This is My #1 Takeaway From DevOps Conclave
I had the pleasure of speaking with DevOps, DevSecOps and Engineering leaders at the DevOps Conclave 2023 last week and it was a great learning experience for me to get insights into how they are approaching their Continuous Integration, Continuous Delivery and DevSecOps initiatives.
Their key responsibilities varied from organization to organization depending on the industry in which they operate combined with the size and complexity of their enterprise or the core business, with a little bit of overlap in responsibilities from different domains.
I’ll use the insights I gathered as a series of posts to share key challenges or initiatives these leaders are addressing or executing today.
It started more than a decade back and is a hot topic even today – Automation!
Need for Automating Your CI/CD Workflow
Automation has evolved and become sophisticated over the years but how many enterprises have kept themselves with the pace of evolution?
This is the basic challenge for any enterprise despite the size and sophistication. Majority of enterprises have a bunch of tools in place but pretty much being operated in silos by distributed teams. They have either disjointed activities being triggered manually or semi automated using scripts on top of their existing orchestration layer, primarily Jenkins (a basic commonality).
Some of the key challenges in implementing right automation strategy are:
- Tools sprawl (especially when a lot of them are working in silos with distributed teams),
- Pipeline Sprawl and the risks associated with siloed pipeline activity (for example, the pipeline spaghetti created because distributed teams created single-staged pipelines on Jenkins with scripts instead of multi-staged automated pipelines and then manually triggering those one or two-staged pipelines),
- Enforcing security and compliance in a distributed environment. How do you ensure you are able to manage this centrally?
Automation Today
As I discussed with them I found that there are multiple approaches to automation with each approach having its own merits and demerits.
The most common of these approaches today is script-based automation leveraging Jenkins. Without a shadow of a doubt, Jenkins is a great product, however it was created for Continuous Integration (CI) purposes and hence offers limited extensibility out-of-the-box towards Continuous Delivery and other DevOps / DevSecOps capabilities. And to make Jenkins offer those capabilities (not all are possible) engineers write scripts for Jenkins.
Following illustrations are a reflection on how automation is being approached today and its overall effectiveness and business impact.
Then there are other aspects of operating the automation you have in place today or intend to build, along with the resultant outcome.
And then there are lots of other challenges associated with script-based or tools+script based automation as listed below:
For conventional automation approaches, these capabilities are not available out of the box and you may have to build them in case you want to stick to your automation approach.
Need For AI/ML Driven Automation
Just imagine if you have the ability to simplify your workflow and transform your end-to-end pipeline (with multiple pipelines or stages) into a single multi-stage pipeline with data-driven intelligent automation – It fosters developer or engineer productivity, mitigates risks arising due to manual activity, improve release and deployment velocity by 10x, and bring down the overall cost while leveraging your existing assets.
OpsMx Secure CD has built-in stages that help you to automate manual activities as a part of automatically executed pipeline stages, for example:
- Automated ticket creation / updation,
- Automated scanning / analysis,
- Automated approvals (based on the data that comes from your DevOps tools),
- Automated advanced deployment strategies (highlander or blue-green, canary, progressive)
- Automated verification (based on the data that comes from your observability and log monitoring tools),
- Automated (even a no-click) rollback (minimize or eliminate the downtime by incorporating built-in deployment or rollback stages for any target any destination,
- Automated compliance (enforce security or compliance policies),
- Automated application Security Posture (leveraging SBOM, DBOM, Smart Diff),
- Automated attestation of artifacts,
If you don’t intend to automate everything, you can focus on your key priorities and begin from there in a phase-wise approach.
How Does This Actually Works
Automated DevOps Tool Chain Jobs
OpsMx has out of the box integrations available to seamlessly integrate with your existing DevOps and DevSecOps tools including, your Git repository (Github, Gitlab…), governance tools (Jira, ServiceNow…), CI tools (Jenkins, Bamboo…), CD tool (Argo, Spinnaker, K8, Jenkins extended…), Observability tools (Appdynamics, Datadog, New Relic…), Log Analysis (Splunk, Sumologic…), Notification / Collaboration (MS Teams, Splunk), etc.
Automated Multi-stage Pipeline
With these integrations comes predefined stages for specific jobs, for example: create/ update a Jira ticket before/ after completion of a job, or trigger and analyze code scanning job. OpsMx also brings in the capability to create a custom job.
You can create these jobs as a multi-stage pipeline to avoid losing time because of manual triggers.
Visibility Into Multi-stage Pipelines
You may continue to use your existing pipelines or stages or onboard them as a part of stages within the OpsMx pipeline to obtain end-to-end visibility.
Low-code No-code Out-of-the-box DevOps DevSecOps Integrations
Automate and Enable RBAC
Create guardrails and controls by enabling RBAC. OpsMx integrates with your active directory or LDAP to enable restricted usage and access to specific assets based on roles defined for groups or individuals.
Automated Approvals
The data from the devops tools for example code scans, jira tickets, jenkins console output, performance metrics is analyzed and leveraged for automated decision making. For example: the scan fails, the stage fails and the pipeline gets killed. Another example is that if the metrics scores are below permissible thresholds the verification stage fails and the pipeline gets killed unless you want a manual judgment to be taken.
The result for SonarQube Scan stage
The subsequent configurations for Sonarqube scan stage upon stage completion status
The next stage’ dependence on Sonarqube scan stage status
Similarly, you can automate the approvals or next steps of your pipeline related to performance scores (metrics and logs) for your application deployments.
Status Of Verification Stage To Determine Next Step In The Pipeline
Automated Verification
To help reduce the burden on SRE, OpsMx has a differentiating feature called Automated Verification that brings down 2 to 8 hours of diagnostics jobs to just a few minutes by automating Metrics and Logs analysis.
This is used for verifying performance scores of your deployments and is extremely useful in cases of automated Canary Deployments. Yes, I will discuss more about how the canary deployments can be fully automated.
OpsMx analyzes the metrics and logs to determine the verification or the performance score, which is then used to automate the go or a no-go decision (as displayed in the above screenshot).
Log Analysis / Score
Metrics Analysis / Score
Automated Deployments
While a lot of focus goes around automating CI workflow, usually less attention gets paid to the CD workflow. This results in high cycle times, inconsistent deployments and high frequency of rollbacks.
Also, the manual script based approach doesn’t really help you to leverage the benefits of advanced deployment strategies like Blue Green, Canary and Progressive deployments.
OpsMx gets you these advanced deployment strategies out-of-the-box as deployment stages for your pipelines without having the need to write any code.
Let’s take an example of Blue Green or Canary deployments.
Out of the box configurations for Canary deployments suiting your requirements
Adding a deployment stage to your existing pipeline with a low code / no code approach
Automated Infrastructure Provisioning using IAC Tools
I am sure you are aware of Terraforms or Cloudformation. Idea is to get the infrastructure provisioning as an automated stage within your pipeline.
Health Check of Your Infra - LB, Firewall, Instances
I am sure you are aware of Terraforms or Cloudformation. Idea is to get the infrastructure provisioning as an automated stage within your pipeline.
Automated Compliance
Though I will cover this as a part of my #2 takeaway, however, here’s a glimpse of how to automate compliances. Enforce compliance with the help of data-driven policy. OpsMx brings in a list of commonly used rules based on specific frameworks (for example NIST, SOC, HIPAA). In case you want to read more there’s a post I did earlier – SDLC Compliance Management With CI/CD Policy Enforcement.
OpsMx has a built-in stage for Policy Check, which enforces a data driven policy and automates an informed decision on the basis of data analysis.
For example: you don’t intend to deploy a software if there are high priority items open in the governance system, let’s say it is Jira. Then this stage will analyze Jira status for that particular build and act accordingly.
The policy orchestration engine is built in the OpsMx as an integral component. Similarly, you can enforce as many rules in the Check Policy stage from an existing list of compliance rules.
Automated Security Checks
This is similar to integrations but very specific to DevSecOps plus the policy enforcement. This will also be covered in my #2 takeaway but if you insist you need this info early, please reach out to me and I’ll be happy to set up a demo for you.
This requires a separate post in terms of the depth of information it has to cover.
Executive Dashboard and Insights Achieved Out Of CI/CD Automation
There’s a great deal of insights coming out of your automated pipelines. Here’s a glimpse into these insights.
An executive dashboard providing insights into what’s up with your applications and their pipeline or deployment status.
This one provides second level details around the performance of your pipeline executions.
There are more and other details and drill downs available. I highly recommend you to book a demo. Thank You!
You may also want to have a detailed overview of OpsMx Deploy Shield for secure software delivery.
In case you missed my presentation at the DevOps Conclave and Awards 2023, you can find the video here – Deployment Firewall to Keep Bad Code Out.
The next up is #2 takeaway from the event – Enforcing Compliance and Security Controls in Your CI/CD pipelines.
0 Comments