DevOps Readiness Assessment For Enterprise Applications
DevOps Readiness Assessment for Enterprise Applications
DevOps aims at unifying software development and software operation. DevOps emphasizes people and culture to improve collaboration between development and operations groups. DevOps is not:
The goals of DevOps are to make improvements across all components in the product and service delivery. They include:
DevOps implementation utilizes technology, especially automation tools, and a big part of automation is continuous integration and delivery. With this automation, we can go from concept to production very quickly, but only with proper architecture
The below questionnaire helps us gather information around application architecture assessment parameters done for the preparation of DevOps Deployment Planning Services engagement. The questions outlined below will provide us with a general picture on application architecture, and also highlight areas that may need more attention.
Technical Debt
1. Is Architecture decisions have been done: ex: ATAM, Build vs Buy
2. Is Identification of Reusable components in place
3. Is architecture addresses all the NFR’s realization
4. Is architecture addresses all the critical functional realization
5. Is architecture covers all the views: Business, application, data, technology, security, integration
6. Is Standard guidelines for the usage of tools and technologies are defined
7. Is technical debt (lack of unit tests, legacy code, etc.) identified and a system to reduce it in place?
8. Systems are architected with continuous deployment in mind, supporting patterns such as dark launching to decouple deployment from release
9. What is the system for managing database changes? How are database changes linked to application changes?
10. What is the current branching/code isolation practice? Is it understood and enforced? How is merging managed? Do defects arise as a result of integration?
Code Base
1. What is the Version control tool used for the code base
2. Are code reviews performed? Required? How is the code review process managed
3. Is tracking of the code up to date
4. Is code base sits on Central Repository
5. Is repository accessible to entire team
6. This is most commonly handled using tools like GIT, SVN or any other tool as per current assignment standards
Dependencies
1. Is Identification of the dependencies that application rely to run is done.
2. What level of dependencies are identified: Inter module, version, third party or any other.
3. Is all dependencies are controllable and managed to minimum
Configuration
1. Are application and infrastructure configurations externalized from the applications
2. Is application design done in a more configurable way that gives flexibility to change the runtime behavior?
3. Is defined application frameworks are capable of refresh configuration without application downtime?
4. Is configurable items are hardcoded, ex: credentials, API keys in code level.
5. Is pre-defined files or environment level are set up, such that code can read from there in tern that to prevent application being in risk from production data leaks and production errors.
Backing Services
1. Is application design handles backing services, such that update should occur without any code changes.
2. Is storing backing service details in configuration files is done
Build, Release & Run
1. What is the current build process? Is continuous integration used? What technology is in place to manage builds?
2. Is build and deployment are treated as two different stages from each other
3. What steps are adopted in build deployment process?
a. ex: define steps to follow in tagging build, moving build into pre-prod and prod environment.
4. How often are releases, both major and minor, deployed to the various environments?
5. How are database changes built and deployed?
6. What type of automation tools are used in build process?
7. A tool like Jenkins, Bamboo can be used to automate your release process.
8. How are the current deployment environments configured? How closely do the testing and staging environments mimic the production environment?
Processes
1. Is data stored outside the running code?
a. Always it is recommended storing data outside of running code in order to prevent operational headaches and debugging nightmares.
Port Binding
1. Is export services is done via port binding?
Concurrency
1. Is there any process model used to scale out application
a. Each process should be able to scale, restart, or clone itself when needed. This approach will improve the sustainability and scalability of application as a whole.
Disposability
1. Is applications design covers fast startup and graceful shutdown.
2. To ensure startup and shutdown process remain seamless, use of tried and true services that are optimized for speed and performance. Databases and cache like RabbitMQ etc.
Dev, Prod Parity
1. How are deployments to testing, staging and production managed? Is there an automated framework in place to manage deployments?
2. What type of environments are used for Development, pre-production and production
a. Development, pre-production and production environments are as similar as possible.
b. Is infrastructure stack, config management processes, software and runtime versions and deployment tools are the same everywhere. With this approach, fewer bugs find their way into production.
3. What mechanisms are in place to monitor and alert on production systems? How are the metrics Mean Time to Detect (MTTD) and Mean Time to Recovery (MTTR) measured and recorded?
4. What mechanisms are in place to monitor and alert on production systems? How are the metrics Mean Time to Detect (MTTD) and Mean Time to Recovery (MTTR) measured and recorded?
5. What is the current disaster recovery plan? Does the plan account for all development and production environments?
6. How is capacity measured? Is there a system in place to automatically adjust resources to handle additional demand?
Logs
1. Are there any control mechanisms for access of logs
2. Is Standard Logging Mechanism for the application logging defined.
a. Logs are continuous stream that is captured and stored by a separate service. Application can try with industry standard logging mechanism that come with less application performance impact with logging
Recommended by LinkedIn
Admin Processes
1. Is admin job run as a process
2. What activities are performed using admin process
a. data collection jobs that are used to gather key information about application. This information will be needed to assess the state of production environment
Cloud Computing
1. What is your policy for using the public cloud?
2. Is the application infrastructure self-service
3. Is the infrastructure elastic
4. Are any platform PaaS services in use?
5. Which PaaS are in use
6. When a dev team wants more infrastructure, what do they do?
7. When a dev team wants to update a release, what do they do?
8. Is the decisions about application hosting is done?
IDM & Security
1. Is your source repository, artifact repositories configured with an IDM
2. Are access policies defined for source code
3. What is your policy towards security of your source code
4. How granular is your access control to artifacts
Artifact Repository
1. Is there an artifact repository in place?
2. How are application dependencies and artifact versioning handled during build lifecycle
3. Any dependency visualizations tools integrated into the pipeline
4. How do you compare multiple built artifacts
Data Security and Governance
1. How do you secure your production Data
2. Are your developers allowed to view production data
3. Data sensitivity issues
Backup and Archival
1. How are accidental / deliberate deletions to source code and artifacts handled
2. Do you have any backup and archival solutions in place
3. What is your application retirement strategy
DevOps Portal, Workflows and lifecycle Management
1. Do you have any portals to monitor application lifecycle states
2. Are all the processes defined and documented in the portal
3. Dashboards for applications
4. How robust is artifacts tracking workflow
5. Is your Portal thoroughly integrated with your build and deploy lifecycle systems
Integration between Dev & Ops
1. How is a traceability achieved from a requirement to productionizing the requirement
2. How is a bug traced to a feature to a fix
3. How is change request traced
4. Is RCA integrated into the DevOps lifecycle
Rollback Automation
1. How is deployment failure in production handled
2. Is downgrading a feature / application automated
3. Upgrade and downgrade testing is done part of your automation
Test Automation
1. Are the test automation framework integrated with the continuous integration systems
2. Are there any standard test automation frameworks used
3. Is unit, component, integration and application testing automated
4. How is a feature, bug or CR accepted for production – gating criteria
5. How many test suites are present for each application
6. What categories of test suites – load, performance, security, scalability, availability
Infrastructure
1. Is infrastructure provisioning automated?
2. Is there a way to track the resource consumption
Application Retirement
1. Is there a policy defined to retire an application
2. What happens to the source code of a decommissioned application
3. What is the organizational data retention policy
Database as Code
1. Are databases changes part of DevOps lifecycle
2. How is database schema changes rolled into production
3. What kind of policies and processes are in place for changes to the database
Tracing Frameworks
1. Is any tracing frameworks used to build applications
Messaging and Monitoring Systems Integration
1. How are the developers alerted regarding failures
2. Is messaging systems integrated with build systems
Development Environments
1. Is Dev Environment provisioning automated
2. How is the DevOps tool chain integrated into the Development environment
Success of DevOps depends on the following factors
