New ChatOps tool

Writing in the streaming service’s tech blog, senior engineers Michael Grima, Andrew Spyker and Jason Chan, introduced HubCommander, a ChatOps tool for GitHub management.

Netflix uses GitHub extensively for both open source and internal projects. The engineering team at Netflix highlighted some key challenges, particularly related to user management.

“Management of many users on GitHub can be a challenge without tooling. We needed to provide enhanced security capabilities while maintaining developer agility.”

“To reduce complexity, we enforce a consistent permissions model across all of our organizations. This allows us to develop tools to simplify and streamline our GitHub organization administration.”

Why ChatOps?

The Netflix approach leverages ChatOps, which utilises chat applications for performing operational tasks.

Increasingly popular amongst developers, ChatOps leverages chat tools that are ubiquitous, provide a single context for what actions occurred when and by whom, and also provide an effective means to provide self-serviceability to developers.

Security in GitHub organisations

Security is paramount for Netflix, and the company follows a permissions model that applies the principle of least privilege, but is still open enough so that developers can obtain the access they need and move fast.

“While we permit our developers to have write access to all of our repositories, we do not directly permit them to create, delete, or change repository visibility.”

Additionally, all developers are required to have multi-factor authentication enabled. All of our developers on GitHub have their IDs linked in our internal employee tracking system, and GitHub membership to our organizations is removed when employees leave the company automatically (we have scripts to automate this).”

Netflix also enables third-party application restrictions on its organisations to only allow specific third party GitHub applications access to its repositories.

Contributions from the developer community

“If you’d like to extend these features, we’d love contributions to our repository on GitHub,” the Netlix engineers said.

Stethoscope, Netflix’s first project following a user focused security approach

In another blog post, Jason Chan, Director of Engineering – Cloud Security at Netflix, discusses the open sourcing of Stethoscope, a web application that collects information for a given user’s devices and gives them clear and specific recommendations for securing their systems.

“The notion of ‘User Focused Security’ acknowledges that attacks against corporate users (e.g., phishing, malware) are the primary mechanism leading to security incidents and data breaches, and it’s one of the core principles driving our approach to corporate information security. It’s also reflective of our philosophy that tools are only effective when they consider the true context of people’s work,” Chan said.

Education, not automatic enforcement

The reasoning behind Stethoscope is primarily education and helping employees stay safe from phishing, malware, and other exploits on personal devices – outside of Netflix’s direct control.

“If they fall for a phishing attack on their personal laptop, that may be the first step in an attack on our systems here at Netflix,” Chan said.

Edited from sources by Cecilia Rehn.

The post Netflix open sources ChatOps tool for GitHub management and user focused security web application appeared first on DevOps Online North America.

More than three-quarters (76%) of respondents in VictorOps second annual State of On-Call Report, in have at least a year of DevOps experience (up from 52% last year).

Increased DevOps and ChatOps uptake

In the report, VictorOps surveyed more than 500 IT professionals about what it means to be on-call and the challenges they face. The research indicates that as IT professionals are becoming more knowledgeable about DevOps and ChatOps, being on-call is slowly becoming more manageable.

“As the growing DevOps movement is becoming more widely adopted by IT departments, we’re finding that more and more developers are being included in the on-call process,” said VictorOps CEO, Todd Vernon. “We’re seeing this trend a lot internally among our customers, and as a result, confirmed by our survey findings, the on-call process is becoming less painful.”

Being on-call is improving for IT professionals

Some key findings in the 2015 report include showing that 80% of respondents stated that the problems associated with being on-call are, or at least sort of are, getting better.

ChatOps is invaluable

The research found that the percentage of participants currently using ChatOps has increased from 28% last year to 40%. And collaboration remains important. In fact, 46% of those surveyed reported that synchronous chat and collaboration solutions are the most important tools to use during a firefight.

Edited from press release by Cecilia Rehn.

The post Report finds DevOps adoption is growing amongst on-call IT professionals appeared first on DevOps Online North America.