Discover PerformanceHP Software's community for IT leaders // July 2014
Get DevOps right—at the Agile stage
DevOps is a cultural shift, but when Agile is the trigger, don’t let practical failures sabotage you.
DevOps is a recent approach to an old, and seemingly intractable, challenge. Development and operations teams have been in their separate silos for a long time, each with very specific methodologies, terminologies, and processes. And the release-to-production boundary has always been a problem—one typically patched or remedied after the fact.
But a few recent trends increase the urgency and value of DevOps’ attempt to replace silos with a faster, smoother flow from development to production:
- The move to Agile, and with it the increased speed and frequency of release to production
- The increasing complexity of the development process, internally and externally sourced
- The power shift toward the business-owned development team, which can match the speed required by the business and, with appropriate funding, take things into its own hands
- The growing sophistication of open source assets
While Agile development is not the only route to DevOps, it’s often either the impetus or an obvious point of connection to a DevOps initiative, which has to transform IT culture and processes as a whole, and also align them with business culture and goals.
Particularly as DevOps reaches the enterprise, it’s likely to be entwined with Agile. Though DevOps goes beyond development to think about service delivery and ultimate value, many IT leaders are likely to get hung up on the intersection of Agile developers and the ops teams to whom they deliver their code. And that’s where some practical problems may hamstring what should be a larger cultural shift.
Extending Agile’s limitations
Georg Bock, director of HP Software’s Customer Success Group, is passionate about extending the success of Agile by getting DevOps right. "The real problem is that, with Agile, most applications are not built in a way that simulates and tests how they will actually be used by the business. Almost no development environment has the ability to stage a production-like environment that can simulate true performance characteristics," Bock says.
Others have echoed Bock’s concerns: "Focusing on continuous delivery has the effect of creating an unmanageable defect backlog while developers work to put something in front of the customer," notes CIO Magazine.
Bock continues: "Agile hasn’t really addressed certain essential dynamics, such as how to integrate security, or non-functional requirements in general. Agile says: ‘Divide the problem into somewhat independent user stories, then let your people attack them: any good developer can produce functional code.’ But security is a very tricky thing. Not a lot of people can code it. Now we come up with automated testing problems and end up with a large number of security issues and vulnerabilities. Who’s going to assess, prioritize, and fix those? People who use the stories simply don’t have skills. Security is typically an expert center approach, which does not happily marry with the Agile approach, as it is a natural bottleneck."
Getting it right the first time
What if—early on in the development process—we could build into the requirements a clear definition and architectural model of the conceptual services to be delivered? There are critical vulnerability areas where developers can provide guidance, and models can be integrated into the Agile user stories. "Up front, you’ve got to define the characteristics of the outcome you want to achieve with an app—this is crucial," Bock says. "Then you can build what is best to address that outcome."
Making those fundamental improvements to process and up-front content would be far better than trying to mitigate problems after the fact. "We’d be way ahead," says Bock. "Right now, we end up with tons of manageability things to deal with at the back end, in ops, to correct deficiencies."
As Bock sees it, when we monitor apps, most of the time we instrument them after the fact to provide data. We should inject them with this capability from the beginning, he says, so that the code monitors critical vulnerable areas that only the developers understand. What if the architecture could prescribe a management model, and architects could use standard model components to inject manageability at the right places, and developers could use specific objects (in Visual Studio) and reusable code (perhaps a performance metric API) to put it in as a standard practice, without even thinking much about it? Same goes for typical security vulnerabilities.
Also, the Big Data technology gives us the opportunity to get to critical application experience data earlier and easier, which should be leveraged by the ops department to translate into more meaningful requirements to guide the developer community. All this, Bock says, would be a practical improvement to the cultural shift—and the value IT delivers.
From Agile to DevOps to a new style of IT
"DevOps to me is an instantiation of the new style of IT, and it’s there today because Agile is there," Bock says. "Agile is a trigger for why DevOps is so critical right now, but inherently DevOps is linked to other characteristics, like cloud and Big Data. But DevOps can only succeed if you do things right from the beginning."
For more on aligning IT to business results, download our free Value Streams ebook (reg. req’d).
HP Software’s Paul Muller hosts a weekly video digging into the hottest IT issues. Check out the latest episodes.
Introduction to Enterprise 20/20
What will a successful enterprise look like in the future?
Challenges and opportunities for the CIO of the future.
What the workforce of 2020 can expect from IT, and what IT can expect from the workforce.
Data Center 20/20
The innovation and revenue engine of the enterprise.
Dev Center 20/20
How will we organize development centers for the apps that will power our enterprises?
Welcome to a new reality of split-second decisions and marketing by the numbers.
IT Operations 20/20
How can you achieve the data center of the future?
Preparing today for tomorrow’s threats.
Looking toward the era when everyone — and everything — is connected.