software. Source Control Management. (SCM) tools are popular options for keeping track of .... UpGuard and sent to your
DevOps Toolchain
1
Introduction accordingly based on the problem at hand. DevOps may need little introduction these days,
Similarly, most systems administrators possess
but many are still at a loss to explain precisely
competent programming abilities for traversing
what the movement entails. Some emphasize the
the stack—on top of the requisite skills for
portmanteau of the two terms, stating that the
managing IT operations. The industry has
heart of DevOps is the collaboration between
been quick in attaching new labels to these
developers and operations staff. Others choose
emerging hybrid roles: DevOps Engineer and
to focus on the tools and the problems they solve,
DevOps Specialist being the most common.
singing the praises of DevOps for fixing their
Notwithstanding, the key takeaway is that no
respective infrastructure woes. Tools—though
single IT skill is more important or valuable than
crucial enablers of the movement—only form part
another; subsequently, many different tools are
of the equation. DevOps encompasses cultural
required to do the job effectively. So as DevOps
innovation, a breaking down of walls and silos
is comprised of a group of concepts clustered
between software development, operations,
around the premise of continuous software
and QA/ testing—in addition to the tools and
delivery, these concepts in turn encompass a
methodologies enabling this transformation.
range of associated tools for fulfilling particular
Ultimately, the definition of DevOps varies per
functions.
organization. Since its meaning depends heavily on the audience and context in question, general
All in all, these complementary tools fill out the
discussions around the true definition of DevOps
DevOps toolchain, unifying the best elements
are for the most part inconsequential. If you is
from development and operations. Keep in
specifically concerned about what is/not DevOps,
mind that both tools and cultural innovation
check out our ebook “DevOps for Cynics” and
are required for DevOps; adopting a popular
our blog post “Defining DevOps.” If you want to
solution on its own as a magic on- ramp to
know about tools that can make your life easier,
DevOps is a quick path to disillusioned, as there
what makes each one unique, and how they fit
are no “DevOps” tools, per se. The combination
together, read on.
of cultural changes, information de-siloing, and tooling implemented along way is what enables
Hybridization of Roles
an organization to recognize ROI from DevOps.
A discussion regarding tools and DevOps should
In a sentence, it’s not just about the tools, but the
therefore begin by considering the individuals
people as well.
who will be utilizing the tools. The rise of socalled “polyglot programmers” and systems administrators with coding proficiency reflects a general trend inIT towards despecialization. Developers these days are adept in a number of languages and approaches, applying each
2
Agile Roots
and server components. This unification of all
At first glance, DevOps may seem like an
sides of the software delivery puzzle is also
evolutionor extension of Agile and Lean
referred to as “programmable infrastructure,”
methodologies that have gained prominence
and is central to practicing DevOps.
in the last decade. While this is certainly true in many respects, an important distinction lies in scope: while Agile deals primarily on the development side of affairs, DevOps stresses a unified approach that covers the entire scope of software delivery. So as Agile stresses cross-functional collaboration to aid incremental, continuous development of quality software, DevOps expands this ideal to include development, IT operations, and QA/ Testing teams as interdependent cogs of the same software delivery mechanism. Indeed, many of the Agile tools and methodologies find their way into the DevOps toolchain and workflow, as the two promote the same style of collaboration. Furthermore, as software development ultimately depends on operations for deployment, a closer integration of the two groups will naturally boost quality and efficiency.
Infrastructure as Code With Agile software teams becoming commonplace, IT operations needs a way to keep up infrastructure with this rapid pace of development. Furthermore, as virtualized environments and cloud infrastructures become more commonplace, the operations side needs a more dynamic, flexible approach to managing systems. Borrowing from their software development counterparts, systems administrators can now manage their infrastructures as code—automating and tracking configurations like source code. This enables the ability for version control, rolling back of changes, as well as integrated testing and deployment to production of necessary software
3
The DevOps Toolchain Project Management
Infrastructure changes are tracked as tickets in UpGuard and sent to your project management tool of choice.
Examples: Jira, Asana, Pivotal
Requirements Gathering
The requirements of current applications are avaliable in UpGuard’s system state documentation.
Examples: Word, Wikis, Spreadsheets
Versioning
Artifacts Code and UpGuard policies are versioned and checked in to be used in build and deployment process
Examples: Git, SVN
Continuous integration and deployment tools use UpGuard policies to validate environments before and after deployment.
Examples: Jenkins, Team City, Travis,
Continuous Integration
Configuration Management
Monitoring
UpGuard generates manifests for configuration management tools like Puppert, Chef, Powershell DSC, Ansible, Salt and more.
Configuration state is continuously checked for deviation from baseline, much like you would with performance monitoring.
Discovery
Standardize
4
Examples: Puppet, Chef, Ansible
Examples: Shell Scripts
Complete configuration state is documented and
Examples:
accessible for anomaly analysis and troubleshooting.
CMDBs
After confirming the system state’s health, New Baseline
CircleCI, Drone.io
UpGuard documents the new baseline for development.
UpGuard provides the feedback mechanism from the end of one development cycle to the beginning of the next.
Examples: None
Examples: None
Versioning and Source Control
Testing and Validation
Tracking code level changes is a common
Tools and frameworks for testing and validation
and necessary activity of today’s software
are important for ensuring quality at all phases
developers. Doing so enables concurrent
of development. In many cases, unique solutions
development, merging, and rollback capabilities
are applied to a specific aspect of testing—
for applications/ software. Source Control
for example, one tool may be used for unit
Management (SCM) tools are popular options for
testing while another is used for integration
keeping track of software code; many DevOps
testing. Solutions like UpGuard provide crucial
practitioners also track versions of their systems
functionality for testing/validating environments,
configuration with these tools, essentially
and are indispensable for troubleshooting and
managing their infrastructure “as code.” For
debugging software applications. The platform
example, it’s a common practice for systems
allows one to anticipate changes and pre-validate
administrators to store and manage their Puppet
every environment before deployment; by
Manifests or Chef Cookbooks in GitHub.
generating tests directly from development and running them against the target environment,
Continuous Integration and Orchestration
DevOps practitioners can confidently release
Continuous integration (CI) and
testing and validation solutions provide a
orchestration tools enable the integration of
consistent mechanism and format for testing
development code into the overall software
application features and behavior on both a
product frequently and early in order to mitigate
micro and macro-level.
quality, error-free software. Combined, these
potential conflicts down the line. Typically, these tools are employed to automate software builds
Configuration Management (CM)
and testing, and are crucial for applying quality
CM tools allow one to define the desired state
control on a continual basis (as opposed to after
of a system and/or environment in regards to
the software has been developed and released).
configuration files, software installed, users,
These tools can also be used to track and manage
groups and many other resource types. They
changes for CM—for example, Chef Cookbooks
also provide functionality to automatically
can also be stored in version control with Github.
push changes onto specific machines, also
The appropriate CI tool can then be used to test
known as automation and orchestration. Tools
cookbooks for bugs and errors, and set up to
like UpGuard can provide initial discovery and
automatically to do so every time infrastructure
visibility into an infrastructure, create “golden
changes are committed and merged.This is an
images” for automation tools like Puppet and
area where the automation side of DevOps
Chef, and validate that results are in line with
really comes into play. Automated deployment,
expectations, post-automation.
automated testing and continuous integration are key. When managing environments and
Containerization
moving applications through them consistency
Containerization essentially allows one to
is what you want. The first step towards that is
package up or “containerize” an application in its
consistent builds. Automated deployment tools
own environment, making software easier
are a must. No PM wants to hear that it will take
5
Application Performance Management (APM)
System of Record
In contrast to testing and validation on the
information “un-siloing” promoted by DevOps
code level, APM solutions allow one to test
is deceptively straightforward in theory but can
and troubleshoot a software application’s
be quite challenging in practice. Much of this
performance under various conditions. For
is due to the sheer volume of disparate moving
example, SaaS applications are commonly tested
parts required to make the DevOps machinery
and monitored with APM tools to ensure high
operate: developers checking in/out and merging
availability, low response time, and quality of
application code, operations staff bringing up/
service. By gauging how efficiently an application
down and patching systems, and any number of
is utilizing system resources, developers can
continuous integration activities. These factors—
more easily identify and resolve performance
along with the natural tendency for system
bottlenecks—the net result being superior
configurations to drift over time—make a single
service delivery of one’s software applications.
system of record for DevOps crucial for a myriad
The cross-functional collaboration and
of critical functions. This mechanism ensures
Continuous Security Testing and Monitoring
the validity and consistency of environment-
The importance of continually testing
a common datasource for CM activities,
and monitoring one’s infrastructure for
automation, and continuous security monitoring,
vulnerabilities, configuration changes, and drift
among others.
wide configuration information, and provides
cannot be stressed enough. Developers may be savvy enough to avoid code-level security issues
Consider activities instrumental to CM and
in an application, but ultimately the software
automation like baselining or “golden image”
is as vulnerable as its underlying systems and
creation: to attain a specified desired state, one
infrastructure. Detecting and remediating
must have a correct reference model to work
security flaws at all levels of the application
from. This can be for any number of purposes:
and technology stack is therefore crucial to
to harden one’s infrastructure security posture,
bolstering a software application against security
replicate environments for testing, or to
threats and potential compromise. Implemented
confidently automate provisioning; referencing
as part of the continuous integration process in
a common datasource for systems information
ongoing software iterations, continuous security
is necessary in these and many other scenarios.
testing and monitoring help to maintain a
Having a single system of record enables proper
strong security posture throughout all phases of
visibility and validation for consistent delivery of
development. UpGuard provides comprehensive
quality software and services.
vulnerability scanning and monitoring to ensure that one’s infrastructure and systems
As mentioned previously, UpGuard performs
are optimally poised against an evolving threat
a critical role in capturing desired system and
landscape.
environment states. In this capacity, it serves as the single source of record for CM, testing, and other constituent components of the DevOps
6
toolchain. UpGuard closes the feedback loop
rolled out successfully, as well as provide further
to ensure that developers begin from the same
validation that any deployed applications and
state as production, post- automation states are
systems are free of vulnerabilities through
in line with expectations, and infrastructures are
comprehensive vulnerability scanning.
monitored against an up-to-date, secure “golden
In the context of DevOps, the whole is truly
image.”
greater than the sum of its parts. One must be equipped with the proper range of tools to address the unique, ongoing challenges of
Conclusion
continuous integration and software delivery,
A typical DevOps toolchain might consist of
quicker and with less errors; this is accomplished
the following: UpGuard to discover and track
by breaking down silos between development and
what you have and to determine what your
operations and creating a smoother path towards
environment should look like. The platform can
software delivery. DevOps and its underlying
then output to a tool like Chef, Puppet, or Ansible
concepts provide undisputed benefits to any
for provisioning and automation—or directly to
forward-thinking organization, and the DevOps
Docker for creating containers or Vagrant for
toolchain provides mechanisms to realize these
creating development and test environments.
benefits.
and no one tool can do the job alone. DevOps is about delivering higher quality applications
Once systems changes and applications have been deployed to production, UpGuard can validate that the changes have indeed been
7
Businesses depend on trust, but breaches and outages erode that trust. UpGuard is the world’s first cyber resilience platform, designed to proactively assess and manage the business risks posed by technology. UpGuard gathers complete information across every digital surface, stores it in a single, searchable repository, and provides continuous validation and insightful visualizations so companies can make informed decisions.
© 2017 UpGuard, Inc. All rights reserved. UpGuard and the UpGuard logo are registered trademarks of UpGuard, Inc. All other products or services mentioned herein are trademarks of their respective companies. Information subject to change without notice.
8
UNKNOWN
909 San Rafael Ave. Mountain View, CA 94043 +1 888 882 3223 www.UpGuard.com