feedback, and then adjust what they have produced. As a result, the code can be developed in a user-centric way and match the enterprise’s needs precisely. Risk is low, because the team is constantly adjusting

Major contributing cause of issues stems from releases representing the first time we see how an application behaves in a production-like environment ii. Don’t just document the environment specifications the value stream iii. Everything, everything, everything is checked into version control 1. Application code & dependencies 2. Environment scripts & creation tools 3. DB scripts and reference data 4. Containers 5. Automated tests 6. Project artifacts – documentation, procedures, etc. 7. Application configuration files 8. This also includes pre-production and build processes 9. Tools iv. 2014

and are subsequently transmitted to receiving equipment for monitoring 1. Create telemetry in application & environments (to include production, pre-production, and CD pipeline) iii. Ian Malpass, Etsy what’s up or down. ii. Modern Monitoring architecture 1. Data Collection at business logic, application, & environments layer a. Events, logs, & metrics b. Common service to centralize, rotate, and systems need to be more available and scalable than the systems being monitored.” c. CREATE APPLICATION LOGGING TELEMETRY THAT HELPS PRODUCTION i. Dev & Ops create production telemetry as part of their

lexicon for this guide. Later sections will present more detail on the Agile processes and their application in DoD programs. The foundational structure of an Agile program is: Release - Capability system or commercial off-the-shelf (COTS) product, or building a small-scale or self-constrained application. In other words, Agile works well when the program needs to modify software for government purposes team or the target end user cannot be accessed. Program scope is mostly limited to the application layer while using existing infrastructure. Program Scope Program spans core capabilities and

vs BROWNFIELD SERVICES i. DevOps is not just for Greenfield ii. Important Predictor – Is the application architected (or could be re- architected) for testability and deployability? iii. Successful Brownfield mainframe and supporting applications a. They 2X release frequency b. Resulted in increased application reliability c. Reduced deployment lead time from 2 weeks to <1 day 2. Etsy a. “Barely survived the business; defines functionality ii. Development - the team responsible for developing the application iii. QA – team responsible for ensuring feedback loop exists to ensure functions as desired

providing application/infrastructure stacks that are pre- approved and appropriately configured and secured. f. INTEGRATE SECURITY INTO OUR DEPLOYMENT PIPELINE i. Hardening the application after development pipeline iii. Enable fast feedback on potentially insecure changes g. ENSURE SECURITY OF THE APPLICATION i. Focus on the sad paths or bad paths to effectively address QA, Infosec and related concerns

through Agile 2 Nick Tuck Maximizing Retrospectives 2 Ray Page Open Agile Topics 0 Jason Beranek Application Transparency 0 Ed Snodgrass Awesomeness through Stable Teams 0 Mike Ballou Open Discussion on in the Industry 1 Mike Ballou Agile Principles 0 Ray Page Open Agile Topics 0 Jason Beranek Application Transparency 0 Ed Snodgrass Awesomeness through Stable Teams 0 Mike Ballou Contracting Agile

Maximizing Retrospectives Ray Page Open Agile Topics Apr 2014 Jason Beranek Application Transparency Ed Snodgrass Awesomeness through Stable Teams Mike Ballou Open Discussion

once a week to everyday  Expanded Sphere of Influence  Machine Imaging  DEG and 3rd Party Application Installations  Route Adds – requires heightened security access  Database Data Script Execution

new requirement to be delivered and deployed. Deployment speed: how fast a new version of the application can be deployed into the production environment. Deployment frequency: how often a new release