Agile + DevOps East 2019 - DevOps Automation
Monday, November 4
Continuous Delivery in Practice: A Hands-On DevOps Workshop
For many organizations, delivering software into production has become increasingly more complex with long testing cycles and a division between development and operations teams. DevOps is a cultural movement that is breaking down those barriers. Focusing on automation, collaboration, tools, and knowledge sharing, DevOps is showing that developers and system engineers have much to learn from each other. Through a series of hands-on exercises, Danilo Sato will use a sample web application to demonstrate how to automate its build and deployment pipeline, using infrastructure and pipeline as...
Continuous Testing with Containers
Preview NewContainers. Every manager thinks they want them, but few teams have experience in knowing what to DO with them. Used thoughtfully, containerization of your services can transform the way your organization thinks about testing. Gone can be the days of maintaining X different compute environments with Y different configurations. Imagine instead spinning up just the code you need, on the machine type it needs, and only for as long as you need it. In this technical training, Melissa will walk through what containerization means for a legacy code base attempting to practice continuous...
Wednesday, November 6
DevOps Tools for Database Developers
You're thinking about modernizing your database development process ... someday. You have directories full of SQL files you use to build your application. You know unit tests should be included as part of your build process, and you are going to start adding them ... maybe next week. Does this sound like you? If you think modernizing your dev process will be difficult, time-consuming, and expensive, you may be surprised at how easy and cost-effective it is to get started. Blaine Carter will explore how to manage your database application in a continuous development pipeline. He will talk...
Testing Serverless Applications
Serverless cloud applications are rapidly moving into the mainstream. In this model, teams focus on developing and deploying code on a known technology stack and runtime, with fixed interfaces for application, database, and network. It offers the advantage of lower costs, faster development, and elastic growth. But testing serverless applications also brings significant challenges to testers. Because the stack is maintained by the cloud provider, it is updated with new versions and security patches on a regular basis. Testers have to continuously test the stack interfaces to make sure that...
You Build It, You Own It!
The days of writing software and throwing it over the proverbial wall to operations and production support teams are over. It’s time we, as software development teams, become more accountable and take pride and ownership in what we do. The results will be better transparency, more autonomy, and reduced risk (among other things). Join Sean and Suresh as they walk through how Capital One tackled one particular project by leveraging DevOps and forming their "you build it, you own it" principles. You'll gain a better understanding of how to improve quality within your agile teams and how to...
Shifting Security Left: The Innovation of DevSecOps
DevSecOps uses application security practices that have existed for a while. The innovation of DevSecOps is incorporating security into the daily workflow of the team rather than leaving it to the end, shifting security left by automating aspects of security testing. DevSecOps leverages DevOps practices to make application security a first-class citizen in the practices of modern software development. But that requires a culture change: DevSecOps starts before the code is even written, using techniques like threat modeling and risk analysis to figure out who will attack you and how. Come...
Wage Your Bets: Microservice, Monolith, or Serverless
Microservice, Monolith, and Serverless are some of the three architectural styles that have recently gained popularity. Some engineers swear one over the other, but in reality, there is no black and white: there are advantages and disadvantages, depending on each use case. For example, if the flow of your services are dependent on another and each service doesn’t need to scale independently, is it worth increasing the development power it needs to maintain infrastructure? In this talk, Michelle Hodges will provide the pros and cons of going one way versus another, providing real life...
DevOps Panel: Compliance While Moving Faster
Do you want to move at the speed of DevOps, but need to show compliance to your organization, a governing body, or through regulation? Are you already struggling with compliance and want to know how DevOps could help? Come listen to our panelists as they answer questions about compliance and security in DevOps without slowing down. This panel is looking to answer your questions about all things Compliance, so be ready to participate.
Thursday, November 7
Changing Tires on a Moving Car: A Journey to Zero-Downtime Deployments
Applications built over the years carry historical design assumptions, such as that a few hours of downtime for maintenance upgrades every six months is acceptable. Today, embracing continuous delivery practices means more frequent releases, which means more downtime. This is the problem Poppulo faced and successfully overcame, going from monthly deployments with a couple of hours of downtime to zero-downtime deployments on demand. Pierre Vincent will show that by mapping out a deployment process, it becomes possible to progressively reduce its impact on users. He will also give practical...
Fishbowl: Liberating Structures
Liberating structures offer a revolutionary solution to collaboration in groups by using a handful of simple rules to unleash and involve everyone, enabling groups of any size to work at the top of their intelligence. Discuss them with peers and experts in this fishbowl discussion, where the audience members sit in a circle of chairs in the middle of the room. Several brave souls will fill all but one of the chairs in the "fishbowl." When you want to join as a speaker, you enter the fishbowl and sit in the empty chair, and one of the other speakers will voluntarily leave so that one chair...
The Psychology of Chaos Engineering
Chaos engineering, failure injection, and similar practices have verified benefits to the resilience of systems and infrastructure. But can they provide similar resilience to teams and people? What are the effects and impacts on the humans involved in the systems? This talk will delve into both positive and negative outcomes for all the groups of people involved, including users, engineers, product owners, and business owners. Using case studies from organizations where chaos engineering has been implemented, Matty Stratton will explore the changes in attitude that these practices create,...
A DevOps Fireside Chat with Andy Glover
You've got DevOps questions, and we've got Andy Glover to answer them for you. He won't really be sitting by the fire, but he will be on hand to talk about all things DevOps. From his experiences building the Spinnaker continuous delivery platform to writing the open-source BDD framework easyb, Andy wants to talk about the things that worry you or thrill you about DevOps. Bring your questions and be ready for a lively, interactive discussion.
A Fool with a Tool: The Dangers of Ignoring Culture by Overfocusing on Tools
PreviewMany organizations ignore culture and overfocus on picking and implementing the right tools. However, these tools have underlying cultural assumptions. If the current culture does not support these assumptions, then automation will only have limited success, or even fail altogether. So how do you address this problem? By recognizing that overfocusing on tools is a problem in the first place. Start by understanding the cultural assumptions supporting the optimum use of the tools, as well as how your organization measures up in relation to high-performing organizations. Finally,...
Agile+DevOps Feud!
Join us for a game of Agile+DevOps Feud, where two teams of thought leaders compete to name the most popular responses to survey questions to win bragging rights and to share their experiences. Questions and voting will be in the TechWell Hub leading up to the conference, where community members will name their greatest concerns, best practices, etc. Our two teams of panelists, will do their best to guess the community’s viewpoint, and the winning team will get to explain how they deal with those concerns. Our panelists are competing...
So You’re Using Docker. Now What?
These days everyone wants to containerize their application, but not everyone understands the best way to go about it. You need a tool to manage your containers, you need tools for image security scanning, you need to completely rethink how your application fits into its deployment environment, and most importantly you need to make sure you’re following good DevSecOps practices. Join Ryan Kenney as he discusses how he has addressed these concerns, among others, for various clients. Ryan will discuss options for container orchestration tools like Kubernetes and its competitors. Then, he...
AWS Lambda: Best Practices and Common Mistakes
AWS Lambda is a serverless architecture that relieves you of hardware and scaling setup concerns. AWS Lambda functions are used by many organizations for serverless application development and automating DevOps tasks. But many teams start using AWS Lambdas and uncover problems such as running into resource limits, debugging nested lambda defects, managing code change across dozens of AWS accounts, and many more. Derek Ashmore will provide tips and tricks to make your AWS Lambda functions usable in different contexts and easier to develop and support. He will show you how to mitigate common...
Feature Flagging: Proven Patterns for Control and Observability in Continuous Delivery
PreviewAre you moving faster than fast? Congrats! Chances are you already use feature flags to decouple code deployments from feature rollouts. Whether you use a roll-your-own feature-flagging solution (with a few quirks) or a feature-flags-as-a-service solution, hopefully you post feature flag rollout changes to something like Datadog so that when a flag rollout lines up with an obvious spike, you know whom to have a talk with. It's a solid start, but that’s just the basics. What do data-driven CD ninjas do? They build in observability to every feature release, so when they push a...
Contract Testing with Pact: A Different Approach
With the microservice architecture evolving and becoming a golden standard, the necessity of testing the contracts between services appears to be more and more obvious. One of the most interesting solutions here is the Pact tool, which helps with testing and verifying the API contracts in a CI/CD manner and opens up a lot of interesting possibilities. However, the devil is always in the details: the implementation. We need to configure the Pact mock servers, but similar configurations are often needed across all the different parts of testing, from the verification of the providers to end-...
Friday, November 8
Panel Discussion: Effective Integration of Tooling into DevOps
Integrating security tools into a DevOps pipeline is about more than just dropping them into a test environment. It’s about putting them where the business return is greatest. Where fast feedback can be gathered. Picking the right tools for the job. Join DevSecOps experts as they discuss and debate the merits of SAST, DAST, IAST, and RAST tools for your pipeline. Learn about the pros and cons of each type of security testing and how to choose the right tools for your needs. Hear how various organizations have gotten started with DevSecOps tooling and learn tips and trick for implementing...
A Practical Approach to Building Security In
The release date is a week away. Development is complete. The code works, and everything looks good. Marketing is ready with the media blitz. Our customers are waiting to get their hands on the new features and are sure to give us good feedback. The only step left is to get the security group to scan the application and give us the approval to release. Cross your fingers- let’s hope we get the green light! Otherwise, I don’t know what we are going to do. DevOps, and more importantly, DevSecOps, promises to do away with rolling the dice at the end and hoping we are allowed to release what...
Panel Discussion: Getting Development and Security To Work Together
DevSecOps is all about getting security teams, practices, processes, and tooling integrated into your DevOps process but often getting a cross-functional team that includes security in place is difficult. Join DevSecOps practitioners in exploring the best ways to get security groups and personnel involved in day-to-day DevOps teams. Learn what role security personnel play in Sprint activities and how to remove compliance from being an end-of-lifecycle hurdle. Hear how leading organizations successfully shift security left and tips and tricks for getting started.