DevOPS, SecOPS, DBAOps, NetOps

This post is long overdue, as the idea struck me when dicussing with Lefred while preparing his Fosdem talk on Maintaining too big tables

I got triggered finishing this post by Mr BuidlDoctor

Fred has been struggling with a typical DevOps problem resulting in the most unmanageable database setup possible, there's little room for him to move but he managed is way out .. because he is good at his job

It set the mark for me that because in different organisations even the Opsteam is fragmented `in different groups that there also we need to get the Devops idea going.

Typical setups here are the Network guys vs the Platform guys , specially with the growth of virtualization where the network stack doesn't stop at the physcial switchport anymore but the vlan trunks go deep in to the VM's a lot of discussion happens. There where traditionally the story for the network engineer stopped at the switch they now want control much deeper in the infrastructure.

But an even bigger group that needs integration are the security folks, it's no secret that in some organisations the security guys job is to be the bad guy, their default reply to something is NO. Specially to people wanting to drill holes in their architecture .

Patrick wonders if its the specialist vs generalist dillemma, I think it's the Web vs Enterprise IT way of thinking ..
DevOps first gained ground in Web environments , the battle has only started ..

We still have a long way to go before in say a banking environment the Devs and SecOffs' and the DBA's and the Ops are on the same line ... they all need to break the walls of confusion, they all need to come out of their silos. And when you are a generalist in charge of a bunch of these things you have to make sure your tuesday afernoon security persona talks with his other persona's from time to time ... otherwise you are really gonna need those meds :)

Comments

John's picture

#1 John : Yaa i also agree on james

Yaa i also agree on james turnball's comment,DevOps is the easiest bridge to cross.


Devdas Bhagat's picture

#2 Devdas Bhagat : Devops isn't really new

Devops has been around since long before web environments, except that we just called them good sysadmins.

The job of secops *IS* to say no, until you come up with a proposal which works under their constraints. Alternatively, give them the constraints and let them figure out the solution.

Having been in a secops role, it's not fun to have no budget, have everything being tunneled over port 80 (or 443) and not being able to secure end nodes. The reason I got out of secops was because I can really see no way to do a good job in that field until disaster strikes.

IMO, the devops and dbaops divides will be the hadrest to cross, because each side tends to assume that the other side does not know or care what they do. In my limited experience, this has been far truer with developers who don't know enough about operations to do it right, and don't care enough to learn why operations works in certain ways.


John Allspaw's picture

#3 John Allspaw : Having specialists doesn't automatically = wrong

Having been in an environment where having Storage, Network, Security, and even Datacenter specialists, I want to point out that these 'silos' can indeed work well.

Just because staff are specialized doesn't prevent them from having enough awareness of the application or business case to be effective, especially in troubleshooting and design phases.

StorageOps/NetOps at Yahoo knew exactly what Flickr's requirements were, and what normal (and abnormal) workloads were. They also had the deep knowledge about storage devices to know what might be coming in the future that could help Flickr's workload. I also enjoyed not needing a specialist on my team for those bits. Being able to communicate with them during outages and issues were the same as any on my own team.

So, specialists can work quite well.


Matthias Marschall's picture

#4 Matthias Marschall : Silos are sub-optimizations

It's great to have specialists, but they must never ignore the big picture. As soon as one thinks, his job is to _only_ fulfill his specialist role, he creates a silo. It might feel warm and cosy for him, but sooner or later he has to admit, that he is sub-optimizing his own area of responsibility instead of optimizing the whole!


Doug's picture

#5 Doug : I think it's all about

I think it's all about professional discipline. Don't cut corners wearing one hat if you know that your actions would be unacceptable or even just undesirable when wearing another hat.

I've effectively done SecOps in the past. Sometimes it is tempting to break your own rules to get a ops task done but if you have discipline you can resist.


James Turnbull's picture

#6 James Turnbull : I agree - it's more than

I agree - it's more than "dev" + "ops" - it's about breaking down silos. DevOps is actually the easiest bridge to cross - wait until we have to deal with SecOps... :)