What is DevOps today?

DevOps has come to mean many things over the years. Ask five people and you’ll probably get seven different answers. From deploying code to virtual machines to configuring infrastructure in the cloud, the term encapsulates many activities traditionally performed by people in different departments within an enterprise environment. What once took humans hours or even weeks to handle can now be handled in minutes through automation. The errors and inconsistencies that once plagued IT teams can be eliminated through DevOps, which offers repeatability, certainty and a higher level of quality.

pipeline

So, how does a modern organization do DevOps? IT departments have varying maturity levels, so I’ll describe popular DevOps aspects in terms of ideal configurations. The usual starting point is Continuous Integration (CI), which many people call the “pipeline.” The idea assumes that multiple people make changes to the same system simultaneously, and then integrate their changes frequently (ideally daily). This means a shared repository of code or scripts and an associated deployment pipeline to incorporate changes, run unit tests, and then package and deploy the code to a target, whether it’s a virtual machine in the cloud or a serverless host (For simplicity, ignore containers).

test automation

Using continuous deployment (CD), test automation can bring huge added value. Unit testing is usually included in the CI pipeline, while integration and end-to-end UI testing is included in the CD pipeline. These tests are run after the code is deployed and are traditionally done to ensure that integrations with other systems or resources work properly and to verify specific functionality. Using test automation to perform these common tasks enables basic “regression testing” of a system or component every time it is deployed, and the automation can perform it orders of magnitude faster than humans, saving companies time and money. Let them focus on the more difficult tests.

NumberGone are the days of sending an email to your infrastructure team to manually provision a virtual machine or some suite of cloud resources, then waiting 2-3 days to install execution time and tools before you can deploy any code.

Environmental issues

What about so many environments? In a decentralized system, there are usually multiple environments to deploy and test the system before any functionality is made available to business users (go live). DevOps can help solve this problem by deploying the same package in multiple environments; the only thing that needs to be changed are the configuration values ​​for a given environment. For example, an API might use a different data store for each environment; the code will be the same for everyone. The CD pipeline can switch the value of the data store when the code is deployed to its host. This is all just the system’s built-in configuration. The advanced system will use feature flags/toggle to use different values ​​for different environments, and can turn a given feature on or off depending on the environment.

Infrastructure as Code (Iac)

The DevOps technology that has been widely adopted over the past decade or so is called Infrastructure as Code (IaC). Gone are the days of sending an email to your infrastructure team to manually provision a virtual machine or some suite of cloud resources, then waiting 2-3 days to install execution time and tools before you can deploy any code. Using IaC and pipelines, resources can be created and configured in minutes with the click of a button, often including all the software needed to then deploy code to them. There are even automated configuration tools for on-premises VMs that can create parity between configuring similar things in cloud providers. Databases, websites, networks, firewalls, all can be set up in minutes through DevOps automation.

Security in DevOps

In recent years, DevSecOps has become an important part of the DevOps movement. Use CI and CD pipelines to consistently secure your code and infrastructure. Security best practices can be incorporated into all stages of the DevOps lifecycle. Code can be statically scanned for vulnerabilities during build time. Test automation can verify that all executing APIs are properly protected. Dynamic scanning can be automated and any failed reports can be sent to the appropriate audience to resolve the defect. Cybersecurity personnel can perform code reviews of IaC to ensure that no resources are public and that appropriate firewall rules are configured for each resource. Doing all of this through automation makes things repeatable and deterministic, saving organizations time by eliminating manual security reviews of every detailed resource or API.

So, what does DevOps mean to you? Part or combine it into a larger set of parts and realize the value it can provide when done well. It can save you time and money, mitigate security attack vectors, or possibly all of these. Start using DevOps and deliver it!

pass

David Robertson began his career as a programmer on NASA’s International Space Station before moving on to design and build technology platforms at scale, learning and leading others to deliver working software that immediately added business value. DevOps has been his passion for many years, inspiring him to pioneer and integrate test automation and infrastructure provisioning across multiple organizations; this allows people to focus on more challenging tasks. David leads teams around the world, training and influencing many developers and engineers to implement better practices and secure coding. You can find his technical musings at X @ShipItSoftware.

His rocky career as a musician has left him focused on building software platforms, but he still enjoys playing guitar whenever he can. Solar and wind energy systems help put his mind at ease as an engineer and give him the opportunity to work with children on these things. One day soon, he plans to hike some of the great trails in North America and, hopefully, Europe.