DevOps

A set of practices that combines software development (Dev) and IT operations (Ops) to shorten the development lifecycle and provide continuous delivery with high software quality.

Practices Employed

• Automated Testing: Automated Testing and Test Driven Development (TDD) validate code changes to ensure they work as expected. Referred to as:
  • Automated Testing
  • Test Driven Development (TDD)
• Configuration Management: DevOps uses Infrastructure as Code (IaC) to manage and provision computing infrastructure through machine-readable scripts. Referred to as:
  • Security as Code
  • Infrastructure As Code (IaC)
  • Configuration Management
• Design: DevOps emphasizes microservices architecture and service discovery to improve scalability and reliability. Referred to as:
  • Microservices Architecture
  • Service Discovery
• Integration Testing: Continuous Integration (CI) regularly integrates code changes into a shared repository to detect and fix problems early. Referred to as:
  • Continuous Integration (CI)
• Monitoring: Monitoring and logging, along with observability, are critical for identifying issues and opportunities for improvement in DevOps. Referred to as:
  • Monitoring and Logging
  • Observability
• Redundancy: Load balancing and redundancy are crucial for maintaining uptime in a DevOps environment. Referred to as:
  • Load Balancing
  • Redundancy
• Release: Canary releases and blue-green deployments are used to test new features in a controlled manner. Referred to as:
  • Canary Releases
  • Blue-Green Deployment
• Release: Continuous Delivery (CD), Continuous Deployment, and Blue-Green Deployment ensure smooth and frequent releases. Referred to as:
  • Continuous Delivery (CD)
  • Continuous Deployment
  • Blue-Green Deployment
• Security Testing: Security as Code and Automated Security Testing integrate security practices into the DevOps pipeline. Referred to as:
  • Automated Security Testing
• Version Control: Version Control and Artifact Management are essential for managing code and builds in DevOps. Referred to as:
  • Version Control
  • Artifact Management

Addresses / Mitigates

Risk	Practices
Agency Risk	Monitoring: Monitoring the behaviour of agents, whether people or processes, helps identify when behaviour becomes counter-productive. Security Testing: Make sure that agents don't exercise unwarranted control over resources.
Communication Risk	Design: Provides a clear structure and organization, making the system easier to understand and use.
Complexity Risk	Automated Testing: Aids in refactoring by ensuring that functionality survives the change. Configuration Management: Reduces complexity by managing system changes in a controlled and documented manner.
Coordination Risk	Version Control: Facilitates collaboration by allowing multiple developers to work on the codebase simultaneously.
Feature Fit Risk	Release: Putting new features in the hands of users can make your product fit their needs better.
Funding Risk	Release: Delivering features might mean you get paid for the software you write.
Implementation Risk	Automated Testing: Ensures that individual components work correctly and detects regressions early in the development cycle. Configuration Management: Establishes and maintains consistency in the software product's performance and attributes. Design: Guides the development process, ensuring that the system meets requirements and design specifications. Integration Testing: Validates that the implementation meets requirements and detects regressions early in the integration phase. Version Control: Maintains a history of changes, allowing rollback to previous versions if needed.
Legal Risk	Security Testing: Helps ensure compliance with security standards and regulations.
Market Risk	Design: (Research and) design allows you to leapfrog competitors and provide new sources of value. Release: Delivering features means you get market feedback.
Operational Risk	Configuration Management: Ensures that changes are systematically evaluated and implemented to minimize disruptions. Design: Ensures that the system architecture supports operational requirements and scalability. Monitoring: Ensures continuous observation to maintain operational stability. Security Testing: Ensures the software can withstand security threats and attacks.
Process Risk	Monitoring: Monitoring a process can ensure that when it misbehaves the issues are quickly caught.
Reliability Risk	Integration Testing: Ensures that integrated components work together as expected. Monitoring: Identifies and addresses potential issues before they impact system reliability. Redundancy: Minimizes operational disruptions by providing backup components.
Security Risk	Monitoring: Monitors for security breaches and anomalies. Redundancy: Enhances security by providing alternative paths and systems. Security Testing: Identifies and addresses vulnerabilities in the software.

Attendant Risks

Attendant Risk	Practices
Agency Risk	Security Testing: Likely requires security experts with specialist skills.
Communication Risk	Version Control: Poor version management can be chaotic and leave lots of work in progress.
Complexity Risk	Automated Testing: Managing a large suite of unit tests can add to the complexity. Monitoring: Implementing comprehensive monitoring solutions can add complexity. Redundancy: Introducing redundancy can add complexity to the system. Security Testing: Requires specialized skills and tools, adding complexity.
Feature Fit Risk	Design: Too much design up-front can create problems meeting feature requirements.
Funding Risk	Design: Design can be an expensive bet that doesn't lead to improved software. Monitoring: High-quality monitoring tools and systems can be costly. Redundancy: Implementing redundancy can be expensive.
Internal Model Risk	Automated Testing: Unit Testing and code coverage can give false assurances about how a system will work in the real world.
Legal Risk	Release: Publishing or releasing code may involve licensing, Intellectual Property, Liability or other legal compliance."
Lock-In Risk	Design: Design decisions can create boundaries that limit flexibility and adaptability.
Operational Risk	Release: Releasing software means that the software has to be supported in production.
Process Risk	Release: Complex release procedures are a source of process risk.
Reliability Risk	Automated Testing: Creates dependencies on testing frameworks and tools. Configuration Management: Carefully managing software configuration ensures that the reliability of dependencies is also managed. Design: Creates dependencies on software components and design patterns. Integration Testing: Adds dependencies on test environments and their availability. Monitoring: Creates dependency on monitoring tools and their accuracy. Release: Releases can introduce discontinuities in software service if not managed well.
Reputational Risk	Release: Poor release management can destroy reputation and good-will.
Schedule Risk	Automated Testing: Writing and maintaining unit tests can be time-consuming. Integration Testing: Can be time-consuming, leading to delays in the project timeline. Release: Delays in the release process can impact overall project time-lines. Security Testing: Security testing can be time-consuming, impacting schedules.

Description

"DevOps is a methodology in the software development and IT industry. Used as a set of practices and tools, DevOps integrates and automates the work of software development (Dev) and IT operations (Ops) as a means for improving and shortening the systems development life cycle." - DevOps, Wikipedia

DevOps emphasizes collaboration between development and operations teams to improve efficiency, reliability, and scalability. Key practices in DevOps include continuous integration, continuous delivery, infrastructure as code, monitoring and logging, automated testing, and configuration management. DevOps focuses on automating and streamlining the software development and deployment process.

See Also

Additional DevOps Practices

• Microservices Architecture: Designing applications as a collection of loosely coupled, independently deployable services.
• Service Discovery: Automatically detecting and connecting to services in a microservices architecture.
• Security as Code: Integrating security practices into the DevOps pipeline.
• Automated Security Testing: Using automated tools to perform security checks throughout the development and deployment process.

These practices highlight the core elements of DevOps and how they align with your provided list.