Last week saw the first DevOps Days conference catering specifically to the enterprise world, in London. Talks ranged from re-thinking (traditional) management processes in a technology-disrupted world to facts and drivers of DevOps adoption by early adopters. The idea of bi-modal IT was also discussed throughout the conference.
Joanne Molesky, co-author of the Lean Enterprise book, talked about the breakdown of top-down decision making in today's businesses, as knowledge about markets and customers lies in the technological side more than on the commercial side. Tech to biz feedback loops, adaptive processes and shared incentives and measures of success are some foundational practices required for legacy businesses to compete with extremely low profit margins and quickly adapt to customer needs, according to Molesky. She also referred to the need for a multi-horizon strategy for large organizations: executing on current products (short-term or horizon 1), exploiting and scaling new ideas (mid-term or horizon 2) and exploring disruptive ideas in an agile manner (long-term or horizon 3).
Gene Kim, co-author of The Phoenix Project book, re-enforced the business value of DevOps with real figures from the State of DevOps Report such as 30x more frequent deploys or 200x faster lead times than peers. He also shared corporate testimonials from past editions of the DevOps Enterprise Summit (a first European edition is scheduled for London), such as a traditional organization that shortened their Cobol applications deployment procedure from 14 days to 1 day. Gene referred to the capabilities in Steve Spear's model and how they match to IT: being able to see problems at they occur (e.g. via automated testing, monitoring), swarming to solve those problems and build knowledge (e.g. stopping work when a build/test/deploy fails or prioritizing time for code reviews), spreading knowledge throughout the organization (e.g. blameless post-mortems or internal conferences) and leading by creating other leaders, not by mandating.
Kris Saxton, automation engineer at Automation Logic, challenged the need for bi-modal or multi-speed IT organizations, arguing against the assumption that a "stable mode" means less risk and more control since in fact longer releases mean larger change sets and more possibilities of failure. Saxton also contested the feasibility of having some people working in "stable mode" and others in "agile mode" when systems are becoming more and more coupled, in which case the slowest one sets the pace. Saxton concludes that bi-modal IT undermines both the desired stability and agility, as these must emerge from a single, coherent and nimble way of working.
Thiago Almeida from Microsoft Visual Studio Services shared lessons learned in their DevOps journey, from the practices adopted (such as empowering developers to deploy to production but also receiving direct feedback from tool users or adopting canary deployments and feature flags) which resulted in higher developer happiness levels, on top of increased service quality and a tighter sense of community.
Another sub-theme that emerged was the need for better security, with Google Cloud Platform's Jeromy Carriere explaining Google's security policy of certifying (code reviews and audits), instrumenting and isolating (via containers) all the pieces in their infrastructure. As a side note, Carriere mentioned how Kubernetes is a clean, open sourced version of Borg, Google's private infrastructure clustering engine still in operation today.
Docker's Justin Cormack also focused on security, in the form of a call to action for more usable and understandable tools (with sensible defaults and configuration), such as the new Content-Security-Policy for web pages. Nevertheless, he highlighted the domain specific nature (and consequently policies and rules) of security. Docker has invested strongly on multiple security mechanisms, according to Cormack, giving the example of image vulnerability scanning and signing coming out soon.
Opinionated platforms was another sub-topic explored by Gareth Rushgrove, from Puppet Labs, on his talk about the co-evolution of DevOps, microservices and platforms as drivers of business advantage. Pivotal's Casey West live demo using CloundFoundry exemplified his definition of a "Minimum Viable Platform".
On the first day a panel discussion took place, focusing on enterprise issues, particularly the need for compliance people in the banking industry to become more engaged in the delivery life cycle, not isolated in an overly defensive, risk averse attitude.
Ignite talks on both days provided interesting viewpoints, highlights being John Clapham's and Oliver Wood lessons learned, both adding a humorous touch to otherwise stressful and painful situations.
As usual in DevOps Days most of the afternoon on both days was dedicated and well attended by participants discussing problems they face in their everyday work (open spaces). A large part of attendees were coming either from Barclays (one of the main organizers) or other financial institutions.