and Solving Problems a. Fact – Things will go wrong in Operations! i. 2001 Microsoft Operation Framework study found the best-performing organization were better at diagnosing & fixing service incidents and are subsequently transmitted to receiving equipment for monitoring 1. Create telemetry in application & environments (to include production, pre-production, and CD pipeline) iii. Ian Malpass, Etsy what’s up or down. ii. Modern Monitoring architecture 1. Data Collection at business logic, application, & environments layer a. Events, logs, & metrics b. Common service to centralize, rotate, and

providing application/infrastructure stacks that are pre- approved and appropriately configured and secured. f. INTEGRATE SECURITY INTO OUR DEPLOYMENT PIPELINE i. Hardening the application after development pipeline iii. Enable fast feedback on potentially insecure changes g. ENSURE SECURITY OF THE APPLICATION i. Focus on the sad paths or bad paths to effectively address QA, Infosec and related concerns Created platform addressing bulk of compliance concerns driven by ATO requirements 2. Automating framework for generation of system security plans j. INTEGRATE INFORMATION SECURITY INTO PRODUCTION TELEMETRY

as we try to become Agile. This frame of reference includes the notions of project, systems, application, investment, architecture, skill set, and accountability. We have, to be honest, made a jumble requirements: it should be an objective, an envisioned outcome that would add business value.  The best framework I have found for working with desired outcomes as requirements is Gojko Adzic’s Impact Mapping:

scaledagileframework.com  SAFe in 7 minutes - https://www.youtube.com/watch?v=RXzurBazN-I Scaled Agile Framework (SAFe): Dean Leffingwell - Agile Software Requirements: Lean Requirements for Teams Programs and

Major contributing cause of issues stems from releases representing the first time we see how an application behaves in a production-like environment ii. Don’t just document the environment specifications the value stream iii. Everything, everything, everything is checked into version control 1. Application code & dependencies 2. Environment scripts & creation tools 3. DB scripts and reference data 4. Containers 5. Automated tests 6. Project artifacts – documentation, procedures, etc. 7. Application configuration files 8. This also includes pre-production and build processes 9. Tools iv. 2014

vs BROWNFIELD SERVICES i. DevOps is not just for Greenfield ii. Important Predictor – Is the application architected (or could be re- architected) for testability and deployability? iii. Successful Brownfield mainframe and supporting applications a. They 2X release frequency b. Resulted in increased application reliability c. Reduced deployment lead time from 2 weeks to <1 day 2. Etsy a. “Barely survived the business; defines functionality ii. Development - the team responsible for developing the application iii. QA – team responsible for ensuring feedback loop exists to ensure functions as desired

once a week to everyday  Expanded Sphere of Influence  Machine Imaging  DEG and 3rd Party Application Installations  Route Adds – requires heightened security access  Database Data Script Execution

new requirement to be delivered and deployed. Deployment speed: how fast a new version of the application can be deployed into the production environment. Deployment frequency: how often a new release

with the self-organizing character of project teams.”12 Enabler: We have been afraid of “rogue” application development, or shadow IT. There has been good reason for that. Rogue applications are often unreliable

requests myurl = "http://sysyear.top:4600" myheaders = { "Accept": "application/json", "Content-Type": "application/json;charset=utf8" } mydata = "dddd" response = requests.post(myurl, headers=myheaders