OUR CENTRALIZED TELEMETRY INFRASTRUCTURE i. Remove the silos of information – Developers don’t just log what’s interesting to development. Operations don’t just monitor what’s up or down. ii. Modern Monitoring ON UNDESIRED OUTCOMES i. An approach 1. Analyze most severe incident in recent past. 2. Create list of telemetry that could have enabled earlier detection and diagnosis as well as confirmation 3. effective monitoring in place, reliable deployments, and architecturally suitable to fast, frequent change b. Identifies any regulatory or contractual compliance objectives2. Ops engineers consult with teams

requires team members to follow disciplined processes that require training, guidance, and culture change. While Agile does impose some rigor, the method does not consist of simply following a set of prescribed testing, certification, product owner approval, and release build. The “definition of done” does not change during a sprint, but should be reviewed periodically and updated as processes improve. “To become counter to those in the long-established defense acquisition enterprise. The Agile model represents a change in the way DoD conducts business, and programs must rethink how they are staffed, organized, and

Creating performance testing environments can easily be more complex than the application itself iv. Log performance results and evaluate compared to previous results l. INTEGRATE NON-FUNCTIONAL REQUIREMENTS OUR ANDON CORD WHEN THE DEPLOYMENT PIPELINE BREAKS i. Keep the build in a green state ii. When a change causes the build or automated tests to fail: 1. No new work is allowed to enter the system until deployment 3. Peer reviews iv. 2013 State of DevOps Report – no statistically significant difference in change success rates between organizations where Development deployed code and those where Operations deployed

the most conformableChangeability • The software entity is constantly subject to pressures for change • All successful software gets changed, and successful software survives beyond the normal life security I need… • a Container scanning and monitoring service, and to monitor it more I need… • a Log Aggregation and Search service, but to install it I need… • root access on a bunch of servers, but

GitHub Pull Requests by Ralph Bodenner (New Relic) https://bit.ly/pull-request-your-culture  How you change your process matters  Terms: culture, metaprocess, process, entropy  Actively discourage email: com/devops-web-performance-2015/public/schedule/proceedings [2] YouTube Playlist: https://www.youtube.com/playlist?list=PL055Epbe6d5Y86GSg3nhUH3o_v62FGpCI

total of nine hours time the seven steps…” Change Control  “We need to tighten up our change controls… what’s preventing us from getting there?”  “That change management tool is impossible to use. There’s boxes for ‘applications affected’ don’t even have what I need. It’s why I’ve stopped even putting in change requests.”  “I have to manually type in hundreds of server names in one of the text boxes. Most to fit in a sixty-four-character text box? What idiot built that form?”  “When my guys put in a change request, they have to wait a lifetime to get approvals, let alone get on the schedule. We have the

kick start testing efforts – Part 6: The Technical Practices of Integrating Information Security, Change Management, and Compliance 1. Introduction a. Goal to simultaneously achieve Information Security and recovery v. Protect our deployment pipeline vi. Integrate our deployment activities with our change approval process vii. Reduce reliance on separation of duties 2. Ch. 22 – Information Security Protecting the Deployment Pipeline a. INTEGRATE SECURITY AND COMPLIANCE INTO CHANGE APPROVAL PROCESSES i. Effective change management recognized different risks associated with different types of changes

should make a plan and then stick to it is a terrible idea in an environment of uncertainty and change. It has dominated the IT world because it appears to offer predictability, control, and efficiency hollow and missing needed capabilities.  We want a smooth ball of EA, an EA shaped to facilitate change and reuse, something you can easily roll in any direction you choose. That is its latent value; it based on user feedback is often lower than that of buying a finished product that is hard to change.  The advantages of the agility that can be gained through a flexible, changeable, custom system

DEVOPS i. Code and change deployments (thirty times more frequent) ii. Code and change deployment lead time (two hundred times faster) iii. Production deployments (sixty times higher change success rate) in poor flow and poor quality outcomes. This validates our common experience that the larger the change going into production, the more difficult the production errors are to diagnose and fix, and the Critical Mass & Silent Majority 3. Identify the Holdouts ii. Ron van Kemenade, CIO of ING, “Leading change requires courage, especially in corporate envrionments where people are scared and fight you. But

that we have a way to (try to) control them.  The relationship between uncertainty, risk, and change is far too complicated for such control when delivering IT systems, where complexity is overwhelming changing this paradigm, but IT organizations have not thoroughly absorbed this message. The critical change is that of moving from a plan-driven approach to an Agile approach, based on learning and adapting and also be Agile, which is to say that you cannot strictly adhere to a plan and also facilitate change and organizational responsiveness. It is not a conflict in execution—it is a conflict of values