View
1
Download
0
Category
Preview:
Citation preview
#experiences17
Présentée par :• Patrice TROUSSET – DSI Microsoft France• Marc THENOT – Engineering Program Manager Microsoft IT• Nicolas DERIVERY – CAST Software
Mercredi 4 Octobre 2017
Impacts et bénéfices de DevOps dans la transformation de l’IT de Microsoft et nouveaux usages pour accélérer la valeur avec CAST Highlight
• Security, Cost Reduction,
Compliance and Privacy are our
Top Priorities
• Too much work, too little time,
often reactive
• The Challenge of
Consumerization of IT
• High Target for Security Attacks
• IT Business Alignment,
Prioritization and Partnership
• Poor time-to-market for
business apps
• Being Microsoft’s First and Best
Customer
• Running an Enterprise on Beta
Release Software
• Moving from a Code Centric to
a Data Centric Organization
• Software deployment more
than once, Continuous
Delivery
• User Experience & Self Service
Model
BUSINESS IS FASTER…COMPETITION IS FIERCER…
TIME TO MARKET IS KEY
Organization evolution: Microsoft
PartnersCustomersProspects
Sales ServiceMarketing
HRR&DOperations
Organizational silosDisconnected employee engagement
Connected enterpriseConnected employee engagement
? ?
? ?
Business processes
Shared services &
platforms
Centralized, aligned, and
standardized functions
Organization evolution: Microsoft IT
2005 2005-2010 2010-2014 2014
Decentralized
Business Unit IT
Engineering
OperationsSolution Mgmt.
Architecture
Cro
ss-I
T F
un
cti
on
s
Agility (DevOps)
Real-time IT
What is DevOps?
“It’s Development
and
Operations
collaboration”
“It’s a job
title”
“It means
faster and
smaller
releases”
“It’s
automation”
DevOps is an approach and set of practices that promote
collaboration and communication of both software developers and
information technology professionals while automating the process
of software delivery and infrastructure changes.
It is more a mindset shift than a new methodology to learn,
establishing a culture and environment, where building, testing,
releasing and operating software solutions can happen rapidly,
frequently, and more reliably.
Value delivery challenges
IT drives
business
success!
High IT performance
correlates with strong
business performance,
helps boost productivity,
market share and profit
… for companies that try
to adapt their existing tools
for DevOps practices
80% failure rate …
Outperforming
teams are 54%more
likely to
DevOps was being initiated by
more development teams than IT Ops
teams by about a 40% to 33% margin
IT decision
makers is still
unfamiliar with
the term DevOps
6
Responding to
ongoing needs for
efficiency and growth
Always keeping all
systems safe and securedual goals
Developers
26.7%No executive support
56.7%Cultural inhibitors
43.3%Fragmented processes
Collaboration blockers
The average hourly
cost of infrastructure
failure is $100,000
per hour
It takes on average
200 minutes to
diagnose and repair
a production issue
40%… of implementations end up getting
reworked because they don’t meet
the users’ original requirements
1 in
Agile methodologieshave adopted
3/4 of teams
A bug caught in production ends
up costing
than if the same bug was found
earlier in the development cycle
100x more
BusinessIT Ops
CIOs70 %
to reduce
IT costs
Would
increase
risk
and accelerate
business agility
of
… of development budgets for software,
IT staff and external professional services
will be consumed by poor requirements41%
The DevOpsApproach
PEOPLE
Collaborate more
Share common goals
Focus on improvement
BRINGING PEOPLE TOGETHER
PROCESS
Eliminate waste
Increase efficiency
Streamline feedback
DELIVERING VALUE FASTER
TOOLS
Enhance productivity
Enable collaboration
Facilitate experimentation
EXECUTING A DEVOPS STRATEGY
The converged DevOps lifecycle
Develop
Test
Plan
Monitor
Learn
Release
Impact on Microsoft Teams
Relationship Manager
trusted advisorBusiness Architect
best use of assets
Process Engineer
real-enough time
Engineering and DevOps
it works, build for monitoring self-healing
Edge/Wireless
Networking
secure, anywhere access
Cloud Architect
secure, anywhere access
DataScientist
business insightInformation
Architect
trustworthy data
Solution
Manager
UI Designer
UX Designer
Tester
SDETDeveloper
Application
Operation
& Support
Statistician
Analyst
DBA
Data Analyst
Network
Datacenter
Engineer
Organizational change
Commoditized skills Strategic skills for the new era
My Org in one slide |Key FY17 figures from FMCS
Field Mobile and Cloud ServicesProviding End-to-End Application Management
Services for Field Customers
Field Partnership
Portfolio Management & Simplification
Technology Adoption& UX Design
Security Ops PrivacyAccessibility
Managed Engineering Services
Field Demand Management
USER
EXPERIENCE &
PRODUCTIVITY
SCRUM
DevOps
UX
Design
Tech
Specialist
Managing a
portfolio of
~100applications
FMCS supports locally our field customers providing end-to-end application management services
Po
rtfo
lio
Valu
eC
on
sum
pti
on
Key O
pera
tio
nal M
etr
ics
Users on IT
Showcase
Partners using
MEPN-AEP
Members on Club
MS Japan
QualityZero Sev 1 Bugs
SLA 100%
ComplianceSecurity & Privacy
SLA 100%
DemandAverage Quarterly
Requests 0
5
10
15
Demand per month
End
use
r P
rod
uct
ivit
y
Scrum As a Managed Service
Library of Engineering Standards
A solid Contract with our Vendor
“Traditional” Release Management
Test automation inconsistency
Almost everything on Git / VSTS
Security “after” the fact
No Branching Strategy
Unchecked in code build & deployed in production
Pilot on “Grow”
Pilot on “Sustain”
People
Process
Tools
Start with Plan…
…to finish to monitor
CI/CD in UAT
Deployment Automation in Prod
Comprehensive DevOps Dashboard
Self Healing & Recovery
Environments As Code
MTTR reduction
Engineering Excellence
Secure Code Review
Code Review
Branch Adoption Threat
Modelling
Technology Adoption
Xamarin Perfecto
ARM
SQL Data Tool
OMS
Build Tasks
Powershell
Security Intellisense
Training
Automation
Adoption
Complex Build
Unit Testing
Simple Build
AzSDK
UI Testing CD in Test
Access Control
Alert & Tickets
Infra As Code
CD in UAT
Secrets & Keys Rotation
Self Healing
ManageDefine
Try
Measure
Learn
Adapt Define
Try
Measure
Learn
Adapt Define
Try
Measure
Learn
Adapt
Basic Telemetry
Intermediate Telemetry
Monitor Advanced Telemetry
Topic Training Online In PersonAutomation Powershell ✓
CI/CD Automation
Enabling DevOps Practices with Visual Studio Team Services Build ✓
Unit Test Automation & Code coverage ✓
Build Automation ✓
Deployment Automation ✓
DevOps Foundation: Infrastructure Automation ✓
Function Test Automation ✓
UI Test Automation (perfecto…) ✓
Core EngineeringSQL Server Data Tools ✓
Xamarin ✓ ✓
Culture
DevOps_Foundation ✓ ✓
Cloud DevOps Foundation ✓
DevOps Culture ✓
DevOps an IT Pro Guide ✓
Engineering Excellence
Developers Git ✓ ✓
VSTS Adoption & Branching Strategy ✓
Code Review ✓
Telemetry ✓
Compliance Automation
AzSDK ✓
Anti-Malware Scan ✓
CredScan ✓
HP Fortify ✓
PoliCheck ✓
APIScan ✓
SSLScanner ✓
WebInspect ✓
Security Engineering ExcellenceOWASP Code Review ✓
Threat Modelling (from ISRM) ✓
Service Engineering
Certificate Management ✓
Password Management ✓
Service Accounts/SG/DG ✓
SSL ✓
DevOps Practice Baseline30
Days
60
Days
90
Days
Current State
NotesBenefit
Branching Strategy 0% 100% 100% 100% To date, no Branch in previous scrums nor
sustain
• Code readiness for CI, CD
• Improved code management
• Improved Collaboration
• Grow, Sustain & Hotfix supported
Code Review 0% 80% 80% 100% To date, no Review in previous scrums nor
sustain
• Code quality
• Security Quality
• Improved Collaboration
Unit Test Automation 0% 30% 60% 80% To date, no UTA in previous scrums nor sustain • Consistent testing standards
• 5-10% reduction in testing efforts
Code Coverage 0% 80% 90% 100% Pre-existing code will be excluded from code
coverage until updates are required
• Ensure code is tested
DevOps Kit Adoption 20% 50% 75% 100% FMCS Central Continuous Auditing in place. • Secured Azure Resources
Build Tasks Adoption 0% 33% 66% 100% Some Tools are adopted but not automated • 5-10% increase in security adherence
Continuous Integration 0% 66% 100% • 5-10% reduction in integration efforts
Continuous Delivery 0% 66% 100% Target: CD in UAT • 2-4% reduction in Time to Market
Infrastructure As Code 0% 0% 100% 100% • Build Env on Demand in less than 6 hrs
Telemetry 50% 66% 100% Basic AppInsights and HockeyApp telemetry in
place
• Data driven decision
• MTTR reduction
Security Monitoring &
Alerting
5% 10% 30% 70% Default Alerting in place • Refined Alerts
• Ability to detect & respond to security issues
Support Automation - Partial Automation exists but not adopted • 80% of reduction in recurring support activities
DevOps Dashboard - 10% 30% 70% • Track against targets
• Monitor progress
The Martian | You solve one problem — do the math, do the legwork — and you move on to the next. And when you’ve solved enough of them, you get to live a little bit longer.
We were not as good as we thought
We got better
Training & Automation are key
Test automation only on “new” code
Define Quality Thresholds
Almost everything on Git / VSTS
Getting started takes time
Assess which apps to onboard
Metric As-Is Impacted Applications To-be (next steps)
MaaS DHS/AaaS DGR
Maintainability
▼ No Source control a a a
▲ All source code will be on-boarded to VSO
▲ Prod, PPE environments will be aligned
▲ 100% Environment Isolation
▼ Hardcoded Configurations a a a
▼ No Environment Isolation a a a
▼ VSO != Prod != PPE a a a
Design▼ Storing Password NA NA a ▲ User Authentication, Authorization will be implemented
as per Best Practices
▲ Database Design need to be normalized▼ No Database normalization NA NA a
Execution
Process
▼ No Test cycle
▼ No Release management
▼ No Communication / Escalation Process
▼ No defined process for Sustain, Support ,
New demand operations
a a a
▲ Introduce Quality control
▲ Automated release management (down the line)
▲ Communication, Escalation paths will be defined
▲ Update to date documentation
Scope of
Improvement
▼ No Application Portability capabilities NA NA a▲ Bring up Portability capabilities
▲ Reschedule jobs
▲ Automations
▲ Implementation of Notification Management
▼ Job Conflicts a a NA
▼ Manual Configurations a a a
▼ No Notification Management a a a
Open Issues
▼ Performance Challenges a a NA▲ Issues will be address based on the prioritization
▲ Iimplementation of Exception handling/logging etc▼ Code issues a a a
▼ No cross cutting concerns a a ar Noa Yes
DEVOPS ACCELERATION
WITH CAST HIGHLIGHT
By Nicolas Derivery: n.derivery@castsoftware.com
Agenda
• CAST Highlight Product overview
• Use Case 1: Get the right Apps to PaaS for DevOps
• Use Case 2: DevOps Continuous Monitoring
• Use Case 3: DevOps Risk/drift Prediction with ML
Highlight is an Application Portfolio Analysis
Accelerate Cloud Migration
Mitigate Software Risks
Reduce Application Costs & Complexity
Optimize Resource Allocation
▪ Hi-level portfolio health assessment
▪ Objective software analytics
▪ Code-level analysis
▪ Lightweight SaaS platform
An easy, Fast & Secure Process
ContributorsApp Owner, Team Leader…
SurveysSourcing, app age, criticality
Cloud Value drivers…
Code ScanJava, .Net, C++,
PHP, ABAP, PL/SQL… 65
Production
12
Adaptability
87
Complexity
Custom
App Type
10 FTE
Est. Maint.
64
Business Val.
75
Cloudready
150 K
Tech debt
• The code never exits the company, analysis made by local agent
• CAST is certified ISO 27001
USE CASE 1
GET THE RIGHT APPS TO PAAS
FOR DEVOPS
Get a 360° view on your portfolio and
spot Where PaaS is valuable
Bu
sin
ess
Im
pac
t
CloudReady Index
Quick Wins
Start HereLong-Term Bets
Pursue Later
Blockers(Platform Agnostic)
Azure Boosters
USE CASE 2
DEVOPS CONTINUOUS
MONITORING
Bu
sin
ess
Im
pac
t
Software Resiliency
Application ID CardFrameworks in use
Code Insights Benchmark
Sort, Filter, SearchIdentify, Qualify & Segment
Export & Communicate
Track evolutions on Health Factors.Monitor Cloud Readiness over time.
Be Proactive.
Highlight Allows to monitor many apps and is fully Automated in VSTS
USE CASE 3
DEVOPS RISK/DRIFT
PREDICTION WITH ML
Problem selection : DevOps Risk of failure
We can assess risks of failure through several kinds of indicators :
• Prediction of application failure : – Expected time before next failure
• Prediction of application failure kind :– Probability of specific kind of failure
– Symptoms : performance, security, availability, …
• Prediction of failure severity : – Application business classification (business critical, medium or low impact)
– Long, medium or short time to recover
Actionable :
• Root cause Identification
• Recommendation of remediation
Problem selection: DevOps Risk of shift
• Shift in delay (delivery date is shifted) :
– Prediction of delay on the delivery
• Shift on technical debt (delivery date is not shifted & code delivery is stressed) :
– Prediction of decrease in code quality after sprint scope unexpected change
• Shift on features (delivery date is not shifted & features are delayed) :
– Prediction of shifted sprint features percentage in next delivery
Problem selection : Clustering & Recommendation
• Identification of project similarities (code, framework, velocity, team, …)
– Index of similarity (through clustering)
• Recommendation :
– Synergy in application teams
– Developer mobility in team
Data targets to train the Predictive Algorithm
• Cast Highlight :
– Code static analytics :
• Code quality, code complexity, Agility, resilience, elegance, Cloud Readiness
– Survey : Strategy alignment, internal/external users
• ALM factory (VSTS, TFS,…) Sprint indicators
– Code churn, Lead Time, Work-in-progress (WIP), Backlog change, Active bugs, Code coverage
• Telemetric Data from Azure Monitoring Sources
ML Algorithm Approach
• Failure and shift prediction
– Few labeled data, many unknown data : Semi-supervised learning
– Targeting the Expectation-Maximization EM algorithm
• Identification of project similarities (code, framework, velocity, team, …)
– Index of similarity (through clustering)
• Recommendation and clustering :
– Clustering algorithms will create distances between projects,
leading towards recommendation
• ML Studio: Azure Machine Learning
Recommended