Peer-to-peer networking
Connect and network with your peers from across the industry – ranging from small, medium to large businesses. This industry is full of great minds that are just waiting to be tapped.

One full day event
Attend a day filled with exciting and motivational debate sessions! You can choose 3 x 90 minute sessions to attend, enjoy sample networking opportunities during breaks and maxmise your time.

12 thought leading debate sessions
Speaking of the sessions…

There will be 12 incredibly well thought out, idea-provoking debate sessions taking place on the day. You will be able to choose which you’d like to attend. You’ll be spoilt for choice!

Over 150 decision makers
Make a difference within the industry, meet, and bounce ideas off of over 100 decision makers! It’s a great opportunity to learn from your peers. Share your thoughts on the issues raised and have your voice heard.

Exhibition
Meet our brilliant exhibitors and let them show off their products (there may even be freebies in it for you, and we all love a good freebie…)

Great location!
Easily reached and conveniently located, the Park Inn by Radisson at London Heathrow Airport is the perfect venue for this thrilling, educational one-day event.

Experienced hosts
31 Media are incredibly experienced hosts. Running major industry events such as the National DevOps Conference and the DevOps Industry Awards, you can be sure you’re in safe hands and that the event will run smoothly.

The post 7 reasons why YOU should attend DevOps Focus Groups appeared first on DevOps Online North America.

Two seemingly contradictory imperatives are bearing down on the modern global enterprise organisation.

On the one hand, security is a huge challenge that can have dire consequences if improperly handled. A known vulnerability led to TalkTalk being hacked in 2015, for example, resulting in a record‑breaking fine for the company and a massive brain drain as embarrassed IT professionals sought to distance themselves from the brand.

On the other hand, as software continues to ‘eat the world’, high‑velocity IT becomes the foundation of competitiveness in the modern marketplace. Every business must become an agile and innovative software delivery machine in order to survive.

Which leads us to the enterprise IT paradox: go faster and innovate. But always stay secure.

Why is this difficult and what can be done?

Going faster: software‑defined everything and DevOps

As software becomes the key market differentiator, every company – regardless of industry – is becoming a software company.

Simultaneously, the remit of software is expanding. Infrastructure can now be provisioned in the cloud via APIs, i.e., codified through scripts and templates. Nearly your entire stack (compute, storage, network…) can now, in principle, be defined by software and provisioned through the same delivery cycle as software: build, test, deploy.

This means that infrastructure can be provisioned much more rapidly and software deployed more quickly and frequently.

In this world of software‑defined everything, the old (‘procedural’) approach of making a change on system A, then the same change on system B and so on, does not scale. Instead, to effectively manage and control these large, distributed, software‑defined systems you need to change your mindset and employ two foundational tools: configuration management and automation.

Configuration management tools allow you to define the desired state of your systems in code and manage them such that they continuously reconverge on this desired state. This means that complicated distributed systems (e.g. environments in the public cloud) have the ability to heal and fix themselves.

Automation allows you to spin up and spin down these self‑healing systems with minimal manual input.

The result is that you can spin up and spin down highly‑consistent environments quickly and cheaply. When combined with a DevOps approach, this provides the foundation for a hugely accelerated software delivery cycle.

But how can security keep up with infrastructure that is constantly being torn down and automatically reprovisioned or with continuous deployment and iterative experimentation?

A study by 451 Research showed that when organisations try to go faster by moving to the cloud, for example, the number one headache is security, with data sovereignty and compliance not far behind.

Why is security at speed so hard?

Security at speed: conflicts and change

Security compliance has traditionally been a drag on performance. Perceived and actual conflicts between the need to go faster and the need to be secure and compliant created divisions between development teams (go fast!), operations teams (go slow!) and security teams (be safe!).

The security team becomes the ‘Department of “No”’ and as a result is marginalised over time, creating a self‑reinforcing downward spiral of division.

And this is getting worse as security becomes more important in the enterprise. Cyber crime is more profitable than ever, with incidents rising year‑on‑year and reams of regulation following in their wake.

What’s more, technologies and regulations are constantly changing, forcing security teams to constantly have to test for different issues in different ways. They get caught up in reactive cycles, only responding when something goes wrong, because proactively preempting myriad security issues in an ever‑evolving threat landscape is simply too large a challenge to be taken on with the limited resources available.

So how can you increase the rate of deployments, accelerate feedback loops and breed a culture of innovation, i.e., increase the rate of change – whilst ensuring that you meet security standards that are stricter than ever before and that struggle with change? „

Dev Sec Ops and shifting security left

The solution is to shift security left. This means including security as early as possible in the software delivery pipeline and embedding security into the very processes that you use to go faster: software‑defined security.

You can codify testing, monitoring and reporting, embed them in the continuous delivery pipeline and then generate fast feedback loops regarding the state of your infrastructure security, across your system.

Essentially, all the governance standards of your organisation can be ‘hardened’ into your infrastructure via code before you ever deploy applications onto it.

This makes security efficient and repeatable. It reduces errors and means that issues can be resolved quicker because different systems don’t have different configurations.

This is sometimes referred to as DevSecOps: bringing security into the DevOps world.

This involves a lot of work up front – you first need an automated continuous software delivery pipeline supported by DevOps practices – but it is the most consistent and reliable way of including your security practices at every stage of the software delivery pipeline. And of resolving the paradox between speed and security.

What are the benefits?

With DevSecOps, you will know that your applications and your infrastructure are automatically and continuously reconverging on optimal security settings that you have defined in advance in code.

If root access is limited (a common feature of effective automation aimed at maximising consistency), you will know who made which changes and when. This traceability makes it much easier to track down the origin of problems when they do occur.

Lastly, thanks to the availability of a wide range of open source tools, automated testing can be included at every stage of the pipeline. Potential vulnerabilities are identified as early as possible and can be easily traced and rectified.

The result is that you can now validate the security settings of your machines, automatically generate a report that is human‑readable and can be shared with your security teams so that, when they come along with a big binder of compliance and regulations, it’s easy to point them in the right direction. This reduces the chasm between the theory of security and how it is actually practiced on the ground and brings the previously‑marginalised security team right into the loop.

What is good security?

Good security has now become a function of good software delivery hygiene: of good continuous integration, deployment automation and automated testing. This new way of working results in more compliance, less risk and greater productivity.

Most importantly, security is no longer a ‘drag’ on performance, it’s a key element of business success that guarantees consistency and reliability over the long term.

This article originally appeared in the DevOps Focus Groups Supplement as part of the January 2017 issue of TEST Magazine. Edited for web by Jordan Platt.

The post The DevSecOps paradox appeared first on DevOps Online North America.

Skytap recently had the privilege of sponsoring a series of DevOps Focus Groups in London where we had the opportunity to host three roundtable discussions with numerous executives from the corporate IT sector.

Events like this are a great way to get a pulse reading on what’s driving – and stalling – the modernisation journeys that so many large enterprise organisations are undertaking.

The topic of discussion that we posed to each group was “DevOps and the cloud,” with a focus on trying to gauge if companies are more likely to embrace modernising their infrastructure and then their processes and culture, or vice versa. By the end of the day, while most of whom we had the pleasure of meeting had not yet actually begun organisational shifts to DevOps or the cloud, many were on their way, and their collective reasoning for wanting to make the transformation was both spot‑on and inspiring.

Overcoming resistance to the cloud

Our roundtables’ executives came from a variety of industries – financial services, travel, telecommunications, insurance, education, etc., and each were at various early, evaluative stages of ‘application modernisation.’ We learnt that many large enterprises are looking at a variety of approaches to updating core IT systems, and we discovered that using the cloud to help modernise traditional applications is a popular approach.

However, there’s often much resistance within large enterprises to attempt to modernise these types of monolithic applications, and with good reason. These applications are often the backbone of an enterprise, and are responsible for core business functions such as the systems of record that cannot be disrupted.

“We know we need to modernise for tomorrow, but we also have to keep the business running today,” said one of our focus group’s attendees. “We really can’t be too disruptive, because we’re also responsible for safe‑guarding revenue.”

This concern is not only valid – nearly everyone throughout the day had similar apprehensions – it’s also not only limited to the UK. Our view, and one that we’ve seen prove very effective, is a structured, iterative, three‑step approach that reduces risk, and increases innovation.

Skytap often recommends these best practices:

• Removing delivery bottlenecks caused by resource scarcity.
• Introducing modern processes and supporting tooling.
• Employing modern cloud technology and architectural patterns.

This approach allows development, testing, and operations teams to more easily begin and complete infrastructure, process and architecture modernisation journey initiatives.

Keeping pace with born-in-the-cloud applications

Depending on who you ask – especially if it’s developers and testers – IT operations teams have been much more associated with being bottlenecks rather than removing them, but that way of thinking is rapidly changing.

Today’s forward‑thinking operations teams, like those who attended the DevOps Focus Groups, are looking for ways to increase test coverage, decrease time to market, and modernise legacy systems in order to keep pace with newer, born‑in‑the‑cloud applications.

“We have to bring modern technology to our older apps, because if we don’t modernise our infrastructure today, we won’t be around tomorrow,” said one attendee.

Real world examples of DevOps demand

We asked our groups why they were looking at DevOps and the cloud to deliver a collaborative culture, and modernise their infrastructure, architecture, and applications as a whole and many said it was because the speed of business demands it. There were some fantastic, real world examples of this demand, including:

“I have to be able to respond to requirement demands from customers and internal resources. It currently takes us too long to maintain and operate our systems.”

“We need the ability to do software releases without taking platforms offline. There are some releases where we have to bring the website down for four hours. It’s crazy that we’re in a world where we have to do that.” „

“From an operations point of view, it’s really about having the ability to just say, ‘Yes’ when we’re asked for a new process, tooling, infrastructure, anything that we’re asked for. Today we’re like, ‘Not right now, no,’ because we don’t have the flexibility of infrastructure. Everything’s just static.”

The need for DevOps champions

Providing that level of flexibility is a monumental task, but it was so inspiring to meet so many executives who clearly see the incredible opportunity before them to drive not just continued stability, but disruption that results in real business change. We asked each of our focus groups, “Who are the DevOps champions in your organisations? Who is driving adoption?” and the answers were not surprising.

While the groups’ thoughts were echoed throughout the day, one attendee summarised it by saying, “I think it’s the IT people on the ground. The people with the transformation of thinking, ‘I am an IT champion,’ to, ‘I am a business champion.’ is really important. I do everything for business. IT can’t function alone. That kind of thought process is very important.”

There have been a million definitions of DevOps, but I’d like to suggest that “DevOps is about creating and sustaining teams that take software all the way from ideas, to customer use, to end of life. These teams absolutely change in size and makeup over time, but it’s important that it feels like one collective team is fully responsible for – and empowered to deliver – a successful offering.”

Summary

Cultures, technologies, and processes like DevOps, cloud, continuous integration and delivery, etc., are massively transformative changes for many organisations to rally around, but they offer the potential for returns on investment that can be seen very early on. Whether the drumbeat to adopt these shifts comes from the ground‑up, or top‑down, from what we’ve seen, IT has the chance to lead the way and not just meet business demands, but also consistently exceed them.

This article originally appeared in the DevOps Focus Groups Supplement as part of the January 2017 issue of TEST Magazine. Edited for web by Jordan Platt.

The post Operations is ready for change appeared first on DevOps Online North America.

Chef’s participation in the London DevOps Focus Group event provided a valuable opportunity to speak with peers that we don’t always get the chance to meet as often as we’d like. Our products – focused as they are, on infrastructure automation and compliance as well as application delivery – are usually adopted by operations or system engineering teams more than testing teams.

Testers need support too

My view, however – which has only been reinforced by our work and client experience – is that testers need the same support and predictability in their platforms that developers and operations teams do. And this experience has been drawn from Chef’s role as an active and influential member of the DevOps movement since its inception.

We’ve helped numerous customers and community users through their transformation, from organisations that see IT and technology as a cost centre, to organisations that use technology as an accelerator for the core businesses. This is why I’m confident the need to properly support testing teams is not going away any time soon.

In fact, more and more industries are becoming reliant on software to better serve their customers, respond quicker to market feedback, and drive efficiency in their workflows.

Being successfully software and technology-driven

Indeed, a leading indicator for how successful a transformation programme will be is the extent to which an organisation’s leaders recognise technology as having a valuable role to play, as opposed to treating technology as a cost centre to be managed, contained, and minimised. This also means recognising the importance of developing, testing, and, finally, running applications.

One of the highlights of ChefConf 2016, held in July in Austin, Texas, was a keynote presentation by Veresh Sita of Alaska Airlines. The airline industry is one of many where the primary business is being improved through the application of technology to many different areas of the company. Sita’s message detailed how Alaska Airlines is applying technology to enhance the passenger experience, thus giving the company an edge in an extremely competitive market.

Today, many industries that aren’t the first one might associate with being software and technology driven, such as banking, real estate, and entertainment, are embracing new practices to enhance their non-technical offerings and improve customer experiences. This places increased strain on their own technology departments and partners, which have to keep up with growing workloads, while still guaranteeing quality within a shorter timeframe.

DevOps itself can be understood as a direct response to these market forces and pressures. While DevOps is a portmanteau of development and operations, it recognises there are multiple stakeholders in the success of any technology team, including the test and QA staff in an organisation. As such, the keys to success in modern IT include tools and practices that benefit the teams working in test practices, as well as those in software development and operations.

By combining the people, culture, and technology of an organisation into a winning formula, DevOps includes all the people involved in the production and release of technology and software products, not just the development and operations staff. A successful DevOps transformation project must include everyone needed to deliver the project to completion.

One of the topics discussed at the DevOps Focus Groups roundtable was the continuing challenge for testing teams of ensuring the correct environments for testing applications appropriately. Fully automating the provisioning, updating, and ongoing maintenance of testing environments with a configuration management tool, such as Chef, is an important first step to increasing the velocity of software creation and delivery. This velocity also has a great many other positive effects on the business, because of the value testing teams deliver by ensuring the quality of the products and software being released.

The realities of the production environment

In spite of this, the cost of building and maintaining environments to ensure that testing is carried out against systems that reflect the realities of the production environment is a point of contention in many organisations. In traditional, non-automated „
enterprises, the additional overhead of manually building and maintaining correct test environments is seen as adding costs and resources to projects that are difficult to justify.

Automation, and the sharing of environment definitions between production and non-production environments, as provided by a tool like Chef, alleviates a substantial amount of this overhead. We accomplish this through the employment of a mechanism we have termed ‘infrastructure as code’.

Creating and maintaining non-production environments with the same code used for production environments allows for better sharing of the definitions of the infrastructure via Chef’s recipes and cookbooks. This further provides mechanisms for testing the infrastructure definitions themselves, via tools in the Chef ecosystem like Test Kitchen and InSpec.

These tools provide plugins and interfaces to various providers and other tooling so teams can build sophisticated workflows, by linking common components together via their command lines. InSpec serves as an integration testing tool for infrastructure, as well as providing resources for checking and reporting on the security settings on systems. Chef’s testing workflow allows teams to regression test common infrastructure tasks, from upgrading individual pieces of required software to upgrading entire operating systems, while also maintaining the quality of all environments.

Overall, automation of tasks and processes alleviates risk while boosting efficiency and reliability. When processes are encoded in an automation tool like Chef, they can be examined, audited, shared, versioned, and updated by stakeholders as needed. Storing this information as a text-based file also reduces the risk introduced by the use of non-repeatable GUI-based tooling.

This means no more wiki pages of screenshots describing how to configure software correctly for the project. Instead, the configuration is documented in the code used to create the environment. It can then be deployed repeatedly without suffering from missed steps or forgotten procedures.

Capital One presented a talk about the importance of automating test procedures at O’Reilly’s Velocity Conference in Santa Clara in October. They quote their Founder and CEO, Rich Fairbank, who said, “… the winners in banking will have the capabilities of a world-class software company.” From experience, we know this holds true for many industries.

Summary

For most traditional tech teams, this journey is long and challenging, but the rewards are great, and ultimately strengthen the organisation’s market position. Chef’s products have played a key part in many of these journeys already, and we look forward to helping more companies achieve greater efficiency, faster feature production, and more reliable delivery of software.

This article originally appeared in the DevOps Focus Groups Supplement as part of the January 2017 issue of TEST Magazine. Edited for web by Jordan Platt.

The post Bring all the stakeholders together appeared first on DevOps Online North America.

Held at the Park Inn by Radisson – London Heathrow on 18 October 2016, the DevOps Focus Groups promises to be a dynamic event that provides a solid platform for the most influential professionals in the IT industry to discuss and debate their issues, voice their opinions, swap and share advice, and source the latest products and services.

Over 100 senior professionals will gather to learn from each other under the guidance of market leading companies hosting the syndicate rooms.

12 roundtable discussions

Attendees will be able to partake in three different roundtables during the day, with 12 topics to choose from ranging from DevOps and the cloud; microservices; culture shifts; automation; technical debt; and much more.

Results to be published in TEST Magazine

After the event, the results of the Focus Groups will be published in a specially designed Syndicate Supplement that will be distributed to the entire subscription base of TEST Magazine. The articles will also be published as stand alone pieces on www.devopsonline.co.uk.

Interested in attending the DevOps Focus Groups?

Interested parties can find out more about the event here and register their attendance for only £99 per person.

The post DevOps Focus Groups promises to shed light on IT challenges appeared first on DevOps Online North America.