This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2021-10-06
Channels
- # ask-the-speaker-track-1 (249)
- # ask-the-speaker-track-2 (114)
- # ask-the-speaker-track-3 (244)
- # ask-the-speaker-track-4 (175)
- # bof-leadership-culture-learning (6)
- # bof-project-to-product (10)
- # bof-sec-audit-compliance-grc (2)
- # demos (9)
- # discussion-main (1290)
- # faq (6)
- # games (20)
- # games-self-tracker (1)
- # gather (22)
- # happy-hour (52)
- # help (44)
- # hiring (19)
- # lean-coffee (12)
- # networking (3)
- # summit-info (122)
- # xpo-adaptavist (7)
- # xpo-anchore-devsecops (9)
- # xpo-aqua-security-k8s (2)
- # xpo-basis-technologies (2)
- # xpo-blameless (2)
- # xpo-bmc-ami-devops (2)
- # xpo-cloudbees (4)
- # xpo-codelogic-code-mapping (2)
- # xpo-dynatrace (1)
- # xpo-gitlab-the-one-devops-platform (1)
- # xpo-granulate-continuous-optimization (2)
- # xpo-infosys-enterprise-agile-devops (2)
- # xpo-instana (4)
- # xpo-itrevolution (3)
- # xpo-launchdarkly (11)
- # xpo-logdna (1)
- # xpo-pagerduty (8)
- # xpo-planview-tasktop (4)
- # xpo-rollbar (2)
- # xpo-servicenow (1)
- # xpo-shoreline (3)
- # xpo-snyk (4)
- # xpo-sonatype (5)
- # xpo-split (10)
- # xpo-splunk_observability (5)
- # xpo-stackhawk (4)
- # xpo-synopsys-sig (2)
- # xpo-weaveworks-the-gitops-pioneers (5)
Reminder: Day 2 is starting now โ opening remarks and then plenary talks! Join the conversation in #ask-the-speaker-plenary.
๐Welcome @michael.gillett181 for our next session's Q&A. Thank you to our Premier Sponsor #xpo-launchdarkly! ๐
If anybody is interested in reviewing @michael.gillett181 book let me know I can get you an advance copy.
How long should a feature flag exist? For the lifetime of the app? Prob depends on the feature flag. What about for experiments?
If you want to keep the feature and itโs stable, delete the flag.
It's a great question, there are two types of flags: permanent and temporary. Most flags are likely to be temporary. The flags can be used to help deliver new code safely to production, once enabled for all customers the flag can be removed. Experiments fall within the temporary use case. When I spoke about Switches they are a good use of permanent toggles as you never know when you might want the option to turn off a feature. Another use of permanent flags would be for an entitlement scenario
I have tips on how to keep on top of temporary feature flags, they can get difficult to manage both within a feature management tool and within the codebase itself. These tips cover separating flags within LaunchDarkly through to how to work with tickets on something like Jira to manage the work involved when cleaning up a flag
I was just talking to a team about this at SpaceCAMP. Iโm definitely sharing this talk with them.
We have a blog on trunk based development that may be helpful as well: https://launchdarkly.com/blog/introduction-to-trunk-based-development
Iโve never worked where I could use your product, but I like it. ๐
I will be nice to define kind of "criterias" to check how much testing do I need to each new feature
@bryan.finster486 has some nice combinatorics of the DORA basics as well as others.
This is very dependant on the feature and the type of testing required for it. Do you mean for an experiment?
Also, the amount of testing is not important since testing does not add value. You want to understand the risk of failure and use that to calibrate. Also, having the tester mindset present in early planning, it will be likely planned in a less risky way.
For experimentation it is key to understand the success metric, what is it that would prove the test valid. If you approach the solution via an hypothesis then it can help clarify what would prove whether the hypothesis was successful or not
This is great @michael.gillett181. My Service Delivery Assessment (based on the DORA metrics) gives people much higher scores when they are using Feature Flagging. Totally agree. Bravo. ๐
Thank you everyone! Let me know if you have any other questions, I can talk about this subject for a long time
๐กWelcome @anders.wallgren for our next session's Q&A. Thank you #xpo-cloudbees! ๐ก
@anders.wallgren we are rolling out RBAC this is key for simplifying Audit evidence... will be so glad when it is up and running...
Interested to hear what tools are used to generate these evidence and approval reports?
The data is automatically captured while executing our Release Orchestration capabilities.
Data can also be gathered from external sources. eg. Jira, Git, ServiceNow based on plugins and tasks performed in RO.
@mark.privette - If you have any questions or would like to see a demo of CloudBees CD/RO, just let me know.
Duration data is critical to doing trend analysis of your software delivery process.
โกWelcome @erin.jones who will be moderating for today's VendorDome Q&A between @dparzych and @rob.jahn. A big thank you to #xpo-launchdarkly and #xpo-dynatrace for battling it out :rolling_on_the_floor_laughing: in today's exciting session, Beyond the Buzzwords! โก
๐ฅFeel free to share any questions here in this channel now and @erin.jones will ask Dawn and Rob in real time!
Architecture changes (Monolith - MicroService) and feature developing at the same time, is killing us
Most of the devops discussions and practices seem to relate more directly to product based orgs. Do these discussions and practices change significantly with project based orgs (e.g., contractors delivering solutions for clients over possibly shorter timelines such as weeks or months).
Projects, by definition have an "end state" where it's "handed off" to operations
In my org, we have projects ranging from weeks to years. Some have portions of devops, some none to speak of. Some have a "hand-off" but for some the ops teams is our team. The systems on which we deploy are not often owned by us, but the client. Some cloud, some on prem. But I'm curious how those distinctions matter.
If you don't own the system I would posit that (without knowing the details of your space) that you're using the system as an operations tool, and when the tool isn't working for what you need it to do, these asks are treated as "projects" to get those features but ultimately the "need" is coming from value you're trying to provide to customers, and essentially is a product/service itself and therefore, even if not being treated as such, is a product.
that's definitely true for a couple of the "projects" I am on, which have been in place in various forms for 10+ years.
Those words have been placed on my badge picture and sent to me as the โinside jokeโ beforeโฆ
Feature Flags + RBAC has been a great trick that Iโve used over the yearsโฆ Definitely constrain experimental code to those with that RBAC authorizationโฆ
Whenever I bring up testing in production (with safety nets), I get an immediate reaction of โno, it is too riskyโ How do you get people to just try it?
Thank you @dparzych - good point about deploy vs. release
Thinking about those conversations, I think that is where the struggle is
We used to have a fun program called "First 48" after the TV show. But it meant we only rolled out to 48 accounts for testing... then grew to 200, then 2000, etc.
Feature Flag with a very well defined RBAC control group. Only those people who are in that group get the Feature Flagged capability. Donโt talk about it as โtestingโโฆ Talk about it as experimental and restricted access code.
Pitching it as limited early access to new features can work well!
Decoupling the concepts of release and deployment is so critical! It can take a lot of effort to socialize that they are separate activities, but he payoff in being able to release new features when everyone is around to support them is amazing.
we can have features deployed and tested with real users in production with feedback months before a "full launch"
Itโs a great tool if something goes wrong too! Flip the toggle, turn off the feature is much easier than re-deploy, or rollback.
โPeople with targets and jobs dependent upon meeting them will probably meet the targets - even if they have to destroy the enterprise to do it.โ - Deming
I'm embarrassed that it wasn't intentional โย I guess it was a common cause variation, @dave . (Thank you thank you, I'm here all week.)
Thereโs a good callout - tagging architecture to focus who should be notified gets botheredโฆ Always a problem.
We built out immediate (on-call) and bulk-notification (email; off-shift) for all alerts owned by all teams (600+) with two levels of notifications.
@genek Curious Question - Is DevOps principles used for the internal working of the DevOps Enterprise Summit ,as well ?
Thanks all for listening in, we did have a good time and time flys when you are having fun!
โจWelcome @tashfeen_mahmood and @dominica for our next session's Q&A. A big thank you to our sponsor#xpo-tasktop!
@mollyc the sound isn't working for me. Is it just me or same for everyone?
Started working but we missed the first few mins. Will the session be restarting
โกDon't forget: The video will be in our Video Library after the session so you can hear the first minute of the session that was muted. :star-struck:
"Change mgmt mindset was to avoid change" @tashfeen_mahmood
Interesting evolvement of change process from freeze to slush ๐
That is still my favorite story from what we have been able to accomplish... A conservative Insurance Company starts Open Enrollment in the middle of the day during a freeze
High seasonal demand impacts flow - whether retail (black Friday, Cyber Monday), Insurance (open enrollment, EoY requests), or sports (pre-season, playoffs).
this explained to us why those Production Freezes and slushes were not working
The more wip, the harder it was to deliver and address tech debt
Amazing focus on biz goals - improve customer retention rate - tied wip (Flow Load) to biz results ๐ช
Experimentation is paramount during high seasonal demand - can gain the biggest learnings.
Thanks for the talk, @tashfeen_mahmood and @dominica ๐ Were experiments solely framed as / aimed at IT practice improvements, or were there payer biz experiments crafted with the same structure and syntax?
Hey @scott.heaberlin - Just to further elaborate... We experimented with IT Improvements... But those IT Improvements were tied to Business Results so we were reducing WIP for example by only prioritizing the Business Goals that had been identified
Welcome @mlivermore for our next session's Q&A. Thank you to our sponsor #xpo-pagerduty!
the experiments are focused on IT Improvements that lead into building more agility so we can deliver better/faster during our Open Enrollment season
1@dominica First, I really enjoyed your book Making Work Visible, been implementing some of the ideas with my team (% of items that are work in progress has been hugely helpful). Iโve been wondering about this thoughโฆ Iโve read that up to https://www.cloudbees.com/blog/7-deadly-diseases-devops-1-invisible-workis spent on invisible work - those things that arenโt directly traceable back to code commits or other productivity metrics. Interpersonal components like helping teammates or asking for help or discovery components like experimentation or hunting down solutions. Given the importance of this type of work and how much of it is invisible, what are the strategies or approaches that you use to make this work visible?
Hi @jcicmanliuzzo Important invisible work is often related to improvements in process, ppl or tools - things that - when invested in - improve future capability. That type of work (debt work) should have sufficient capacity allocated for it. Making debt work visible can then drive necessary convo on what the strategy is/should be.
From a network security perspective, how do customers typically secure Rundeck so that it is accessible by PagerDuty without leaving a potential security hole by exposing a system externally that can be used to execute commands against your systems?
Also, how do you deploy Rundeck in a PCI environment? Separate instance + segmentation?
With PagerDuty and William Hill both using AWS we were able to use AWS EventBridge
Single instance with access controlled via SSO and RBAC. Engineers are able to run specific scripts which are held off-server in a repo that is subject to security audit. Engineers have no direct access to production servers.
The execution of scripts always ties back to an incident/request that is recorded in Jira and/or ServiceNow. This tracks who ran the script, captures any outputs that are returned to the original ticket for full audit trail.
My pleasure Dakota, enjoy the rest of the summit. I don't know about you but I'm learning a lot.
๐:skin-tone-2:Welcome @mmeera for our next session's Q&A. Our special thanks to our sponsor #xpo-synopsys ๐:skin-tone-2:
does code dx integrate with common โwork managementโ tools, like jira and such? i would want the findings from the tool injected into and connected to the backlog and wip for the team.
it makes totally sense to not have the same scans and steps for every change
what sort of access control/permissions can you set to allow some people to make config/rule changes and prevent them by others? iโm thinking like a developer who comments out a test to get the build to pass :rolling_on_the_floor_laughing:
@jeff.gallimore if user.isHuman() { return politeAnswers.accessDenied; }
โจWelcome @matts for our next session's Q&A. IT Revolution thanks #xpo-adaptavist for their support! โจ
โaccess to environmentsโ is something i still see a lot of organizations struggle to improve. they apply their old โrequest hardwareโ mentality and process to a cloud-based world.
Hiya Glen - I just bookmarked your Deming podcast with @jwillis to listen to tomorrow! ๐
I hope you enjoy it. I love talking about some of the theory behind systems thinking and its role in security.
Deming's points just keep coming back again and again - they've really stood the test of time
absolutely. Even the 5 ideals of DevOps contain hints of the 4 principles of SoPK
โScope is bigger than you thinkโ = appreciation of a system
always... I find it really challenging that people don't allow themselves to think that widely
Definitely - live events are back!! DSO-LG is live in London in November
Reminder: The plenary sessions are starting again in 5 minutes. Start making your way back to your browser and join us in #ask-the-speaker-plenary to interact live with the speakers and other attendees. https://devopsenterprise.slack.com/files/UATE4LJ94/F01D34MC2KS/image.png
