devopsdays Boston - program

The value of micro services, containers, and continuous deployment is powerful only when brought together in a logical, scalable and platform agnostic manner.

Moreover, when used in the wrong way, it is fairly easy to shoot your self (and your entire application) in the foot. For eg: Micro services can be used to either create unnecessary pockets of redundancy, or used to isolate functionality and directly be an ally of efficient continuous deployment. I have seen more incorrect usages of containers and micro services than I’d like to admit, and a few key components are frequently left out of the cloud-native architecture while starting down this path.

Using the micro service paradigm is not a panacea for all problems, because one is creating a large-scale distributed cluster, in essence. Another aspect that is frequently neglected is large-scale containerized search in a cloud-native environment, a governance model around micro services and cloud orchestration. For instance, API frameworks like swagger.io enhance the usability of micro services by documenting the API functionality in real-time alongside the API contract. A micro service is only as useful as the interface contract that it has with other services in the application eco system.

Based on my experience over multiple cloud deployments, I will share a collection of anti-patterns and best practices to build production-ready cloud-native applications.

In a world where our systems are becoming more distributed then ever due to growing trends to decouple systems into small services, we are becoming dependent on network communication between these services to be reliable. But as we all know the number one fallacy of distributed computing is that the network is reliable.

Armed with this knowledge, we know that things will fail. So we must do our best to expect that failure will occur anywhere and everywhere. Thus, let’s explore different techniques we can use to build antifragile systems, that degrade gracefully when the network fails and the services we depend on are no longer available.

Over the past few years, massive open online courses (MOOCs) powered by Open edX have become wildly popular, bringing free or low-cost education to millions of students around the world. Such success, however, presents a slew of challenging problems in terms of providing a scalable, robust, and secure platform.

At Appsembler, we offer customers a fully managed and supported Open edX stack, all the way from the frontend web application to the backend services like ElasticSearch, MySQL, and MongoDB. With so many moving parts, we have come to realize the value of a multi-container, microservices-oriented architecture using Docker.

In contrast to a single-container deployment of the Open edX stack, a multi-container approach allows us to scale different services independently; improves robustness since we can simply spin up new copies of containers if they go down; and results in improved security through greater segmentation and isolation. In addition to discussing these benefits, we’ll also cover how we’re managing deployments using Kubernetes for orchestration and service discovery along with Google Cloud infrastructure.

DevOps does not exist in a vacuum; social structure and culture are inherently intertwined. The hierarchies within organizations, industry connections, and globalization influence culture. Culture influences social structures, impacting how effective some structures are in an environment with a specific culture. Tools can play a large part in instilling behaviors, automation of systems, sharing knowledge, and changing organizational hierarchies.

Often technology choices are framed as ‘best practices’ or the right way to solve a problem. How do we resolve the cognitive dissonance that arrises from this fixed mindset, having chosen the best practice and the need to handle change as problems evolve? As technology accelerates our work, how do we determine what tools and technology to adopt to help effect the right change? This talk will help you frame the choices available to you, identify the fragility in your environment disguised by tools now, and to be more effective and deliberate with technology in your organization.

What can Women’s Tackle Football teach us about building successful software delivery organizations? As it turns out, quite a bit. This presentation will explore how women’s football teams instill the same cultural principles needed to create agile, competitive organizations. We’ll even teach you some techniques based on the methods of winning football teams. Specifically, we will cover how to affect two key features of successful football teams that we can leverage to implement effective DevOps: Specialization and Mission Focus.

Breaking Down the Walls: Silos vs Specialization

Specialization is one of the key features of building an efficient and profitable product. But often specialization gets confused with – and devolves into – breaking the organization into silos. Being able to maximize the benefits of specialized roles and talents while promoting shared ownership requires a cultural shift. We’ll explore how many women’s football players and coaches have overcome this challenge and how those lessons can be applied to software delivery.

Why Are We Here: Mission Focus

Ask any football player why they came to the field on any given game day and they will all tell you the same thing: to win the game. In software delivery, the answer to that question can be as varied as the people answering it. While it’s important to have individual and short-term goals, the team must be focused on the same overall mission in order to accomplish it: no one builds agile software or agile infrastructure by accident. The balance between these goals and the ability to define the primary mission of the team is one of the most important cultural lessons we can learn from successful football teams.

Given the DevOps buzz these days and many organizations struggling to get DevOps ingrained in the process, I would like to share how we have introduced DevOps, the challenges we faced and ideas on how those challenges can be overcome. How is it relavant to QA and DBA teams. How can QA be part of DevOps seamlessly. Focus will be more on how QA teams should take automation testing of an unstable product as an opportunity rather than a blocker. Given DevOps team structures, teams are now more product silo’d. Contract testing in Microservices is key to have a successful DevOps team in an organization.

Vijaya Kokkili is a QA Manager at CommerceHub, where her team is responsible for the quality of CommerceHub’s external and internal applications. Building the automation from ground up at CommerceHub, she has stumbled upon every issue that you can think of, in the software testing and automation world. ‘Automation is a learning experience’ is the philosophy she believes in. Teams at CommerceHub have gone through several challenges of DevOps and they came a long way overcoming those challenges. Vijaya would like to take this opportunity to share the kind of challenges an organization will go through when DevOps teams are structured and also want to share few ideas that can be put in place from a process perspective that can help other organizations. This talk will be not be focused on general DevOps challenges, but, more on operations teams (DBA, IT, Technical support…) challenges in a DevOps structured team.

If we think of git as a way to track changes to text files, we apply this to code every day. Network device configurations, either Cumulus Linux or Cisco IOS, are simply 1 or more text files. If I need to make a change to the network it’s the same as making a change to code. Branch off for your change to add a new VLAN or access control list, make the changes and propose a pull request to provide an opportunity to have senior engineers review those changes or tie it to virtual environments and tools like Jenkins to do further validation of your change. It’s not really rocket science, but more of showing two different silos how the other side lives.

Software and Application development are not slowing down… can your application security efforts keep pace? With agile development, continuous deployment, DevOps, and Cloud the pace of change in the software industry has only increased. Application security professionals face the prospect of rapidly delivering services while simultaneously ensuring that these applications are built both reliably and securely. With deployments deploying sometimes several times a day, weeklong security assessment just do not work anymore.

In this talk, I will discuss ways in which the DevOps philosophy can be utilized in application security. What are the key ways to keep your application security program robust enough to maintain relevance in today’s ever-changing environment? This talk will highlight methods for securing infrastructure, apps, APIs and source code.

Real innovation in Healthcare comes from people with lived experience and knowledge of the latest research. Current state of practice in healthcare is a decade or more behind. We need to make it easier for small companies to bring current research and modern technology into healthcare related services - costly regulations like HIPAA scare off most small teams. This is an experience report from 3 years working on a SaaS application that people to use with their psychiatrist (CommonGround). I will cover what works, what doesn’t, ways to save money on compliance, and what we can all do to lower the cost of running applications securely. This talk should be interesting for anyone that cares about safeguarding customer data.

In this workshop, we will explore the value of Kibana 4 for log analysis and will give a real live, hands-on tutorial on how to set up Kibana 4 and get the most out of Apache log files. We will examine three use cases: IT operations, business intelligence, and security and compliance. This is a hands-on session which will require participants to bring their own laptops, and we will provide the rest.