Why Stop Inventing New DevOps Combinations?
By Koen Vastmans
DevOps - What's in a name?The term DevOps is well known by now. It was initially introduced by Patrick Dubois a Belgian IT consultant who organized an agile oriented event in October 2009 and named it DevOpsDays, targeting not only developers but also systems administrators, managers, and toolsmiths from all over the world. After the conference, the conversations continued on Twitter with the hashtag #DevOps.If you want to know more about the origin of the DevOps, you can check the video given below which gives you a lot of background about the reason why Patrick Dubois initially started this DevOpsDays conference:DevOps and the rise of the combinations and derivatives With the increasing popularity of DevOps, more people start to give their definition of DevOps. The different definitions of DevOps that go around can differ, depending on what aspect(s) of DevOps you want to focus.In a previous article, I wrote about how to explain DevOps in 5 letters - CALMS or CALMR i.e CALMS framework for DevOpsSome other definitions tend to focus primarily on the automation aspect, omitting the Agile foundation. As a consequence, you get the first combination of DevOps, named BizDevOps or BusDevOps. There are different interpretations about what BizDevOps actually means. “BizDevOps, also known as DevOps 2.0, is an approach to software development that encourages developers, operations staff and business teams to work together so the organization can develop software more quickly, be more responsive to user demand and ultimately maximize revenue.”At the same time, it is the most disputable definition. This definition assumes that DevOps is mainly a technology-driven initiative that hardly involves business people. But as mentioned in my previous article, the foundation of DevOps is culture, which goes back to the agile principles. And we all know that agile without business is only symptomatic. So DevOps without business is as symptomatic as agile without business.According to the Dzone article, DevOps is focusing on a single application or system whereas BizDevOps is focusing on the entire enterprise with all its complex processes and the mixture of applications and systems that support these complex processes.According to this article, BizDevOps provides an answer to dealing with:OK, fair point, but these aspects could as well be tackled by defining proper value streams and Agile Release Trains to deal with all the links and dependencies between these systems and applications. I don't see the need to come up with a different term.I guess you understand by now that I am not a big fan of the BizDevOps term and the confusion it creates. But it can get worse. It was some likely clever tool vendors that came up with the term DevSecOps. And if it is not the tool vendors that invented it, at least they were so clever to jump on the wagon to support the need for more security awareness in DevOps.Nowadays, large tool vendors using of the term DevSecOps instead of DevOps.Here's my opinion on this: security should be an integral part of DevOps. It should be a part of the culture:Don't only think about what something functionally should do, but also what can go wrong (think Abuse or Misuse cases). It is also a part of the automation. All security related tests should be automated as much as possible. Think about scanning vulnerabilities in your own source code, vulnerabilities in external libraries that you use, scanning your container images for vulnerabilities, or even - up to some extent - automated penetration testing. It is also a part of Lean principles: when a security test in your build pipeline fails (e.g. scanning your source code discovers a critical vulnerability), you stop the line.So again, the is no reason why the term DevSecOps should exist at all.Now that we have business and security covered, we can go on and see who else could feel denied or at least ignored? Maybe DBA's? Or any other person involved in data management? Maybe, that is the reason why we also have DevDataOps nowadays.I could go on for a while like this. But you get the point by now: it is uselessMaybe the DAD is right!I recently got to read an interesting article on disciplined agile delivery, the information portal from Mark Lines and Scott Ambler of their Disciplined Agile Delivery, or short DAD. DAD is not - as they call it - an agile methodology, but a process selection framework. DAD is the kernel of a layered model, like an onion, that they call Disciplined Agile and that consists of the following layers:Let’s explore each aspect in Disciplined Agile Framework mentioned in the diagram.1. Disciplined Agile Delivery (DAD)Disciplined Agile Delivery (DAD) aspect consists of initial modeling and planning, forming the team, securing funding, continuous architecture, continuous testing, continuous development, and governance all the way through the lifecycle. The Disciplined Agile Delivery (DAD) framework supports multiple delivery life cycles, basic/Agile lifecycle based on Scrum, a lean lifecycle based on Kanban, and a modern Agile lifecycle for continuous delivery. This aspect is responsible for addressing all the aspects of solution delivery.2. Disciplined DevOpsDisciplined DevOps streamlines the IT solution development and IT operations activities, and supports organization-IT activities, to benefit more effective outcomes to the organizations.3. Disciplined Agile IT (DAIT)DAIT aspect helps to understand how to apply Agile and Lean strategies to IT organizations. This aspect comprises of all IT-level activities such as enterprise architecture, data management, portfolio management, IT governance, and other capabilities.4.Disciplined Agile Enterprise (DAE)DAE can predict and respond quickly to the changes in the marketplace by facilitating a change through an organizational culture and structure. This aspect can be applied to organizations having the learning mindset in the mainstream business and underlying lean and agile processes to drive innovation.The second one, Disciplined DevOps principles deal exactly with what I mentioned before: the different derivatives and combinations of DevOps. They start by giving an answer to the question of why it is so difficult to come to a common definition of DevOps:Specialized IT practitionersMany IT professionals still tend to specialize, choose a focus, like DBA, enterprise architect, operations engineer, or whatever. Each discipline will focus on its own aspect of DevOps.Agilists are focused on continuous deliveryBecause of their focus on releasing daily or even several times a day, a lot of discussions deal with bringing new features faster and more frequently to production and not paying attention to all aspects of DevOpsOperations professionals are often frustratedSystems administrators are crunched between the push of the development teams to deliver faster and more frequently and the typical stringent service management processes they have to deal with, that are not yet adapted to the need for more frequent changesTool vendors have limited offeringsA fool with a tool is still a fool… DevOps tool vendors only focus on these DevOps-aspects that their tools coverService vendors have limited offeringsSimilarly to tool vendors, service vendors will only focus on these DevOps aspects that their services can currently coverTool vendors treat DevOps as a marketing buzzwordSurfing the waves of the hypes, vendors might be persuaded to rebrand their existing toolset to something DevOps-ish, because it sounds better in a sales pitch. Sounds like window dressing…The DevOps = Cloud visionApparently, some people think that implementing DevOps in your organization can only succeed if you move to a cloud-based platform. Although cloud-native development practices are a facilitator for implementing DevOps, it not a requirement. And moving to a cloud platform definitely isn’t a requirement.All these reasons make that person come up with DevOps combinations that give an answer to only part of the problem.Disciplined DevOps mentions the following visions:1. BizDevOpsBizDevOps is a basic DevOps vision that explicitly brings the customers into the picture. BizDevOps is also called BusDevOps. DevOps is not just for teams, but it can be potentially applicable to any team supporting an incremental delivery lifecycle. The BizDevOps workflow consists of Business Operations, activities of delivering of products and services to the organizations. BusDevOps seeks to streamline the entire value stream, not just the IT portion of it. Its workflow is depicted in the diagram below.2. DevSecOpsAnother common improvement over the basic DevOps vision is something called DevSecOps. The aim behind this vision is to ensure data security by getting the various security issues, adopting the latest security practices, and finding out and addressing the highest priority security gaps [DevSecOps]. This vision includes collaborative security engineers, exploit testing, real-time security monitoring, and building “rugged software” that has built-in security controls. The workflow of DevSecOps is shown in the figure. 3. DevDataOpsThe aim behind DevDataOps is to maintain a balance between the current needs of data management consists of providing timely and accurate information to the organization and DevOps to respond to the marketplace. Supporting data management activities include the definition, support, and evolution of data and information standards and guidelines; the creation, support, evolution, and operation of data sources of record within your organization; and the creation, support, evolution, and operation of data warehouse (DW)/business intelligence (BI) solutions. The following figure depicting the workflow of DevDataOps.Or should we just stick to the term DevOps?Even though the message of Scott Ambler and Mark Lines is perfectly reasonable, not everybody might the term Disciplined DevOps. It fits their framework like a glove: everything boils down to Disciplined. If you don’t want to be framed into the Disciplined Agile/DevOps framework (pun intended), you may as well stick to the term DevOps and make sure that you cover all the aspects, which include business, security, data, release management and support.
Rated 4.0/5
based on 11 customer reviews
Koen Vastmans
I am an IT professional working in a major Belgian bank for over 26 years. I have been into software development for several years, mostly in Java, from COTS software integration over web applications to digital signing. The past 6 years I was an agile coach and trainer. I recently joined a team of cloud native development, to focus on DevOps processes and organisation.
My passion for agile and DevOps is my main driver to share my ideas about these topics.
Posts by Koen Vastmans
Why Stop Inventing New DevOps Combinations?
By Koen Vastmans
DevOps - What's in a name?The term DevOps is well known by now. It was initially introduced by Patrick Dubois a Belgian IT consultant who organized an agile oriented event in October 2009 and named it DevOpsDays, targeting not only developers but also systems administrators, managers, and toolsmiths from all over the world. After the conference, the conversations continued on Twitter with the hashtag #DevOps.If you want to know more about the origin of the DevOps, you can check the video given below which gives you a lot of background about the reason why Patrick Dubois initially started this DevOpsDays conference:DevOps and the rise of the combinations and derivatives With the increasing popularity of DevOps, more people start to give their definition of DevOps. The different definitions of DevOps that go around can differ, depending on what aspect(s) of DevOps you want to focus.In a previous article, I wrote about how to explain DevOps in 5 letters - CALMS or CALMR i.e CALMS framework for DevOpsSome other definitions tend to focus primarily on the automation aspect, omitting the Agile foundation. As a consequence, you get the first combination of DevOps, named BizDevOps or BusDevOps. There are different interpretations about what BizDevOps actually means. “BizDevOps, also known as DevOps 2.0, is an approach to software development that encourages developers, operations staff and business teams to work together so the organization can develop software more quickly, be more responsive to user demand and ultimately maximize revenue.”At the same time, it is the most disputable definition. This definition assumes that DevOps is mainly a technology-driven initiative that hardly involves business people. But as mentioned in my previous article, the foundation of DevOps is culture, which goes back to the agile principles. And we all know that agile without business is only symptomatic. So DevOps without business is as symptomatic as agile without business.According to the Dzone article, DevOps is focusing on a single application or system whereas BizDevOps is focusing on the entire enterprise with all its complex processes and the mixture of applications and systems that support these complex processes.According to this article, BizDevOps provides an answer to dealing with:OK, fair point, but these aspects could as well be tackled by defining proper value streams and Agile Release Trains to deal with all the links and dependencies between these systems and applications. I don't see the need to come up with a different term.I guess you understand by now that I am not a big fan of the BizDevOps term and the confusion it creates. But it can get worse. It was some likely clever tool vendors that came up with the term DevSecOps. And if it is not the tool vendors that invented it, at least they were so clever to jump on the wagon to support the need for more security awareness in DevOps.Nowadays, large tool vendors using of the term DevSecOps instead of DevOps.Here's my opinion on this: security should be an integral part of DevOps. It should be a part of the culture:Don't only think about what something functionally should do, but also what can go wrong (think Abuse or Misuse cases). It is also a part of the automation. All security related tests should be automated as much as possible. Think about scanning vulnerabilities in your own source code, vulnerabilities in external libraries that you use, scanning your container images for vulnerabilities, or even - up to some extent - automated penetration testing. It is also a part of Lean principles: when a security test in your build pipeline fails (e.g. scanning your source code discovers a critical vulnerability), you stop the line.So again, the is no reason why the term DevSecOps should exist at all.Now that we have business and security covered, we can go on and see who else could feel denied or at least ignored? Maybe DBA's? Or any other person involved in data management? Maybe, that is the reason why we also have DevDataOps nowadays.I could go on for a while like this. But you get the point by now: it is uselessMaybe the DAD is right!I recently got to read an interesting article on disciplined agile delivery, the information portal from Mark Lines and Scott Ambler of their Disciplined Agile Delivery, or short DAD. DAD is not - as they call it - an agile methodology, but a process selection framework. DAD is the kernel of a layered model, like an onion, that they call Disciplined Agile and that consists of the following layers:Let’s explore each aspect in Disciplined Agile Framework mentioned in the diagram.1. Disciplined Agile Delivery (DAD)Disciplined Agile Delivery (DAD) aspect consists of initial modeling and planning, forming the team, securing funding, continuous architecture, continuous testing, continuous development, and governance all the way through the lifecycle. The Disciplined Agile Delivery (DAD) framework supports multiple delivery life cycles, basic/Agile lifecycle based on Scrum, a lean lifecycle based on Kanban, and a modern Agile lifecycle for continuous delivery. This aspect is responsible for addressing all the aspects of solution delivery.2. Disciplined DevOpsDisciplined DevOps streamlines the IT solution development and IT operations activities, and supports organization-IT activities, to benefit more effective outcomes to the organizations.3. Disciplined Agile IT (DAIT)DAIT aspect helps to understand how to apply Agile and Lean strategies to IT organizations. This aspect comprises of all IT-level activities such as enterprise architecture, data management, portfolio management, IT governance, and other capabilities.4.Disciplined Agile Enterprise (DAE)DAE can predict and respond quickly to the changes in the marketplace by facilitating a change through an organizational culture and structure. This aspect can be applied to organizations having the learning mindset in the mainstream business and underlying lean and agile processes to drive innovation.The second one, Disciplined DevOps principles deal exactly with what I mentioned before: the different derivatives and combinations of DevOps. They start by giving an answer to the question of why it is so difficult to come to a common definition of DevOps:Specialized IT practitionersMany IT professionals still tend to specialize, choose a focus, like DBA, enterprise architect, operations engineer, or whatever. Each discipline will focus on its own aspect of DevOps.Agilists are focused on continuous deliveryBecause of their focus on releasing daily or even several times a day, a lot of discussions deal with bringing new features faster and more frequently to production and not paying attention to all aspects of DevOpsOperations professionals are often frustratedSystems administrators are crunched between the push of the development teams to deliver faster and more frequently and the typical stringent service management processes they have to deal with, that are not yet adapted to the need for more frequent changesTool vendors have limited offeringsA fool with a tool is still a fool… DevOps tool vendors only focus on these DevOps-aspects that their tools coverService vendors have limited offeringsSimilarly to tool vendors, service vendors will only focus on these DevOps aspects that their services can currently coverTool vendors treat DevOps as a marketing buzzwordSurfing the waves of the hypes, vendors might be persuaded to rebrand their existing toolset to something DevOps-ish, because it sounds better in a sales pitch. Sounds like window dressing…The DevOps = Cloud visionApparently, some people think that implementing DevOps in your organization can only succeed if you move to a cloud-based platform. Although cloud-native development practices are a facilitator for implementing DevOps, it not a requirement. And moving to a cloud platform definitely isn’t a requirement.All these reasons make that person come up with DevOps combinations that give an answer to only part of the problem.Disciplined DevOps mentions the following visions:1. BizDevOpsBizDevOps is a basic DevOps vision that explicitly brings the customers into the picture. BizDevOps is also called BusDevOps. DevOps is not just for teams, but it can be potentially applicable to any team supporting an incremental delivery lifecycle. The BizDevOps workflow consists of Business Operations, activities of delivering of products and services to the organizations. BusDevOps seeks to streamline the entire value stream, not just the IT portion of it. Its workflow is depicted in the diagram below.2. DevSecOpsAnother common improvement over the basic DevOps vision is something called DevSecOps. The aim behind this vision is to ensure data security by getting the various security issues, adopting the latest security practices, and finding out and addressing the highest priority security gaps [DevSecOps]. This vision includes collaborative security engineers, exploit testing, real-time security monitoring, and building “rugged software” that has built-in security controls. The workflow of DevSecOps is shown in the figure. 3. DevDataOpsThe aim behind DevDataOps is to maintain a balance between the current needs of data management consists of providing timely and accurate information to the organization and DevOps to respond to the marketplace. Supporting data management activities include the definition, support, and evolution of data and information standards and guidelines; the creation, support, evolution, and operation of data sources of record within your organization; and the creation, support, evolution, and operation of data warehouse (DW)/business intelligence (BI) solutions. The following figure depicting the workflow of DevDataOps.Or should we just stick to the term DevOps?Even though the message of Scott Ambler and Mark Lines is perfectly reasonable, not everybody might the term Disciplined DevOps. It fits their framework like a glove: everything boils down to Disciplined. If you don’t want to be framed into the Disciplined Agile/DevOps framework (pun intended), you may as well stick to the term DevOps and make sure that you cover all the aspects, which include business, security, data, release management and support.
Rated 4.0/5
based on 11 customer reviews
4741
- by Koen Vastmans
- 03 Dec 2018
- 6 mins read
DevOps - What's in a name?The term DevOps is well ... Read More
DevOps In 5 letters: Should We Say CALMS or CALMR?
By Koen Vastmans
When someone asks me to explain what DevOps is about, I usually do this using the different letters of the acronym CALMS.CultureCulture is the foundation of DevOps. If you omit culture, you're only doing some symptoms of DevOps (like using a whiteboard, working in timeboxes and doing daily standup meetings won't make you an Agile team).Culture is about the people, about self-organized teams, about T-shaped profiles, about tearing down the wall between Development and Operations. A DevOps team takes end-to-end responsibility of an application or system: "you build it, you run it".If your organization has always been working in a command-and-control style, then the first thing to do is to instill a culture of team empowerment. And don’t underestimate this: this will probably take years to change.AutomationThis is where a lot of focus goes into and can be considered as the easiest to obtain. The heart of DevOps is the CI/CD pipeline: the continuous flow process that is triggered upon check-in of new versions of code. Continuous integration was already known in eXtreme Programming. In a DevOps context, the continuous delivery/deployment makes the story complete. To make your CI/CD pipeline work at its full capacity, you have to consider everything as code:Your source code of courseYour automated tests - unit tests, integration tests and so onYour configurationIncluding your infrastructure configurationYour database changesYour documentationBut automation is also about closing the feedback loop: getting observations, metrics from running system fed back into your team’s product backlog.Lean principlesDevOps is not about moving big chunks of changes to production, but instead, moving to a constant flow of small and easier to control changes. Flow, as in Kanban: limited work in progress, small batches. And moving to the production does not automatically mean: "going live". If there is a dependency with other code that is not yet ready, you can still disable your code via feature toggling until everything is ready to be activated.MeasuringThis is crucial to improving: define metrics on your process. How good are the things going in your organisation? Where is room for improvement? And the apply the typical Plan-Do-Check-Act/Adjust approach to gradually improve your way of working.SharingDevOps teams take full responsibility over their system. But this does not mean that they have to reinvent the wheel over and over again. They learn from their peers.Common senseThere are plenty of resources on the internet - blogs, pictures, slide decks and videos - that explain DevOps using this CALMS acronym. So by now, this acronym has become common sense for anyone who searched for some kind of definition of DevOps. Or hasn't it…?DevOps according to SAFe®, in 5 slightly different lettersRecently I had a discussion with a colleague who is a certified SAFe® Program Consultant and trainer. According to this colleague, SAFe® doesn’t talk about CALMS but about CALMR instead. She wanted to be sure we tell the same story and don’t confuse the people we train and coach. I am not going to give a full explanation of SAFe's definition of Devops, you can read it yourself on the SAFe® site (more specifically on this page www.scaledagileframework.com/devops).But I will briefly explain what the acronym CALMR stands for according to SAFe®:Culture of sharing responsibilityAutomation of continuous delivery pipelineLean flow accelerates deliveryMeasurement of everythingRecovery enables low-risk releasesThis discussion made me wonder: if a large part of the world talks about CALMS to define the principles of DevOps, then why does SAFe® talk about CALMR and what is the difference? And why do they call it "SAFe® DevOps"? So I did some investigation and this is what I found.What's the difference?In all honesty, whether you speak about CALMS or CALMR, in the end, both are equal, or better, equivalent. Let me explain why.In the CALMS acronym, the S stand for sharing. Sharing of knowledge, of experiences. Call it communities, or chapters and guilds if you are more into the way Spotify works. I deliberately don't call it "the Spotify model" because there is no Spotify Model (says Marcin Floryan, a Spotify chapter lead in this presentation: https://www.infoq.com/presentations/spotify-culture-stc).But that’s entirely different story.Sharing in CALMRIn "SAFe® DevOps", sharing is a part of the Culture. People work in teams. But teams together form a release train. So, these teams will not only need to align planning-wise, they also inspect and adapt during the IP sprint. And they learn continuously. OK, fair point. But sharing clearly is there in both definitions.Recovery in CALMSSo, what about the recovery aspect of SAFe® DevOps? Is it a part of the CALMS acronym too? In my opinion, yes, of course, divided over other aspects. The first thing that the SAFe® site tells about Recovery is "Stop the line mentality".Now, that is a Lean principle. Mary Poppendieck (Lean Software Development) mentions this in her presentations: "The greatest productivity comes from not tolerating defects. Create ways to detect defects the moment they occur” (see slide deck https://accu.org/content/conf2007/Poppendieck-Stop_the_Line_Quality.pdf ).The other parts, Plan for and rehearse failure and Build the environment and capability to fix forward and roll back, these are typically automation aspects. Plan for and rehearse failure talks about the chaos monkey.The Simian Army is a bunch of tools and concepts that will create chaos in your ecosystem: kill processes, slow down processing and so on. Chaos engineering is really great, but most likely not the first thing you will implement (even though it is a very good enabler for resilience). More information on the Simian Army can be found on the Blog of Netflix. (https://medium.com/netflix-techblog/the-netflix-simian-army-16e57fbab116).Fix forward or roll back: these are the capabilities of your CI/CD pipeline, the heart of your automation efforts in DevOps. Your Continuous deployment should allow to roll back changes. Or do canary releases: for certain changes you don't go full park all the way, but deploy on a very limited set of servers/containers as a try-out and roll back if "the canary dies".ConclusionI could not find any explanation on the internet why SAFe® talks about SAFe® DevOps. The only thing I can think of is that they want to stress how DevOps culture, principles and practices seamlessly integrate with SAFe®. Similarly, SAFe® talks about SAFe® ScrumXP, where the good practices of Scrum and eXtreme Programming help to deliver good quality software every iteration and every program increment, not only on team level, but integrated with the other teams of the Agile Release Train.As far as the difference between CALMS and CALMR is concerned: they both cover the same ideas. In my humble opinion, the difference between CALMS and CALMR could be a matter of focus: maybe the initial focus of CALMS was to stress the importance of sharing knowledge, whereas the CALMR stresses more the need to be able to roll back a failing change.Bottomline, CALMS and CALMR may not be entirely equal, but they are definitely equivalent.Anyway:
Rated 4.0/5
based on 0 customer reviews
564
- by Koen Vastmans
- 07 Sep 2018
- 3 mins read
When someone asks me to explain what DevOps is abo... Read More