Blockchain

Accelerating the Release Lifecycle with Deployment Paths: Part 2

As enterprises embrace cloud native and everything as code, the code-to-production journey has become a critical aspect of delivering value to customers. This process, often referred to as the “deployment path,” involves a complex series of steps and decisions that can have a significant impact on an organization’s ability to deliver software efficiently, reliably, and at scale.

In the first post in this series, we explore the complexities and explore strategies and goal state modes to achieve a smooth and effective deployment path.

This post expands on the topic and provides a maturity model and building blocks to help companies accelerate their software supply chain lifecycle in the ever-evolving enterprise cloud-native software development environment.

Roadmap Distribution Path

There are many moving parts and stakeholders that must come together to realize an accelerated deployment path. We recommend a four-step roadmap for implementation, as shown in the figure below.

Step 1: Automate Development

Infrastructure Automation (IaC) and Pipeline Automation are a good place to start because they happen independently within the development team. This phase focuses on building an enterprise catalog of continuous integration, deployment, and test (CI/CD/CT) and operational patterns through integration of the tools needed to automate core development and testing activities. Given the complexity of the enterprise, the most difficult part of this phase is the automation of testing functions (test data preparation and test case execution across multiple systems are largely semi-automated). A full Cloud Competence Center (CCC) or equivalent core team plays a critical role in driving change across application and platform teams.

Step 2: Institutionalize the pattern-based model

The CCC (or equivalent) works with the architecture board to establish a collection of repeatable patterns, including atomic patterns representing individual cloud services and patterns for composite applications comprised of multiple cloud services. The architecture review process (along with other related review processes) was modified to institutionalize pattern-driven architecture representations, with backlogs established for various groups (e.g., Platform Engineering and CCC) to build these patterns into code. This helps with adoption and acceleration. Over time, applications expressed emerge as a set of patterns that standardize the development model overall. Additionally, teams such as Business Continuity, Resiliency, and Security leverage these patterns (e.g., highly available multi-region architecture) to recognize and accelerate admission gates with a standardized approach. The key to this coordination is the co-creation of these patterns across participating organizations.

Step 3: Self-service and cross-department integration

There are many organizations in the enterprise that want to ensure that their cloud applications follow guidelines and best practices. This phase focuses on integrating cross-functional teams (e.g. security, compliance, and FinOps) through automation, tools, codified patterns, or self-service options. It builds on the initial steps to emphasize meaningful engagement between teams. Key aspects of this step include:

  • Establish and align high availability patterns with your resiliency team with accelerated reviews to demonstrate compliance with these patterns.
  • Codify your security and compliance requirements into patterns and secure them on your platform with a set of policies.
  • Verification is addressed by integrating tools such as vulnerability scanning, policy verification tools (such as Cloud Formation Guard for AWS), and container security with the pipeline following the Shift-Left principle.
  • Join the Enterprise Records team to study a set of data classification and retention patterns, and join the FinOps team to assess appropriate tagging and quota compliance.
  • Build the AuthN/AuthZ integration pattern that abstracts nuances and standardizes authentication and authorization for applications, data, and services.
  • Automate the firewall by creating resource files from an IaC run and importing them into the firewall system, as described here.
  • A platform engineering enterprise catalog that offers a variety of self-service capabilities.

Step 4: Automated Deployment Path

This phase focuses on decentralizing and decoupling different enterprise groups while integrating them through automation and DevSecOps. One example is the automation of change management processes, including automated release note generation where systems aggregate data from multiple interconnected systems to automatically construct a comprehensive change review checklist. This brings credibility, efficiency, and accuracy to the reviews. This holistic approach represents a significant leap forward in a company’s operational efficiency and risk mitigation.

Deployment Path: Components of the Cloud Native Model

Let’s look at a few use cases that demonstrate the accelerated deployment path.

Use case 1: Persona-centric IaC coding

Persona- and pattern-based IaC codification can accelerate both development and review phases. The figure below represents different stakeholders in an enterprise with different concerns and requirements for cloud-native workloads.

It takes a lot of development time for the product team to manually code for each of these issues, not to mention the time it takes for stakeholders to manually review each area. Codifying these into hardened individual or composite patterns provides product teams with correct Bootstrap code and acceleration, increasing stakeholder trust and review efficiency.

Use case 2: Shift-left security and policy validation

Automate security, compliance, and other policies for your infrastructure as part of your CI/CD pipeline. This ensures that deployed infrastructure is aligned with enterprise policies even before deployment. There are several approaches provided by cloud providers and open source tools (including Checkov, Cloud Formation Guard, and cfn-nag) that can achieve this. Typically, the security team codifies policy validation rules and the product team integrates policy validation within the CI/CD/CT pipeline before the infrastructure is provisioned into the cloud environment.

Use Case 3: Automated Compliance Evidence Collection for Review

Cross-functional cloud platform, security and compliance teams build automation to support evidence collection and accelerate security and compliance reviews. This typically requires leveraging Cloud APIs to query information from deployed cloud resources and build compliance evidence and health. These capabilities enable product teams to execute automation through self-service models or DevOps pipelines and automatically capture review evidence while identifying compliance status. Maturity increases when evidence collection occurs automatically and reviews occur in a completely hands-free mode.

Use Case 4: Integration Patterns and Pipeline Toolkit

Complex cloud-native patterns, such as the AWS Active-Active Serverless API, require several individual patterns together. These patterns include:

  1. Cloud services such as Route53, API Gateway, Lambda, Dynamo DB, IAM, CodeDeploy, CodeBuild, CodePipeline, and CodeCommit.
  2. Non-functional requirements such as AuthN/AuthZ, multi-region active-active deployment, security at rest and in transit, tracking, logging, monitoring, dashboards, alerts, failover automation, and health checks.
  3. Integrated enterprise tools including code quality, SAST, DAST, alerting, test management, tracking, and planning.

The one-click solution allows the product team to select the right pattern, which generates the required Bootstrap code that integrates multiple codified patterns as described in the previous use case.

Deployment Path: Delivery Approach

For the delivery model to realize the distribution path, the CCC (or equivalent) must collaborate with multiple organizational groups, as shown in the figure below.

The delivery model deployment path consists of the following steps:

  1. Defines the overall path to deploy a process through a series of application life cycle stages, activities, deliverables, and related dependency groups.
  2. Define and organize multiple squads focused on different aspects of your deployment path.
  3. Plan a flexible model within your squad so you can bring in support groups as needed.
  4. Build a backlog and initiate competency development for each Cloud Competency Center team.
  5. Adapt the four-stage maturity model to help your company track its maturity.
  6. Establish product teams and relevant stakeholders as part of backlog refinement and prioritization.
  7. Continue to focus on automation adoption. The success of your deployment path depends on building and adopting automation.
  8. Build centralized knowledge management and planning management around your distribution path.
  9. Make it easier for product teams to integrate these activities into their delivery plans (using project tracking and agile collaboration tools like Jira).
  10. Establish a measurement system for the path to deploy stage gate SLAs and continuously track SLA improvements (as the feature deployment path matures over a period of time).

Narrow the focus on the deployment path by considering why cloud transformation is not creating full value and identifying release lifecycle acceleration as a key challenge. Deployment Pathways can be a common vehicle to facilitate multiple groups to accelerate the entire software supply chain life cycle beyond the development and test life cycle acceleration that currently exists. A four-stage roadmap has been defined, with the initial stages focusing on DevSecOps and pattern adoption, and the advanced stages maturing towards a product engineering culture. Product teams are encouraged to collaborate with participating enterprise groups in a decentralized manner to leverage automation and self-service. The maturity model encourages organizations to start small and scale incrementally, and our delivery approach delivers predictable outcomes on this complex journey.

Learn how to accelerate business agility and growth.

Related Articles

Back to top button