search menu icon-carat-right cmu-wordmark

Subject: DevOps

Establishing the Pre-assessment DevOps Posture of an SDLC in a Highly Regulated Environment: Third in a Series

Establishing the Pre-assessment DevOps Posture of an SDLC in a Highly Regulated Environment: Third in a Series

• DevOps Blog
Jose Morales

This third installment in our blog series on implementing DevOps in highly regulated environments (HREs), which is based upon a recently published paper, discusses the second step in a DevOps assessment: establishing the pre-assessment DevOps posture of an HRE. (Read the first and second post in the series.) The posture is the current DevOps implementation, if any, in an HRE's software development lifecycle (SDLC). Recall that the ultimate goal of the DevOps assessment is to...

Read More
Expectations for Implementing DevOps in a Highly Regulated Environment: Second in a Series

Expectations for Implementing DevOps in a Highly Regulated Environment: Second in a Series

• DevOps Blog
Jose Morales

This second installment in the blog post series on implementing DevOps in highly regulated environments (HREs), which is excerpted from a recently published paper, discusses the first step in a DevOps assessment: setting expectations with the organization. This step is a critical task in an assessment because it sets the boundaries of what will be performed and delivered....

Read More
Challenges to Implementing DevOps in Highly Regulated Environments: First in a Series

Challenges to Implementing DevOps in Highly Regulated Environments: First in a Series

• DevOps Blog
Jose Morales

In academia, government, and industry, DevOps has become a standard, straightforward option for streamlining efforts and increasing comprehensive participation by all stakeholders in the software development lifecycle (SDLC). In highly regulated environments (HREs) within these three sectors, however, applying DevOps can prove challenging. HREs are mandated by policies for various reasons, the most often being general security and protection of intellectual property thus making the sharing and open access principles of DevOps that much harder...

Read More
Deploying the CERT Microcosm DevSecOps Pipeline using Docker-Compose and Kubernetes

Deploying the CERT Microcosm DevSecOps Pipeline using Docker-Compose and Kubernetes

• DevOps Blog
Shane Ficorilli

According to DevSecOps: Early, Everywhere, at Scale, a survey published by Sonatype, "Mature DevOps organizations are able to perform automated security analysis on each phase (design, develop, test) more often than non-DevOps organizations." Since DevOps enables strong collaboration and automation of the process and enforces traceability, mature DevOps organizations are more likely to perform automated security analysis than non DevOps organizations. My previous blog post, Microcosm: A Secure DevOps Pipeline as Code, helped address the...

Read More
Improving Data Analysis with DevOps

Improving Data Analysis with DevOps

• DevOps Blog
Kiriakos Kontostathis

Data analysis is complex and, at times, overwhelming. Automation increases an analysis team's ability to continuously improve their process. Specifically, the automation of software is the best way to manage all of the iteration and repetition that proper data analysis requires. DevOps is the perfect fit when planning a project that requires software, automation, and collaboration. In particular, DevOps improves all aspects of the data analysis process and allows teams to automate all software-based aspects...

Read More
Improving Security and Stability by Using DevOps Strategies

Improving Security and Stability by Using DevOps Strategies

• DevOps Blog
Douglas Reynolds

When it comes to information technology services that are customer facing, traditional enterprise organizations tend to favor stability over change. According to a Netcraft survey from March of last year, there were 185 million web sites hosted by Windows 2003, an operating system that has been out of support since July 2015 . Many of these servers are still running because of the "if it isn't broken, don't fix it" motto. While reducing software and...

Read More
Collecting Data, The DevOps Way

Collecting Data, The DevOps Way

• DevOps Blog
Kiriakos Kontostathis

Data collection and storage are a large component of almost all software projects. Even though most software projects include a data component, this topic is rarely discussed in the DevOps community. The adoption rate of database continuous delivery (CD) is about half the rate of application CD. There are several reasons for this, but the primary one is that databases rarely change as often as applications do. There may be a few model changes, but...

Read More
Incremental Security Hardening the DevOps Way

Incremental Security Hardening the DevOps Way

• DevOps Blog
Aaron Volkmann

The art of security hardening is growing in demand. Modern system architectures and orchestration techniques that leverage virtualization, cloud providers, containers, and microservices enable an explosion of the number of hosts that comprise a system and in turn yield an increase of the attack surface area. This post provides insights on how to execute a security hardening strategy with a DevOps mindset....

Read More
Microcosm: A Secure DevOps Pipeline as Code

Microcosm: A Secure DevOps Pipeline as Code

• DevOps Blog
Shane Ficorilli

You've heard the hype and read dozens of blog posts on DevOps, and your organization has decided to make this cultural shift in hopes of taking advantage of automation and the benefits of the Agile methodologies. Making this shift as an engineering team, however, can often be cumbersome because many tech professionals are still unfamiliar with the technologies required to implement a complete DevOps pipeline, let alone one that includes security automation as well. In...

Read More
Six Remedies to Employee Resistance to DevOps

Six Remedies to Employee Resistance to DevOps

• DevOps Blog
Hasan Yasar

Problem: When implementing DevOps, experts typically focus on process and tooling, but little emphasis is given to the psychological and social aspects of team members, which can pose encumbrances to DevOps adoption in production software houses. Training development staff on DevOps tools and processes is costly, so a significant risk occurs when training fails to produce full adoption by development teams. At the end of the day, people will adopt the tools and processes, but...

Read More
Information Visualization as a DevOps Monitoring Tool

Information Visualization as a DevOps Monitoring Tool

• DevOps Blog
Luiz Antunes

From the dawn of humanity, people have been trying to represent knowledge visually to communicate ideas to their peers. Yet we still struggle to this day whenever we need to present information in a way that is both simple and effective. In this blog post, the first in a series on Information Visualization in DevOps, I explore how visual graphics can assist in the DevOps process....

Read More
Spreading Security with Overcommit

Spreading Security with Overcommit

• DevOps Blog
Kiriakos Kontostathis

We often discuss how important it is to incorporate security into all parts of the DevOps software development lifecycle (SDLC). For example, my post Security...Security Everywhere discusses what types of security can be incorporated into the different phases of the SDLC. However, incorporating security is often hard, due to part to the fact that most automated security testing tools are only available in a couple of places in the SDLC, primarily the continuous integration (CI)...

Read More
The Secure

The Secure "Hello World"

• DevOps Blog
Aaron Volkmann

Software development project stakeholders can often be tempted to put security requirements on the back burner when developing software systems. During one particular large-scale software development project I was involved with, which was a distributed system consisting of many components communicating over the network, runtime performance was the most important quality attribute. The engineers brilliantly invented their own lightweight protocol to maximize runtime performance. Once the system was to be transitioned into production operations, it...

Read More
Fabric, Ansible, Gauntlt, and Chaos Monkey: The Top DevOps Posts of 2016

Fabric, Ansible, Gauntlt, and Chaos Monkey: The Top DevOps Posts of 2016

• DevOps Blog
Hasan Yasar

Awareness and adoption of DevOps continues to grow. A 2016 DevOps trends report found that DevOps adoption increased from 66 percent in 2015 to 74 percent in 2016 In 2016, visitors to the SEI DevOps Blog were drawn to posts highlighting successful DevOps implementations at Amazon and Netflix, as well as tutorials on Fabric, Ansible, and Docker. This post presents in descending order (with number one at the bottom being the most popular) the five...

Read More
An Introduction to Secure DevOps: Including Security in the Software Lifecycle

An Introduction to Secure DevOps: Including Security in the Software Lifecycle

• DevOps Blog
Hasan Yasar

The term "software security" often evokes negative feelings among software developers because it is associated with additional programming effort, uncertainty, and road blocks on fast development and release cycle. To secure software, developers must follow numerous guidelines that, while intended to satisfy some regulation or other, can be very restrictive and hard to understand. As a result, a lot of fear, uncertainty, and doubt can surround software security. This blog post, the first in a...

Read More
Vagrant Box Wrangling

Vagrant Box Wrangling

• DevOps Blog
Tim Palko

So, you're using Vagrant, and maybe you've even read my earlier post on it, but your Vagrant box doesn't have everything you need. Or maybe it has too much, and you need something simpler. For instance, do you find yourself installing or removing packages or fixing packages to specific versions to get parity with your production platform? Or maybe you need more extensive auditing over your environment, such as when you (or your customer) can't...

Read More
Three Strategies to Minimize the Implementation Dip in DevOps

Three Strategies to Minimize the Implementation Dip in DevOps

• DevOps Blog
Todd Waits

Change is hard. When we help teams adopt DevOps processes or more general Agile methodologies, we often encounter initial resistance. When people learn a new tool or process, productivity and enthusiasm consistently dip, which is known as the "implementation dip." This dip should not be feared, however, but embraced. In his book Leading in a Culture of Change, Michael Fullan defines the implementation dip as "a dip in performance and confidence as one encounters an...

Read More
Whitebox Monitoring with Prometheus

Whitebox Monitoring with Prometheus

• DevOps Blog
Joe Yankel

In the ever-changing world of DevOps, where micro-services and distributed architectures are becoming the norm, the need to understand application internal state is growing rapidly. Whitebox monitoring gives you details about the internal state of your application, such as the total number of HTTP requests on your web server or the number of errors logged. In contrast, blackbox testing (e.g., Nagios) allows you to check a system or application (e.g., checking disk space, or pinging...

Read More
Fabric, Ansible, Gauntlt, and Chaos Monkey: The Top 10 DevOps Posts of (The First Six Months) of 2016

Fabric, Ansible, Gauntlt, and Chaos Monkey: The Top 10 DevOps Posts of (The First Six Months) of 2016

• DevOps Blog
Hasan Yasar

It has been nearly a year since the DevOps blog launched its own platform. In the nearly 12 months since our launch, we have offered guidelines, practical advice, and tutorials to the ever-increasing number of organizations adopting DevOps (up 26 percent since 2011). In the first six months of 2016, an increasing number of blog visitors were drawn to posts highlighting successful DevOps implementations at Amazon and Netflix as well as tutorials on new technologies...

Read More
Security...Security Everywhere

Security...Security Everywhere

• DevOps Blog
Kiriakos Kontostathis

In this DevOps revolution, we are trying to make everything continuous: continuous integration, continuous deployment, continuous monitoring--the list goes on. One term you rarely hear, however, is continuous security, because it is often seen as an afterthought when building and implementing a delivery pipeline. The pipeline I will be discussing has six components: plan, code, build, test, release, and operate. There is also a seventh, less-formal component, which is the iterative nature of the delivery...

Read More
Backing From the Cliff's Edge: Minimizing Risk With DevOps

Backing From the Cliff's Edge: Minimizing Risk With DevOps

• DevOps Blog
Aaron Volkmann

DevOps practices can increase the validity of software tests and decrease risk in deploying software changes to production environments. Anytime a software change is deployed to production, there is a risk that the change will break and lead to a service outage. This risk is minimized through rigorous testing of the software in a separate test environment where the change can be safely vetted without affecting normal business operations. Problems can arise, however, when these...

Read More
From Vagrant to Victory

From Vagrant to Victory

• DevOps Blog
Tim Palko

A few years ago, my team took the task of designing and writing a new (and fairly large) web application project that required us to work collaboratively on features, deploy to unfamiliar environments, and work with other teams to complete those deployments. Does this sound like DevOps yet? Our task was to make these deployments happen with limited resources; however, we didn't want to sacrifice environment parity or automation, knowing that these would help our...

Read More
Will continuous integration improve the security of my application?

Will continuous integration improve the security of my application?

• DevOps Blog
Joe Yankel

I am often asked how to help DevOps organizations improve their software and system security by integrating security testing into their new and expanding continuous integration (CI) environment. The first thing I say is, "It is great that you are treating security testing as important a task as other software tests." Security testing is often overlooked or simply manually done at the end of a software release cycle, if at all. When I ask them,...

Read More
Malicious User Stories, Rejection Criteria, and the New Business Value

Malicious User Stories, Rejection Criteria, and the New Business Value

• DevOps Blog
Todd Waits

Traditionally, DevOps practitioners think of business value as simply measuring the difference between money earned and money spent. In that line of thinking, security is often relegated to a secondary goal because it fails to directly drive revenue. The misguided goal is to deliver functionality at all costs, even if it compromises the integrity of the system or data. As Rob Joyce, head of the National Security Agency's Tailored Access Operations group, mentions in his...

Read More
Adding Security to Your DevOps Pipeline

Adding Security to Your DevOps Pipeline

• DevOps Blog
Kiriakos Kontostathis

DevOps practitioners often omit security testing when building their DevOps pipelines because security is often linked with slow-moving business units and outdated policies. These characteristics conflict with the overall goal of DevOps, which is to improve the software delivery process. However, security plays an important role in the software development lifecycle and must be addressed in all applications. Incorporating security into different stages of the DevOps pipeline will not only start to automate security, but...

Read More
Fabric, Ansible, Docker, and Chaos Monkey: The Top 10 DevOps Posts of 2015

Fabric, Ansible, Docker, and Chaos Monkey: The Top 10 DevOps Posts of 2015

• DevOps Blog
Hasan Yasar

By Hasan Yasar Technical Manager Cyber Engineering Solutions Group In August 2015, the DevOps blog launched its own platform. The blog offers guidelines, practical advice, and tutorials to the ever-increasing number of organizations adopting DevOps (up 26 percent since 2011). According to recent research, those organizations ship code 30 times faster. Despite the obvious benefits of DevOps, many organizations hesitate to embrace it, which requires a shifting mindset--and cultural and technical requirements--that prove challenging in...

Read More
Monitoring in the DevOps Pipeline

Monitoring in the DevOps Pipeline

• DevOps Blog
Tim Palko

By Tim PalkoSenior Member of the Technical StaffCERT Cyber Security Solutions Directorate In the realm of DevOps, automation often takes the spotlight, but nothing is more ubiquitous than the monitoring. There is value to increased awareness during each stage of the delivery pipeline. However, perhaps more than any other aspect of DevOps, the act of monitoring raises the question, "Yes, but what do we monitor?" There are numerous aspects of a project you may want...

Read More
Integrating Your Development and Application Security Pipelines Through DevOps

Integrating Your Development and Application Security Pipelines Through DevOps

• DevOps Blog
Aaron Volkmann

By Aaron Volkmann Senior Research Engineer CERT Division The DevOps philosophy prescribes an increase in communication and collaboration between software development and operations teams to realize better outcomes in software development and delivery endeavors. In addition to bringing development and operations closer together, information security teams should be similarly integrated into DevOps-practicing teams. An automated way of performing complete software security assessments during continuous integration (CI) and continuous delivery (CD) does not exist yet, but...

Read More
Developing with Otto: A First Look

Developing with Otto: A First Look

• DevOps Blog
Aaron Volkmann

By Aaron Volkmann Senior Research Engineer CERT Division You will be hard pressed to find a DevOps software development shop that doesn't employ Vagrant to provision their local software development environments during their development phase. In this blog post, I introduce a tool called Otto, by Hashicorp, the makers of Vagrant....

Read More
Applying DevOps Principles in Incident Response

Applying DevOps Principles in Incident Response

• DevOps Blog
Todd Waits

By Todd WaitsProject Lead CERT Division DevOps principles focus on helping teams and organizations deliver business value as quickly and consistently as possible. While the principles advocate for improving the coordination between development and operational teams, they can be adapted for any number of domains. The key components of DevOps we want to emulate across other domains are: collaboration between project team roles infrastructure as code automation of tasks, processes, and workflows monitoring of applications...

Read More
 A DevOps a Day Keeps the Auditors Away (and Helps Organizations Stay in Compliance with Federal Regulations such as Sarbanes-Oxley)

A DevOps a Day Keeps the Auditors Away (and Helps Organizations Stay in Compliance with Federal Regulations such as Sarbanes-Oxley)

• DevOps Blog
Aaron Volkmann

Aaron VolkmannSenior Research EngineerCERT DivisionIn response to several corporate scandals, such as Enron, Worldcom, and Tyco, in the early 2000s congress enacted the Sarbanes-Oxley (SOX) act. The SOX act requires publicly traded companies to maintain a series of internal controls to assure their financial information is being reported properly to investors. In an IT organization, one of the main tenets of SOX compliance is making sure no single employee can unilaterally deploy a software code...

Read More
DevOps for Contractors

DevOps for Contractors

• DevOps Blog
Tim Palko

The challenges of DevOps--a cultural change, learning new technologies, and making a big-picture impact for a software project team--are possibly even more challenging in contract work. In this blog post, I'll expand on some of my past experiences as a contract software developer and discuss, in retrospect, how DevOps could have worked in different scenarios....

Read More
Three Challenges to Documentation for DevOps Teams

Three Challenges to Documentation for DevOps Teams

• DevOps Blog
Todd Waits

Formal documentation (such as source code documentation, system requirements and design documentation, or documentation for various user types) is often completely ignored by development teams; applying DevOps processes and philosophies to documentation can help alleviate this problem. Software documentation tends to fall into several categories: code, requirement, design, system, and user documentation. One reason documentation is often ignored is that standard documentation tools and processes create an obstacle for development teams since the tools and...

Read More
Devops Q&A: Frequently Asked Questions

Devops Q&A: Frequently Asked Questions

• DevOps Blog
Joe Yankel

Since beginning our DevOps blog in November, and participating in webinars and conferences, we have received many questions that span the various facets of DevOps, including change management, security, and methodologies. This post will address some of the most frequently asked questions....

Read More
Fabric, Ansible, Docker, and Chaos Monkey: The DevOps Mid-Year Review

Fabric, Ansible, Docker, and Chaos Monkey: The DevOps Mid-Year Review

• DevOps Blog
Hasan Yasar

In late 2014, the SEI blog introduced a biweekly series of blog posts offering guidelines, practical advice, and tutorials for organizations seeking to adopt DevOps. These posts are aimed at the ever-increasing number of organizations adopting DevOps (up 26 percent since 2011). According to recent research, those organizations ship code 30 times faster. Despite the obvious benefits of DevOps, many organizations hesitate to embrace DevOps, which requires a shifting mindset and cultural and technical requirements...

Read More
Container Security in DevOps

Container Security in DevOps

• DevOps Blog
Chris Taschner

Container-based virtualization platforms provide a means to run multiple applications in separate instances. Container technologies can provide significant benefits to DevOps, including increased scalability, resource efficiency, and resiliency. Unless containers are decoupled from the host system, however, there will be the potential for security problems. Until that decoupling happens, this blog posting describes why administrators should keep a close eye on the privilege levels given to applications running within the containers and to users accessing...

Read More
The Benefits of High Frequency Testing

The Benefits of High Frequency Testing

• DevOps Blog
Todd Waits

At a recent workshop we hosted, a participant asked why the release frequency was so high in a DevOps environment. When working with significant legacy applications, release may be a once-in-a-year type event, and the prospect of releasing more frequently sends the engineering teams running for the hills. More frequent releases are made possible by properly implementing risk mitigation processes, including automated testing and deployment. With these processes in place, all stakeholders can be confident...

Read More
The Missing Metrics of DevOps

The Missing Metrics of DevOps

• DevOps Blog
Tim Palko

This post is the latest installment in a series aimed at helping organizations adopt DevOps.Some say that DevOps is a method; others say it is a movement, a philosophy, or even a strategy. There are many ways to define DevOps, but everybody agrees on its basic goal: to bring together development and operations to reduce risk, liability, and time-to-market, while increasing operational awareness. Long before DevOps was a word, though, its growth could be tracked...

Read More
DevOps in Government: Where To Start?

DevOps in Government: Where To Start?

• DevOps Blog
Hasan Yasar

The federal government continues to search for better ways to leverage the latest technology trends and increase efficiency of developing and acquiring new products or obtaining services under constrained budgets. DevOps is gaining more traction in many federal organizations, such as U.S. Citizenship and Immigration Services (USCIS), the Environmental Protection Agency (EPA), and the General Services Administration (GSA). These and other government agencies face challenges, however, when implementing DevOps with Agile methods and employing DevOps...

Read More
DevOps Case Study: Netflix and the Chaos Monkey

DevOps Case Study: Netflix and the Chaos Monkey

• DevOps Blog
C. Aaron Cois

DevOps can be succinctly defined as a mindset of molding your process and organizational structures to promote business value software quality attributes most important to your organization continuous improvement As I have discussed in previous posts on DevOps at Amazon and software quality in DevOps, while DevOps is often approached through practices such as Agile development, automation, and continuous delivery, the spirit of DevOps can be applied in many ways. In this blog post, I...

Read More
DevOps Technologies: Gauntlt

DevOps Technologies: Gauntlt

• DevOps Blog
Chris Taschner

This post is the latest installment in a series aimed at helping organizations adopt DevOps. Tools used in DevOps environments such as continuous integration and continuous deployment speed up the process of pushing code to production. Often this means continuous deployment cycles that could result in multiple deployments per day. Traditional security testing, which often requires manually running multiple tests in different tools, does not keep pace with this rapid schedule. This blog post introduces...

Read More
Continuous Integration in DevOps

Continuous Integration in DevOps

• DevOps Blog
C. Aaron Cois

When Agile software development models were first envisioned, a core tenet was to iterate more quickly on software changes and determine the correct path via exploration--essentially, striving to "fail fast" and iterate to correctness as a fundamental project goal. The reason for this process was a belief that developers lacked the necessary information to correctly define long-term project requirements at the onset of a project, due to an inadequate understanding of the customer and an...

Read More
Build DevOps Tough!

Build DevOps Tough!

• DevOps Blog
Chris Taschner

"Software security" often evokes negative feelings among software developers since this term is associated with additional programming effort and uncertainty. To secure software, developers must follow a lot of guidelines that, while intended to satisfy some regulation or other, can be very restricting and hard to understand. As a result a lot of fear, uncertainty, and doubt can surround software security. This blog posting describes how the Rugged Software movement attempts to combat the toxic...

Read More
DevOps Technologies: Fabric or Ansible

DevOps Technologies: Fabric or Ansible

• DevOps Blog
Tim Palko

The workflow of deploying code is almost as old as code itself. There are many use cases associated with the deployment process, including evaluating resource requirements, designing a production system, provisioning and configuring production servers, and pushing code to name a few. In this blog post I focus on a use case for configuring a remote server with the packages and software necessary to execute your code....

Read More
Addressing the Detrimental Effects of Context Switching with DevOps

Addressing the Detrimental Effects of Context Switching with DevOps

• DevOps Blog
Todd Waits

In a computing system, a context switch occurs when an operating system stores the state of an application thread before stopping the thread and restoring the state of a different (previously stopped) thread so its execution can resume. The overhead incurred by a context switch managing the process of storing and restoring state negatively impacts operating system and application performance. This blog post describes how DevOps ameliorates the negative impacts that "context switching" between projects...

Read More
Can't Buy Me DevOps

Can't Buy Me DevOps

• DevOps Blog
Aaron Volkmann

The DevOps movement is clearly taking the IT world by storm. Technical feats, such as continuous integration (CI), comprehensive automated testing, and continuous delivery (CD) that at one time could only be mastered by hip, trendy startups incapable of failure, are now being successfully performed by traditional enterprises who have a long history of IT operations and are still relying on legacy technologies (the former type of enterprises are known in the DevOps community as...

Read More
DevOps Networking Solutions

DevOps Networking Solutions

• DevOps Blog
Aaron Volkmann

When building and delivering software, DevOps practices, such as automated testing, continuous integration, and continuous delivery, allow organizations to move more quickly by speeding the delivery of quality software features, that increase business value. Infrastructure automation tools, such as Chef, Puppet, and Ansible, allow the application of these practices to compute nodes through server provisioning using software scripts. These scripts are first-class software artifacts that benefit from source code version control, automated testing, continuous integration,...

Read More
ChatOps in the DevOps Team

ChatOps in the DevOps Team

• DevOps Blog
Todd Waits

In the post What is DevOps?, we define one of the benefits of DevOps as "collaboration between project team roles." Conversations between team members and the platform on which communication occurs can have a profound impact on that collaboration. Poor or unused communication tools lead to miscommunication, redundant efforts, or faulty implementations. On the other hand, communication tools integrated with the development and operational infrastructures can speed up the delivery of business value to the...

Read More
Continuous Integration in DevOps

Continuous Integration in DevOps

• DevOps Blog
C. Aaron Cois

When Agile software development models were first envisioned, a core tenet was to iterate more quickly on software changes and determine the correct path via exploration--essentially, striving to "fail fast" and iterate to correctness as a fundamental project goal. The reason for this process was a belief that developers lacked the necessary information to correctly define long-term project requirements at the onset of a project, due to an inadequate understanding of the customer and an...

Read More
Development with Docker

Development with Docker

• DevOps Blog
Joe Yankel

In our last post, DevOps and Docker, I introduced Docker as a tool to develop and deploy software applications in a controlled, isolated, flexible, and highly portable infrastructure. In this post, I am going to show you how easy it is to get started with Docker. I will dive in and demonstrate how to use Docker containers in a common software development environment by launching a database container (MongoDB), a web service container (a Python...

Read More
DevOps and Docker

DevOps and Docker

• DevOps Blog
Joe Yankel

Docker is quite the buzz in the DevOps community these days, and for good reason. Docker containers provide the tools to develop and deploy software applications in a controlled, isolated, flexible, highly portable infrastructure. Docker offers substantial benefits to scalability, resource efficiency, and resiliency, as we'll demonstrate in this posting and upcoming postings in the DevOps blog....

Read More
DevOps and Your Organization: Where to Begin

DevOps and Your Organization: Where to Begin

• DevOps Blog
C. Aaron Cois

On the surface, DevOps sounds great. Automation, collaboration, efficiency--all things you want for your team and organization. But where do you begin? DevOps promises high return on investment in exchange for a significant shift in culture, process, and technology. Substantially changing any one of those things in an established organization can feel like a superhuman feat. So, how can you start your organization on the path to DevOps without compromising your existing business goals and...

Read More
DevOps Technologies: Vagrant

DevOps Technologies: Vagrant

• DevOps Blog
Tim Palko

Environment parity is the ideal state where the various environments in which code is executed behave equivalently. The lack of environment parity is one of the more frustrating and tenacious aspects of software development. Deployments and development both fall victim to this pitfall too often, reducing stability, predictability, and productivity. When parity is not achieved, environments behave differently, which makes troubleshooting hard and can make collaboration seem impossible. This lack of parity is a burden...

Read More
An Introduction to DevOps

An Introduction to DevOps

• DevOps Blog
C. Aaron Cois

At Flickr, the video- and photo-sharing website, the live software platform is updated at least 10 times a day. Flickr accomplishes this through an automated testing cycle that includes comprehensive unit testing and integration testing at all levels of the software stack in a realistic staging environment. If the code passes, it is then tagged, released, built, and pushed into production....

Read More