“The test environment emulates the production world, so when you test something, you have the same characteristics as the system where it will reside when it’s delivered,” Sweden says. “So, there’s not going to be any surprises.”
If there are surprises, they pop up during development — not after delivery. “You test in such an incremental way that if something fails, it’s not a great big failure, it’s a small failure. And if it succeeds, it’s a small success that builds toward the larger vision,” Sweden says.
“DevOps is about making sure that when things go into production, both the development and operations teams have confidence they will work,” Mercer says.
Security also benefits from DevOps. With traditional development, “security is injected into an application as an afterthought,” Mercer says. The security team usually looks at the service or application right before release, then produces a long list of vulnerabilities, many of them false positives — all of which often delay the release.
A DevOps security approach, or DevSecOps, “shifts security to the left” in the timeline, Mercer says. Developers take responsibility for security, while security teams don’t simply point out problems but instead work alongside the developers.
DIVE DEEPER: How can cloud tools quickly enable modern applications for government?
What Are Continuous Integration and Continuous Delivery?
DevOps leverages both continuous integration and continuous delivery. With continuous integration, code changes get automatically tested and integrated into a shared code repository several times a day. That makes possible continuous delivery: producing software in short cycles so it can be reliably released at any time.
Again, it’s helpful to think of the contrasts with waterfall. In a waterfall scenario, a software build might run weekly or even nightly. However, by the time it runs, it might already be broken. What’s more, team members who don’t realize that might have kept building on it.
With continuous integration, each integration triggers an automated build and test to ensure the fundamental capabilities of the service or application haven’t been broken.
In waterfall, a build isn’t typically tested in its final format, creating problems with configuration and consistency. Continuous delivery automates that testing process, so when developers create a new version, they can rest assured it works. “It’s actually tested all along in the way it’ll run in production,” Mercer says.
CI/CD also can help improve over agile processes. With agile, developers might want to move quickly to produce small releases, but the operations team can’t always match their pace; CI/CD has checks and balances to make sure any new update doesn’t break the system. With CI/CD, DevOps helps ensure the service or application is not only developed well but also always runs well.
VIDEO: What can government IT pros learn from the rise in digital services?
What Are the Best DevOps Tool Chains?
Among a host of DevOps tools by software providers such as Chef and Puppet, GitLab offers perhaps the most complete DevOps platform. Yet rather than using any one tool chain, developers tend to pick the DevOps platform that best suits their needs, whether offered by Amazon Web Services, Broadcom or IBM, then use other tools to fill any gaps.
“What most people do is use the majority of a platform but plug in some of their own tools here and there,” Mercer says.
Some providers might claim to have an end-to-end DevOps platform, Mercer says, “but they all miss aspects of the DevOps pipeline.” For instance, a platform might have just about everything needed for DevOps, except for automated testing capabilities. In that case, developers would have to add their own testing.
What Are the DevOps Certification and Training Options?
The DevOps Institute offers a range of certifications — from the DevOps Foundation certification, which covers core concepts and practices, to the DevSecOps Foundation certification, which involves security and compliance. Some consulting firms deliver DevOps Institute-aligned training to organizations and agencies.
There are plenty of DevOps courses available via LinkedIn Learning, including tutorials on using open-source systems like Docker and Kubernetes for DevOps.
“At the end of the day, all that training is really good, but DevOps is very much a cultural change, so it takes time to adopt it,” Mercer says.
It also takes buy-in from the top, he adds. “To be successful, DevOps really needs to take hold at the leadership levels of organizations.”