© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

DVO314

USA Today Brings Shadow IT into the LightHow Gannett leveraged Chef and Amazon Web

Services to standardize its infrastructure

• National and local newspaper and media company

• National brand USATODAY

• 92 media companies in 33 states

Erik Bursch

Vice President of Platform as a Service, Gannett

Franklin Hanson

Senior Manager of Platform as a Service Delivery, Gannett

George Miranda

Global Partner Evangelist, Chef

Key idea: deliver infrastructure and apps together

Local Dev Collaborative Dev Production

Chef DK Chef Delivery Chef Server

Chef Analytics

Model

Build Test Publish

Deploy TestChef server

Runtime manager

(for Docker, etc.)

DevOps success journey

Local Development Code Collaboration Continuous Integration Chef Code Deployment

Application Deployment Infrastructure as a Service Full Stack Automation Continuous Deployment

• Rolling out DevOps following a proven adoption pattern

The Gannett cloud platform

• Shared language to speak about deployment – Chef

• Homogenous API to manage our cloud – Scalr

• Foster DevOps tenets of shared responsibility and

continuous delivery

• Leverage the cloud in an easy but responsible way

Where we were: workflow

Build

Publish to artifact sever

Copy artifact to cloud artifact server

Cloud CI deploys to cloud dev

Manual testing

Internal CI deploys to

QA

Manual testing

Internal CI deploys to

staging

Manual testing

Wait for maintenance

window

Internal CI calls BMC calls site directory

Deploys to production

Operations• 2 physical data centers run and

managed by a separate hosting team

• No cloud presence for the hosting team

• Hosting team managing deployments

with no access to development

• Development environment: • Mix of internal dev servers

• Amazon EC2 classic

• Personal Heroku accounts

• Separate tools managed by devs

without access to internal environments

• No collaboration with security teams

Development

AWS

West

Datacenter

East

Datacenter• Production • Development

• Staging

• Production

• Development

(separate from

internal dev)

Where we were: infrastructure

Our problems

• Manual handoffs between different deployment tools prone

to error

• No accountability to finance or security in the cloud

• Inconsistent monitoring and deployment tools between

Development and Operations

• CHAOS!

What did we learn from Shadow IT

Quick time to development for new applications on Heroku• Developers had a standard way of deploying their applications and expected resources

to be the same every time

• Easy access to PaaS services for database and cache layers

Developers were able to provision resources themselves• Developers avoid hand-offs to provisioning and release teams to expedite releases

Unlimited cloud resources• No waiting for capital requests to deploy new applications

• Less fear of traffic spikes because of compute on demand

Gannett cloud stakeholders

Development• Need a platform they can deploy and manage their applications on with speed and

consistency

Operations• Need to build and deploy infrastructure in a repeatable fashion and manage configuration in a

standardized way

Finance• Required visibility of the true cost of applications at a full stack level

Security• Required a way to view and audit existing stacks in the environment as well as track all

changes

How did we start?

Community

• Grassroots implementation of Chef in a new Amazon VPC for

development to mimic the production environment

Standardization

• For applications to move into our VPC they had to be provisioned

and deployed through Chef

Security

• Manage mandatory Chef controls for user access and system

security standards

Applying what we learned from the cloud

• Build for failure

• Treat infrastructure as code

• Avoid manual deployment processes

• Separation of concerns in deployment

Where we are now: infrastructureMaking Amazon a Gannett Network

• Connecting Chef from the cloud to our infrastructure

• Multi-region high availability AWS Direct Connect connections – 2 tunnels per region to

our physical datacenters

• Leverage AWS CloudFormation templates for the networking team to manage the VPC

• Dev

• Stage

• Tools

• Production

Network Services Network Services

USWest2 VPC USWest2 VPC

• Dev

• Stage

• Tools

• Production

USEast1 VPC

West

Datacenter

East

Datacenter

USEast1 VPC

Redundant

Direct Connect

Redundant

Direct Connect

Fiber Backbone

• Production • Dev

• Staging

• Production

Introducing security to Chef• Kitchen verification tests with security controls written into the tests

• Give security access to the code that builds the entire production stack through AWS

CloudFormation, Chef, and application code

• Code changes tracked back to ticketing and auditable

Simplifying deployment for developers

• CMP exposes Gannett community cookbooks

• Allow teams to provision their own resources in a

managed VPC without waiting on other teams

• Leverage community managed deployment cookbooks

for common technology stacks

Creating visibility for finance

• Tagging resource ownership for teams and projects

• Using cost analytics tools to visualize savings

• Ice – reservation management

• Scalr – Cost Analytics

• Enabled by Amazon detailed billing reports

Was it successful?

Measures of success

Deployments are quicker and more reliable • Application provisioning and deployment changed from weeks to minutes

• Decreased the number of failed builds in staging and production deployments

New applications are deployed in the cloud with Chef• All applications share a common deployment methodology that can then be customized

All new infrastructure represented as code• Provide visibility to Devs, Ops, and Security to track and audit changes throughout the stack

What comes next?

Complete enterprise adoption of cloud methodologies• Currently we have about 30% of our teams on board our cloud platform

• Targeting 100% adoption by teams in our technology division

Improving our Chef deployment pipeline• Increase speed of Chef runs in the environment

• Migrating early adopters from roles to role cookbooks for version pinning and

integration testing

Q&A

Thank you!

Interested in joining our team at Gannett?

http://www.gannett.com/careers/