DevOps
DevOps is a methodology in the software development and IT industry. Used as a set of practices and tools, DevOps integrates and automates the work of
Automation is an important part of DevOps.
According to Neal Ford, DevOps, particularly through continuous delivery, employs the "Bring the pain forward" principle, tackling tough tasks early, fostering automation and swift issue detection. [3]
Definition
Other than it being a cross-functional combination (and a
History
Proposals to combine software development methodologies with deployment and operations concepts began to appear in the late 80s and early 90s.[9]
Around 2007 and 2008, concerns were raised by those within the software development and IT communities that the separation between the two industries, where one wrote and created software entirely separate from those that deploy and support the software was creating a fatal level of dysfunction within the industry.[10]
In 2009, the first conference named DevOps Days was held in Ghent, Belgium. The conference was founded by Belgian consultant, project manager and agile practitioner Patrick Debois.[11][12] The conference has now spread to other countries.[13]
In 2012, a report called "State of DevOps" was first published by Alanna Brown at Puppet Labs.[14][15]
As of 2014, the annual State of DevOps report was published by Nicole Forsgren, Gene Kim, Jez Humble and others. They stated that the adoption of DevOps was accelerating.[16][17] Also in 2014, Lisa Crispin and Janet Gregory wrote the book More Agile Testing, containing a chapter on testing and DevOps.[18][19]
In 2016, the DORA metrics for throughput (deployment frequency, lead time for changes), and stability (mean time to recover, change failure rate) were published in the State of DevOps report.[14] However, the research methodology and metrics were criticized by experts.[20][21][22][23] In response to these criticisms, the 2023 State of DevOps report [24] published changes that updated the stability metric "mean time to recover" to "failed deployment recovery time" acknowledging the confusion the former metric has caused.[25]
Relevant metrics
DORA metrics are a set of key metrics developed by DevOps Research and Assessment (DORA) which can help to measure software development efficiency and reliability. These metrics include: [26]
- Deployment Frequency: Time between code deployments.
- Mean Lead Time for Changes: Time between code commit and deployment.
- Change Failure Rate: Percentage of deployments causing production issues.
- Mean Time To Recovery: Time to resolve production issues.
- Reliability (added in 2021): [27] Measures operational performance, focusing on availability and adherence to user expectations.
These metrics, when applied appropriately and within relevant context, facilitate insights into DevOps performance, enabling teams to optimize deployment speed, reliability and quality, thereby informing data-driven decisions to enhance software development processes. [26]
Relationship to other approaches
Many of the ideas fundamental to DevOps practices are inspired by, or mirror, other well known practices such as Lean and Deming's Plan-Do-Check-Act cycle, through to The Toyota Way and the Agile approach of breaking down components and batch sizes.[28] Contrary to the "top-down" prescriptive approach and rigid framework of ITIL in the 1990s, DevOps is "bottom-up" and flexible, having been created by software engineers for their own needs.[29]
Agile
The motivations for what has become modern DevOps and several standard DevOps practices such as automated build and test, continuous integration, and continuous delivery originated in the Agile world, which dates (informally) to the 1990s, and formally to 2001. Agile development teams using methods such as extreme programming couldn't "satisfy the customer through early and continuous delivery of valuable software"[30] unless they took responsibility for operations and infrastructure for their applications, automating much of that work. Because Scrum emerged as the dominant Agile framework in the early 2000s and it omitted the engineering practices that were part of many Agile teams, the movement to automate operations and infrastructure functions splintered from Agile and expanded into what has become modern DevOps. Today, DevOps focuses on the deployment of developed software, whether it is developed using Agile oriented methodologies or other methodologies.
ArchOps
ArchOps presents an extension for DevOps practice, starting from software architecture artifacts, instead of source code, for operation deployment.[31] ArchOps states that architectural models are first-class entities in software development, deployment, and operations.
Continuous Integration and Delivery (CI/CD)
Automation is a core principle for achieving DevOps success and CI/CD is a critical component.[32] Plus, improved collaboration and communication between and within teams helps achieve faster time to market, with reduced risks.[33]
Mobile DevOps
Mobile DevOps is a set of practices that applies the principles of DevOps specifically to the development of mobile applications. Traditional DevOps focuses on streamlining the software development process in general, but mobile development has its own unique challenges that require a tailored approach.[34] Mobile DevOps is not simply as a branch of DevOps specific to mobile app development, instead an extension and reinterpretation of the DevOps philosophy due to very specific requirements of the mobile world.
Site-reliability engineering
In 2003, Google developed site reliability engineering (SRE), an approach for releasing new features continuously into large-scale high-availability systems while maintaining high-quality end-user experience.[35] While SRE predates the development of DevOps, they are generally viewed as being related to each other. Some of the original authors of the discipline consider SRE as an implementation of DevOps.[36]
Toyota production system, lean thinking, kaizen
Toyota production system, also known under the acronym TPS, was the inspiration for
DevSecOps, shifting security left
DevSecOps is an augmentation of DevOps to allow for security practices to be integrated into the DevOps approach. Contrary to a traditional centralized security team model, each delivery team is empowered to factor in the correct security controls into their software delivery. Security practices and testing are performed earlier in the development lifecycle, hence the term "shift left". Security is tested in three main areas: static, software composition, and dynamic.
Checking software statically via static application security testing (SAST) is white-box testing with special focus on security. Depending on the programming language, different tools are needed to do such static code analysis. The software composition is analyzed, especially libraries, and the version of each component is checked against vulnerability lists published by CERT and other expert groups. When giving software to clients, library licenses and their match to the license of the software distributed are in focus, especially copyleft licenses.
In dynamic testing, also called black-box testing, software is tested without knowing its inner functions. In DevSecOps this practice may be referred to as dynamic application security testing (DAST) or penetration testing. The goal is early detection of defects including cross-site scripting and SQL injection vulnerabilities. Threat types are published by the open web application security project, e.g. its TOP10,[39] and by other bodies.
DevSecOps has also been described as a cultural shift involving a holistic approach to producing secure software by integrating security education, security by design, and security automation.[40]
Cultural change
DevOps initiatives can create cultural changes in companies
Microservices
Although in principle it is possible to practice DevOps with any architectural style, the microservices architectural style is becoming the standard for building continuously deployed systems. Small size service allows the architecture of an individual service to emerge through continuous refactoring.[46]
DevOps automation
It also supports consistency, reliability, and efficiency within the organization, and is usually enabled by a shared code repository or version control. As DevOps researcher Ravi Teja Yarlagadda hypothesizes, "Through DevOps, there is an assumption that all functions can be carried out, controlled, and managed in a central place using a simple code."[47]
Automation with version control
Many organizations use
GitOps
GitOps evolved from DevOps. The specific state of deployment configuration is
Best practices for cloud systems
The following practices can enhance productivity of DevOps pipelines, especially in systems hosted in the cloud: [50][51][52]
- Number of Pipelines: Small teams can be more productive by having one repository and one pipeline. In contrast, larger organizations may have separate repositories and pipelines for each team or even separate repositories and pipelines for each service within a team.
- Permissions: In the context of pipeline-related permissions, adhering to the principle of least privilege can be challenging due to the dynamic nature of architecture. Administrators may opt for more permissive permissions while implementing compensating security controls to minimize the blast radius.
See also
- DataOps
- DevOps toolchain
- Twelve-Factor App methodology
- Infrastructure as code
- Lean software development
- Site reliability engineering
- Value stream
- List of build automation software
Notes
- ^ Dyck et al. (2015) "To our knowledge, there is no uniform definition for the terms release engineering and DevOps. As a consequence, many people use their own definitions or rely on others, which results in confusion about those terms."[4]
- ^ Jabbari et al. (2016) "The research results of this study showed the need for a definition as individual studies do not consistently define DevOps."[5]
- ^ Erich et al. (2017) "We noticed that there are various gaps in the study of DevOps: There is no consensus of what concepts DevOps covers, nor how DevOps is defined."[6]
- ^ Erich et al. (2017) "We discovered that there exists little agreement about the characteristics of DevOps in the academic literature."[6]
References
- ^ Courtemanche, Meredith; Mell, Emily; Gills, Alexander S. "What Is DevOps? The Ultimate Guide". TechTarget. Retrieved 2023-01-22.
- ISBN 978-1492043454.
- ISBN 978-1492097549.
- S2CID 4659735.
- ^ Jabbari, Ramtin; bin Ali, Nauman; Petersen, Kai; Tanveer, Binish (May 2016). "What is DevOps?: A Systematic Mapping Study on Definitions and Practices". Proceedings of the 2016 Scientific Workshop. Association for Computing Machinery.
- ^ S2CID 35914007.
- ISBN 978-0134049847.
- ^ Muñoz, Mirna; Negrete Rodríguez, Mario (April 2021). "A guidance to implement or reinforce a DevOps approach in organizations: A case study".
{{cite journal}}
: Cite journal requires|journal=
(help) - ^ Chapman, M., Gatti, N: A model of a service life cycle, Proceedings of TINA '93, pp. I-205–I-215, Sep., 1993.
- ^ Atlassian. "History of DevOps". Atlassian. Retrieved 2023-02-23.
- ^ Mezak, Steve (25 January 2018). "The Origins of DevOps: What's in a Name?". devops.com. Retrieved 6 May 2019.
- ^ Debois, Patrick (9 October 2008). "Agile 2008 Toronto". Just Enough Documented Information. Retrieved 12 March 2015.
- ^ Debois, Patrick. "DevOps Days". DevOps Days. Retrieved 31 March 2011.
- ^ a b Alana Brown; Nicole Forsgren; Jez Humble; Nigel Kersten; Gene Kim (2016). "2016 State of DevOps Report" (PDF). Puppet Labs, DORA (DevOps Research. Retrieved 2024-04-24.
- ^ "Puppet - Alanna Brown". Puppet Labs. Retrieved 2019-04-27.
- ^ Nicole Forsgren; Gene Kim; Nigel Kersten; Jez Humble (2014). "2014 State of DevOps Report" (PDF). Puppet Labs, IT Revolution Press and ThoughtWorks. Retrieved 2024-04-24.
- ^ "2015 State of DevOps Report" (PDF). Puppet Labs, Pwc, IT Revolution Press. 2015. Retrieved 2024-04-24.
- ^ "More Agile Testing" (PDF). October 2014. Retrieved 2019-05-06.
- ISBN 9780133749571. Retrieved 2019-05-06.
- ^ Turner, Graham (20 November 2023). "Report: Software Engineers Face Backlash for Reporting Wrongdoing". DIGIT. Retrieved 5 January 2024.
- ^ Saran, Cliff. "Software engineers worry about speaking out - Computer Weekly". ComputerWeekly.com. Retrieved 5 January 2024.
- ^ "75% of software engineers faced retaliation the last time they reported wrongdoing - ETHRWorldSEA". ETHRWorld.com.
- ^ Cummins, Holly. "Holly Cummins on X". X.com. Retrieved 5 January 2024.
- ^ DeBellis, Derek; Lewis, Amanda; Villalba, Daniella; Farley, Dave. "2023 State of DevOps Report". Google Cloud DevOps Research and Assessment. Retrieved 2024-04-24.
- ^ DeBellis, Derek; Harvey, Nathan. "2023 State of DevOps Report: Culture is everything". Google Cloud Blog. Retrieved 2024-04-24.
- ^ ISBN 978-1942788331.
- ^ "DORA Accelerate State of DevOps 2021". DevOps Research and Assessment (2021). 2021.
- S2CID 236606284.
- ^ "The History and Evolution of DevOps | Tom Geraghty". 5 July 2020. Retrieved 2020-11-29.
- ^ "Principles behind the Agile Manifesto". agilemanifesto.org. Retrieved 2020-12-06.
- ISBN 978-3-030-00760-7.
- ISBN 978-0-321-60191-9.
- S2CID 1241241.
- ISBN 9781788296243.
- ISBN 978-1-4919-2909-4.
- ^ Dave Harrison (9 Oct 2018). "Interview with Betsy Beyer, Stephen Thorne of Google". Retrieved 24 July 2024.
- ^ Analyzing the DNA of DevOps, Brent Aaron Reed, Willy Schaub, 2018-11-14.
- ^ Gene Kim; Patrick Debois; John Willis; Jezz Humble (2016). The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizations.
- ^ "OWASP TOP10". Archived from the original on June 8, 2023. Retrieved June 8, 2023.
- ISBN 978-1781335024.
- ^ Emerging Technology Analysis: DevOps a Culture Shift, Not a Technology (Report). Gartner.
- ^ Loukides, Mike (7 June 2012). "What is DevOps?". O'Reilly Media.
- ^ "Gartner IT Glossary – devops". Gartner. Retrieved 30 October 2015.
- S2CID 515140.
- ^ Mandi Walls (25 September 2015). "Building a DevOps culture". O'Reilly.
- ISBN 978-1-4799-3412-6.
- SSRN 3798877.
- ^ Morisio, Maurizio (16 April 2021). DevOps: development of a toolchain in the banking domain. Politecnico di Torino (laurea thesis). Retrieved 16 August 2021.
- ^ "What is GitOps?". www.redhat.com. Retrieved 2023-03-30.
- ISBN 978-1617295423.
- ISBN 9781638350378.
- ISBN 9780321670229.
Further reading
- Davis, Jennifer; Daniels, Ryn (2016-05-30). Effective DevOps : building a culture of collaboration, affinity, and tooling at scale. Sebastopol, CA: O'Reilly. OCLC 951434424.
- Kim, Gene; Debois, Patrick; Willis, John; Humble, Jez; Allspaw, John (2015-10-07). The DevOps handbook : how to create world-class agility, reliability, and security in technology organizations (First ed.). Portland, OR. )
- Forsgren, Nicole; Humble, Jez; Kim, Gene (27 March 2018). Accelerate: The Science of Lean Software and DevOps: Building and Scaling High Performing Technology Organizations (First ed.). IT Revolution Press. ISBN 9781942788331.