What is DevOps and compare with SRE and DevSecOps?
What is DevOps in simple terms?
DevOps is a set of practical methods that shorten the time from submission to deployment of system changes to the production environment under the premise of ensuring high quality.
DevOps is a combination of two functions that are typically treated separately: development and operations. That definition of DevOps is the Standardized development methodology, clear communication, and documented processes supported by a standards-based, proven middleware platform to improve application development and management cycles, bring agility, and provide greater availability and security to your IT infrastructure. Clearly, DevOps is about connecting people, products, and processes. Ultimately, DevOps is about connecting IT to business.
What exactly do DevOps do?
DevOps take on a range of day-to-day responsibilities. These include:
- Project management: DevOps engineers take a lead managing the whens, wheres, hows, and whos of an IT project, making sure everyone’s clear on objectives, aware of major deadlines, and in regular contact.
- Designing and improving IT infrastructure: Core infrastructure might be holding you back. A DevOps engineer can identify how you can improve this to encourage collaboration and, ultimately, get your releases to market quicker.
- Performance testing and benchmarking: evaluating how well and reliably systems run is a key part of a DevOps engineer’s day-to-day responsibilities.
- Automation: are your releases slowed down by important but repetitive tasks? One of a DevOps engineer’s major roles is to reduce hours spent here by automating these and building useful software plugins that will lighten your software team’s load.
- Optimizing release cycles: are you losing valuable time because of how your release cycles are structured? DevOps engineers look for ways to optimize your release cycles, remove hidden time drains, and introduce new ways of moving the process along (new software, for example).
- Monitoring and reporting: one of a DevOp engineer’s roles is to provide feedback from production to reduce ‘time to detect’ (TTD) errors and ‘time to minimize’ (TTM) them.
- Security: security-focused DevOps, or SecDevOps, is a set of best practices aimed at keeping security central to all DevOps processes. This includes automation of key processes, release schedules and infrastructure design.
What are the list of DevOps Tools?
Set of practices and relevant tools
- Provisioning : Provisioning servers, storage, network, firewalls in today’s world is far from dealing with physical entities themselves. With virtualization and now cloud, infrastructure in today’s world is mostly virtual or to simply say is a software. Since its a software, you could write software to provision it, auto scale it, tear it down etc. Tools such as Terraform, Ansible,Vagrant, Openstack Heat, AWS Cloudformation, as well as SDKs and Libraries can be handy here.
- Setup : No matter you are creating a dev environment, integration, qa or a production environment, you need tools to help you set up the environment consistently. e.g. the same version of os, libraries, applications and dependencies. Tools which allow you do achieve this are typically called as Configuration/Change Management Tools. Some of the most popular ones are Chef, Puppet, Ansible, Saltstack
- Continuous Integration/Delivery : One of the major devops practice is breaking down your tasks and creating a pipeline, right from code commit to deployment. e.g. build/compile, test, test some more, and finally deploy. And this should all happen automatically. Thats where continuous integration and deployment comes in. Tools such as Jenkins, Bamboo, GoCD, Travis help you with this. And these tools integrate with much larger set of build, test and even communication and collaboration tools to automate each step in the pipeline.
- Monitoring: One of the core tenets of Devops is continuos improvement. To achieve this, you need tools to first identify the issues as well as help you with the root cause analysis. Majority of this data comes from monitoring systems. I would categorize monitoring into three types :
- Systems and Network Health Monitoring : Nagios, Cacti, Zabbix, Sensu etc.
Application Performance Monitoring : New Relic, App Dynamics, Grafana/Prometheus etc.
Log Monitoring : ELK, Graylog, Splunk etc.
How DevOps and SRE are different?
- SRE is more operationally-driven from the top-down, and it’s governed by the developer or development team, instead of the operations team.
- DevOps aims to bridge the gap between development and operations by culturally aligning their tasks, objectives, and initiatives.
- SRE is more pragmatic
- DevOps adoption is more of a cultural and philosophical shift.
- SRE Developers have more control over the software monitoring and maintenance processes
- DevOps operations team with DevOps Engineers manages software monitoring and Maintenance.
- SRE encompasses all the DevOps factors but delves deeper into each one to add certain criteria to ensure a more detailed recipe for success.
- DevOps defines these factors as breaking down silos or walls between groups within the organization to encourage more efficient collaboration, blameless failures, automation, monitoring, and observability.
What is DevSecOps?
DevSecOps is a tactical trifecta that connects three different disciplines: development, security, and operations. The goal is to seamlessly integrate security into your continuous integration and continuous delivery (CI/CD) pipeline in both pre-production (dev) and production (ops) environments. Let’s take a look at each discipline and the role it plays in delivering better, more secure software faster.
DevSecOps (short for development, security, and operations) is a development practice that integrates security initiatives at every stage of the software development lifecycle to deliver robust and secure applications.
DevSecOps infuses security into the continuous integration and continuous delivery (CI/CD) pipeline, allowing development teams to address some of today’s most pressing security challenges at DevOps speed.