Top Banner
ITIL and DevOps at war in the enterprise
24

ITIL and DevOps at War in the Enterprise - DevOpsDays Amsterdam 2014

Aug 23, 2014

Download

Presentations & Public Speaking

Jan-Joost Bouwman

The journey from ITIL/CMMi to DevOps in the corporate setting of ING Netherlands. Presentation by Mark Heistek and Jan-Joost Bouwman at DevOpsDays Amsterdam 2014.

code review

end process

adjusted external

service management

security monitoring

service management

change owner

ea confirmation

Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
  • ITIL and DevOps at war in the enterprise
  • Mark Heistek Background in: Operations Project management / Process management DevOps and CD evangelist since 2 years Current position within ING: Continuous Delivery team CIO NL DevOps community manager on internal social platform Interests: Sports Jan-Joost Bouwman Background in: Operations Process management (change) DevOps and CD evangelist since 2 years Current position within ING: Process owner Service Operations & Service Transition (and only person that knows what that is) DevOps community co-manager Interests: Birdwatching, travel @markheistek [email protected] @janjoostbouwman [email protected]
  • The enterprise as organism
  • OPS DEV Where do we come from?
  • Importance of NFR
  • Where did we start to come together?
  • ITIL service design and tollgates
  • Generic Acceptance Criteria PCAB / Tollgate 1 Solution Delivery Clarity code: Service Management Change nr: Nr. Description Expected Output Remarks/Checkpoints Nr. Description Expected Output Remarks/Checkpoints SD1.1 Has the responsible OIB parties been identified, including co-developing parties and are all work packages/team plans defined and incorporated in planning, PID (list of deliverables) and business case (exploitation costs), including infrastructure? PID, work packages, team plans SM1.1 Has Service Management delivered the baseline information from the CMDB to the project? CI Relation report SD1.2 Is the Solution Architecture for the involved infrastructure up to date and approved by Technology Design Authority? Confirmation and approval by TDA that deliverables are in alignment with Solution Architecture SA, TDA confirmation SM1.2 Has Service Management provided the non-functional requirements to the project (including waivers and problems to be solved, and any Specific Acceptance Criteria, ie specific for that department or that environment) SD1.3 Is the Solution Architecture for the involved application up to date and approved by Enterprise Architecture? Confirmation and approval by EA that deliverables are in alignment with Solution Architecture. SA, EA confirmation SM1.3 Has Service Management registered the project and the work packages (including infrastructure) in HPSC and assigned to the domains responsible for support after implementation? HPSC records and linkages SD1.4 Are proposed changes/designs to the IT Services been aligned with the policy to disentangle IT Services for Insurance and Banking? SA, EA confirmation SM1.4 Has Service Management provided the costs for Transition to Support and the expected delta in the exploitation costs as input for the Business Case of the project. updated business case SD1.5 Capacity modelling: has the delta in required capacity for production been specified for Application Support and Infrastructure? Are test plans developed for testing the capacity models? Capacity model; test plans SM1.5 Has Service Management provided baseline Capacity reports as input for Capacity Modelling Performance reports SD1.6 Has infrastructure confirmed the requested delta in required capacity? Confirmation from ISS/TS/BST SD1.7 Have contracts for both Solution Delivery and Service Management with (sub-)contractors and vendors been checked and updated (if necessary) and are the results added to the business case? Finance, Vendor Management SD1.8 Has TDA checked the consequences for the system and service management tooling? TDA confirmation SD1.9 Has the list of items that will be transfered to Service Management in Transition been specified? PID SD1.10 Has the list of items that will be solved by the project (problems, waivers, software/hardware decommissioning etc.) been delivered to Service Management? list SD2.1 Is the current BIA still valid or does it need updating? Necessary updates are approved by the relevant parties Approved BIA SM2.1 Has Service Management determined the Risk & Impact of the change during implementation and operation Initial Risk & Impact To be confirmed in TCAB SD2.2 Are the CIA and PIA still valid or do they need updating? Necessary updates are approved by the relevant parties Approved CIA and PIA SD2.3 Are the ACA, BCDR design, Security Monitoring design, RBAC and IST/SOLL matrix still valid or do they need updating? Necessary updates are approved by the relevant parties Approved ACA, BCDR design, Security Monitoring design, RBAC and IST/SOLL matrix 3 Testing SM3.1 Has Service Management delivered the baseline for performance testing test plan 4 Planning SD4.1 Has the TCAB -as tollgate 2- been planned before start of UAT? planning SD4.2 Has the final DCAB been planned (after UAT, before implementation date)? planning SD4.3 Does the planning cater for rework after testing (both software and infrastructure)? planning SD4.4 Has BCDR delivery and testing been planned? planning SD4.5 Has delivery of an (updated) I and A OSG been planned planning SD4.6 Have all the documents to be updated been identified and has updating the documents been planned. planning SD4.7 Has the need to train or educate staff for supporting and endusers for using new or changed functionality been determined? planning SD4.8 In case you deliver a modification (including new developments) in a web based application: plan the delivery of sign-offs of the security code review scan report before promoting the software into Production environment. planning SD4.9 If the project requires new or adjusted external connections, have penetration tests been planned, staffed as part of UAT/PAT and has the sign-off by RCEC been planned before Tollgate 2? planning 1 Non- functional requirements and deliverables 2 Risk, Continuity and Security Generic Acceptance Criteria 1st DCAB / Tollgate 2 Solution Delivery Clarity code: 0 Service Management Change nr: 0 Nr. Description Expected Output Remarks/Checkpoints Nr. Description Expected Output Remarks/Checkpoints SD1.1 Have all items on the PCAB and TCAB checklist been completed and signed-off before the first DCAB meeting? updated checklist SM1.1 Is the RfC record in HPSC up to date? In case of a Project Exception Report: has the record been updated to reflect changes to deliverables, planning and or business case for Service Management? NB Change owner may reside on SD side confirmation by change owner SD1.2 SM1.2 Have all Specific Acceptance Criteria agreed upon between SoDC and SeDC confirmation by change owner SD1.3 Has Technology Design Authority confirmed that the final deliverables are in line with the approved Infrastructure and Security Architecture and Detail Design sign off on deliverables by TDA SM1.3 Have Service Delivery Contracts been approved? confirmation by RL4/Service Manager SD1.4 Has Entreprise Architecture confirmed that the final deliverables is in line with the approved Solution Architecture and Detail Design? sign off on deliverables by EA SM1.4 Is the SLA for the Service or components that will be changed ready, has it been signed-off by Supplier and Business? SLA with sign off by Supplier and Business SD1.5 Are the final deliverables still in alignment with the policy to disentangle IT Services for Insurance and Banking? confirmation by EA SM1.5 Has all updated documentation (or knowledge management system) been distributed to the relevant parties confirmation by Service manager SD1.6 SM1.6 Has an aftercare period during which the project is in the lead with regards to incident solving been agreed upon? confirmation by Service manager SD2.1 Have external connections been approved by RCEC? Are they agreed upon and signed off by their respective business owner? RCEC minutes, certificates SM2.1 Is the Operational risk for implementation researched, analysed and mitigated? Minutes TCAB SD2.2 Has the (A-)OSG been completed and approved by SM Security Manager? approved (A-)OSG SD2.3 Has OSS/UAC or its custodian confirmed that the soll matrix is in place and up to date, that User Access Model complies with RBAC, and that User Access Management complies with Authorization Management Process? sign off by SM Risk manager SD2.4 Has Security monitoring been implemented in accordance with the Risk Minimum Standards? sign off by SD Risk manager SD3.1 Is the run book for implementation complete, including roll- back and back-out scenarios? Final runbook attached to change record SD3.2 Have FAT results been accepted by Service Management confirmation by Service Manager 4 Planning SM4.1 Do planned start and end date and the outage times of the Request for Change not conflict with other items on the Change Deployment Calendar? OIB Change Calendar 1 Non functional requirements and deliverables 2 Risk, Continuity and Security 3 Testing Generic Acceptance Criteria 2nd DCAB / Tollgate 3 Solution Delivery Clarity code: 0 Service Management Change nr: 0 Nr. Description Expected Output Remarks/Checkpoints Nr. Description Expected Output Remarks/Checkpoints SD1.1 Have all remaining checkpoints on Tollgate 2 been signed off before the second DCAB meeting SM1.1 Have all CMDB changes to be implemented been approved by the CI owner and the Configuration manager? confimation by CI owner and CFG manager SM1.2 Have all Known Errors with their Work arounds delivered by the project been entered in HPSC? confirmation by Problem manager SD2.1 Has the code review report to check whether Secure Coding Guidelines were followed been delivered? Code review report, for Web facing with ORM sign off SD2.2 If the project requires new or adjusted external connections, has the penetration test been completed successfully? sign off on Penetration test results by ORM SD2.3 Has the Business owner (or his delegate) approved the implementation? Business owner approval (if delegated, incl. proof of delegation) SD3.1 Have all in TCAB identified affected Service Management Teams delivered their UAT results? approvals in HPSC SM3.1 Have the testcases of this release been stored for future reference? testcases in Dimensions SD3.2 Has the runbook been successfully tested on the Acceptance environment, including performing a roll back confirmation by Test manager SM3.2 Has the Regression test been updated in accordance to the changes in functionality of this release? updated Regression test SD3.3 Have all changes to ITSM Tooling (i.e. monitoring, logging etc) been tested and accepted, including the documentation and knowledge management system updates? confirmation by RL4 Operation Management team SD3.4 Have UAT and PAT results been accepted by System Management Confirmation by Service Manager SD4.1 Has ORM confirmed that the open iRisk items will be closed based on the release? confirmation by ORM SM4.1 Has the Problem manager confirmed that the problems to be solved in this release will be closed? (i.e. has Problem Management been involved/consulted during testing?) confirmation by Problem Manager SD4.2 Have updates of Test, Acceptance and Disaster Recovery Environments, synchronising them with the production environment, including all documentation, been planned? confirmation by RL4 Operation Management team SD4.3 Has a DR test with the changed Production and DR Environment been planned? Confirmation by BCM coordinator and central DR coordinator SD4.4 When replacing something old: has decommissioning of the old environments been planned Confirmation by Service Manager 4 Planning 1 Non functional requirements and deliverables 3 Testing 2 Risk, Continuity and Security Tollgate TERROR!
  • OPS attitude towards DEV
  • DCAB PIRTCABPCAB InitiationStart up Execution Process Close Project closure Requirements / Scope High level design Timelines Design Build Test Implement Scope Risk & Impact Plan B&T Release to Production Closure Development Project Configuration Management Maintenance Configuration Management CM MI ITIL SO/SA PID ITIL Change proces: CMMi-ITIL interface Acceptance criteria Config baseline PER
  • DCAB* Tollgate2 PCAB* InitiationStart up Execution Project closure CM MI ITIL Generic Acceptance Criteria & Tollgate 1 Generic & Specific Acceptance Criteria & Tollgate 3 Project Board Project Board Project Board Value Chain Value Chain Value Chain * PCAB = Planning Change Advisory Board; TCAB is Technical Advisory Board; DCAB = Deployment Advisoy Board; CB = Control Board Tollgate1 Tollgate3 TCAB* Project & Service Delivery (Tollgates & CABs) CB* CB*CB* Generic Acceptance Criteria & Tollgate 2 Generic Acceptance Criteria
  • Meanwhile
  • We are uncovering better ways of developing software by doing it and helping others do it. Through this work we have come to value: Individuals and interactions over processes and tools Working software over comprehensive documentation Customer collaboration over contract negotiation Responding to change over following a plan That is, while there is value in the items on the right, we value the items on the left more.
  • Process managers in panic
  • The new bible
  • Dev Ops
  • Some results DevOps line org Official start DevOps Start Scrum, end process mngrs
  • Some results DevOps line org Official start DevOps Start Scrum, end process mngrs
  • Some results Start Scrum, end process mngrs Official start DevOps DevOps line org
  • Some results DevOps line org Official start DevOps Start Scrum, end process mngrs
  • Combine the feedback loop
  • Pro tips Get your whole value chain on board You still need processes Tweak ITIL to meet DevOps demands All engineers need to add value
  • Join your forces, use best of both worlds in order to provide the best service and applications for your customers

Related Documents
Get your brand in front of the DevOps community at DevOpsDays … · Get your brand in front of the DevOps community at DevOpsDays Auckland 2019! DevOpsDays is a worldwide community

Get your brand in front of the DevOps community at...

Category: Documents
Groovy DevOps in the Cloud for DevOpsDays in Ljubljana 2014

Groovy DevOps in the Cloud for DevOpsDays in Ljubljana 2014

Category: Software
2016 - DevOpsDays Austin Keynote - 2016 State of DevOps

2016 - DevOpsDays Austin Keynote - 2016 State of DevOps

Category: Software
Waterfall-ITIL vs Agile-DevOps

Waterfall-ITIL vs Agile-DevOps

Category: Technology
ITIL and DevOps can be friends - Meetupfiles.meetup.com/4028802/ITIL and DEVOPS can be friends...ITIL and DevOps can be friends Jan-Joost Bouwman Adjusting ITSM to an Agile way of

ITIL and DevOps can be friends -...

Category: Documents
Application Management zwischen ITIL und DevOps

Application Management zwischen ITIL und DevOps

Category: Documents
DevOps Tactical Adoption Theory - DevOpsDays istanbul 2016

DevOps Tactical Adoption Theory - DevOpsDays istanbul 2016

Category: Software
Application Security at DevOps Speed - DevOpsDays Singapore 2016

Application Security at DevOps Speed - DevOpsDays Singapore....

Category: Technology
DevOps Measurement - DevOpsDays DC

DevOps Measurement - DevOpsDays DC

Category: Technology
Devops at SlideShare: Talk at Devopsdays Bangalore 2011

Devops at SlideShare: Talk at Devopsdays Bangalore 2011

Category: Technology
Cloudy with a chance of devops (devopsdays London)

Cloudy with a chance of devops (devopsdays London)

Category: Technology
ITIL and DEVOPS can be friends

ITIL and DEVOPS can be friends

Category: Engineering