Aruna holds a degree in MBA and Masters in Computer Engineering from Santa Clara University and Bachelors in Computer Science from Bangalore Institute of Technology (BIT), India. She is the co-author of a new book titled, "DevOps for Digital Leaders".
Aruna Ravichandran is Vice President of Product & Solutions Marketing, DevOps for CA Technologies. Prior to CA, Aruna was the Vice President for Marketing and Strategy for Software Defined Networking (SDN) at Juniper Networks. She also spent seventeen years at Hewlett Packard in various leadership roles spanning engineering, product management and product marketing across several business units.
ITN: What are the challenges in adopting DevOps?
AR: If your goal is to bring the applications, features and functionalities to market very quickly, you need to use DevOps. DevOps is a new paradigm for accelerating software release in which people, process, technology, and culture play a big role. In DevOps you move away from the traditional ‘waterfall’ methodology and adopt ‘agile’ techniques. This means that development teams are moving at a very rapid velocity—and releasing code at a very large volume.
But the problem is, software testing becomes the bottleneck. So, for true DevOps to happen, all the tools which play into each and every part of the software development lifecycle should enable you to shift at more rapid pace. This means that you shouldn’t be thinking about testing after you build the software—but right at requirements phase. We saw this as a major pain point for users. That’s why we have launched the product called ‘Agile Requirement Designer’ that takes requirements from a Visio diagram or any other tool, and automatically builds test cases for you. This lets you create test cases even before the code is written. If you can test at development time, then you are minimizing the amount of time spent in performance testing before you go into release.
Your release management product also needs to work in sync with agile development. It should be capable of automating the whole software lifecycle by moving the app from requirements into development and integration testing, and should be able to work well with standard integration tools like Jenkins and Maven, etc. Having a tool that orchestrates and automates everything is a big part of the DevOps lifecycle.
ITN: Is there a formal set of processes for successful DevOps?
AR: For ITIL, there is a set of processes which you implement. It is very prescriptive, and everybody goes through that training. DevOps is quite free-form—but it usually starts on the development side. They have an agile transformation, go into frequent sprint cycles--and then they run into a bottleneck when they have to do code commit.
At this point, they will say, ‘I’m now developing code but the bottleneck comes after me. So, that needs to change if I want to drop this code into the production side.” That’s when they go from ‘agile’ to ‘continuous deployment’ – and want to automate the entire orchestration. So, it’s ‘agile’ to ‘continuous deployment’ to ‘continuous testing’. In fact, continuous testing was not even considered a part of DevOps a year ago. Now, it is in the lifecycle of DevOps. Everyone has realized that testing has become a bottleneck. Previously, it was only continuous deployment and not testing, but things have changed rapidly.
There is no best practice for DevOps. You can only take what someone else has done, innovate yourself, and have a methodology in place which suits your organization.
ITN: What are the key challenges in continuous software deployment?
AR: Today, everyone is on the journey towards digital transformation. Organizations want to provide a phenomenal customer experience, and bring new features to market quickly. While small companies can go for multiple deployments in production systems without significant challenges, it is not easy for large companies in financial, retail and public sectors to do this.
The second challenge is leveraging a tool which can really work with all the vendors and exiting systems. Integration becomes a big part of the challenge. The tools also need to be easy to find, install and configure.
Finally, there is a cultural issue too. Many organizations are used to doing deployment, probably only once a month. Now, if they need to do a couple of deployments per day—it represents a radical cultural change for the entire IT team.
ITN: Where do you see the trend of DevOps progressing?
AR: If you look at Netflix, they have the concept called ‘NoOps’. There is no separate production and IT in Netflix, because their engineers actually develop the code, fix problems, and run the production systems. But most large organizations are not wired that way. They usually go through the traditional ‘waterfall’ from one lifecycle to the other. They definitely have to shift left to address issues earlier in the development process. They’re taking time to do that, and it’s a journey. It also depends upon the maturity of the customer. There are some customers who have embraced it and have pretty much shifted left quite a bit. But there are customers who are working towards that goal.
ITN: How does DevOps work when you have contractors writing code?
AR: Whether they are contractors or not, they still need to work within the principles and guidelines that you have actually established. If you are embracing agile and the rest of the team is doing agile and your contractors are not, they would not fit into the stream. It is dependent on that contractor to get onto the bandwagon if the organization decides to go the DevOps way.
ITN: How do you ensure good security practices in agile development?
AR: Security needs to be a consideration in every part of the Software Development Life Cycle (SDLC)—not just in test. If you think about continuous testing, then the best way would be to take the production data and bring that into QA so that you can simulate a production and run it. But the risk is that you might expose Personal Identifiable Information (PII).
We have acquired a company called ‘Grid Tools,’ which is now a big part of our DevOps portfolio, called ‘Test Data Manager.’ The ‘Test Data Manager’ will take the production data and clean it up and let you bring it for testing without compromising PII.