rushgrove

Slide 104

Slide 104 text

Real bugs happen in production GDS Gareth Rushgrove

Slide 105

Slide 105 text

Help desk GDS Gareth Rushgrove

Slide 106

Slide 106 text

Operating hours GDS Gareth Rushgrove

Slide 107

Slide 107 text

Out-of-hours GDS Gareth Rushgrove

Slide 108

Slide 108 text

Change control GDS Gareth Rushgrove

Slide 109

Slide 109 text

Unexpected events GDS Gareth Rushgrove

Slide 110

Slide 110 text

GDS Gareth Rushgrove Security advisories

Slide 111

Slide 111 text

Expected events GDS Gareth Rushgrove

Slide 112

Slide 112 text

GDS Gareth Rushgrove

Slide 113

Slide 113 text

GDS Gareth Rushgrove

Slide 114

Slide 114 text

Systems administration GDS Gareth Rushgrove

Slide 115

Slide 115 text

Reporting GDS Gareth Rushgrove

Slide 116

Slide 116 text

GDS Gareth Rushgrove Sometimes shorted to SIAM

Slide 117

Slide 117 text

Suitable support models based on criticality GDS Gareth Rushgrove

Slide 118

Slide 118 text

Avoid ambiguity of responsibility GDS Gareth Rushgrove

Slide 119

Slide 119 text

End-to-end performance incentives GDS Gareth Rushgrove

Slide 120

Slide 120 text

Usage based charging GDS Gareth Rushgrove

Slide 121

Slide 121 text

Legacy (existing IT systems and components) GDS Gareth Rushgrove

Slide 122

Slide 122 text

Digital public services GDS Gareth Rushgrove Mission IT Desktop, infrastructure, connectivity Back ofﬁce, shared services

Slide 123

Slide 123 text

Digital public services GDS Gareth Rushgrove Mission IT Desktop, infrastructure, connectivity Back ofﬁce, shared services

Slide 124

Slide 124 text

Digital public services GDS Gareth Rushgrove Mission IT Desktop, infrastructure, connectivity Back ofﬁce, shared services

Slide 125

Slide 125 text

Technology GDS Gareth Rushgrove

Slide 126

Slide 126 text

Suppliers GDS Gareth Rushgrove

Slide 127

Slide 127 text

Contracts GDS Gareth Rushgrove

Slide 128

Slide 128 text

Wrapping systems with open interfaces GDS Gareth Rushgrove

Slide 129

Slide 129 text

Engaging on a technical level with existing suppliers GDS Gareth Rushgrove

Slide 130

Slide 130 text

Support from the Ofﬁce of the Government CTO GDS Gareth Rushgrove

Slide 131

Slide 131 text

Making changes (Going fast, reducing risk) GDS Gareth Rushgrove

Slide 132

Slide 132 text

GDS Gareth Rushgrove On launching GOV.UK

Slide 133

Slide 133 text

GDS Gareth Rushgrove

Slide 134

Slide 134 text

GDS Gareth Rushgrove Average about 6 releases a day over 6 months

Slide 135

Slide 135 text

GDS Gareth Rushgrove We changed less software on the day of launch than probably any day before or since

Slide 136

Slide 136 text

GDS Gareth Rushgrove Regular releases reduce risk

Slide 137

Slide 137 text

GDS Gareth Rushgrove One click deploy

Slide 138

Slide 138 text

GDS Gareth Rushgrove Single place to deploy

Slide 139

Slide 139 text

GDS Gareth Rushgrove Change one thing at once

Slide 140

Slide 140 text

GDS Gareth Rushgrove http://www.flickr.com/photos/fatty/9158066939 We use a physical token

Slide 141

Slide 141 text

GDS Gareth Rushgrove Developers want Visibility of deploys

Slide 142

Slide 142 text

GDS Gareth Rushgrove Organisation want auditability of deploys

Slide 143

Slide 143 text

GDS Gareth Rushgrove App showing deploys

Slide 144

Slide 144 text

GDS Gareth Rushgrove Not just applications

Slide 145

Slide 145 text

GDS Gareth Rushgrove Conﬁguration management

Slide 146

Slide 146 text

GDS Gareth Rushgrove

Slide 147

Slide 147 text

GDS Gareth Rushgrove package { 'apache2': ensure => latest, } service { 'apache2': ensure => running, provider => upstart, require => Package['apache2'] } Infrastructure as code

Slide 148

Slide 148 text

GDS Gareth Rushgrove Infrastructure not just conﬁguration

Slide 149

Slide 149 text

GDS Gareth Rushgrove Infrastructure as a Service

Slide 150

Slide 150 text

GDS Gareth Rushgrove Network, Compute and Storage via an API

Slide 151

Slide 151 text

require 'rubygems' require 'nat' nat do snat :interface => "Client Data", :original => { :ip => "10.0.0.0/xx" }, :translated => { :ip => "xx.xx.xx.xx" }, :desc => "Outbound internet traffic" dnat :interface => "Client Data", :original => { :ip => "xx.xx.xx.xx", :port => 22 }, :translated => { :ip => "10.0.0.xx", :port => 22 }, :desc => "jumpbox-1 SSH" dnat :interface => "Client Data", :original => { :ip => "xx.xx.xx.xx", :port => 80 },, :translated => { :ip => "10.0.0.xx", :port => 80 }, :desc => "jenkins, logging, monitoring HTTP" GDS Gareth Rushgrove Network as code

Slide 152

Slide 152 text

require 'rubygems' require 'firewall' firewall do # internal rules rule "ssh access to jumpbox1" do source :ip => "Any" destination :ip => "xx.xx.xx.xx", :port => 22 end rule "http to backend applications" do source :ip => "Any" destination :ip => "xx.xx.xx.xx", :port => 80 end rule "https to backend applications" do GDS Gareth Rushgrove Firewalls as code

Slide 153

Slide 153 text

GDS Gareth Rushgrove Embrace process discussions

Slide 154

Slide 154 text

GDS Gareth Rushgrove Change control

Slide 155

Slide 155 text

GDS Gareth Rushgrove Optimise only as far as needed

Slide 156

Slide 156 text

Exercise: What to monitor? GDS Gareth Rushgrove

Slide 157

Slide 157 text

GDS Gareth Rushgrove Example GOV.UK

Slide 158

Slide 158 text

30,000+ metrics collected, many every second GDS Gareth Rushgrove

Slide 159

Slide 159 text

~2000 checks, most every few minutes GDS Gareth Rushgrove

Slide 160

Slide 160 text

GDS Gareth Rushgrove http://www.flickr.com/photos/psd/8756580339 Lots of information on dashboards

Slide 161

Slide 161 text

GDS Gareth Rushgrove What would you monitor? Interstellar spacecraft license Space interstellar-spacecraft-license

Slide 162

Slide 162 text

Next steps (Further reading) GDS Gareth Rushgrove

Slide 163

Slide 163 text

GDS Gareth Rushgrove CTO Guidance

Slide 164

Slide 164 text

GDS Gareth Rushgrove Choosing Technology

Slide 165

Slide 165 text

GDS Gareth Rushgrove

Slide 166

Slide 166 text

GDS Gareth Rushgrove

Slide 167

Slide 167 text

GDS Gareth Rushgrove

Slide 168

Slide 168 text

GDS Gareth Rushgrove

Slide 169

Slide 169 text

GDS Gareth Rushgrove

Slide 170

Slide 170 text

Questions? (And thanks for listening) GDS Gareth Rushgrove

Slide 171

Slide 171 text

GDS Gareth Rushgrove Gareth Rushgrove Technical Architect Government Digital Service @garethr