During a webinar delivered by Chef’s SVP of Products and Engineering Corey Scobie, the following five common practices used by DevOps high performers were described:
- Adopt a coded approach
- Make it easy to work with code
- Use the right tool for the right job
- Enable one way to production
- Shift risk mitigation left
During the webinar, Scobie aligned each of the steps with the development of Chef’s product portfolio, and how they have helped our customers. Over the past 10 years, Chef has evolved from an infrastructure configuration automation tool, to a release orchestration and security policy automation solution, to what is now a full Enterprise Automation Stack that can be used to build and deploy secure infrastructure and applications anywhere.
Let’s walk through these five practices, and discuss which steps DevOps teams are taking to stay ahead of their competition.
Step 1: Adopt a Coded Approach
The Practice of DevOps requires Dev, Ops, and Security teams to work together. To do this they must share a common set of processes and goals. Code provides the path forward to trust and velocity. A great quote from Chris Gardner of Forrester reinforces this view.
“Security and infrastructure are inseparable. As Zero Trust security becomes infused into more infrastructure, the forced segregation of the two is no longer possible. Automation must be secure, and security itself demands more automation. It’s a virtuous cycle.”
Forrester: Decipher Infrastructure Automation with Forrester’s Framework
Chris Gardner January 28, 2019
Using code to describe the desired outcome and associated policies eliminates miscommunications and makes deliverables unambiguous. Automation ensures repeatability across multiple teams at scale.
Step 2: Make it Easy to Work with Code
For those organizations and individuals not born in the digital age, the concept of doing “everything through code” can seem overwhelming. In addition, today the world faces a developer shortage. But a “coded approach” does not mean that everyone has to be a “coder.” Tools like Chef Infra, Chef InSpec, and Chef Habitat use human-readable languages and templates that enable easy editing. Chef Automate allows functional leaders to monitor deployments and ensure systems are secure.
At Chef, we believe infrastructure should be effortless and that users should only have to configure the parameters of the infrastructure, not write custom scripts for each and every system. Not only does this make code accessible to teams across the organization with varying skill sets, but it also eliminates much of the time Ops, Security, and QA teams need to spend manually updating process and policy documentation.
Step 3: Using the Right Tool for the Right Job
In the hands of a savvy developer or application superuser almost any software product can be made to do things way beyond what the vendor intended it to do. This is a core reason why organizations end up with technical debt and solutions that are hard to maintain and scale. Simply put, the tool was never meant to be used for that.
Prior to 2016, Chef and many others took a very infrastructure-centric view of the world. Teams started with the infrastructure and built systems from the bottom up using layers and layers of automation. This worked well for a single application, but as more and more applications were added, dependency maps became more complex and the automation required increasing amounts of maintenance.
Chef Infra simply was never designed to handle the complex web of dependencies present in modern applications. Chef Habitat was designed with this purpose in mind. Chef Habitat takes an application-centric view of the world, abstracts the application from the underlying infrastructure and packages only the required dependencies with the application.
Step 4: Enable One Way to Production
In order to scale, DevOps teams need to work more efficiently which requires standardization across tools and processes. Exception-based delivery is not a viable strategy. Base images need to be consistent across an organization and “snowflake configurations” need to be eliminated. In addition, standard, compliant baseline images need to be used and managed systematically. When using the right technology and the right hierarchy, concerns between the infrastructure and application cycle can be separated and consistently automated as part of CI/CD pipelines.
Without a normalized process that eliminates the disparity between build (dev) and deploy (stages) application delivery velocity cannot be achieved. Application packages/artifacts need to be built consistently across all of the stages of the deployment pipeline. Using the same artifact in both development and operations drives velocity and eliminates much of the complexity associated with application delivery.
Chef Enterprise Automation Stack enables application delivery teams to define an application consistently regardless of the technology and take a non-opinionated view of the deployment topology. Meaning, regardless of the age of an application or the underlying code it can be packaged and then deployed on a bare-metal device, in a VM or a container running in the cloud, or on-premise without having to rebuild the application.
Step 5: Shift Risk Mitigation Left
Thanks to agile, cloud, and microservices development is getting faster. The sooner new code makes it into production the quicker the company recognizes the value. System testing, compliance audits, application replatforming, run time errors, and reporting are all velocity blockers.
Coded approaches include policy along with the release, and tests are run and errors are addressed at build time vs. run time. Each policy and dependency are defined as code, versioned, and stored in source control along with the application code. They travel the pipeline along with the application code, are updated, and versioned along with the application and monitored in production. Attaching codified assets to an application release at the source control level is the easiest, cheapest and fastest way to ensure compliance and accelerate delivery.
“What Chef Habitat does is make application developers responsible for their full application stack. It’s no longer just placing a piece on the top of the stack and hoping it doesn’t fall off.”
Graham Weldon, Rakuten
In summary, coded enterprises win at scaling DevOps by managing EVERYTHING as code! They are able to:
- Align the Organization – Enabling Development, Security and operations to collaborate thru code
- Quickly Deliver Customer Value – Providing a consistent path to production so that all application teams can get changes into production quickly and reliably
- Build Systems that are Secure by Design – Security concerns are shifted left and security policies are built into each and every release
To learn more about why coded enterprises are winning watch the webinar recording now!