Delivering Software at Speed AWS OpsWorks for Chef Automate Amazon Web Services Sydney User Group Matt Ray Manager, Solutions Architect for APJ February 1, 2017
Delivering Software at SpeedAWS OpsWorks for Chef AutomateAmazon Web Services Sydney User Group
Matt Ray
Manager, Solutions Architect for APJ
February 1, 2017
5x
Apps and experiences are the new interface
Disrupt or be disrupted. Outperform the competition with digital transformation.
Success with digital transformation is key to business growth
Idea Ship
PROBLEMMost enterprises aren’t very good at shipping software
▪ Slow time-to-market
▪ Poor user experience
▪ High cost
▪ Poor predictability
▪ Vulnerabilities and risk
POTENTIAL
1—Gartner, Delivering Value at Speed2—GartnerApps, November 2016
REQUIREMENT
For organizations that have implemented DevOps, 66% saw faster realization of business value1.
Gartner predicts that through 2021 market demand for app development will outstrip supply by 5x.
66%
1. BMC 2. Splunk 3. IBM 4. HP 5. New Relic 6. AWS 7. Servicenow 8. CA 9. Microsoft
10. Chef 11. Solarwinds 12. Atlassian
Chef has driven the automation revolutionOur platform is a leader in Continuous Automation
Infrastructure Automation
Compliance Automation
Application Automation
Strategic Vendor of F500OSS LeadershipWith which vendor do you think you will be spending the most on IT tools in three years?
Goldman Sachs Spending Survey, 2016
Key Partners
Sliding Scale of Hybrid
% of TraditionalInfrastructure
% of ModernInfrastructure
Legacy toolingLegacy process
Modern toolingModern process”
Most enterprises are going to operate in hybrid mode for many years to comeAndy Jassy, CEO, Amazon Web Services (re:Invent 2016)
Product SoftwareDevelopment
QualityAssurance
Operations Security
Current Infra Team’s ChallengeR
UN
TIM
E
Grid PaaS Containers & Discovery Traditional Applications
INFR
AS
TR
UC
TU
RE
Bare Metal Virtualization Cloud & IaaS OS
Application Delivery
LOBLOB
FOCUS ON SPEED
Tension caused by the demands placed on teams…
…can be resolved by vertical integration and automation…
…to deliver a future of developer services and software at speed
SHARED SERVICES
Vertical Integration is key to velocityA balance of increasing speed, improved efficiency and decreasing risk
FOCUS ON RISK
SHARED SERVICES
DEVELOPER SERVICESBUILD • DEPLOY • MANAGE
LOBLine of
Business
LOBLine of
BusinessLOB
SHARED SERVICES
LOB
”Business Value with Developer ServicesShifting capabilities to match business requirements
Developer Services EngineerLine of Business Development TeamI provide services that developers and development teams use to build and deliver applications.
Developer Services TeamsTraditional Central IT
System AdministratorCentralized Enterprise IT TeamI manage and deliver infrastructure required to run software in my organization.
MANAGE Enabling development teams to get insights into speed, efficiency and risk of delivery of their software
Reducing risk to my organization from my infrastructure and software that runs on it
Enabling development teams to ship software at speed while maintaining quality and reducing risk
Reliably managing changes to infrastructure requirements DEPLOY
Providing on-demand, self-service infrastructure and services tailored to developer needs
Managing and lowering costs of running, configuring, and maintaining infrastructure
Don’t measure me on traditional IT metrics, but on the metrics of the businessJim Fowler, CIO, GE Capital
BUILD
The impact of outperformance5x Revenue Growth, 8x Profitability Growth, 2x Shareholder Return Growth
4.3% 13.5% 18.1%
0.8%
-1.8%
10.3%
B2B digital leaders turn in stronger financial performance.
Top-quartile digital B2B companies
Rest of B2B sample
Revenue growth,CAGR,2010-15
Operating profit (EBIT)Growth, CAGR, 2010-15
Return to shareholder (TRS)growth, CAGR, 2010-15
~5X ~8X ~2X
Firms with high performing IT organizations were twice as likely to exceed their profitability, market share, and productivity goalsThe State of DevOps, 2016
HIGH PERFORMING IT ORGANIZATIONS:▪ 200x more frequent releases
▪ 24x faster at recovering from failures
▪ 3x lower change failure rate
▪ 255x shorter lead times
No high velocity company has gotten there without automation as a foundation
2x
Velocity: time from idea to ship
Software success metricsQuantifying outcomes to deliver software at speed
Deployment frequency
Time fromcommit to deploy
Mean timeto resolve
Time deploying remediation
Change failurerate
SPEEDMeasure of rate
of software change
EFFICIENCYMeasure of effectiveness
of software change
RISKMeasure of qualityof software change
Compliance testing coverage
Idea Ship
Standard Bank pushes ideas from commit to deploy in 18 minutes with Chef
Focus on SpeedMeasuring the rate of software change
HIGH ITPERFORMERS
MEDIUM IT PERFORMERS
LOW ITPERFORMERS
On-demand Week - MonthMonth – 6
Month
< 1 Hour Week - MonthMonth - 6
month
USE CASES INCLUDE:▪ Application Delivery
▪ Build Pipelines
DEPLOYMENT FREQUENCY
TIME FROM COMMIT TO DEPLOY
Delivering software at speedThe capabilities needed across infrastructure, applications and compliance
Workflow • Local development • Integration • Tooling (APIs & SDKs)
COLLABORATE
▪ Package▪ Test▪ Approve
BUILD
▪ Provision▪ Configure▪ Execute▪ Update
DEPLOY
▪ Secure▪ Comply▪ Audit▪ Measure▪ Log
MANAGE
“Continuous configuration automation tools (aka infrastructure as code) are foundational to DevOps initiatives.
—Gartner, Inc.Market Guide for Continuous Configuration
Automation Tools, Dec 2016
“How..?CAN YOU DELIVER SOFTWARE AT SPEED FOR YOUR BUSINESS
The Chef Automate PlatformContinuous Automation for High Velocity IT
Workflow • Local development • Integration • Tooling (APIs & SDKs)
COLLABORATE
▪ Package▪ Test▪ Approve
BUILD
▪ Provision▪ Configure▪ Execute▪ Update
DEPLOY
▪ Secure▪ Comply▪ Audit▪ Measure▪ Log
MANAGE
Infrastructure Automation Compliance AutomationApplication Automation
OSS AUTOMATION ENGINES
Increase Speed
▪ Package infrastructure and app configuration as code
▪ Continuously automate infrastructure and app updates
Improve Efficiency
▪ Define and execute standard workflows and automation
▪ Audit and measure effectiveness of automation
Decrease Risk
▪ Define compliance rules as code
▪ Deliver continuous compliance as part of standard workflow
Chef
▪ Manages deployment and on-going automation
▪ Define reusable resources and infrastructure state as code
▪ Scale elegantly from one to tens of thousands of managed nodes across multiple complex environments
▪ Community, Certified Partner, and Chef supported content available for all common automation tasks
Infrastructure automation and delivery at scale
windows_feature ‘IIS-WebServerRole’ doaction :install
end
windows_feature ‘IIS-ASPNET’ doaction :install
end
iis_pool FooBarPool doruntime_version “4.0”action :add
end
package "apache" doaction :install
end
template “/etc/httpd/https.conf” dosource “httpd.conf.erb”mode 0075owner “root”group “root”
end
service “apache2” doaction :start
done
PART OF A PROCESS OF CONTINUOUS COMPLIANCE
Scan for Compliance
Build & Test Locally
Build & Test CI/CD Remediate Verify
A SIMPLE EXAMPLE OF AN INSPEC CIS RULE
InSpec
▪ Translate compliance into Code
▪ Clearly express statements of policy
▪ Move risk to build/test from runtime
▪ Find issues early
▪ Write code quickly
▪ Run code anywhere
▪ Inspect machines, data and APIs
Turn security and compliance into code
control ‘cis-1.4.1’ dotitle ‘1.4.1 Enable SELinux in /etc/grub.conf’desc ‘
Do not disable SELinux and enforcing in your GRUB configuration. These are important security features that prevent attackers from escalating their access to your systems. For reference see …
‘impact 1.0expect(grub_conf.param ‘selinux’).to_not eq ‘0’expect(grub_conf.param ‘enforcing’).to_not eq ‘0’
end
Habitat
▪ Ease the burden of managing microservice apps and bring benefits of apps architected for microservices to traditional applications
▪ Gain consistent management of new and traditional applications across their lifecycle
▪ Provides application portability for new and traditional apps
▪ Autonomous nodes self-manage runtime state of application based upon policy you define
▪ APIs expose application behaviors as data for better management
▪ Works in tandem with infrastructure automation
▪ Makes applications running on containers, PaaS, virtual machines, bare metal, … better
Automation that travels with the app
The Chef Automate PlatformContinuous Automation for High Velocity IT
Workflow • Local development • Integration • Tooling (APIs & SDKs)
COLLABORATE
▪ Package▪ Test▪ Approve
BUILD
▪ Provision▪ Configure▪ Execute▪ Update
DEPLOY
▪ Secure▪ Comply▪ Audit▪ Measure▪ Log
MANAGE
Infrastructure Automation Compliance AutomationApplication Automation
OSS AUTOMATION ENGINES
Increase Speed
▪ Package infrastructure and app configuration as code
▪ Continuously automate infrastructure and app updates
Improve Efficiency
▪ Define and execute standard workflows and automation
▪ Audit and measure effectiveness of automation
Decrease Risk
▪ Define compliance rules as code
▪ Deliver continuous compliance as part of standard workflow
Chef Automate is at the heart of software deliveryThe vendors you trust, trust Chef for continuous automation
Technology Partners:
Workflow • Local development • Integration • Tooling (APIs & SDKs)
COLLABORATE
▪ Package▪ Test
BUILD
▪ Secure▪ Comply
MANAGE
Infrastructure Automation
Compliance Automation
Application Automation
OSS AUTOMATION ENGINES
▪ Provision▪ Configure
DEPLOY
FORMAT RUNTIME
WORKFLOW
ENVIRONMENT
Chef Automate: Jumpstart your automation
● A complete suite of enterprise capabilities for workflow, visibility and compliance
● Workflow: A pipeline for continuous delivery of infrastructure and applications
● Compliance: Customizable analytics to identify compliance issues, security risks and outdated software
● Visibility: Gives you views into operational, compliance and workflow process events
Workflow: Continuous delivery of any codeImprove collaboration across infrastructure & applications
● Cross-team productivity enhanced by consistent overall pipeline shape
● Specific teams given flexibility to configure pipeline automation specific to their app
● Service dependencies across pipelines are easily mapped and tested
Stakeholder visibility keeps teams in the know and involved as needed
Robust governance ensures compliance controls are enforced
Visibility: Real-time data collection & analysis● Search, analyze, audit, and report on workflow
processes and environment behaviors
○ Multiple Chef Servers○ Chef Solo○ InSpec○ Chef Compliance○ Habitat○ Chef Automate Workflow
● Better manage ephemeral, long-lived, and large federated environments
● Easily export data to 3rd party analytic platforms and event notification systems
Continuous Compliance/Audit: Compliance built into Automation
● Discovery and analysis of compliance risks across environments
● Automated checking of compliance criteria with analytics
● Embed compliance into the software delivery pipeline
● Move compliance risk checking from runtime into build/test stage
● Structured review process during development
● Improve patch management and remediation
AWS OpsWorks for Chef AutomateNative Amazon Service
Managed Chef Server
▪ Utilizes RDS and other native services
▪ May be externally accessible
AWS Native
▪ Auto Scaling in your VPC
▪ Automatic backups and upgrades
OpsWorks Stacks
▪ New name for previous version of OpsWorks
● Partnership between Amazon and Chef, jointly developed and maintained
● Fully managed AWS service with frequent updates
● Fully compatible with open source Chef
● Amazon is your support and billing
● All Chef Automate features will be supported
○ Visibility and Workflow today
○ Compliance soon
○ Currently Northern Virginia, Oregon & Ireland with more planned