IT Infrastructure Services

White Paper

Getting IT Infrastructure Right: Implementing a DevOps Framework

About the Author

R. Nanda Kishore R. Nanda Kishore is a Consultant with the Middleware Center of Excellence in the IT Infrastructure Services (IT IS) business unit at Tata Consultancy Services (TCS). He has over 16 years of experience across diverse areas such as internetworking technologies, enterprise security, enterprise systems management, and middleware infrastructure management. He provides service delivery support and consulting services to Fortune 500 clients, and is actively involved in presales efforts. Kishore has a Bachelor's degree in Engineering from the Government Engineering College, Trissur, India; a Diploma in Advanced Computing from the Centre for Development of Advanced Computing (CDAC); and is a Certified Information System Auditor (CISA).

Abstract

Software applications, underpinned by the internet, are powering businesses across industries. With improved internet bandwidth and increased mobile phone penetration, every business is striving to create a strong online footprint. Further, intense competition results in rapidly shrinking profit margins and surprisingly crunched product launch timeframes. As more and more enterprises open up their online channels, there is a need to deploy complex multi-tiered applications to ensure system robustness and scalability. DevOps brings together the twin functions of development and operations in the software development space, and significantly improves the speed at which organizations take products and services to the market. It helps address the delays associated with application release that stem from increasing complexities of the application environment marked by multi-tier architectures. The DevOps framework is jointly implemented by the development, testing, and IT operations teams. However, the effort required from an IT infrastructure and operations perspective is significant, and often overlooked. This paper throws light on DevOps implementation activities from an infrastructure standpoint and outlines the key considerations that need to be examined during implementation. We also present probable implementation challenges, and the potential impact of DevOps on existing support processes and people skills.

Contents

The Evolution of DevOps

5

The Stages in Setting Up a DevOps Environment

5

Key Considerations for DevOps Infrastructure Implementation

6

Adopt an agile infrastructure

6

Move from manual to automated infrastructure environment build

7

Leverage release management orchestration tools

9

Enable organizational changes and encourage adoption of new skills

9

Challenges in DevOps Implementation

10

Implementation of security controls

10

Introduction of checkpoints in orchestration tools

11

Impact of DevOps on the Infrastructure Team

12

Rewiring Infrastructure Services to Make the Most of DevOps

13

The Evolution of DevOps The need for DevOps became pronounced with the cloud evolution in the last decade, a natural outcome of virtualization and automation possibilities. During this phase, the underlying infrastructure was virtualized, creating an environment with a suitable operating system, along with the required CPU cores and physical memory necessary for application development. Automating environment creation became easier with scripts such as Jython and other proprietary application programming interfaces (APIs). In parallel, the software development process moved from a waterfall model to a lean management or an agile model, thus bringing in an iterative approach. In addition to the automation of application tests, introduction of release orchestration systems enhanced collaboration between application development, testing, and operational infrastructure teams. All these naturally led to the development of the DevOps framework, as shown in Figure 1.

Software development

Software development

Application testing Agile development methodology

Application testing

Release workflow orchestration

IT Operations

IT Operations Automated application testing

Traditional Environment with Discrete Teams

Automated Infrastructure provisioning

DevOps environment with team collaboration

Transformation

Figure 1: Evolution of DevOps (Source: TCS Internal)

The Stages in Setting Up a DevOps Environment In contrast to the traditional approach to software release management, implementing the DevOps approach requires bringing together several components, which necessitates enterprises to invest in infrastructure, automation, and tools. To get started, organizations must evaluate and establish the need for a DevOps implementation by identifying the desired number of application builds or releases per week. For example, DevOps may not be beneficial for organizations that release only two to three changes every year.

A DevOps framework is ideal for organizations requiring a significantly high number of application releases, new features implementation, and application upgrades in a short span of time.

5

Evaluate the volume and complexity of applications deployed

n

Study the existing release management process

n

Identify the groups involved in release management and related workflows

n

Audit the security of existing application release

n

Understand the tools used for release management and identify gaps

n

Implement continuous integration and orchestration tools

n

Identify areas where automation can be implemented for environment provisioning

n

Automate application deployment

n

Automate migration of application across environments

n

Ensure control points are implemented in release management tools

n

Plug the security gaps in the process through checkpoints like authorization by project leads and release managers

Verify and fine-tune

n

Design, build, and implement

Study and conceptualize

Implementing a DevOps based environment is envisaged as a three-stage process (see Figure 2) where all constituent activities require the involvement of stakeholders from both application development and testing teams.

n

Check sanity of deployed applications, error rates

n

Audit the application release management process and provide feedback to the implementation team for changes in the workflow

n

Monitor post deployment errors

n

Identify root causes and provide feedback to the DevOps implementation team

Figure 2: Process for Setting up a DevOps Environment (Source: TCS Internal)

Key Considerations for DevOps Infrastructure Implementation The decision to adopt DevOps for application development has a notable impact on the underlying infrastructure environment. We now take a look at some aspects that organizations should focus on when approaching the task from the infrastructure perspective.

Adopt an agile infrastructure The Agile software development methodology employs an iterative approach to develop and test software codes. This requires frequent deployment of codes and immediate testing of results. In terms of infrastructure support, moving to the Agile methodology requires the implementation of continuous integration (CI) software, which enables uninterrupted delivery across the software development chain. As the entire code repository stays in the CI systems, it is imperative to safeguard these from malicious access. The infrastructure operations team is responsible for: 6

n

Implementing and customizing CI systems

n

Integrating these systems with authentication and authorization infrastructure such as Lightweight Directory Access Protocol (LDAP), AD, or native operating system schemas

n

Ensuring high availability of the system through clusters

n

Automating the backup of the CI repository

n

Ensuring scalability of file systems to support future growth

n

Maintaining replication architecture at the Disaster Recovery (DR) site

n

Managing user life cycle in the environment

As complexities related to code and environment increase, infrastructure teams will need to maintain CI systems effectively.

Move from manual to automated infrastructure environment build Setting up the infrastructure environment for applications is often considered a time consuming activity. Agile software development requires infrastructure that can be created dynamically, with minimal instructions. The infrastructure team plays a vital role in automating environment provisioning, which is a critical activity in DevOps implementation, while also supporting application deployment in software containers. Automation can be done through customized scripts or commercial products available in the market. The environment build activities that can be automated, include: n

Operating system provisioning

n

Assignment of CPU cores and memory, file system space

n

Provisioning of web, application, SOA, ESB, and portal servers

n

Creation of high availability application server clusters

n

Messaging and integration server provisioning and configuration

n

LDAP and SSO installation for authentication and authorization

n

Deployment of J2EE and .Net applications

n

Provision of RDBMS, high availability configuration

Today, an increasing number of organizations are moving to appliance based middleware, which promise a 'cloud in a box' environment that offers in-built automation and orchestration to rapidly adopt a DevOps framework. To provision the environment for these appliances, vendors provide a design studio to create patterns and provision the architecture in the appliance or directly on the private cloud.

7

Commonly used virtual patterns can be pre-created and stored in the appliance box, for the infrastructure team to choose from when the environment is being provisioned. Additionally, customized patterns can be created as per business requirements. Figure 3 depicts a futuristic model of how an application environment will be built and deployed

Virtual pattern builder

Custom nodes

Web server

Standard scripts

Private cloud Public cloud

Infrastructure operations

Databases

Admin servers

Image repository

Virtual pattern deployers

Figure 3: Infrastructure Environment Build – Futuristic Model (Source: TCS Internal)

Configuration management tools can create and replicate infrastructure based on codes. This has introduced a new concept called Infrastructure as a Code (IaaC), where all infrastructure components are provisioned through code and scripts. Most enterprises are still trying to virtualize physical systems and are contemplating moving to a cloud based service delivery model. Containerization may However, containerization of the environment is growing in popularity eventually replace because it helps developers deploy the same application on different virtualization as it platforms, without rework. Application environment provisioning can substantially reduces the effort involved in application therefore be reduced from several hours of effort to just a few minutes. environment provisioning. Configuration of web and application servers can be extracted from production servers and replicated across systems.

8

Leverage release management orchestration tools Complex software release in an Agile development environment requires orchestration tools such as CA Release Automation and BMC Release Lifecycle Management. Release of new applications often involves configuration changes in non-production and production environments. As shown in Figure 4, it is necessary to integrate the release management methodology through existing service management tools that include IT operations ticketing and change management systems.

Configuration management (code repository)

Environment provisioning

CI management Release orchestration

Agile environment provisioning

Service management (helpdesk / CM tool)

Release management orchestration implementation and integration with service management tools

Service catalog integrated with IT ops ticketing tools Figure 4: Integrating Release Management through Existing Service Management Tools (Source: TCS Internal)

The IT infrastructure team must implement orchestration tools with high availability features, customize workflows with security access controls, and integrate service catalogs in the IT operations ticketing systems.

Enable organizational changes and encourage adoption of new skills Implementing DevOps requires consolidating infrastructure and development teams for build and integration activities. During the initial phases of the DevOps implementation process, a strong collaboration between developers and operations teams is a must. Developers' participation is critical during the environment build stage, while the support of the operations team is required during the application design, build, and release processes. The DevOps teams should be equipped with the knowledge of release, service and change management, environment provisioning, application deployment, as well as automation and tools.

9

Figure 5 depicts the conversion of the traditional approach of software release to a DevOps model. The text in blue indicates activities related to the application and testing team, and the text in green represents activities performed by the infrastructure team.

Development

Implement Agile methodology in development process

Business requirements

Implement CI systems and manage high availability and scalability

Application Development/ Enhancement/ Bug Fix

Software / Hardware requirements

Release Plan

Release Policy

Code Build / Configure release

Environment Build

Release Accept

Release Communication

Environment Planning

Regression Test Server Configuration

Release Roll-out Plan

Deployment

Integration Test

Functional Test

Test

Infrastructure

Configuration management

Implement release orchestration

Identify Bug

Automation of application testing

Smoke Test

Automation of middleware environment build through service catalogs

Figure 5: Moving Toward a DevOps Model (Source: TCS Internal)

Challenges in DevOps Implementation The implementation of a DevOps framework will bring significant changes to the technology, process, and support culture of an organization. Introduction of automation and orchestration tools will challenge the existing control mechanisms across the enterprise, and will therefore need to be thoroughly examined.

Implementation of security controls To reap the full potential of Agile software project delivery, organizations may have to bypass several security controls in the software development process while implementing the DevOps framework. However, the framework must be aligned with fundamental security measures such as team segregation, role based access to codes and systems, and ITIL service management processes (see Table 1). Configuration items must be accessible to the right stakeholders, and compliant with industry standard security frameworks like Common Objectives for Information and Related Technology (COBIT). Access restrictions should be implemented by the infrastructure team, and subjected to internal and third party audits at defined intervals. 10

Configuration items Application code

Owner

Repository

Developers

Access restrictions

Version management system, developer desktops

System administrators (infrastructure, tools)

Security implementation Access restrictions to desktop files where code is written Access restriction in Integrated Development Environment (IDE)

SSL certificates

Infrastructure

Production servers protected Developers by perimeter firewalls, intrusion detection systems

Release Infrastructure orchestration tools (tools)

Tools installed on servers protected by host based firewalls, intrusion detection systems

Secured access to production team

Role based access to Secured access to the developers release management team Release managers

Figure 5: Moving Toward a DevOps Model (Source: TCS Internal)

Introduction of checkpoints in orchestration tools Automation of tasks such as building applications, testing the quality assurance (QA) environment, and production deployment may require some additional precautions. Manual check points are essential when tool designers implement the workflow across application development and deployment in the QA or production environment (see Figure 6). Development team

Version control

Build and unit testing

Regression testing

User acceptance testing in QA environment

Release to production environment

Manual check-in Automatic trigger

Automatic trigger Approval Approval

Implementation of release management orchestration tool with workflow and approval mechanism

Figure 6: Implementing Controls in Orchestration Tools (Source: TCS Internal)

11

and scripts. The DevOps framework also helps minimize the need to coordinate activities between infrastructure and development teams. The infrastructure team will be primarily responsible for ensuring that automation bears the desired results and significantly reduces the amount of effort involved in entry-level tasks. Administrators skilled in troubleshooting technical issues in the production environment will still be required, especially post the implementation of the DevOps framework.

Rewiring Infrastructure Services to Make the Most of DevOps A majority of the IT support processes are built on ITIL V3, which does not include the DevOps framework. The ITIL support framework is expected to evolve (into ITIL v4) and include the impact of automation on security controls and configuration management. Major changes in ITIL V4 are likely to introduce newer controls in the release management workflow. Release management and coordination activities will be accomplished through release

Environment design & architect Environment design & architect Application environment administration Application environment administration Environment build DevOps team Release management Application development Application development

Figure 7: Role of the DevOps Team

orchestration tools. Software version management tools and customization of release workflows will be other major activities within the scope of IT infrastructure services. DevOps is going to gain prominence as infrastructure virtualization and automation increase significantly over the next few years. The factory model of application release will soon become a reality. With environment provisioning requiring minimal effort, an organization's infrastructure operations team should focus on developing skills to

12

architect new environment configurations for complex web applications.

13

About TCS’ IT Infrastructure Services Unit Leading organizations across industries work with TCS to realize their business transformation and innovation objectives by enhancing the availability, performance and agility of their IT infrastructure. Leveraging a combination of the cloud, new generation delivery models such as IaaS, PaaS, and SaaS, virtualization, and managed services, our offerings deliver the secure, flexible, and reliable IT infrastructure needed to power critical business applications, services and data. TCS infrastructure offerings encompass data center services, end-user computing (EUC), mobility services, cloud services and transformational solutions, converged network services, managed security services, application management services, enterprise systems management, IT service desk, and IT service management. Backed by our Assess-Build-Manage-Transform framework, extensive partner ecosystem, tools and automation frameworks, and technology Centers of Excellence (CoEs), analytics-led approach, to understand the 'as-is' state, and arrive at the 'to-be' state. As a result, you seamlessly transition from traditional infrastructure management services towards new generation delivery.

Contact For more information about TCS’ IT Infrastructure Services, visit: http://www.tcs.com/offerings/it_infrastructure/Pages/default.aspx Email: [email protected] Subscribe to TCS White Papers TCS.com RSS: http://www.tcs.com/rss_feeds/Pages/feed.aspx?f=w Feedburner: http://feeds2.feedburner.com/tcswhitepapers About Tata Consultancy Services (TCS) Tata Consultancy Services is an IT services, consulting and business solutions organization that delivers real results to global business, ensuring a level of certainty no other firm can match. TCS offers a consulting-led, integrated portfolio of IT and IT-enabled infrastructure, engineering and assurance services. This is delivered through its unique Global Network Delivery ModelTM, recognized as the benchmark of excellence in software development. A part of the Tata Group, India’s largest industrial conglomerate, TCS has a global footprint and is listed on the National Stock Exchange and Bombay Stock Exchange in India.

IT Services Business Solutions Consulting All content / information present here is the exclusive property of Tata Consultancy Services Limited (TCS). The content / information contained here is correct at the time of publishing. No material from here may be copied, modified, reproduced, republished, uploaded, transmitted, posted or distributed in any form without prior written permission from TCS. Unauthorized use of the content / information appearing here may violate copyright, trademark and other applicable laws, and could result in criminal or civil penalties. Copyright © 2015 Tata Consultancy Services Limited

TCS Design Services I M I 10 I 15

For more information, visit us at www.tcs.com