The DevOps movement has been taking the IT world by storm in the past years and has transformed it completely. It set out to change an age-old way of developing and shipping software, as well as the rigid corporate mentality about what teams are and how they should be communicating. Before DevOps and the Agile movement that preceded it, there was the Waterfall way of doing things. The project would progress steadily downwards (hence the term) through the stages of requirements gathering, analysis, design, plan, etc. Requirements were very difficult to change after the first stages, and software would usually get shipped over a time period such as 6 months.
As time passed, things shifted and became more dynamic, integrated and fast-paced due to the Internet. The Old Way Of Doing Things wasn’t that effective anymore. It was slow, and the software ship date was far in the future. People started to experiment with different software developing methodologies, in an effort to address this. Although this effort began in the 70s, and there were several agile methodologies developed all through the 90s, it all culminated with that Utah ski resort meeting back in 2000. People from all “iterative” software development camps, got together in order to eat, and discuss software development methodologies. The Agile Manifesto was born that night.
The Agile movement is not anti-methodology, in fact many of us want to restore credibility to the word methodology. We want to restore a balance. We embrace modeling, but not in order to file some diagram in a dusty corporate repository. We embrace documentation, but not hundreds of pages of never-maintained and rarely-used tomes. We plan, but recognize the limits of planning in a turbulent environment.
–Jim Highsmith, History: The Agile Manifesto
This innocuous-looking dinner in Utah eventually became a whole movement that inspired DevOps back in 2009. In this article, we will dive into what DevOps is, what are its benefits, and how it is practiced in Pressidium.
What is DevOps and what does it bring to your business?
DevOps, at its core, is more cultural than technical. The tools and the practices came later, to solve a problem that was fundamentally organisational and social, and less technological.
In traditional IT environments, the various departments such as software development, Quality Assurance, Operations, and such, exist within varying degrees of silos. Sometimes they are even located in different buildings. Despite this, however, they need to collaborate with each other at the end of the day and push software successfully out of the door.
The problem is that silos foster bad communication. When bad communication exists, mistakes and misunderstandings are used as a way to defer blaming, and not as a means to improve.
Then people came together and started talking. There should be a better way of doing software and the time for that to happen was ripe. Following Patrick Dubois’ presentation on Agile infrastructure back in 2008, people started coming together and organising meetups. This finally culminated in the 2009 Devopsdays, where the term became established and popularised. The name is a portmanteau of “Development” and “Operations”. Although there isn’t a set way of practicing DevOps, the movement embodies the following principles:
- Communication: it binds teams together, creates shared understanding and responsibility.
- Automation: eliminates errors and “but it works on my machine!” situations.
- Feedback: Mistakes are used as course-correction, criticism becomes healthy, blaming is eliminated, and everything gets measured.
These principles are applied in a continuous cycle. Every process is automated, and at the end, feedback is taken on where the team needs improvement. According to Puppet Labs’ 2017 State of Devops white paper, high performers practicing DevOps found out that they can have both software quality and stability. Although the deployment frequency in 2016 was higher than that of 2017, the mean time to recover and the change failure rate was significantly lower.
How we practice DevOps in Pressidium
In Pressidium we practice DevOps in our own infrastructure as well as in the context of integrating with agency teams and WordPress developers. DevOps is split between two playing fields, the technical and the cultural. The cultural is concerned about how people communicate, in what manner and way, how they give and receive feedback and improve. The technical side has everything to do with automation, fine-tuning and testing processes:
- We use Docker, to develop and test our new services and features. Having a shared development environment enforces consistency and collaboration between multiple people. It also eliminates configuration-based errors between different developers.
- We use a staging environment to push and test our changes before deploying them to production.
- We use an automated provisioning system built on our Enterprise Service Bus, that is responsible for onboarding accounts to the Portal. It initialises WordPress instances, sets-up backups, sanity-checks files, permissions, and performs additional hardening. We also provision any additional future resources we might need depending on projected growth, using the same platform.
How do you benefit from it?
By integrating our DevOps team with your developers you enjoy our full, dedicated support and consulting in all things related to WordPress. We take care of everything, from hardware, server management, to network, operating system and the WordPress core. Basically the whole full stack from hardware to WordPress itself. This way you are free to work on the tasks that are directly related to your business, instead of worrying about network failures, performance issues, and security updates.
We update the WordPress core of your website to ensure that it is the latest. We usually give a time window of 2 weeks before updating all websites just to make sure that everything works as it should.
Additionally to WordPress core updates, we perform security updates as well. That way your WordPress core is both secure and of the newest version. Activating SSL on your website is pretty straightforward. You can either generate a free Let’s Encrypt certificate from your Portal account, or purchase a 3rd party one from another vendor. In that case, you will need to generate it yourself and upload it to your account.
In the unfortunate event that your website is compromised, and there are several telling signs for that, we immediately inform you, perform extensive forensics to see what exactly occurred, clean up your installation and files so it can be used again, and debrief you in the post-mortem. We also continuously scan your WordPress site for malware and quarantine them along with any related files that are deemed suspicious.
We take security very seriously in Pressidium and as such we have implemented firewalling in two distinct layers: network and application. That way we can enforce filter rules on an IP level, blocking entire geographical regions if need be, and prevent malicious HTTP requests from ever reaching your WordPress site. All of our accounts are hosted behind multiple load balancers that dynamically distribute the load according to need, and also help mitigate DDoS type attacks. Our extensive monitoring and alerting facilities provide us with a birds-eye view of all our infrastructure.
This is extremely important when it comes to critical components such as the web server and the database. Their configuration and management can sometimes become thorny, and even small errors can render your WordPress site unavailable. In the event of database performance issues, we perform query analysis and collaborate with your engineers to solve problems.
Problems can also arise due to conflicting caching configuration. Our caching engine provides superior adaptive caching when compared to all other WordPress plugin solutions, so there’s no need to worry or use anything else.
Everything under the hood is provisioned, backed up, secure and stable. We closely monitor the physical hardware and network infrastructure in all of our 3 data centers across the globe, and have put in place “off-site” backups in a different location, in case a catastrophic event occurs.
Our goal is for you to have a functional and safe environment that speeds up development, minimises errors, and deploys your WordPress code correctly. All of this is provided while you know that you have our team behind you no matter what, in any challenge that you might face.
True DevOps is not about fancy tools
We mentioned earlier that the DevOps movement was born out of frustration due to inefficient communication and team integration. The automation and provisioning tools came later, and to be honest, they are not a panacea in themselves. You can’t solve social problems by using technology and that is why we believe transparency and honesty must come first besides anything else. The true value that you get from our DevOps support is that we become a part of your team. We not only solve technical problems but advise you on the pros and cons of technical decisions, and suggest the best solution backed up by solid arguments based on metrics, even in cases that we feel we are not the best fit. We do not “spin-doctor” issues, or fix things by hiding them “under the rug”. The practice of DevOps requires humility and honesty, otherwise, there is no feedback, no improvement and ultimately no true DevOps.