quality assurance in dev ops and secops world

Prepared by :Anish Cheriyan, Director, Huawei

Prepared By Anish Cheriyan, Director, Huawei Technologies

Topics

• DevOps & SecOps• Practices in Detail• Summary

Background

• Application & Embedded Development.• Network Management System• Protocol Stack

Traditional Quality Assurance

Gated Approach for Quality Assurance

Requirement

Design

Coding

Unit Test

Functional Testing includes

ities

Independent V&V

Launch

DevOps

DevOps is a set of practices intended to reduce the time between committing a change to a system and the change being placed into normal production, while ensuring high quality

Security

Picture Courtesy: http://threatgeek.typepad.com/.a/6a0147e41f3c0a970b01a73dba51f6970d-pi

‘To err is human, to really screw up you need root password’

SecOps

SecOps built into the Deployment Pipeline. Dev & Ops Collaborate and ensure desired level of Security

Picture Courtesy: http://threatgeek.typepad.com/.a/6a0147e41f3c0a970b01a73dba51f6970d-pi

Case Study• Consider and CRM System which uses a Modeling tool to

automate the business processes.• The system which has two key parts-Workflow Engine and

Workflow Modeling tool (UI) team . Workflow Engine works based on the rule engine. Modeling Tool uses the Engine. Total team size is around 60.

• What are factors you will consider to designing your Continuous Delivery Architecture.

Short Feedback Loops

DevOps

Delivery

Deployment

Picture Coutesy: https://www.flickr.com/photos/

•Requirement documentation at right granularity

•OPS Perspective- deployability, modifiability, monitoribility

Requirements

Picture Coutesy: https://www.flickr.com/photos/libramano/9372711893/

. Architecture Readiness for CD- deployability, modifiability, monitoribility , testability

. Continuous Delivery Architecture

. Build Pipeline

Architecture

Picture Coutesy: https://www.flickr.com/

Infrastructure Readiness

•Environment Provisioning based on customer requirement analysis (OPS)

•Right Tool Usage (VM, Container like Docker etc) for the respective requirement

Picture Coutesy: https://www.flickr.com/

Build Pipeline

http://blog.xebialabs.com/2016/02/09/how-ing-increased-software-deployments-to-twice-a-day/continuous-deployment-pipeline/

Syst

em A

rchi

tect

ure

L1CI

Arh

itect

ure

L2De

ploy

men

t Pi

pelin

eL3

C1

C2

C3

M1

C1 Continuous Integration System

C2 Continuous Integration System

C3 Continuous Integration System

C1 Deployment Pipeline

C2 Deployment PipelineC3 Deployment Pipeline

Hierarchical Approach for CD and DevOps

Quality Assurance in the PipelineInspection /Static

QA

Test QA

Security Assuranc

eConfiguration QA

'ities' Assuranc

e

Inspection/Static QA

Simian Rules for managing the rules

Test QA

Read at : http://www.thinkinginagile.com/2015/07/agile-testing-practices-mapped-to.html

Security Assurance

Static/Dynamic Analysis

Scanning

Security Test

(Threat Model)

Attack

Configuration QA• Single Source Repository

for all items• Build Script Quality

(abstraction, modularization, coding guidelines) (Automatic or manual way)

Analysis of the Build Pipeline

BuildPrivate Build

Version Build

Function Build

ities Build

Deployment Build

Build 01 Pass Pass Fail Fail FailBuild 02 Pass Pass Pass Fail FailBuild 03 Pass Pass Fail Fail FailBuild 04 Pass Pass Pass Fail FailBuild 05 Pass Pass Fail Fail FailBuild 06 Pass Pass Fail Fail FailBuild 07 Pass Pass Fail Fail Fail

Test your Deployment pipeline

Repeatability

Performance

Reliability

Recoverabili

ty

Interoperabil

ity

Testability

Modifiability

Cross Cutting Collaboration

Summary

• Continuous attention to technical excellenceand good design enhances agility

• Lets Build Quality & Security into the deployment pipeline

Thank You@anishcheriyanwww.anishcheriyan.com