In a traditional software development model, developers write large amounts of code for new features, products, bug fixes and such, and then pass their work to the operations team for deployment, usually via an automated ticketing system. The operations team receives this request in its queue, tests the code and gets it ready for production – a process that can take days, weeks or months. Under this traditional model, if operations run into any problems during deployment, the team sends a ticket back to the developers to tell them what to fix. Eventually, after this back-and-forth is resolved, the workload gets pushed into production.
This model makes software delivery a lengthy and fragmented process. Developers often see operations as a roadblock, slowing down their project timelines, while Operations teams feel like the dumping grounds for development problems.
DevOps solves these problems by uniting development and operations teams throughout the entire software delivery process, enabling them to discover and remediate issues earlier, automate testing and deployment, and reduce time to market.
To better understand what DevOps is, let’s first understand what DevOps is not.
Instead of developers coding huge feature sets before blindly handing them over to Operations for deployment, in a DevOps model, developers frequently deliver small amounts of code for continuous testing. Instead of communicating issues and requests through a ticketing system, the development and operations teams meet regularly, share analytics and co-own projects end-to-end.
DevOps is a cycle of continuous integration and continuous delivery (or continuous deployment), otherwise known as the CI/CD pipeline. The CI/CD pipeline integrates development and operations teams to improve productivity by automating infrastructure and workflows as well as continuously measuring application performance. It looks like this:
Figure 1: Stages and DevOps workflow of the CI/CD pipeline
DevOps and Security
One problem in DevOps is that security often falls through the cracks. Developers move quickly, and their workflows are automated. Security is a separate team, and developers don’t want to slow down for security checks and requests. As a result, many developers deploy without going through the proper security channels and inevitably make harmful security mistakes.
To solve this, organizations are adopting DevSecOps. DevSecOps takes the concept behind DevOps – the idea that developers and IT teams should work together closely, instead of separately, throughout software delivery – and extends it to include security and integrate automated checks into the full CI/CD pipeline. This takes care of the problem with security seeming like an outside force and allows developers to maintain their speed without compromising data security.