Post on 19-Jan-2017
transcript
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
May 20th, 2016
Ting-Chung Hu (胡定中), FRS
DevOps at FRS TrendMicro
How We Run DevOps
Enabling a Smart Protection
Strategy
Inspired to Stay a Step Ahead
Global Threat Intelligence from
the Smart Protection Network
Backed by Global Research
and Support
Fast Facts
Founded: 1988, United States
Headquarters: Tokyo, Japan
Number of Employees: 5,258
DevOps – What is DevOps?
• Development + Operations = DevOps
• DevOps is a culture, movement or practice that emphasizes the collaboration and communication of both software developers and other information-technology (IT) professionals while automating the process of software delivery and infrastructure changes.
• It aims at establishing a culture and environment where building, testing , and releasing software, can happen rapidly, frequently, and more reliably.
--Wikipedia
Our Challenges
Dev
Ops
• Gaps between Dev and Ops
• Developers
• Mostly concerned about faster feature delivery time
• Operations
• Mostly concerned about system stability and impact from changes
• The left hand doesn’t know what the right hand is doing
• Slow hardware acquisition
• Difficult capacity planning
Service Pool
HypervisorHadoop
Dev &
Staging
Hyper-
visors
Production
Hypervisor
Large size
VM
HypervisorDB Storage
What We Needed to Maintain on Premises
DevOps – Our Approach
• AWS
• Relieve Ops from ”unplanned work”
• CloudWatch enables us to monitor real-time health and performance of the resources
• More computing power when you need it, less when you don’t
• Detail billing records enable us make better capacity planning and budgeting
• Continuous Integration and Continuous Delivery
• Faster feature turn around time
• Leverage AWS CloudFormation and OpsWorks heavily
• Infrastructure as code and configuration as code
• RD/Development now take full responsibility for the entire stack
OpsWorks
• built-in application lifecycle
• interactive application console
Infrastructure provisioning
EC2
SQS, SNS, Kinesis, etc.
databases
VPC
IAM
Application deployment
download packages, install software, configure apps,
bootstrap apps, update software, restart apps,
etc.
CloudFormation
• templatize
• replicate
• automate
OpsWorks “inside” CloudFormation
CI/CD – Infrastructure
Engineer
Github
new
branch
push
Code Template
S3
CircleCI
Cloud Formation
Testing
Environment
Staging
Environment
Production
Environment
Integrate Deploy
Admin
CI/CD – Infrastructure (Cont.)
Template CloudFormation
Public Subnet
NAT GW
Public Subnet
NAT GW
Private Subnet
Private Subnet
Private Subnet
Private Subnet
IAM
S3
CircleCI
Testing
Environment
Staging
Environment
Production
Environment
Build & Test Deploy
OpsWorks
CI/CD – Application
Engineer
Github
Develop
Tech Lead
Private Subnet
CI/CD – Application (Cont.)
Template
Private Subnet
Private SubnetPrivate SubnetPublic Subnet
NAT GW
Public Subnet
NAT GW
CloudFormation
apps
apps
CircleCI OpsWorks
SNS
DynamoDB
ElastiCache
S3
RDS
RDS
Instances
Instances
CloudWatch
Alarm
What do we maintain now — Templates
Template
CloudFormation
Infra.Admin
VPC
Subnets
IGW
Routing Table
Rout
VPN
Shared S3
IAM
Security Group
Engineers
ELB
CloudFormation
EC2
DynamoDB
OpsWorks
App Deployment
AutoScaling
Recipe
Template
Lessons Learned
• CloudFormation• Use CloudFormation to manage all of your resources if
possible (Not all AWS resources supported yet)
• Difficult dynamic referencing between stacks
• Parameterize as much as possible
• Keep an eye on your limits
• Opsworks• Need to be familiar with Chef
• Limited built-in Windows support
• Limited auto-scaling support