DevOps Express – the Suite smell of Success?

Fascinating news in the DevOps World last week with the announcement of the DevOps Express initiative.

“DevOps Express is the first-of-its-kind alliance of DevOps industry leaders and includes founding members CloudBees and Sonatype, joined by Atlassian, BlazeMeter, CA Technologies, Chef, DevOps Institute, GitHub, Infostretch, JFrog, Puppet, Sauce Labs, SOASTA and SonarSource.”

Anyone that’s heard me speak at conferences knows I am not a huge fan of “DevOps-in-a-Box” Enterprise Suites, mostly because they lock you into one vendors vision of what DevOps means and what your organisation needs. Worse than that, they lock you into one homogeneous skill set for your team – everyone must have skills with VendorX’s uber-suite and you lose out on the creativity and benefits from having different viewpoints about different tools and where they might work best (heterogeneity).

That said, I am really quite excited about DevOps Express because it *IS* a set of best-of-breed, heterogeneous tools (many of which DevOpsGuys are already partnered with e.g. Atlassian, Chef, Puppet etc).

In their words…

“DevOps Express is a solution-oriented approach designed to make it easier and more flexible for enterprises to adopt DevOps, using popular technologies spanning multiple solution components. DevOps Express provides a framework for industry partners to deliver reference architectures that are better integrated and better supported. Creating reliable and actionable reference architectures for organizations will accelerate DevOps adoption and minimize risk for organizations.”

The vendors saw that the market was already using their tools together anyway as part of their digital supply chains so the question then became “how can we drive adoption by making this easier for our joint customers by providing reference architectures, better integration etc?” – and this is the question that the DevOps Express Initiative seeks to answer.

This sort of bottom-up, “spot a problem and try to solve it” is a great example of DevOps Culture in action – the “First Way of DevOps” is “systems thinking” so the vendors have taken a step back and said “hey, we need to stop optimising our one component and start focusing on the system as a whole” which is exactly what they should be doing in order to improve the DevOps toolchain.

Where should they go next?

Based on our experiences with large Enterprises their top 3 requirements are:

  1. Integrated Authentication (SSO) and roles-based access control (RBAC) – enterprises that have huge IT teams (>1000 staff) want the granularity to enable only certain people, with certain skills or levels of authorisation, to perform certain tasks. If DevOps Express can create a shared model for this across all the vendor tools that would be amazing. Perhaps Atlassian Crowd might be a place to start?
  2. Compliance and audit – large Enterprises have large regulatory burdens (e.g. SOX, HIPPA etc). Regardless of our views of the underlying McGregor Type X Command & Control mindset that underpins a lot of this thinking it’s the law and they have to comply. So mechanisms like standardised log formats, centralised logging, ELK-style log querying and analysis etc are all very helpful.
  3. “one throat to choke” – Enterprise customers want Enterprise-grade support, 24x7x365 with a <1hr MTTR, and they definitely DON’T want to get involved in a multi-vendor finger pointing exercise with each vendor blaming the other for the problem. DevOps Express recognise this explicitly in their Charter but it remains to be seen how well this works in practice.

We’d also love to see some of our other partners get involved e.g. Ansible, Hashicorp, OctopusDeploy, and of course experienced DevOps consultancies to help their joint customers on their DevOps journey (hint, hint, cough, cough…)🙂


DevOpsGuys achieves the ISO27001:2013 information security management accreditation

1st September 2016

DevOpsGuys is pleased to announce that it has been successful in achieving the ISO27001:2013 certification for Information Security Management. This follows an extensive and thorough audit carried out over the past few months and validates the security credentials around DevOpsGuys’ key services.

ISO27001:2013 is the standard for information security and specifies a robust set of requirements necessary to establish, implement, maintain, and improve an Information Security Management System (ISMS). By achieving this internationally recognised certification, DevOpsGuys has demonstrated its commitment to data protection and the provision of services in a reliable and secure manner in addition to identifying and managing information security risks.

The company is now able to systematically identify and resolve potential threats and risks to information assets as well as providing assurance to clients that their data is safe.

DevOpsGuys Co-Founder & CTO Steve Thair commented “This latest accreditation further strengthens our portfolio of services. DevOpsGuys takes its responsibilities to our clients very seriously and this standard demonstrates that they can be assured of the confidentiality, integrity and availability of their corporate information.“

About DevOpsGuys

DevOpsGuys are experts in delivering practical engineering & consultancy solutions to transform and accelerate the way that organisations deliver software. We believe that DevOps offers a new operating model for IT departments to deliver software at speed.

DevOpsGuys has a large team of experienced consultants operating from offices in London and Cardiff and provides services to enterprises and public sector organisations in the UK and overseas.

Our services draw upon the real-world experience that we have gained while working with leading companies such as BAE Systems, Fitness First and Vodafone.

We are widely regarded as a global thought leader in the DevOps space and our opinions have been quoted in research by Gartner, Forrester and Microsoft. In addition, many of our key members of staff are well known amongst the wider DevOps community and are regular contributors to industry conferences, seminars and meet-ups around the world.iso

DevOpsGuys offers services to the UK Public Sector via the latest G-Cloud 8 Framework Agreement

4th August 2016

DevOpsGuys today announced that its range of services will be available to public sector clients via the latest Crown Commercial Service (CCS) G-Cloud 8 Framework Agreement. This will allow DevOpsGuys to supply a wide range of Infrastructure-as-a-Service and specialist cloud services through the Digital Marketplace.

These services can be used by organisations across the UK public sector including central government, local government, health, education, devolved administrations, emergency services, defence and not-for-profit organisations.

CCS’s value for money, commercial procurement solutions are fully EU compliant, saving customers’ time and money. All G-Cloud 8 suppliers have been carefully evaluated during the tender process and pre-agreed terms and conditions offer customers sound contractual safeguards.

DevOpsGuys now offer the following seven services through the G-Cloud 8 Framework Agreement:

About DevOpsGuys

DevOpsGuys are experts in delivering practical engineering & consultancy solutions to transform and accelerate the way that organisations deliver software. We believe that DevOps offers a new operating model for IT departments to deliver software at speed.

DevOpsGuys has a large team of experienced consultants operating from offices in London and Cardiff and provides services to enterprises and public sector organisations in the UK and overseas.

DevOpsGuys has assisted public sector organisations including the Department for Environment Food & Rural Affairs, the Driver and Vehicle Licensing Agency, the Ministry of Justice and Companies House. We have also worked closely with Government Digital Services (GDS) to deliver services and solutions which enable digital teams building government services to meet the “Digital by Default” service standard.

Crwon Commercial Service

#DevOps – the Intern Perspective Part 1

Greg Sharpe is a second year student studying Computer Science at Aberyswyth University and has just started his year long internship at DevOpsGuys. This is the first of a series of posts that talks about his DevOps journey.

When I first started my internship I knew basically nothing about Web Automation and Website Deployment in general but, after being here only a few weeks I have already started to begin to deploy websites for many different projects in AWS.

I can honestly say that there is no way that I would of learnt not only the skills needed by this fast paced career but about the new up and coming technologies involved in deploying these sites without DevOpsGuys.

It’s a great opportunity for anyone to gain great experience as I was taught everything I needed to know straight away and given the support needed to do so. Not only is it a great place to work, but the people there are always happy to help with what I’m working on and I’m really looking forward to working with DevOpsGuys in the coming future as I’m made to feel important and a big part of the team.

“…it was not until working at DevOpsGuys that I really understood how and why it was so important to use version control software”.

Some of the many technologies I’ve have been working with are Terraform, Ansible and Git. Although I have used git before, it was not until working at DevOpsGuys that I really understood how and why it was so important to use version control software and after only a few weeks I can say I’m become more and more confident in Git and can use it on a daily basis without problems.

As for Ansible and Terraform, I had no experience working with these tools prior to joining the team at DevOpsGuys and was a little daunted by the thought of using them. But, after some training sessions with some of the senior engineers, I soon started to understand how both these technologies worked and how to implement them.

I am now onto my third week at DevOpsGuys and have already started deploying the infrastructure for the new site. I have found this not only a great experience to gain knowledge about how Terraform and Ansible work but have also found it enjoyable mainly due to the fact that everyone is so helpful and always available to answer answer any questions I have.

Within my first week, I researched a lot of different options within AWS EC2 Cloud and started with manually creating services from Nginx to Jenkins servers.

I found building these services manually a great inside to how they work and then through the use of Ansible and Terraform I was able to create services in minutes.At first this meant writing a lot of code but when you only have to type in one command to create a complete website, I found that unbelievable.

“…At first this meant writing a lot of code but when you only have to type in one command to create a complete website, I found that unbelievable.”

I’m really looking forward to learning about all things DevOps in the coming future and with the opportunities that DevOpsGuys has to offer (training and talks), I’m sure I’ll be learning a lot more than I ever expected from an Intern placement.

Pokemon Go and the art of customer satisfaction (via #DevOps)

Everyone has been surprised by the recent success of Pokemon Go, and that seems to include its creators!
“Going Viral” is not always easy to predict (even when it might be your goal) but your business can take advantage of automation within the cloud to ensure that your website or online service can deal with the demands of rapid growth in visitors or users of your app.
It has long been held within the IT industry that Google and it’s subsidiaries know how to scale – after all, they generate at least 40% of the traffic on the internet and run GMail, Google Search and Google Docs which are relied on the world over for mission-critical IT services by companies such as Roche Pharmaceuticals and BBVA Financial Services, so why has the launch by Niantic (The company running the platform that powers Pokemon Go and is owned by Google) been such a disaster when it comes to running at scale?
Over the weekend, Pokemon Servers went offline for well over five hours world-wide leading to outcry on social media, and, whilst there are claims that it was a hacker group taking the service offline via a Distributed Denial of Service Attack (DDOS), we find it hard to believe that it had nothing whatsoever with the decision to launch in another 26 countries some six hours previously.
If your infrastructure is in a traditional data-centre that you own and manage, or runs on hardware that you co-locate in someone else’s data-center, then it’s more than likely that you have problems scaling in the event of the Slashdot Effect or a major sales campaign that is successful.  The primary reason for this is that even if you are running a virtualisation platform such as VMWare on your infrastructure, eventually you will saturate your existing hardware and need to place a frantic call yo your hardware supplier in the hope that those ten or twenty-day lead-times can be cut drastically!
If you migrate out to a cloud provider such as AWS or Microsoft Azure, then the following three tricks could help you ensure that you deal with even the most severe amounts of traffic:

Use containers for the stateless parts of your application

If you have parts of your website or web service that are stateless (i.e. don’t rely on shared storage and follow the “cattle not pets” philosophy ), then you can migrate them out to containers that can be spawned and deleted as required and hosted in a “container services” environment such as AWS  or Azure Container Services.  This will allow you to configure how many containers are running at any given time, and how your infrastructure should react to sudden spikes in traffic (helpful hint – spawn more containers whilst busy, delete containers when quiet).

Learn how to take advantage of Auto-scaling at your provider

Both Azure  and AWS  provide a method of Auto-scaling virtual instances for those parts of the infrastructure that cannot be turned into containers for whatever reason.  Learn how to use these tools and couple them with Azure ARM Templates or AWS Cloud Formation [11] to deploy and scale multiple instances when you have an issue with traffic (Pete Mounce’s talk at WinOps 2015 is well worth a look to see how Just Eat do this!).

Get your developers and operations engineers talking to each other (aka DevOps!)

We talk to a lot of people who seem to be tired of hearing how much DevOps is about culture and not about tooling, and yet through encouraging developers and operations engineers to talk to each other, you can start to find some incredibly creative ways to enable an application to scale and an excitement in pushing the envelope.  
At this years’ WinOps, Pete Mounce (again!) talked about DDoS’ing yourself every night in production to prove that you can handle the traffic that your customers might throw at you, we think it’s worth a try and we have seen engineering teams rise to the challenge that is presented to them with excellent results.
Hopefully this blog post has given you some helpful pointers on how to make use of Cloud Technologies to avoid the issues that Pokemon GO seems to be experiencing at the moment, however, if you want to talk to any of our team about how DevOpsGuys might be able to help you scale in future, please get in touch.
– Matt MacDonald-Wallace, DevOps Engineer, DevOpsGuys (aka ProfFalken)
[Image by BagoGames –]

5 lessons learnt from the #DevOps Enterprise Summit EU 2016

This week London played host to its first ever DevOps Enterprise Summit, the Gene Kim led two day conference focussed on Enterprise DevOps adoption. There was a wide array of organisations represented by the speakers – from Financial Services (Barclays & ING) to Consumer Goods (Unilever) to Entertainment (Disney) to vendors like HPE and many others all talking about their own DevOps journeys.

So what were DevOpsGuys key lessons and takeaway messages from the event?

1 – No more excuses!

I think it’s fair to say that the wide range and scope of the Enterprises represented by the speakers destroyed the canard that Enterprise organisations can’t achieve a DevOps Transformation. They can, and they are, but it’s fair to say that it’s not easy nor for the faint of heart.

The Barclays case study in particular outlined the challenges of adopting DevOps across a 15,000+ employee global IT organisation. Other excuses like “you can’t do DevOps in regulated environments because of PCI | SOX | <insert compliance framework here>” was also directly addressed by some of the speakers – you can, they are, you just need to engage with the auditors directly early & often.

2 – “One size does not fit all” for your approach to DevOps Transformation

One phrase that was repeated over and over again (for two reasons as we will explore below) was “One size does not fit all”.

Many of the speakers made the point that their organisations’ approach to their DevOps Transformation was bespoke to them – it depended on their goals, their constraints, their systems, their culture etc etc.

Blindly adopting “what Google do” or “what Etsy do” is a recipe for disaster. We (DevOpsGuys) know this from our own work with our clients. We start with a Discovery phase to ensure that we understand their context and then collaborate with them to create a plan that works for them. Each one is different. One size does not fit all.

3 – “One size does not fit all” inside your DevOps model

The second way that “One size does not fit all” is inside your DevOps model itself. Teams need to have the autonomy to achieve their purpose without being smothered under the weight of overly restrictive, centralised, globally enforced “standards”. Start with Why, focus on the outcomes, and leave the “what” up to the product team itself.

That said, a technological and methodological free-for-all can create a support nightmare, reduce mobility between teams and impede collaboration. Which is why some organisations are looking to the open source software (OSS) movement to adopt “inner source” (or iOSS if you prefer).

The goal here is to create easily accessible, re-usable code that developers can use to accelerate their own delivery (application code, infrastructure code, test frameworks etc etc). Create libraries, patterns and practices that people WANT to use, can contribute to and constantly improve, rather than centrally imposed, static and dogmatic “Enterprise Frameworks”.

4 – “Top Down and Bottom Up”

People don’t want DevOps done TO them, they want DevOps done WITH them.

Another contender for “Catchphrase of the Summit” was “Top Down and Bottom Up”. The context for this is that your DevOps Transformation needs support from both the top (the C-Suite) and the bottom (the IT staff at the coal face) if it is going to succeed.

Grass roots DevOps initiatives (often focussed on technical goals like ELK, Docker and “infrastructure as code”) falter when they try to move outside their silos (e.g. Devs trying to get Ops involved or vice versa). They don’t have the mandate or political “juice” to change how other teams work. Collaboration is strangled at birth and DevOps fails.

Similarly a purely “Top down” DevOps transformation driven from the C-Suite can feel like “just another fad”, particular to jaded Enterprise IT Pro’s who have been through numerous other imposed frameworks in the past. The Enterprise immune system is triggered, resistance grows, and change fails.

Multiple speakers made the point that the C-Suite needs to show real leadership and be actively involved in the DevOps Transformation, removing obstacles, devolving autonomy and constantly seeking (and listening to) the feedback from their teams.

People don’t want DevOps done TO them, they want DevOps done WITH them.

5 – Holistic approach to DevOps is crucial

Another recurring theme is that your DevOps model needs to be holistic (which aligns neatly with the “First Way of DevOps”).

There was a running joke that DevOps needs to be renamed BizMarketingHRFinanceProductDevSecOps or something like that to truly encompass all the teams that need to be involved in moving to a DevOps model.

Systems thinking and the Theory of Constraints are inherent in DevOps – they are part of the philosophical framework that underpins DevOps – so it’s no real surprise that we have to consider the WHOLE system that is involved in moving from “concept to cash” to identify the real constraints and follow the POOGI cycle to ensure that things improve.


So that’s our top 5 take aways from DOES EU 2016. We will do a longer write up of the event itself later but we are already looking forward to DOES EU 2017 in June 2017!

Less than a week until Winops Conf

Less than a week to go until the second annual DevOps On Windows conference – – Tuesday 24th May.

We already have over 200 attendees registered to see an awesome line-up of speakers including the inventor of Powershell and Chief Architect for the Enterprise Cloud Group at Microsoft – Jeffrey Snover!

We also have:

  • Ed Wilson – The Microsoft Scripting Guy – talking about Config Management with Azure Automation
  • Michael Greene – Principal Programme Manager @ MSFT – talking about Release Pipelines
  • Iris Classon – Developer @ Konstrukt – talking about their journey to The Cloud.

Plus lots of other MVP’s, panel sessions, sponsor stands (Microsoft, Chef, Puppet, OctopusDeploy, SquaredUp, Jetbrains, IPExpo, Cloud&DevOps World, Redgate, Chocolatey and of course Prism Digital and DevOpsGuys as the organisers!).

This year we also have a FREE workshop day on Wednesday 25th May courtesy of Microsoft – “What’s New in Hybrid IT Infrastructure”

“Attend this free one-day training event to learn how to evolve your datacenter into a true hybrid cloud model to achieve greater efficiency, flexibility and scalability.” 

Note that this is a HANDS-ON lab-driven workshop with Ed Wilson and Marcus Robinson from Microsoft, so bring your laptop and get ready to get first-hand experience of things like Powershell, DSC and Azure Resource Manager.

I look forward to seeing you all there!


p.s. if you follow @DevOpsGuys on twitter and send us a message we might be able to do you a last-minute discount code for🙂


%d bloggers like this: