deploy early deploy often deploy safely
play

Deploy Early, Deploy Often, Deploy Safely Andy Lowe From User - PowerPoint PPT Presentation

Nov 11, 2022 •481 likes •815 views

Deploy Early, Deploy Often, Deploy Safely Andy Lowe From User Story to Production Feature Basic Process Commit Automated UAT Deploy Write Some Acceptance Prod Tests Code Deploy Then Theres All The Other Stuff Staging Code

  1. Deploy Early, Deploy Often, Deploy Safely Andy Lowe

  2. From User Story to Production Feature Basic Process… Commit Automated UAT Deploy Write Some Acceptance Prod Tests Code Deploy Then There’s All The Other Stuff… Staging Code Security Change OSS Performance Integration Integration Deploy Review Scans Management License Testing Deploy Testing Review @LoweKeyOne #AgileAZ

  3. Why Automate Deployments? • Multiple steps that happen exactly the same way each time • May need to deploy to multiple systems • Automated steps far easier to test Manual deploys will go badly, your team will work nights and weekends, your users will be upset, and your business will be negatively impacted. @LoweKeyOne #AgileAZ

  4. Would you rather fix an incident… • By manually deploying • Deploying using the same process you always do • Changing configs by hand on multiple servers • With automated rollback Or… • Documenting later what • Using a fully tested and changed understood process • Without security controls • With your usual controls Deploying fixes can look just like deploying any other change. Always have a widely understood exception process for any controls that may be in place. @LoweKeyOne #AgileAZ

  5. How Often Do You Deploy? Max Deploy Duration (minutes) Allowed Yearly SLA Downtime Once per Month Once per Week Once per Day (minutes) 99% 5256 438 105.12 30.918 99.9% 525.6 43.8 10.512 3.092 99.99% 52.56 4.38 1.051 0.309 99.999% 5.256 0.438 0.105 0.031 99.9999% 0.526 0.044 0.011 0.003 Do you want to not hit your SLA because of maintenance windows? @LoweKeyOne #AgileAZ

  6. Blue/Green Deploys • Zero downtime deployments of a new version of an app. • Rollback strategy is simple. • Requires the hardware resources to have two versions running simultaneously. @LoweKeyOne #AgileAZ

  7. Blue/Green Deploys MyBlueApp.Example.com MyBlueApp MyApp.Example.com Router Your app is running on on your servers. @LoweKeyOne #AgileAZ

  8. Blue/Green Deploys MyBlueApp.Example.com MyBlueApp MyApp.Example.com Router MyGreenApp.Example.com MyGreenApp Deploy a new version. @LoweKeyOne #AgileAZ

  9. Blue/Green Deploys MyBlueApp.Example.com MyBlueApp Router MyApp.Example.com MyGreenApp.Example.com MyGreenApp Update main route to point both apps. @LoweKeyOne #AgileAZ

  10. Blue/Green Deploys Router MyApp.Example.com MyGreenApp.Example.com MyGreenApp Remove main route from blue app. @LoweKeyOne #AgileAZ

  11. Blue/Green Deploys Router MyApp.Example.com MyGreenApp.Example.com MyGreenApp Delete old version and route. @LoweKeyOne #AgileAZ

  12. Blue/Green Deploys $ cf push MyBlueApp –n MyApp $ cf push MyGreenApp –n MyGreenApp $ cf map-route MyGreenApp example.com –n MyApp $ cf unmap-route MyBlueApp example.com –n MyApp $ cf delete MyBlueApp @LoweKeyOne #AgileAZ

  13. Multi-Availability Zone Deploys – Baseline MyBlueApp MyBlueApp Router Router Load Balancer MyBlueApp MyBlueApp Router Router @LoweKeyOne #AgileAZ

  14. Multi-Availability Zone Deploys – Push Green MyBlueApp MyBlueApp Router Router MyGreenApp MyGreenApp Load Balancer MyBlueApp MyBlueApp Router Router MyGreenApp MyGreenApp @LoweKeyOne #AgileAZ

  15. Multi-Availability Zone Deploys – Map New Routes MyBlueApp MyBlueApp Router Router MyGreenApp MyGreenApp Load Balancer MyBlueApp MyBlueApp Router Router MyGreenApp MyGreenApp @LoweKeyOne #AgileAZ

  16. Multi-Availability Zone Deploys – Unmap Routes MyBlueApp MyBlueApp Router Router MyGreenApp MyGreenApp Load Balancer MyBlueApp MyBlueApp Router Router MyGreenApp MyGreenApp @LoweKeyOne #AgileAZ

  17. Multi-Availability Zone Deploys – Delete Blue Router Router MyGreenApp MyGreenApp Load Balancer Router Router MyGreenApp MyGreenApp @LoweKeyOne #AgileAZ

  18. Health Check That Aliveness checks Functional Checks • Check if app is responding • Check if app is functional • Should be very fast • Should be fast • Run on startup and every 30 • Check for connections to seconds external systems, environment • TCP, Process, and http checks validity, basic functionality • Run on deploy and as part of monitoring solution @LoweKeyOne #AgileAZ

  19. Health Checks During Deploy MyBlueApp MyBlueApp Router Router HealthChecker MyGreenApp MyGreenApp Load Balancer MyBlueApp MyBlueApp Router Router MyGreenApp MyGreenApp @LoweKeyOne #AgileAZ

  20. Health Check Each Green App MyBlueApp MyBlueApp Router Router HealthChecker MyGreenApp MyGreenApp Load Balancer MyBlueApp MyBlueApp Router Router MyGreenApp MyGreenApp @LoweKeyOne #AgileAZ

  21. Health Check Failed - Rollback MyBlueApp MyBlueApp Router Router HealthChecker Load Balancer MyBlueApp MyBlueApp Router Router @LoweKeyOne #AgileAZ

  22. Health Check Succeeded - Continue Router Router HealthChecker MyGreenApp MyGreenApp Load Balancer Router Router MyGreenApp MyGreenApp @LoweKeyOne #AgileAZ

  23. Units of Deployment MyBlueApp Router SomeOtherSystem MyGreenApp SomeOtherSystem has to support MyBlueApp and MyGreenApp simultaneously. Options: 1. Have immutable API. 2. Have versioned API with support for two versions. 3. Combine deployment of new version of SomeOtherSystem with MyGreenApp. @LoweKeyOne #AgileAZ

  24. Devs Are More Focused Now… Basic Process… Commit Automated UAT Deploy Write Some Acceptance Prod Tests Code Deploy All The Other Stuff… Staging Code Security Change Third Party Performance Integration Integration Deploy Review Scans Management License Testing Deploy Testing Review @LoweKeyOne #AgileAZ

  25. Security Scans • Static scans should happen for each artifact deployed to Security prod Scans • May happen as part of deploying to lower environments • Make asynchronous, due to time required • Active scans, taking care with environment in which they run • Set criteria for deploy to succeed Security Scans • Start with scan results must exist for prod deploy • Add criteria around severity of issues over time • Always have an exception process in place @LoweKeyOne #AgileAZ

  26. OSS Scans Scan for OSS license compliance Third Party License • Are you using GPL or LGPL? Review • What about BSD, MIT, WTFPL, APL, others? Know which libraries are in use • Are you using outdated versions with security issues? Third Party License • When a zero-day comes out, know which apps to patch Review @LoweKeyOne #AgileAZ

  27. Change Management Automated deployments mean automatically you know: Change Management • Who initiated the deployment • What artifacts and what configuration • When the deploy happens • Health checks on deploy give you deployment validation. Change Management @LoweKeyOne #AgileAZ

  28. Even More Focus Basic Process… Commit Automated Dev Deploy Write Some Acceptance Prod Tests Code Deploy All The Other Stuff… UAT Deploy Code Security Change Third Party Performance Integration Integration Review Scans Management License Testing Deploy Testing Review @LoweKeyOne #AgileAZ

  29. Why Does All This Matter? • This is real pain felt across the industry. • Freezes are a legitimate business decision. • All those freezes leave about 170 days on which you can deploy. Make the most of them. @LoweKeyOne #AgileAZ

  30. Case Study: Allstate Need: Centralized, opinionated deployment tool for deployments • Deployadactyl – Open source tool for multi-available zone blue/green deploys • Conveyor – Allstate-specific deployment logic • Metrics • Change management • Security scans • Compliance checks @LoweKeyOne #AgileAZ

  31. Case Study: Allstate Artifact CI/CD Repository Dev Dev UAT UAT Source Control Int Int Staging Staging Prod Prod Pipelines include a full automated test suite run prior to publishing to • artifact repository and deployment. Dev pipelines run on commit to master in source control. • Prod pipelines are manually initiated. •

  32. Case Study: Allstate Easy verification that 32% of prod deploys had One month: 87 product teams security scans. 4000+ deployments Security scans on deploy success. 1000+ production deployments Easy verification that >90% of prod deploys had security scans. Teams don’t wait for the weekend to deploy. @LoweKeyOne #AgileAZ

  33. Deploy Early, Deploy Often, Deploy Safely Andy Lowe

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Dual Deploy Recovery Why do dual deploy? What you need Mandatory

Dual Deploy Recovery Why do dual deploy? What you need Mandatory

Dual Deploy Recovery Why do dual deploy? What you need Mandatory Optional/Configuration-dependent Altimeter Redundant systems Wiring Charge wells Battery and holder Shear pins Switch Parachute management

599 views • 37 slides
Deploy Like A Boss Oliver Nicholas DEPLOY LIKE A BOSS THE JOURNEY FROM 2 SERVERS TO 20,000 THE

Deploy Like A Boss Oliver Nicholas DEPLOY LIKE A BOSS THE JOURNEY FROM 2 SERVERS TO 20,000 THE

Deploy Like A Boss Oliver Nicholas DEPLOY LIKE A BOSS THE JOURNEY FROM 2 SERVERS TO 20,000 THE DEPLOYMENT PIPELINE SECTION LOREM IPSUM DOLOR MARCH 1, 2015 3 UBER KEYNOTE TEMPLATE UBER TECHNOLOGIES, INC BUSINESS METRICS 311 Cities

1.11k views • 32 slides
NAT66 draft-mrw-behave-nat-02.txt Margaret Wasserman mrw@sandstorm.net 1 Why Do People Deploy

NAT66 draft-mrw-behave-nat-02.txt Margaret Wasserman mrw@sandstorm.net 1 Why Do People Deploy

NAT66 draft-mrw-behave-nat-02.txt Margaret Wasserman mrw@sandstorm.net 1 Why Do People Deploy NAT? Many home/small business users deploy NAT to amplify limited IPv4 address space Wont be needed with IPv6 Some deploy NAT as a

457 views • 20 slides
deploy Automating Cloud Testing and Deployment with Deploy Monday 9/16/2013 5:10pm Room

deploy Automating Cloud Testing and Deployment with Deploy Monday 9/16/2013 5:10pm Room

deploy Automating Cloud Testing and Deployment with Deploy Monday 9/16/2013 5:10pm Room Strand 12A Kay Williams - Project Lead Background Software Deployment Platform System and Application Started in 2004 Community

405 views • 13 slides
ITS NOT CONTINUOUS DELIVERY If you cant deploy to production right now 1 WHO AM I? Ken

ITS NOT CONTINUOUS DELIVERY If you cant deploy to production right now 1 WHO AM I? Ken

ITS NOT CONTINUOUS DELIVERY If you cant deploy to production right now 1 WHO AM I? Ken Mugrage ThoughtWorks Technology Evangelist @kmugrage 2 THE THOUGHTWORKS STORY 2015 2006 2009 2013 2000 2003 Gauge ThoughtWorks Studios

683 views • 52 slides
HOW TO DEPLOY YOUR INFRASTRUCTURE IN JUST 13.8 BILLION YEARS Ingrid Burrington | @ lifewinning |

HOW TO DEPLOY YOUR INFRASTRUCTURE IN JUST 13.8 BILLION YEARS Ingrid Burrington | @ lifewinning |

HOW TO DEPLOY YOUR INFRASTRUCTURE IN JUST 13.8 BILLION YEARS Ingrid Burrington | @ lifewinning | lifewinning.com HOW TO DEPLOY YOUR INFRASTRUCTURE IN JUST 13.8 BILLION YEARS CARL KNEW!! STEP ONE TO COMPUTER: MAKE A UNIVERSE STEP TWO TO

871 views • 28 slides
The Story of IPv6 at FPT Telecom Dat Nguyen Thanh FPT Telecom datnt11@fpt.com.vn 1 TABLE OF

The Story of IPv6 at FPT Telecom Dat Nguyen Thanh FPT Telecom datnt11@fpt.com.vn 1 TABLE OF

The Story of IPv6 at FPT Telecom Dat Nguyen Thanh FPT Telecom datnt11@fpt.com.vn 1 TABLE OF CONTENTS: FPT TELECOM OVERVIEW DEPLOY IPv6 IN CORE NETWORK DEPLOY IPv6 A T BNG (BROADBAND NETWORK GA TEWA Y) DEPLOY IPv6 A T CPE (CUSTOMER

554 views • 19 slides
research . deploy . Train . evaluate Outline Introduction

research . deploy . Train . evaluate Outline Introduction

On the Importance of Systematic Testing of Safety Critical Systems Anneliese Andrews Department of Computer Science University of Denver Denver, CO, USA research . deploy . Train . evaluate Outline

577 views • 38 slides
Reminders Time to deploy! Projects are due before class on Thursday! CS370, Gnay (Emory) Spring

Reminders Time to deploy! Projects are due before class on Thursday! CS370, Gnay (Emory) Spring

Reminders Time to deploy! Projects are due before class on Thursday! CS370, Gnay (Emory) Spring 2015 1 / 9 Reminders Time to deploy! Projects are due before class on Thursday! Ill make a Piazza post for you to put your links and description

656 views • 47 slides
U.S. Energy Codes: Design, Deploy, and Operate GBPN Webinar Dec 11, 2013 New Buildings

U.S. Energy Codes: Design, Deploy, and Operate GBPN Webinar Dec 11, 2013 New Buildings

U.S. Energy Codes: Design, Deploy, and Operate GBPN Webinar Dec 11, 2013 New Buildings Institute Design Operate - Deploy Drivers to Performance Codes Design - Reductions to 2030 and Zero Net Energy Operate Buildings delivering

807 views • 24 slides
Develop and Deploy IoT Application ...Demystified... The Idea I would like to make a Please,

Develop and Deploy IoT Application ...Demystified... The Idea I would like to make a Please,

Develop and Deploy IoT Application ...Demystified... The Idea I would like to make a Please, dont monitoring do it again... application which can transfer data over the cloud, for example Temperature, Humidity, Alarms Ingredients

337 views • 21 slides
The software and tools we use to deploy our iPads We use Apple Configurator (AC)

The software and tools we use to deploy our iPads We use Apple Configurator (AC)

The software and tools we use to deploy our iPads We use Apple Configurator (AC) Under 90 days Apple suggests AC instead MDM (Mobile Device Management) We use Apples VPP (Volume Purchasing Program) to be able to buy

290 views • 26 slides
Problem statement of SDN and NFV co-deploy ment in cloud datacenters dr af t - gu- sdnr g- pr obl

Problem statement of SDN and NFV co-deploy ment in cloud datacenters dr af t - gu- sdnr g- pr obl

Problem statement of SDN and NFV co-deploy ment in cloud datacenters dr af t - gu- sdnr g- pr obl em - st at em ent - of sdn- nf v- i n- dc- 00 Rong Gu (Presentor) Chen Li Ruixue Wang From China Mobile Introduction SDN and NFV

129 views • 10 slides
Network Tokens A DPI-alternative to deploy network services ONF Spotlight: 5G Transformation with

Network Tokens A DPI-alternative to deploy network services ONF Spotlight: 5G Transformation with

Network Tokens A DPI-alternative to deploy network services ONF Spotlight: 5G Transformation with Open Source Yiannis Yiakoumis, Co-Founder & CEO, Selfie Networks Work with Nick McKeown (Stanford), Frode Sorensen (NKOM)

506 views • 29 slides
The Rat Race to Deploy AI Models: The Problem of Being on Top of the Gartner Hype Cycle

The Rat Race to Deploy AI Models: The Problem of Being on Top of the Gartner Hype Cycle

The Rat Race to Deploy AI Models: The Problem of Being on Top of the Gartner Hype Cycle Varshanth R Rao CS846 Course Project Agenda 1. Introduction to SDLC 2. GHC and Effects on SDLC 3. Basic Concepts 4. Case Study 5. Post Mortem/Take

530 views • 31 slides
f n l d i How languages deploy sounds to create meaningful units. How these

f n l d i How languages deploy sounds to create meaningful units. How these

f n l d i How languages deploy sounds to create meaningful units. How these sounds vary depending on their environment. How the sound inventories of languages are structured. How linguists theorize the above. [

406 views • 27 slides
Toward a cost model for system administration Alva Couch Ning Wu Hengky Susanto Tufts

Toward a cost model for system administration Alva Couch Ning Wu Hengky Susanto Tufts

Toward a cost model for system administration Alva Couch Ning Wu Hengky Susanto Tufts University LISA-2005 Tufts University couch@cs.tufts.edu Computer Science Executive Summary Cost of SA s includes e d u Tangible cost l c

718 views • 38 slides
Proof of Storage Time: Efficiently Checking Continuous Data Availability Gi Giuseppe At

Proof of Storage Time: Efficiently Checking Continuous Data Availability Gi Giuseppe At

Proof of Storage Time: Efficiently Checking Continuous Data Availability Gi Giuseppe At Ateniese Lo Long Chen hen Stevens Institute of Technology New Jersey Institute of Technology Mo Moham ammad ad Et Etemad ad Qi Qiang Ta Tang

563 views • 30 slides
PostgresOpen 12 September 2019 1 Speaker Julien Riou DBA since 2012 Tech lead in

PostgresOpen 12 September 2019 1 Speaker Julien Riou DBA since 2012 Tech lead in

https://knowyourmeme.com/memes/all-the-things PostgresOpen 12 September 2019 1 Speaker Julien Riou DBA since 2012 Tech lead in the databases team at OVH since 2015 pgterminate @ github Speaker PostgresOpen 12 September

1.24k views • 85 slides
UC.yber Meeting 18 If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter

UC.yber Meeting 18 If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter

UC.yber Meeting 18 If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of our committees: Content/Events ,

436 views • 14 slides
PostgreSQL upgrade best practices Infrastructure at your Service. About me Daniel Westermann

PostgreSQL upgrade best practices Infrastructure at your Service. About me Daniel Westermann

Infrastructure at your Service. PostgreSQL upgrade best practices Infrastructure at your Service. About me Daniel Westermann Senior Consultant Open Infrastructure Technology Leader +41 79 927 24 46 daniel.westermann@dbi-services.com Page 2

947 views • 90 slides
Goals ARQMath aims to advance techniques for math-aware search, and semantic analysis of

Goals ARQMath aims to advance techniques for math-aware search, and semantic analysis of

ARQ Math Answer Retrieval for Questions on Math https://www.cs.rit.edu/~dprl/ARQMath #ARQMath Richard Zanibbi Douglas W. Oard Anurag Agarwal Behrooz Mansouri Rochester Institute of University of Maryland Rochester Institute of Rochester

452 views • 14 slides
Visual Search Engine for Handwritten and Typeset Math in Lecture Videos and LATEX Notes Kenny

Visual Search Engine for Handwritten and Typeset Math in Lecture Videos and LATEX Notes Kenny

Visual Search Engine for Handwritten and Typeset Math in Lecture Videos and LATEX Notes Kenny Davila and Richard Zanibbi August 6, 2018 Center for Unified Biometrics and Sensors Select 2 Select 3 Select Search 4 SEARCH RESULTS Found in

656 views • 37 slides
Leveraging the Trade-off Between Spatial Reuse and Channel Contention in Wireless Mesh Networks

Leveraging the Trade-off Between Spatial Reuse and Channel Contention in Wireless Mesh Networks

Leveraging the Trade-off Between Spatial Reuse and Channel Contention in Wireless Mesh Networks -Subhrendu Chattopadhyay, Sandip Chakraborty, Sukumar Nandi Subhrendu Chattopadhyay Dept of CSE IIT Guwahati January 13, 2016 Subhrendu

681 views • 47 slides

More recommend