As many organizations adopt and look forward to improving their DevOps processes, it becomes increasingly important to get the most out of a DevOps framework. Considering the impact of COVID-19, the size of development/support teams is reducing and certain industries are looking to automate things even further.
Here are some key pitfalls to avoid while working to achieve your DevOps objectives:
Skills: The foundation of any process or technology is the continuous improvement of skills within the IT organization. One of the key objectives of the DevOps Framework should be to empower the Development teams to manage their build and deployment operations. The teams should be trained on best practices and key tasks within the pipelines to be enforced. The CI/CD pipelines should be flexible enough for the teams to work on managing the parameters and should accommodate minor changes to processes, as deemed suitable.
Choosing the Tools: DevOps is a very vast area that has many tools for each activity. It is more common for multiple development teams associated with various business units to have their own tools and create multiple silos. One of the key aspects of identifying tools is to map them to your own goals. It is the responsibility of the DevOps COE team to identify the right tools which cover a major chunk of the objectives.
Some of the key points to focus on are mentioned below:
- What are the must-have features that the tool can support?
- Can the tool scale up and accommodate increased usage?
- Security review of the tools and any risks involved.
- Is the tool on-premises / cloud agnostic?
- How easily can the skills be accessed for a particular tool in the open market?
- Is there any support available?
- How good is the tool community?
Centralized DevOps Teams: While it is great to have a DevOps COE, it often leads to the creation of a centralized DevOps support. This approach has some pros and cons:
- All application teams get the same standard of service delivery and are at the same level of maturity
- Tools and processes remain centralized thereby simplifying the tasks for developers
- Most of the DevOps activities are owned by the central team and best practices are enforced
- Creating a separate DevOps team complicates the process. You now have App Support, Infra Support, and DevOps teams.
- You are adding a layer of collaboration here as the development team has to communicate with another team to get the tasks done.
As an alternative – based on the size of the project team and organization – it helps to choose between a centralized and a distributed DevOps team structure. In the case of distributed DevOps teams, the COE would develop the framework and perform the necessary engineering while individual project teams derive the process and use it in their projects.
Security: I was recently interviewing candidates for a DevOps role and asked them- “What are the security checks you would add as part of your DevSecOps pipeline?” The answer I got from more than 3 to 4 candidates was “All DevOps is about is to build and deploy; and if there is an additional security aspect to it, then add Sonar Scan.”
Well, DevSecOps is way beyond just Sonar Scans.
It is the COE’s responsibility to continuously evaluate the following areas and bring in tools/processes within the CI/CD Pipeline:
- Static Code Analysis
- Open Source Vulnerabilities
- Penetration Testing
- Vulnerability scans
- Creation of Linters in the IDE Not Building DevOps COE
While each of the above-mentioned areas is a potential pitfall, they also offer a great opportunity to bring in efficiency and deliver a secure product for the business. In this article, I have made several mentions of the DevOps COE and its role. A strong COE with experienced professionals continuously evaluating process improvement helps minimize the overall DevOps costs.
The following are the responsibilities of the DevOps Center of Excellence:
- Develop processes
- Evaluate the skills required in each of the project teams
- Create documentation for the best practices and “How to” documents
- Evaluate various tools that could help improve the DevOps process
- Continuously get feedback from the project teams on their challenges and include solutions in the DevOps roadmap
- Review the best security practices with the security team
With the advent of Covid-19 pandemic, the effective utilization of DevOps services is more important than ever. Every organization must ensure that the following parameters are met while implementing DevOps processes to achieve their DevOps objectives.
- The Development team should be trained on the best DevOps practices and the CI/CD pipelines should be flexible enough to accommodate periodic changes
- The DevOps COE team should be able to identify the appropriate tools for their process and take features, security and scalability into account before choosing the tools
- Having centralized DevOps teams ensures that all teams are at the same level of service delivery, and tools remain centralized – making it easy for developers to do their job
- The COE should implement best security practices and continuously evaluate areas like static code analysis, vulnerability scans and penetration testing to implement the necessary tools in the CI/CD pipeline
Building a strong COE team with experienced professionals, helps evaluate process improvement from time to time and minimize overall DevOps costs. These practices can help you achieve your DevOps objectives effectively.
Business problems? Technology challenges?