Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Agile, Lean, Rugged - The Retrospective

Adrian Colyer
November 11, 2015

Agile, Lean, Rugged - The Retrospective

Recapping some of my personal highlights from the recent GOTO London conference, together with a few thoughts of my own and some additional interesting papers...

Adrian Colyer

November 11, 2015
Tweet

More Decks by Adrian Colyer

Other Decks in Technology

Transcript

  1. Some personal highlights and ramblings... • Agility ◦ quantifying the

    benefits ◦ busting some myths ◦ can we explain the disparity? ◦ fighting rigidity • Leanness ◦ the two flavours of lean ◦ value streams ◦ traffic jams • Ruggedness ◦ Rugged Software ◦ Continuous Security
  2. Nicole Forsgren & the State of DevOps Survey 30x more

    frequent deploys 200x faster lead times
  3. Widening Gap… why is this? • Two orders of magnitude

    faster feature delivery • The best are pulling away: 2014 2015 change success rate 3x 60x MTTR 48x 168x
  4. Does the gap matter? 2x More likely to exceed profitability,

    market share, & productivity goals 50% Higher market cap growth over 3 years
  5. O-Ring Theory (Michael Kramer, 1993) • Production depends on completing

    a series of tasks • Failure of any one task reduces the value of the entire product • You can’t substitute quantity for quality ✓ ✓ ✓
  6. The Economic Model • N process steps (workers) • Let

    q i ∈ [0,1] be the quality level of process step i • Output = N x (q 1 x q 2 x … q N ) N q Output 10 0.99 9.04 10 0.95 5.99 10 0.9 3.49
  7. Consequences Source: Mercatus Center weakest link effect: suppose quality level

    is 0.5 on two steps, 0.99 everywhere else… 10 x 0.52 x 0.998 = 2.3! vs 10 x 0.9910 = 9.04
  8. The O-Ring Theory of DevOps • Given a DevOps pipeline

    of n steps • Let the quality of process step i be: q i = α.%C&A i + β . world-class lead time i [ α + β = 1] lead-time i • Fix N = 100 E(p) = 100 . ᴨ i=1 q i n
  9. Some consequences of O-Ring Theory • Small differences in task

    proficiency compound to significant differences in output • You need to be good (or great!) across the board - one or two weak links make an outsized impact • Proficiency levels tend to normalise across tasks within an org More on today’s #themorningpaper… (http://blog.acolyer.org)
  10. API Agility “If you notice that a particular interface is

    starting to rival in complexity the components its connects, then either the interface needs to be rethought or the decomposition of the system needs redoing.”
  11. The Power of Focus [Karen Martin] • Before focusing: 24

    deployments in one year • After focusing: 73 deployments in one year With: - No additional resources - Higher quality output - & less stress!
  12. Rugged Manifesto [Josh Corman] “… I recognize that my code

    will be attacked by talented and persistent adversaries who threaten our physical, economic and national security. I recognize these things – and I choose to be rugged. I am rugged because I refuse to be a source of vulnerability or weakness…” https://www.ruggedsoftware.org/
  13. Continuous Security [James Wickett] • Agile + DevOps + Continuous

    Delivery -> (Traditional) Security Fail! • Need to integrate security: Rugged DevOps / DevSecOps / … Pro tips from James: 1. Automate security tooling to run in testing 2. Put security testing in your CI system 3. Add application security telemetry to dev and ops 4. Add hardening and audit using config management hardening.io guantlt
  14. Fail at Scale http://queue.acm.org/detail.cfm?id=2839461 Three easy ways to cause an

    incident: 1. Configuration changes 2. Hard dependencies on core services 3. Increased latency and resource exhaustion
  15. What were your favourite moments? • Agility ◦ quantifying the

    benefits ◦ busting some myths ◦ can we explain the disparity? ◦ fighting rigidity • Leanness ◦ the two flavours of lean ◦ value streams ◦ traffic jams • Ruggedness ◦ Rugged Software ◦ Continuous Security