What is DevOps? DevOps is about culture. Yes, you have probably heard this before, and just about every business these days attributes culture as the biggest focus for applying DevOps principles.
The important question is, what do we mean when we say ‘DevOps is about culture’? The focus on culture is about removing the traditional separation of duties where developers develop and operations operate. Their two business functions have inherently conflicting objectives. Developers introduce as much change as possible and operations try to minimise change in order to deliver stability and reliability. DevOps is about turning this paradigm on its head and changing the cultural mindset so that everyone works towards common goals and objectives.
That said, tools and process also play a significant role in a DevOps environment. DevOps is about a journey towards continuous delivery while maintaining quality. Continuous delivery is only possible if the right tools are selected to support relevant people and processes. Tools and applications used to develop, test, deploy and monitor business applications all need to work together; just like the people using these tools and processes need to work together and break down silos.
There are lots of excellent resources on the web to further the understanding of foundational DevOps principles, but what I want to focus on today is to peek into the future and make a few predictions of where I see DevOps heading in 2017.
My prediction is that we will see three DevOps growth areas in 2017:
- Modern Infrastructure
- Automated Security, DevSecOps
- Continuous Everything - Enabler for Digital Transformation
1. Modern Infrastructure
We are witnessing a massive transformation in the way organisations manage IT infrastructure. More companies are looking for improved agility and flexibility, moving away from traditional server stacks to modern cloud infrastructure for supporting new applications and services that must be delivered at "breakneck" speed to remain competitive. However, as we move into 2017, it is not enough to just “shift and lift” your IT infrastructure from on-premise to the cloud.
Organisations need to adopt the innovation, novel architectures and approaches for modern infrastructure for building out software and services. Standard methods will still exist, but the way infrastructure will be constructed in the next 3-5 years will drastically change. We will see mainstream adoption of technologies like serverless computing, container orchestration, application centric approaches for automation and microservices.
Serverless Computing is an event-driven application design and deployment approach, where computing resources are provided as scalable cloud services. Doing "traditional" application deployments required fixed computing resources that had fixed associated costs with no computing and cost elasticity. In a serverless computing realm, the cloud customer only pays for computing services that are used. The customer is never charged for idle or downtime.
Serverless computing does not eliminate servers but instead seeks to emphasise the paradigm that computing resources can be moved into the background during the design process. It is often associated with the NoOps movement.
Examples of Serverless computing technologies includes:
- AWS Lambda
- Azure Functions
- IBM OpenWhisk
1.2 Container Orchestration
As the use of containers increases and organisations deploy container technologies to production more widely, the need for tools to manage containers across the infrastructure also increases. Orchestrating a cluster of containers is a competitive and rapidly evolving area, and many tools exist offering numerous features.
Container orchestration tools can be broadly defined as providing an enterprise-level framework for integrating and managing containers at scale. Such tools aim to simplify container management and provide a framework not only for defining initial container deployment, but also for managing multiple containers as one entity, for purposes of availability, scaling, and networking.
Some known container orchestration tools include:
- Amazon ECS
- Azure Container Service
- Docker Swarm
- Google Container Engine
- CoreOS Fleet
1.3 Application Centric Approaches
Application centric approaches are also described as automating applications, minus platform and infrastructure hassles. Application centric automation doesn't replace the existing container-based application deployment systems like Docker, Kubernetes, and the like. Instead, it addresses the issues they typically don’t, taking the application’s perspective. Automation must travel with the application, rather than be provided by the platform. Everything the application needs, from build dependencies, run-time dependencies, configuration, dynamic topologies, deployment strategies, secrets management, security auditing, and so on belongs with the application. It is still very early days for application centric approaches but we will see further growth in this approach and tools like:
- Chef Habitat
- Terraform by Hashicorp
Many engineering teams have identified microservices as an important component of this architectural approach to designing more flexible systems that can meet the needs of their fast-changing businesses. Applying this approach and doing it properly is hard. We will see further growth and evolution around microservices architectures and practices in 2017. Especially if we consider the rise of serverless computing and application centric approaches.
2. Automated Security & DevSecOps
Information security, compliance and application security are critical to businesses across the globe, especially given past examples of data breaches and looming cyber security threats. Traditionally, DevOps has been viewed as a risk by delivery teams, with its increased velocity of software releases seen as a threat to governance and security and regulatory controls. Despite some initial pushback, organisations that have taken the DevOps plunge have shown consistently that DevOps practices actually mitigate potential security problems, discover issues faster, and address threats more quickly. We now see DevOps evolving to DevSecOps, that align DevOps principles with security requirements.
Looking towards 2017, further focus will be given to tools and techniques to build successful automated security into the delivery of business features and we will see DevSecOps become more desirable for delivery teams in general.
Areas to look at include:
- Security Tools in the CI/Delivery Pipeline
- Security in the Supply Chain
- Security Open Source Innovations
- SSDLC - Secure Software Development Lifecycle
3. Continuous Everything enabler for Digital Transformation
Continuous Everything is relevant in this day and age, where every organisation is trying to transform itself into a digital enterprise, to be more agile yet very reliable. This desire is just going to increase as we move into 2017.
But just what does Continuous Everything mean? Continuous Everything provides Continuous Delivery for DevOps teams, Continuous Testing for QA teams, Continuous Security for DevSecOps teams, Continuous Service for the business and Continuous Operations for IT. There has never been a more important time for business automation than the time we are facing now.
The increasing adoption of DevOps in 2017 will continue to drive business innovation through its core principles, and tooling will continue to evolve. It is important for organisations to embrace bi-modal agility in business delivery as the need for more sophisticated automation increases. The future of DevOps is vibrant, so bring on DevOps in 2017!