The radical pace of development promised with DevOps can make some people nervous, especially if they have spent years with the waterfall development model. The very first question that comes to mind is: How do you expedite your development without introducing bugs or exposing your app’s vulnerabilities?
What good is speed if your app’s quality suffers? A high-quality application delivered long after the original request diminishes your customer’s experience. And what good is an app that’s delivered on time and works perfectly, but is hacked after the users accept it?
Therefore, before you get acquainted with the advantages of DevOps, it is important to understand that quality and security are features of DevOps, just like speed.
How DevOps fits into your organization’s development process
DevOps is not a transformation in itself, but a series of changes in processes leading to evolutionary changes. The benefits of small changes get compounded until one day when you look back and realize the full scale of your transformation.
The stages of DevOps that all organizations go through globally were captured through empirical research in the 2018 State of DevOps report.
Stage 0: Establishing the trust and formalizing the processes
DevOps introduces a culture of ongoing collaborations and sharing to break down the silos. It all starts by recognizing how collaboration and sharing can help, thereby achieving a basic level of trust.
Senior leaders in the organization must set the context for this transformation in a joint meeting of all the stakeholder teams – development, QA, operations and infrastructure management, and security.
This meeting aims to:
- Identify gaps in the current teams and recruit the right personnel for the planned transformation.
- Share the transformation as a challenge, along with its short-term and long-term objectives.
- Promote open communication and address all the concerns.
- Set a standard for open communication that all the teams can follow as they evolve through the DevOps adoption.
Once this trust is established, teams quickly begin the adoption of new processes and tools to help share processes, ideas, metrics, and knowledge with each other. To form a base for the DevOps journey, teams understand and document the existing processes, their variations, and their scope. Processes thus recorded will be optimized throughout the DevOps transformation.
Stage 1: Normalizing the tech stack
Once all processes are set up and communicated, internal silos start to break down, and processes start becoming more cross-functional signalling a shift towards an agile mode of functioning.
By this stage, the teams have also refactored some or most of the workflows to eliminate redundancy and increase overall efficiency. A formalized tech stack begins to shape a CI/CD (Continuous Integration / Continuous Delivery) pipeline with the introduction of a version control (or source management) system.
Stage 2: Reducing the variability
The operating systems being covered across virtualization or database layers are standardized to a single OS (or a family of OS). This simplifies their management and reduces the complexity of the entire system. As inconsistency decreases, so do the resulting errors.
Infrastructure teams begin to replicate a consistent set of patterns for managing and deploying multiple applications, enabling them to quicken the pace of development.
Process adherence is ramped up to reduce variations. Cross-team collaboration may take root but is usually not widespread at this stage.
Stage 3: Expansion of DevOps
By this stage, development pipelines have established continuous integration (CI) capabilities, and continuous development (CD) has been standardized across the development teams. This shift has been possible due to automation tools like Jenkins and Docker.
As a result, a bottleneck becomes evident as development teams produce code faster than the delivery team can deploy. Three crucial steps must be taken to resolve this bottleneck:
- Reuse of existing deployment patterns to introduce predictability.
- Communication of changes in infrastructure dependencies with the development team well before deployment starts.
- Testing any infrastructure change before deploying to production to ensure applications run smoothly.
All these efforts result in improved cross-team collaboration and early identification of issues due to proactive communication.
Stage 4: Automating the delivery of infrastructure
By this stage, the bottleneck introduced due to rapid development and low-speed deployment has begun to resolve but not entirely. As the next step, infrastructure delivery is automated with provisioning and configuration moving from manual processes to automated processes.
Automating the delivery of infrastructure has two essential benefits:
- Deployment teams can deliver environments and systems to the development and QA teams faster than ever before. The bottleneck between them begins to disappear by now.
- The practice of self-service through methods such as infrastructure-as-code gets implemented. Its adoption leads to an increase in overall efficiency and satisfaction across the organization.
Stage 5: Adoption of self-service capabilities on an organization-wide scale
By this stage, high levels of automation and trust have been achieved. Automation becomes the enabler of all development and deployment processes, making them more agile, more precise, and more efficient. Teams are freed from the overhead of approvals. Handoffs are automated, and infrastructure change requests are delivered without a complicated approval-oriented framework.
All of this was possible due to increased trust and collaboration triggered by the leadership when the DevOps transformation started.
Significant impacts of DevOps for organizations
The effects of DevOps’ are experienced across the organization at various levels. Weekly (daily or even hourly) releases, lower failure rates, and faster failure-response rates all result from a DevOps transformation. There are many other important factors.
IT provisioning processes undergo a major overhaul
Without automated infrastructure provisioning, DevOps will forever be slower due to the aforementioned ‘faster-development-slower-deployment’ bottleneck. With DevOps, levels of service and their configurations get increasingly defined by software through approaches like ‘infrastructure-as-code’.
Automation of infrastructure provisioning and configuration eliminate lengthy, approval-based processes. Self-service capabilities from the deployment team enable development teams to take delivery rates to a whole another level.
The results are visible through various DevOps metrics, which teams can use to showcase their success to the management.
Teams develop and deploy at a much faster rate
Development teams check-in their unit-tested code into the master branch (or another supplementary branch). A source management tool like Git or SVN ensures a conflict-free merger of code from all the developers.
The continuous integration (CI) pipeline will pick up the code from this tool, run a set of automated integration tests, and provide developers with instant feedback. This allows developers to start fixing errors in real-time without having to wait for a formal testing phase.
Similarly, a large number of testing phases get automated across the pipeline.
Security and compliance get baked right into the DevOps pipeline
Even with DevOps, security may not get enough emphasis until the management sees the impact of major security breaches. Compliance and audit activities also don’t get acknowledged until the very end of the pipeline is reached.
A modern security-focused approach of DevOps – called DevSecOps – helps resolve these concerns by automating security and compliance testing as a part of the CI/CD pipeline. As a result, compliance reports can be generated effortlessly for audit purposes. This ensures the teams don’t break the security of the app or make it non-compliant in an effort to get it to the market faster.
DevOps is more than just implementing a CI/CD pipeline. Automation is definitely a significant component of the pipeline, but a culture of trust between all the stake holding teams lays the foundation of a genuinely successful DevOps transformation.
When implementing DevOps, it’s important not to lose your vision of DevOps lost in the sea of tools. It is your transformation and you control all aspects of it – including quality and security.