Traditionally, development has been a systematic process in which code is written and followed sequentially by testing, multiple types of controlled rollouts and, finally, commercialization. The idea is to take as long as necessary to get it right. Thus, it can be a lengthy process, but one that results in services that are far less likely to have problems.
DevOps (the combination of development and operations) is a recognition that this tried-and-true approach is less practical than in the past. Developers and IT folks are on the same team. Their mandate is to create and stand up software in greater number and more quickly. DevOps is the overlapping of the processes necessary to create, operationalize, distribute, and secure the code that runs services. Everything is done in a never-ending cycle.
DevOps sounds like a perfect approach for our busy age. But it is a very difficult trick to pull off. The first realization is that DevOps is a very new thing. Today, Eric Brinkman, the director of Product Management for Hostway, pointed to five steps an organization should take as it moves to DevOps at Data Center Knowledge. Not surprisingly, the focus is on managing change.
Brinkman writes that organizations should break down silos among the departments that will have to communicate in order to make DevOps work. Those involved in pilot programs should be picked carefully. Since DevOps is based on strikingly new operational approaches, training (and retraining) is necessary. This should include training on new tools. It won’t be easy, but the results will be positive, Brinkman writes:
Ultimately, this will lead to developers having the capabilities to automatically provision development environments, test code and push it live and operations staff creating automated systems rather than performing discrete tasks. This means increased agility to respond to business needs with corresponding increases in productivity and operational efficiency – and that defines DevOps success.
Security, of course, is vitally important in all spheres of IT and telecom. This is nowhere truer than in DevOps. Code that has fatal flaws built in is a disaster waiting to happen. Another set of lists, this one on DevOps security, was offered last week by Aqua Security Co-Founder and CTO Amir Jerbi.
The list of problems is long and a bit intimidating. The main point of Jerbi’s commentary is that security must be “baked into” DevOps from the start. This, Jerbi writes, is referred to by insiders by the ungainly tag DevSecOps. IT security teams, he writes, must understand the process. And the DevOps team must include security from the very beginning of the process. Slapping on security at the end of the process is asking for trouble.
A Q&A between CXO today’s Sohini Bagchi and Richard Gerdis, the vice president for Solution Sales for Asia Pacific and Japan for CA Technologies, made a couple of important points. The first is that the education on DevOps issues must be emphasized. DevOps, Gerdis said, is more about culture than technology. Projects often fail – and the reason is that the players are not on the same page:
With DevOps, the two teams must closely collaborate. While this collaboration can result wonders when done successfully, it also has high chances of creating friction. Educating teams towards greater collaboration may lead to a more effective shift. However, if this cultural shift doesn’t happen in a company, DevOps is in risk of not delivering on the promise.
The other key point, and one perhaps emerging to counter the need for such specialized knowhow, is that tools will be far smarter. The barriers between the development and operations siloes therefore will erode.
DevOps is the future of software development. It is, however, a very big change in the way that software is created and distributed. The key, clearly, is to be open to DevOps without expecting too much too soon.
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at [email protected] and via twitter at @DailyMusicBrk.