How to Achieve Continuous Delivery

How to Achieve Continuous Delivery

So you've decided to get on the continuous delivery train. Congratulations! You're about to turn your deployments from anxiety-inducing to yawn-inducing, which is a luxury non-CD shops will never know. Will it be easy in the short term? Well, let's put it this way: there will need to be some changes to how you approach things. And you'll have to convince your colleagues to change the way they approach things, too. But there are steps you can take to make this transition easier for all. That's what we'll talk about today—your path to successfully doing continuous delivery.

What CD Even Is, Though

First, let me give you a quick summary of the subject at hand. Continuous delivery means packaging every significant code change and pushing it through an automated pipeline of steps until it reaches production. Commonly, these steps act as gatekeepers to the Great Beyond of your prod environment. They're your portcullises and moats. The job of these gatekeepers is to ensure your code is truly ready to enter the wild. Common steps include running automated unit tests, acceptance tests, and smoke tests. A continuous delivery pipeline also includes promoting your package to higher environments and smoke testing them. This is all done so we can eventually make deployments so uneventful that they're boring, reducing risk and saving a boatload of cash and frustration.

How Do We Get There?

If you've read the book Continuous Delivery by Jez Humble and David Farley or if you've perused a few blogs, you may feel overwhelmed at first. Continuous delivery can be a lot to take in. But fret not. We will eat this elephant one step at a time, making it a bearable and possibly fun process.

The principles we'll follow, straight out of Humble and Farley's Continuous Delivery, are to document our steps, continue with those steps even if—especially if—they become painful, and then automate them away. This requires a large dose of tenacity. You have to be willing to stick with it, possibly for an extended period of time. In my experience, this tenacity almost always pays off, often faster than you may think.

Document Your Existing Steps

Starting your journey is as simple as documenting all the steps it takes your system to go from code that's committed and pushed to when it's in production and available to consumers. And yes—you need to document every step. You'll be surprised at how many there are. Pull everyone involved as you need them. Any gaps in the documentation must be fleshed out. Talk to your developers, your QA specialists, your release manager, etc. Talk to your system administrator if you need to. Get it all in one visualization. By the end you should have something like this:

Make sure you understand who owns or commonly performs each step. Sometimes this is a system, but more often, it's a person. If you have trouble showing or understanding the steps, think of your pipeline as a conveyor belt with one thing moving through it: the software package. You may decorate this package with other things, like config files. It may also morph into a different kind of package—for instance, from an executable into a Docker container. But it's still one thing moving through each gated step.

Make Friends

Ultimately, continuous delivery and DevOps is not so much about the tooling but about the people. It's about collaboration and focusing on what matters, and it's about delegating boring deployment work to computers. However, not everyone may take that view. Many people have built up little kingdoms around their role in getting the code to production. They may see your initiative to automate as a threat.

You'll want to understand and have compassion for all the people involved in deploying your system. This may be as easy as giving a heads up. It may be as involved as being vulnerable with them and letting them share their concerns. And at the end of it, you may still have to add a silly button to your deployment server and let them push it. Just remember: it's as much about the people as it is the tooling.

Version Your Package

Ensure your software packages are versioned. You want to know you can grab any build you need and push it through your pipeline. This will make both troubleshooting and tracking easier. Also, ensure that your package is IT & Test Environment agnostic; that is, don't tie your built package to any specific environment, such as dev or prod. We'll wire in the environment-specific stuff later.

Publish Your Package

After you build, version, and unit test your package, publish it to a well-known place. This will make your package available to deploy to multiple environments without rebuilding and unit testing every time. It will also ensure you have a consistent build. You can use something as simple as a shared network drive, but many tools exist to make it easier. Maven and Gradle have the ability to publish built in. Many continuous integration servers also have some sort of publishing mechanism wired in, depending on your language.

Find the Biggest Pain Point

Now the fun part. Document what the biggest pain points are on your diagram, like I did here:

Green is already automated or low pain, and red is the highest pain. You want to ensure the team is doing this painful step as much as possible. The instinct for them will be to run away from it and avoid it. Instead, we want to equip the team with what they need to get rid of it.

Automate the Pain Away

The next step in our path to continuous delivery is to take the pain point from the previous step and figure out how to automate it. There are many, many tools available, depending on the step that's red for you. For testing steps, you can automate your tests. Use a unit testing framework, or Postman, or a more comprehensive testing tool. This is another place where people, namely QA specialists, may think of moving to CD as a threat. It also can be a whole initiative on its own.

For deployment steps, there are many tools to automate the publishing and pushing of your system onto a server. I highly recommend investing in a deployment server. It will save you loads of time automating your pipeline. However, if you're not confident in one or have budget troubles, you can automate with as little as your command shell and some SSH. Something more in the middle can be a task runner like Gradle or even some PowerShell modules. Parameterize these scripts by version number and environment.

You may not be able to automate your most painful step, or you may find it a steep learning curve. That's alright. If it's too difficult, find something similar to start with. You can also mitigate the manual parts down to a few button clicks. That helps. As long as you can remove enough of the pain your red step causes to make it no longer the most painful one, you're moving in the right direction.

Rinse, Repeat

Aggressively and continuously repeat the previous steps. Once you automate most of your painful steps away, your entire team will have an amazing change of attitude when it comes to deployments. It will feel like a large weight has been lifted off your shoulders. Ideally, with one button push, you can get your system from your package repository all the way to production. Most likely, you'll need to press one button per environment. Even then, it'll still be a breath of fresh air compared to the way it was before CD. Nonetheless, you'll want to keep automating until you achieve the one-button-push deployment.

I'm Done Now, Right?

Even though your deployment life will be much easier, I wouldn't stop there. Once you have an effective deployment pipeline, you can do many beautiful things with it. You can make it a zero-downtime deploy. Your team can add feature toggles so you can separate your deployments from your releases. And of course, you should continue to refine and evolve the pipeline as you find new or smaller pain points along the way.

You're on Your Way

As you can see, achieving continuous delivery is well within your reach. It's simple, yet you must persist through all the blockages. Focus on people and showing them how continuous delivery eases their role. Continually and aggressively knock one obstacle down at a time, and you'll be there sooner than you think!

Author Mark Henke. 

Mark has spent over 10 years architecting systems that talk to other systems, doing DevOps before it was cool, and matching software to its business function. Every developer is a leader of something on their team, and he wants to help them see that.

 

I booked the Test Environment

Test Environment Booking Forms and Demand Management

A booking form is a way to tell another department what you need and when you need it, plain and simple.

How do you predict when and how your test environment services will be at a premium? The ebb and flow of business cycles will inevitably cause uneven demands. For example, the end of the year is a busy time for HR as they prepare for a new year of benefits and ever-changing regulations. In contrast, the server management department might be in high demand after Patch Tuesday*. A buggy patch can wreak havoc! These business cycles affect the flow of demands on the test environment.

ITIL recommends that we not only measure but predict demand. Demand management is essential for business. It is a primary part of the Test Environment Management Use Case and falling short of demand means not being able to deliver adequate service. Conversely, overshooting causes waste. That waste translates into dollars. If you can predict demand, then you can manage it.

This post provides an introduction to how you can use booking forms to help manage demand. Seasonal trends are the most straightforward to account for, so let's address those first.

Example of a Test Environment Booking Form:

 

Handling Seasonal Demand

Many industries use booking forms as part of their process to manage demand. Take the case of when you bring your car to the dealership for repairs and they provide a rental car. The dealership puts in a booking form with the rental company. The rental company uses that form to make sure your vehicular needs are met.

Some industries are highly subject to seasonal demands. Hotels and airlines are notoriously swamped during the holiday season. They commonly use booking forms as part of their reservation system in order to manage and control demand. If you've ever experienced the "joys" of holiday travel, just imagine how much worse it would be without a reservation system. It would be total chaos!

Seasonality is ubiquitous in business. Some experience lulls in February. Others are slow during the summer months. Furthermore, the cadence varies by department. HR may be busiest in October, while the accounting department may be buzzing as the new fiscal year approaches. All of those peaks increase the demand for testing as new processes are put in place. A reservation system combined with past trends helps to manage the test environment under this kind of load.

Looking at past data is a great way to predict the seasonal cycles of a business. However, there are times when demand doesn't follow the typical cycles. We need a way to plan for those increases in demand.

Booking Forms Help Predict Demand

A straightforward way to notify another department goes a long way toward preparing for increased demand. It helps the supply side as well as the demand side. The supply side can adjust to meet future demand. Meanwhile, the demand side has a better chance of having its needs met on time.

Many industries use booking forms to communicate demand for services. For example, imagine a team that's working on a software project due to wrap up in September. They will need to book resources for deployment to production. Let's say they need new servers for deployment. Sometime in July, they'll fill out a booking form describing their needs. The form will go to the server team, so they can plan ahead. The server team can fulfill the request in August or even closer to the deliver-by date if that works better with their schedule.

Similarly, consider a new project that's just getting underway. The first round of testing is planned for two months out. That means now would be a good time for the project manager or test manager to put in a request for the testing resources. Let's say the test environment has unique requirements, such as specialized hardware. That request must be placed in advance so the acquisitions can be approved in time. Failure to submit a booking form on schedule would result in project delays. Or, it would cost a significant amount of social capital to recover from the slip-up!

Use Booking Forms for Infrastructure

A booking form is an integral part of a reservation system. When you have finite IT resources, such as physical servers, planning ahead is especially important. Virtualization helps when it comes to shifting demands for servers. But as demand increases up to and beyond physical capacity, something must be done.

In many industries, such as airlines, the cost of service increases with demand. Price adjustment is a standard method of controlling demand. Organizations with fixed assets, as in hotel rooms or airplane seats, need to keep them in use. By reducing prices during times of low demand, these companies increase usage. IT doesn't always have this luxury.

Instead, IT must chase demand. But rather than simply chasing it, we can predict it. In some cases, the PMO will have to adjust priorities to level the demand for limited resources.

Demand Management of Cloud Resources

More and more enterprises are shifting to cloud providers. Complete virtualization of infrastructure and newer technologies like containers are good news when it comes to handling demand. Cloud services make it possible to handle larger fluctuations in demand. And, they do so without reaching the limits of physical capacity. However, it's still important to control resource consumption.

Cost control is one of the primary issues with cloud management. Cloud services offer nearly limitless resource consumption, at a nearly limitless expense. They must be managed effectively to control costs.

Another issue is security. As much as unused servers are wasteful, they are also security liabilities. Cloud providers do a great job of keeping current. Still, consumers must maintain certain types of resources like Virtual Machines.

More VMs means more time spent keeping them running and secure. The waste starts to multiply as the infrastructure and security groups have to take these additional servers into account. The additional servers not only cost money, but they add to the overall workload. That added workload chips away at the capacity of the operations teams—taking little bits away from the things that really do matter.

Speaking of demand for services, let's talk about that demand for personnel.

Booking Forms for Services

Booking forms can be used to book anything from servers to DBAs and testers. Sometimes, the demand for testers can increase beyond capacity.

Let's say your enterprise is moving to the latest OS. Upgrading an OS is a huge undertaking and doing it all in one go could end in disaster. It can be ruinous to hastily make a drastic change to a single system, let alone the operating system used across the entire organization!

Thankfully, OS version upgrades are a rare occurrence. But when your company makes the switch, it's a fairly massive project. You need to test all applications in the IT inventory (and even several that are not). Doing so is the only way to ensure the upgrade will have a limited impact on the business.

However, this kind of massive change presents a problem. You can't throw all your resources into one project. Nor can you hold the project back by limiting supply. There are other projects, and you have to be able to manage resources effectively.

An OS upgrade is a case where you have a sharp increase in demand. Additionally, this fluctuation does not fall on a typical business cycle. You may need additional testers to ensure success. Booking forms would come in from several departments to have their applications tested. You could easily attribute the increase in demand to the OS upgrade project and adjust resources accordingly.

Similarly, you would need to prepare the test environment for the upgrade. Booking forms would flow to the departments that set up the various components within the test environment. A tracking system relates all the requests back to the project. And now we've come full circle—we can see what services are needed to support the project's testing needs.

Form Your Own Conclusions

In this post, we've seen how demand and capacity are related. Managing demand is important for cost control and service delivery. Booking forms are used across industries to communicate in advance. They're standardized and can be used to feed into capacity planning.

In a test environment, infrastructure and staffing demands can fluctuate seasonally. At other times, they can change sporadically. When you use booking forms, you're better able to predict and manage demand. Use them and you'll reduce seasonal stresses and keep surprises to a minimum, which keeps your department on top of things!

* Patch Tuesday is the second Tuesday of the month, when Microsoft releases patches for servers. A bad one can cause a lot of problems that look like buggy application code.

Contributor:

This post was written by Phil Vuollet.

Deployment Styles: Blue/Green, Canary, and A/B

Deployment Styles: Blue/Green, Canary, and A/B

These days, we seem to have an overwhelming number of deployment options. DevOps, continuous delivery, and similar practices have encouraged introspection on how to release valuable software to customers. You've probably heard of three popular options: blue/green deployments, canary releases, and A/B testing. And maybe you've wondered, aren't these all the same? Or, when should I use blue/green instead of A/B? They both have slashes in them, so they're probably equivalent, right?

This post will help you differentiate between these three deployment options and understand why they're valuable. And, as you'll see, each one is indeed valuable depending on the situation.

 

Deployment Vs. Release

Before we delve into the different styles, I want to make a couple of terms clear. Often the ideas of "release" and "deployment" are used interchangeably. But don't be deceived. These are related but different, and some strategies hinge on understanding the difference between them.

Deployment

Deployment is likely the term you understand best. It refers to updating executable code to a specific environment and running it. Strong practices like continuous delivery and continuous deployment focus on how to package this code and get it to the appropriate environment. They often encourage automation and eliminating disruption risks for your customers. Often, as soon as we deploy code customers can see it. However, deploying code need not be the factor that determines whether or not your customers see it. The goal of deployment is to ensure your code can run properly in the appropriate environment.

Release

Releasing is all about making the output of new code visible to your customers. The simplest way to do this is to deploy that code and let it immediately become visible. This is why this concept is often confused with deployment. However, there are many ways to hide code from customers even while it's deployed. The goal of releasing is ensuring a feature meets customer needs and is turned off when defective.

Blue/Green

Blue/green deploys are focused purely on deployment as a way of eliminating downtime and disruption for customers.

How Does It Work?

Let's say you're writing a blog post (go figure) and your audience is expecting to see something in an hour. But you don't like the post and want to rewrite it from scratch. Well, you're not sure you can finish in time, so you publish the old one. When you do have time, you can rewrite the post completely and publish it after the due date, replacing the older version. Depending on when customers visit the blog, they will either see the old post (and you'll get credit for meeting your deadline), or they'll see the new one and enjoy some quality content. Either way, no one will ever see an empty space where they were expecting a post.

Instead of blog posts, picture running software. When you need to deploy a new software version, instead of replacing the existing version you run the new one side by side with the old one. Once everything looks good, you can switch traffic to the new service. That way, customers are always able to get to your system.

What's It Good For?

Blue/green deployment drastically reduces risk in many situations. If you have a site where it costs significantly to be down, even for a few minutes, this option can save your bacon.

Canary

Canary deployments, also known as canary releasing, are usually release-focused. But, sometimes, they can also be deployment-focused. They are deployment-focused when you use your deployment scripts to only update the code on specific containers or servers. They're release-focused when you can change which canary features are visible to some users without redeploying.

How Does It Work?

Canary releasing can work many ways, but essentially you only release a new version or functionality to a small set of customers to start. You then monitor your system and the customers' responses to see if anything...weird...happens. The odd name for this deployment comes from coal miners lowering canaries into the shafts to detect noxious gases so they can see if it's safe before they descend themselves.

Think of canary releasing like a bottle of pop. You accidentally drop it on the ground. You're not sure if it will start spraying everywhere when you open the bottle, so instead of just turning the cap quickly and risking that the pop will explode, you turn the cap slowly to eke out a little air with every rotation. Eventually you can safely open the bottle and drink a refreshing beverage. Canary releasing is eking that software out to the world, user by user.

What's It Good For?

Canary is fantastic for lowering the risk of changes to production. The "no defects in production" mentality is a little overrated, and canary lets you mitigate the cost of defects without spending an enormous amount on preventive testing. (You should absolutely spend some effort on preventive testing, though.)

A/B Testing

A/B testing is a release strategy. It's focused on experimenting with features.

How Does It Work?

With A/B testing, implementation is similar to the process of canary releasing. You have a baseline feature, the "A" feature, and then you deploy or release a "B" feature. You then use monitoring or instrumentation to observe the results of the feature release. Hopefully, this will reveal whether or not you achieved what you wanted.

You're not only limited to two versions in a test. Netflix, for example, has multiple covers it displays as the graphic for the same show based on the version it predicts users will respond to and want to see. But be careful: It's healthy to only run one experiment at a time.

What's It Good For?

A/B testing from the 1,000-foot view may look a lot like canary releasing: You have a set of users seeing the new stuff, and a set with the old stuff. However, A/B has a much different intent. While the focus of canary releasing is risk mitigation, A/B testing's focus is on how useful a feature is for customers. It's the old argument of "build the thing right" vs. "build the right thing."

 

Working Together

Though these three options all tackle different goals, by no means are they mutually exclusive. You can have a system that's backed by blue/green deploys that set up features you can canary-release by region or customer last name. And you can set up certain key features as A/B experiments with your highest-paying customers. These all can work in harmony.

Get Past the Buzz, Choose a Style

We love throwing out buzzwords in this industry, and it can get confusing fast. This is especially true when these jargon-filled concepts operate similarly on the surface. I hope this article helped clarify the differences between these three deployment strategies. Pick one or more that work for you.

 

Author

This post was written by Mark Henke. Mark has spent over 10 years architecting systems that talk to other systems, doing DevOps before it was cool, and matching software to its business function.