ITIL and DevOps at War in the Enterprise - DevOpsDays Amsterdam 2014
Embed Size (px)
The journey from ITIL/CMMi to DevOps in the corporate setting of ING Netherlands. Presentation by Mark Heistek and Jan-Joost Bouwman at DevOpsDays Amsterdam 2014.
Transcript of ITIL and DevOps at War in the Enterprise - DevOpsDays Amsterdam 2014
- ITIL and DevOps at war in the enterprise
- Mark Heistek Background in: Operations Project management / Process management DevOps and CD evangelist since 2 years Current position within ING: Continuous Delivery team CIO NL DevOps community manager on internal social platform Interests: Sports Jan-Joost Bouwman Background in: Operations Process management (change) DevOps and CD evangelist since 2 years Current position within ING: Process owner Service Operations & Service Transition (and only person that knows what that is) DevOps community co-manager Interests: Birdwatching, travel @markheistek Mark.email@example.com @janjoostbouwman Janfirstname.lastname@example.org
- The enterprise as organism
- OPS DEV Where do we come from?
- Importance of NFR
- Where did we start to come together?
- ITIL service design and tollgates
- Generic Acceptance Criteria PCAB / Tollgate 1 Solution Delivery Clarity code: Service Management Change nr: Nr. Description Expected Output Remarks/Checkpoints Nr. Description Expected Output Remarks/Checkpoints SD1.1 Has the responsible OIB parties been identified, including co-developing parties and are all work packages/team plans defined and incorporated in planning, PID (list of deliverables) and business case (exploitation costs), including infrastructure? PID, work packages, team plans SM1.1 Has Service Management delivered the baseline information from the CMDB to the project? CI Relation report SD1.2 Is the Solution Architecture for the involved infrastructure up to date and approved by Technology Design Authority? Confirmation and approval by TDA that deliverables are in alignment with Solution Architecture SA, TDA confirmation SM1.2 Has Service Management provided the non-functional requirements to the project (including waivers and problems to be solved, and any Specific Acceptance Criteria, ie specific for that department or that environment) SD1.3 Is the Solution Architecture for the involved application up to date and approved by Enterprise Architecture? Confirmation and approval by EA that deliverables are in alignment with Solution Architecture. SA, EA confirmation SM1.3 Has Service Management registered the project and the work packages (including infrastructure) in HPSC and assigned to the domains responsible for support after implementation? HPSC records and linkages SD1.4 Are proposed changes/designs to the IT Services been aligned with the policy to disentangle IT Services for Insurance and Banking? SA, EA confirmation SM1.4 Has Service Management provided the costs for Transition to Support and the expected delta in the exploitation costs as input for the Business Case of the project. updated business case SD1.5 Capacity modelling: has the delta in required capacity for production been specified for Application Support and Infrastructure? Are test plans developed for testing the capacity models? Capacity model; test plans SM1.5 Has Service Management provided baseline Capacity reports as input for Capacity Modelling Performance reports SD1.6 Has infrastructure confirmed the requested delta in required capacity? Confirmation from ISS/TS/BST SD1.7 Have contracts for both Solution Delivery and Service Management with (sub-)contractors and vendors been checked and updated (if necessary) and are the results added to the business case? Finance, Vendor Management SD1.8 Has TDA checked the consequences for the system and service management tooling? TDA confirmation SD1.9 Has the list of items that will be transfered to Service Management in Transition been specified? PID SD1.10 Has the list of items that will be solved by the project (problems, waivers, software/hardware decommissioning etc.) been delivered to Service Management? list SD2.1 Is the current BIA still valid or does it need updating? Necessary updates are approved by the relevant parties Approved BIA SM2.1 Has Service Management determined the Risk & Impact of the change during implementation and operation Initial Risk & Impact To be confirmed in TCAB SD2.2 Are the CIA and PIA still valid or do they need updating? Necessary updates are approved by the relevant parties Approved CIA and PIA SD2.3 Are the ACA, BCDR design, Security Monitoring design, RBAC and IST/SOLL matrix still valid or do they need updating? Necessary updates are approved by the relevant parties Approved ACA, BCDR design, Security Monitoring design, RBAC and IST/SOLL matrix 3 Testing SM3.1 Has Service Management delivered the baseline for performance testing test plan 4 Planning SD4.1 Has the TCAB -as tollgate 2- been planned before start of UAT? planning SD4.2 Has the final DCAB been planned (after UAT, before implementation date)? planning SD4.3 Does the planning cater for rework after testing (both software and infrastructure)? planning SD4.4 Has BCDR delivery and testing been planned? planning SD4.5 Has delivery of an (updated) I and A OSG been planned planning SD4.6 Have all the documents to be updated been identified and has updating the documents been planned. planning SD4.7 Has the need to train or educate staff for supporting and endusers for using new or changed functionality been determined? planning SD4.8 In case you deliver a modification (including new developments) in a web based application: plan the delivery of sign-offs of the security code review scan report before promoting the software into Production environment. planning SD4.9 If the project requires new or adjusted external connections, have penetration tests been planned, staffed as part of UAT/PAT and has the sign-off by RCEC been planned before Tollgate 2? planning 1 Non- functional requirements and deliverables 2 Risk, Continuity and Security Generic Acceptance Criteria 1st DCAB / Tollgate 2 Solution Delivery Clarity code: 0 Service Management Change nr: 0 Nr. Description Expected Output Remarks/Checkpoints Nr. Description Expected Output Remarks/Checkpoints SD1.1 Have all items on the PCAB and TCAB checklist been completed and signed-off before the first DCAB meeting? updated checklist SM1.1 Is the RfC record in HPSC up to date? In case of a Project Exception Report: has the record been updated to reflect changes to deliverables, planning and or business case for Service Management? NB Change owner may reside on SD side confirmation by change owner SD1.2 SM1.2 Have all Specific Acceptance Criteria agreed upon between SoDC and SeDC confirmation by change owner SD1.3 Has Technology Design Authority confirmed that the final deliverables are in line with the approved Infrastructure and Security Architecture and Detail Design sign off on deliverables by TDA SM1.3 Have Service Delivery Contracts been approved? confirmation by RL4/Service Manager SD1.4 Has Entreprise Architecture confirmed that the final deliverables is in line with the approved Solution Architecture and Detail Design? sign off on deliverables by EA SM1.4 Is the SLA for the Service or components that will be changed ready, has it been signed-off by Supplier and Business? SLA with sign off by Supplier and Business SD1.5 Are the final deliverables still in alignment with the policy to disentangle IT Services for Insurance and Banking? confirmation by EA SM1.5 Has all updated documentation (or knowledge management system) been distributed to the relevant parties confirmation by Service manager SD1.6 SM1.6 Has an aftercare period during which the project is in the lead with regards to incident solving been agreed upon? confirmation by Service manager SD2.1 Have external connections been approved by RCEC? Are they agreed upon and signed off by their respective business owner? RCEC minutes, certificates SM2.1 Is the Operational risk for implementation researched, analysed and mitigated? Minutes TCAB SD2.2 Has the (A-)OSG been completed and approved by SM Security Manager? approved (A-)OSG SD2.3 Has OSS/UAC or its custodian confirmed that the soll matrix is in place and up to date, that User Access Model complies with RBAC, and that User Access Management complies with Authorization Management Process? sign off by SM Risk manager SD2.4 Has Security monitoring been implemented in accordance with the Risk Minimum Standards? sign off by SD Risk manager SD3.1 Is the run book for implementation complete, including roll- back and back-out scenarios? Final runbook attached to change record SD3.2 Have FAT results been accepted by Service Management confirmation by Service Manager 4 Planning SM4.1 Do planned start and end date and the outage times of the Request for Change not conflict with other items on the Change Deployment Calendar? OIB Change Calendar 1 Non functional requirements and deliverables 2 Risk, Continuity and Security 3 Testing Generic Acceptance Criteria 2nd DCAB / Tollgate 3 Solution Delivery Clarity code: 0 Service Management Change nr: 0 Nr. Description Expected Output Remarks/Checkpoints Nr. Description Expected Output Remarks/Checkpoints SD1.1 Have all remaining checkpoints on Tollgate 2 been signed off before the second DCAB meeting SM1.1 Have all CMDB changes to be implemented been approved by the CI owner and the Configuration manager? confimation by CI owner and CFG manager SM1.2 Have all Known Errors with their Work arounds delivered by the project been entered in HPSC? confirmation by Problem manager SD2.1 Has the code review report to check whether Secure Coding Guidelines were followed been delivered? Code review report, for Web facing with ORM sign off SD2.2 If the project requires new or adj