Top 5 DevOps best practices for achieving security, scalability and performance
How do you get the most out of your applications? One way is to adopt a DevOps approach to deployment and apply these five best practices for achieving security, scalability and performance.
As TheServerSide continues its look into how best to invest DevOps related time and dollars, the focus is now changing in order to relate back some of the various best practices experts in the industry have suggested will help create scalable, secure and high performance deployments. Here are five tips and best practices that have emerged from the hands on experiences of the industry's foremost experts:
To scale, you need to automate.
- Be vigilant of overall security risk - Reuven Harrison, CTO and Co-Founder of Tufin emphasizes the growing complexities of networks. He says that increased adoption of virtualization, cloud, BYOD and emerging technologies like software defined networks (SDNs) means that networks are becoming more complex and heterogeneous, and so do the security risks. "As SDN and network virtualization continues to mature, the only way to manage these networks with any degree of efficiency and security is to automate key management functions," he says. "That is the premise of DevOps,. But DevOps must include security as a key component because without it, the volume and pace of network change that technologies such as SDN and virtualization introduce will skyrocket the level of IT risk in the environment." The big challenge is that to date, security has been considered an afterthought, and security organizations are considered to be business inhibitors, telling organizations what can't be done, instead of how to do things securely. It is a cultural issue that requires security, developers, and operations teams to foster a level of trust and collaboration that does not yet exist. The only way to do this is incrementally, and with vigilance.
- Watch changes in security risk - Torsten Volk, VP Product Management, Cloud for ASG Software Solutions says that it is important to think of DevOps as a collaborative mindset and process that leads developers and IT operations to a faster and more efficient way of deploying, operating and upgrading applications. "Each new release comes with the same set of security considerations as it did the time before DevOps," he says. "However, when new releases are delivered at a much higher cadence, security has to also be an ongoing point of focus." DevOps tools help in this regard by proactively ensuring consistent configuration of infrastructure and software components. Even more, these tools can be used to automatically remediate security concerns by constantly validating the proper application of security best practices and taking automatic countermeasures. While this latter scenario might sound advanced, it is the endpoint that every DevOps team should aspire to reach.
- Pay attention to scalability - According to Aaron M. Lee, Managing Principal of DevOps at Pythian, there are two kinds of scalability that DevOps engineers tend to address: application and organization. "An app's scalability is really a question of how long it takes and how much it costs to build and operate a system that successfully delivers a certain level of concurrency; one that matches or exceeds user demand over some time period," said Lee. "Estimating answers to these questions is a critical success factor for many companies, and the ability to do so often goes unrecognized until it's too late." Lee says that scalability is everyone's problem. Business and technology folks have to agree on the right balance of functionality, time to market, cost, and risk tolerance. You need the right measurable objectives, including how many users, and how many concurrent requests over those endpoints for a demand pattern.
- Strive for ease of use - DevOps is about automation and repeatability. Dr. Andy Piper, CTO of London based Push Technology says this requires configurable virtual environments, and lots of them. "To scale, you need to automate," he says. "So, make sure you are using tools such as Puppet and Chef to automate the building and configuration of VMs. Similarly, make sure you have the horsepower to back this up either in-house, which is more tricky to dynamically scale, or in the cloud if your product is amenable to that." At the end of the day, making a product easy to install, configure and run will make the whole DevOps process much easier.
- Manage your gateways - Susan Sparks, Director, Program Management for InfoZen's Cloud Practice says that while the new goal is to build the best culture between development and operations teams, it is still good to keep some gates between the functions to ensure the production environments remain stable. "Our teams are structured such that we have operations personnel included in development discussions and daily scrums so the operations teams understand what will be changing in the various future releases," she says. "The operations team maintains responsibility for the stability of the production operation. We found that this approach has worked well for us. We recommend using automation in both testing and operations. Our integration testing has allowed us to find issues prior to them reaching production, and our operations automation allows for cost efficiencies and better quality operations. With automation, fewer people touch the production environment, which significantly reduces human errors. This also helps with security posture, as less people have a need to touch the production environments."
"DevOps isn't hard. What is hard is tackling the challenges that arise when an organization is not taking a DevOps approach to integration, development and deployment," says Cameron McKenzie, a software architect and editor of TheServerSide, and it is difficult to argue with such a point. By adopting a DevOps approach, and heeding these five tips, a successful DevOps environment is just an implementation or two away.
What have you found to be the best practices to follow to ensure a successful DevOps environment? Let us know.