Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Topo pal does2016

914 views

Published on

My keynote presentation at DevOps Enterprise Summit 2016.

Published in: Technology
  • Login to see the comments

Topo pal does2016

  1. 1. DevOps at Capital One Focusing on Pipeline and Measurement
  2. 2. @TopoPal Tapabrata “Topo” Pal tapabrata.pal@capitalone.com @TopoPal
  3. 3. @TopoPal Capital One ! Millions of accounts ! One of the largest Digital Banks ! #1 Information Week’s Elite 100 ! ~ 20 years old
  4. 4. @TopoPal Different DNA ! Build our own software ! Build on public cloud ! MicroServices ! Open Source ! DevOpsSec and Continuous Delivery
  5. 5. @TopoPal • Enterprise Architecture • DevOpsSec Strategy Owner • DevOps Evangelist • Shared Technology Group • Product Manager of Continuous Delivery Tools Platform • DevOps Evangelist • Core Contributor and Community Manager of Hygieia Personal Journey
  6. 6. @TopoPal
  7. 7. @TopoPal • Waterfall • Manual Build • Manual Deployment • Manual Test • Data Center • Closed Source First • Agile • Automated Build • Automated Deployment • Automated Test • Public Cloud • Open Source First Agile & DevOps Transformation Journey
  8. 8. @TopoPal Mostly Out-Sourced Mostly In-Sourced Agile & DevOps Transformation Journey Vertical Silos Product Team Dev, Ops, QA, RM Engineers
  9. 9. @TopoPal ! DOES 2014 Building out Automation steps ! DOES 2015 Scaling DevOps, Open Source, Cloud, Innovation ! DOES 2016 Measure, Improve, Mature
  10. 10. @TopoPal Typical DevOps Success Story Code Commit Random 100s /day Deployment Prod Manual Automated Integration Monthly 15 mins QA, Perf Monthly 4 / day Monthly/ Quarterly Once / sprint Testing Manual Automated
  11. 11. @TopoPal 2016 What’s in your pipeline?
  12. 12. @TopoPal http://www.devopsdays.org
  13. 13. @TopoPal Deliver High Quality Working Software Faster
  14. 14. @TopoPal Deliver High Quality Working Software Faster • No security flaws • No legal flaws • Minimum defects • All levels of testing done • Code reviewed and source controlled • Across LOBs, Shared Services and 3rd Parties • Tested end-to-end • All dependencies are satisfied • How fast? ASAP?
  15. 15. @TopoPalhttps://upload.wikimedia.org/wikipedia/commons/c/c8/Can_We_Do_it_Better_or_Faster...We_Want_Your_Ideas_-_NARA_-_534240.jpg
  16. 16. @TopoPal
  17. 17. @TopoPal Feb 8, 1700 — March 17, 1782 Daniel J. Bernoulli
  18. 18. @TopoPal Constrict flow, Increase Speed, Lessen Pressure https://www.khanacademy.org/science/physics/fluids/fluid-dynamics/a/what-is-volume-flow-rate
  19. 19. @TopoPal Commit Deploy
  20. 20. @TopoPal http://www.netuba.org/
  21. 21. @TopoPal https://en.wikipedia.org/wiki/Oil_refinery
  22. 22. @TopoPal https://commons.wikimedia.org/wiki/File:US_Navy_060906- N-8257O-026_Damage_Controlman_1st_Class_Petty_Officer_Derrick_Harney_assists_his_students_in_repairing_a_broken_pipeline_during_the_hands_on_patch_tr aining_portion_of_the_Damage_Control_Wet_Trainer.jpg
  23. 23. @TopoPal • Design • Measure • Improve Pipeline
  24. 24. @TopoPal Pipeline Design
  25. 25. @TopoPal Pipeline must have 16 gates Source code version control Optimum branching strategy Static analysis > 80% Code coverage Vulnerability scan Open source scan Artifact version control Auto provision Immutable servers Integration testing Performance testing Build, Deploy,Testing automated for every commit Automated Change Order Zero downtime release Automated rollback Feature Toggle
  26. 26. @TopoPal Pipeline Measurement
  27. 27. @TopoPal https://devops-research.com/
  28. 28. @TopoPal https://devops-research.com/ https://github.com/capitalone/Hygieia
  29. 29. @TopoPal Increase Speed = Reduce Wait Time
  30. 30. @TopoPal Opportunities • Branching Strategy • Process
  31. 31. @TopoPal Pipeline Improvement Improve Branching
  32. 32. @TopoPal Branching • We recommend “Trunk based” development. • Other option:
  33. 33. @TopoPal Pipeline Improvement Improve Process • Automate Release Process • Revisit Audit & Compliance
  34. 34. @TopoPal Risks are real • Intentional damage • Unintentional damage • Untested code in production But…. There is a better way
  35. 35. @TopoPal Hypothesis • DevOpsSec & CI/CD provide better controls • A model with ~30 practices can satisfy audit and compliance • If everything is source code, no one needs access to production • For emergency,“Break Glass”
  36. 36. @TopoPal Result Production Release 1+ / dayOnce / sprint # of Applications with Release Automation: 20+ Max. # of Releases in 1 day for 1 Application: 34 With “Segregation of Duties”
  37. 37. @TopoPal Goal Release Automation without classic “Segregation of Duties”
  38. 38. @TopoPal Coming Soon to Open Source • A secure & compliant pipeline model • A forked and enhanced version of “LGTM”
  39. 39. @TopoPal
  40. 40. @TopoPal Thank You!

×