Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Advancing Application Delivery

September 17, 2019 By Derek Weeks

Are you in an organization implementing Continuous Delivery? Are you a manager who wants to see your applications respond at the pace of the market - or better, be in front of the market? Do you envision a world where updates are available to customers at the push of a button?

All of these are motivators pushing organizations to adopt Continuous Delivery.

What does Continuous Delivery mean? It is the, “Capability to go to production any time with high confidence.” That is how Swati Shah describes it in her talk at the All Day DevOps conference. Swati is the Senior VP for Emerging Technology at US Bank. Her talk answers the high-level questions:

  • how do we get to push-button deploy?
  • why advance application delivery?
  • what value do we want to get?

Customers expect digital products to be available anytime, anywhere, with zero tolerance for failure. For application developers, the question is, How can we go to production without compromising on quality or security? How fast can we move products to market when the market is right?

Continuous Delivery seeks to get organizations to the point where the deployment pipeline aides the rapid flow of changes into production without inhibiting quality and security. How do organizations get there? Swati walks through high-level steps for organizations to follow.

Build Your Foundation

null

Building a solid foundation is key before fully implementing Continuous Delivery. Review your toolchain. There is a tremendous toolset from which we can choose. Plus, tools, and their effectiveness, change rapidly. Review the toolchain often to ensure it is meeting your needs efficiently.

Build a solid pipeline architecture. Think of your architecture as microservices. Certain capabilities are there to meet your business or compliance requirements. Others allow your developers to customize the pipeline for each application.

You also need to identify any bottlenecks. Do a value stream exercise on your organization. Work with all stakeholders and identify where there are a maximum number of handoffs or its taking a tremendous amount of time to complete a task. Focus on these bottlenecks and work to automate the processes.

Finally, identify compliance and governance needs. If you are in a regulated industry, it is especially important. How do you seek compliance? How do you work with the risk and compliance groups? Make sure you are involving them early in the building process so they see the value and buy into the change.

Steps to Implementation

Implementing automated policies

How are you going to scale with the tools you have? High-availability applications are especially vulnerable to scaling demands. Test tools rigorously to make sure your toolset is able to meet the demand. Also, establish and maintain a foundation of pipeline libraries. Community development helps because it provides consistency.

Key to Continuous Delivery is to automate processes whenever possible. Automate bottlenecks first, as automation can help ease them. Also, find the capabilities where you get more value and focus on automating them. Allow the product manager to determine if a feature is ready for production.

Finally, automate policies. For regulated industries, automating policies ensures you are meeting the policies. An audit trail is automatically generated and sent to the compliance group.

What Not to Do

Avoid focusing on a perfect toolchain

An iterative approach, an Agile mindset, is key. You don’t need to go for every capability you want, right away, and you don’t have to wait for the perfect toolchain. Leverage what you have and start somewhere. Swati recommends focusing on automation first.

Swati also recommends working with a partner from your organization to build your Continuous Delivery capabilities. Then, use the model to deploy, test, update, and scale.

Swati ends her presentation with the encouragement that, “I am super-confident everyone can get there.” She has seen the value of Continuous Delivery and has laid-out the steps you can customize to your own organization.

You can watch her whole talk, including the Q&A following her presentation below.

Interested in more DevOps? Register for the next All Day DevOps, November 6, 2019. It will be a day to discuss security, CI/CD, cloud native infrastructure, cultural transformation, site reliability engineering, and other interesting topics.

Tags: AppSec, Continuous Delivery, Deployment Pipeline, application, pipelines, delivery pipeline, Post security/devsecops

Written by Derek Weeks

Derek serves as vice president and DevOps advocate at Sonatype and is the co-founder of All Day DevOps -- an online community of 65,000 IT professionals.