Streamline Your Operations with airSlate SignNow's Pipeline Management System for Insurance Industry

How to create outlook signature

[Music] so my name is Dave oranger I'm a technical director of platforms and products within enterprise technology services group at Liberty Mutual and today I'm gonna be talking a little bit about our journey to go from commit to production and in about ten minutes and I think really before we even start off emphasizing the journey aspect of it it's something that's been something we've been working out for a long time something is definitely very difficult not easy but I think another thing is I'm gonna be focusing a bit more on some of the technical aspects and a bit more of the aspects of how the technology enables some of the organizational and cultural transformation but do want to emphasize that it's not just technology and as you've been hearing as a very big theme here it's part of this conference you know the organizational and train you know cultural transformations are just as important if not more important in enabling this type of thing so for those of you who have spent any amount of time and any type of large enterprise you're you know kind of constantly have been facing those questions of hey this this DevOps thing is great but I have you know 15 different teams that I need to align with it seem like they have nothing to do with you know delivering this business value but are somehow a stakeholder here I have all these owners security requirements that you know pop up and hit me and how do I get my app out there and connect it to the world I have all these long change management processes they don't need to go through Enterprise change management boards and have approval in weeks notice and you know what won't all kind of the regulation and everything else that really is inherent in any type of industry that deals with customer data and you know especially industries like finance and insurance so I think one of the things be a lot of people just kind of look at this and say hey it's really not possible these things we're seeing that these these tech companies doing and we're hearing from you know the Amazons and you know the flickers of the day and and so on and so forth doing these many many production deployments a day fast turnarounds it's not possible for us and I think one of things that is really taking hold is is understanding that everything it was just on that previous slide was has really been built up over the years around managing risk and managing risk in a traditional manner and as we look at kind of the changing landscape that's affecting all industries that the the the nature of the risk affecting the business is actually quite different the nature of that risk is kind of the the business being disrupted doesn't business disappearing the business not being able to to react fast enough and change fast enough so not to say that some of those things aren't still important but you know the nature of that risk is changing so Liberty Mutual is you know is a very large enterprise with over 50,000 employees across 30 30 countries founded in 1912 so it's well over a hundred years old so we have a lot of those those same things that have have kind of been in place over the years and also is you know I think one of the things is as you look out and see kind of these stories of of what people have done with continuous delivery and cloud they've all really been focused on you know tech tech startups or the tech industry but you know and especially kind of the thoughts around insurance or its hey this is a big old industry moves very slow but I would say there's actually some really exciting things going on at Liberty and it's actually a really exciting place to work you know we have we kind of think of ourselves as the best kept tech secret if you look at the things we've been doing with hackathons and contributions to open source contributing some of our own projects to open source and so on and so forth it's actually a very exciting place to work and I have to say that you know the speed and shape piece of change and everything going going on is is incredibly incredibly rapid we have definitely have have scale that we operate with as well so this is a slide just showing the the data centers we run three domestic data centers data centers 11 international data centers in some of our major tech development hubs this doesn't show some of our footprint within the public cloud across five different regions in a couple different public cloud providers so there's definitely a lot of scale that we we deal with here so what really what we've been looking at and making our core focus in this space is we need to enable empower developers if there's something in the way of the developer it's not gonna make them productive it's not going to make them happy um we want happy developers and we also want to be able to move fast so how do we make moving fast basically a non-event on a daily basis and one of the goals that we have put out there is even if we had a brand new developer come in on the first day there's no reason why they shouldn't be able to actually build an application in to deploy our real application into one of our cloud environments by the end of that first day certainly not something we're able to do today but that is you know one of those are they shoes goals that we've put out there and while we talk about a lot about this moving fast and and so forth security and enacting responsibility are really foundational core things that we really can never give up so protecting our customers data is of upmost importance so we can't really we can't really Bend on anything that would ever put anything at risk so what we're really trying to do is making the path of least resistance actually doing the right thing so this is this is an example of a deployment that actually happened in into the middle of the day I went and just tried to grab some screenshots right before the presentation and when I was looking him over I realized this one actually took 14 minutes to go from commit to production so sorry about that so I think there's there's a few things here you know the the to production in ten minutes in in a lot of specs is really just kind of a vanity metric it's it's it's optimally about how do you optimize that feedback cycle and that that feedback cycle can be at multiple levels it's something as simple as you know developer getting feedback on the tests they're writing and developer getting feedback from a CI integration to your your broader team getting feedback on are they doing the right thing to get it in front of their customers and actually getting feedback from your actual customer base so really the the thing that we're trying to optimize here is that cycle time for getting feedback I'll talk a little bit more about some of the details behind kind of that pipeline in a minute but if there's anything really here today that I would say is the most important it would be that we've made continuous delivery pipelines the single path to introducing change into any environment that and this applies to all of our new cloud environments as we build out going forward and and especially into pivotal Cloud Foundry so it's been something that we've said you must be this this tall to ride this ride is something that we have not wavered on a bit and has probably been one of the most important things that we could have done to enable to start to enable this transformation and I think the other thing that's actually really important is you can't disconnect the way that you run stuff in the cloud from the way you build and deliver it into the cloud so what we've looked at is building a holistic platform that encompasses both the build aspects delivery pipelines as well as the actual cloud environment so we have a platform that we've been building up over the years our delivery platform that we call Liberty Forge it encompasses everything from your product management tools anything you would use to you know collect requirements issue trackers integrated within kind of your wikispaces service desk so you can interact with your customers all your pipeline tools from version control through your pipelines artefact repositories and agile development tools and also elements of an internal open-source community that kind of supports that always kind of an internal SAS offering so to speak and when you look at ultimately what our product is to our developers is not them getting an account in Cloud Foundry it's when they have a new app we give them a pipeline and then everything in terms of introducing change from that app goes through that pipeline as we look at this we've we've deployed PCF across three of our domestic data centers and one of one a AWS region will be going live in two additional regions and across that we've also you know have non prod prod Network segmentation so we actually have a pretty decent footprint in kind of our infrastructure as we rolled this out so what does this give us as we kind of go back to that first slide and we think about groups like audit and having to to prove attestation and security having everything go through a continuous delivery pipeline gives you a hundred percent visibility and everything end-to-end and as you start to look at that integrated platform that includes build delivery and runtime you you have that traceability that can go the whole way back to some type of user story any kind of code code reviews or you know pull request comments or visibility into all the tests that run and static analysis and so on and so forth that complete end-to-end view so that is actually something that's very empowering when you go and you talk to a security person or you talk to an auditor and it gives people trust in the process that you've put in place and I think that's one of the biggest things that it needs to be built up over time when you're talking about kind of deep ingrained cultures around you know managing risk by slowing everything down to speed things back up you need to have trust and in complete transparency through that process which you get through enforcing continuous delivery pipelines can help with that you also really need to have what I call kind of a culture of safety and platforms that that encourage safety so platforms that can do things like blue ting green deployments or canary style deployments you need to have tests you know you know the context when things have diverged from you know the Intendant functionality and so on and so forth but combined with that you know those technical aspects you really need a culture of safety and what I mean by that you know I've I've definitely seen that as a lot of these you know practices and really from a technical perspective platforms have been rolled out people get kind of nervous when when they start seeing how much transparency goes into everything they're doing on a daily basis so as build start failing or maybe you have a deployment there needs to be that culture of that's okay that that happens we've built into the platform as a sense of safety so that it was a Bluegreen deployment you've caused no outage and without that culture of safety everything thing can kind of come to a grinding halt so there's an anything really special here and kind of one of the spat in this pattern in terms of a continuous delivery process but I mean one thing we do is we do offer patterns again as you come in our product that we offer up is not giving something somebody simply access to Kies to deploy into Cloud Foundry it's we give you the pipeline so we also try to make a lot of those pipelines as easy & consumable as possible we don't want to have people worrying about trying to figure out all the intricacies of getting something published into an artifact repository and making sure that everything that they've done is kind of met potential audit and attestation needs in the future a big part of what we're providing is a way for development teams to not have to worry about that because it's built into the platform we've done a few things here as well around needs for separation of duty it's something that we still have to deal with on a daily basis you know a developer is not somebody who could introduce a single line code of change and also promote it into production so we've built into the platform kind of the are back role based access control again so it's just something that's built in into the platform and as you do this we're not kind of doing continuous deployments there are kind of those those stage gauges so you do have to have that transformation and teams writing tests you do have to have a team that's actually somewhat co-located and working together so in the case that I showed you earlier it was somebody who did the deployment who was sitting on the opposite you know side of the table from the developer who wrote to change and they simply said hey is this good to go look at it okay that person you know the product manager presses the button and it deploys into production without that type of thing you certainly cannot get the the rapid feedback loops so so what does this really mean to a developer there sounds like there's definitely some restrictions put here on what to do can do and any time you you kind of put restrictions on the developer that you really need to have some way to balance that out with a much more value add that you're getting out of it on the other end because you know you want to empower developers you want them to be happy you don't want them to be looking at your platform as something that restricts them from from doing what they need to do so I mentioned that that Liberty Forge pipelines are our delivery platform are the only way to get into into cloud foundry and they effectively act as the API into the platform so we have patterns in which you put everything in cloud foundry manifests so if you need to change anything it simply goes into that manifest file we have conventions in which they can simply push those changes in they have a full full control over whatever they do once that pipeline has been provisioned for them there are a few few other things that really have to come into play from an operational perspective your apps are now effectively 100% immutable if you may need to make any changes those have to be pushed back the whole way through the pipeline which is a good thing but it's also something that you know especially looking at where a lot of people have come from you know wasn't always it was wasn't always around upon to go ssh into some server and tweak some config file somewhere so we also look at how can we provide tools to make that easier so we do provide some things like simple start/stop restart capabilities things that really are some of the few things you actually need to run or operate in Cloud Foundry and we also baked in a lot of the tooling that you might need otherwise make it easily consumable so what I mean by that is automatically configured logging and metrics and and so on so really what it looks like is if I need to make a change configuration goes into a source code or goes into version control your app goes into version control I get pushed and you you know their pipeline fires and that's kind of our API into the platform something that we're really kind of experimenting it with at this point is we treat everything like that kind of mentioned at the beginning its its infrastructure its apps its its services whatever that might mean so when we look at services that are managed within the platform we're actually looking at kind of the a service bush so we define this is kind of a custom manifest format for our services that define anything do you need that in that service so when you go to provision that service you check this in the source control and push it through the pipeline and the reason we do this is because services have a lifecycle effectively just like applications do as well and when we talk about a lot of that need for visibility into everything that's happened if you can push all of that through a pipeline you have that full end-to-end over the life cycle of the service transparency into what what you've done so I mentioned this is kind of experimental at this at this point one because there's not a lot of services at the moment to have sophisticated configuration kind of in the in the Cloud Foundry world and also some of the service brokers today are not as kind of declarative or idempotent and when you do provide parameter parameters so you may have something that on the initial provisioning has a different point you know JSON structure than on updating which is which is not optimal for this kind of model so it's something to keep in mind so from a security perspective you're you know especially as you look at cloud deployments where things are much more interconnected network of AP is you have to talk to things you have to talk to your databases security is of utmost importance but we also don't want it to be a blocker so we've actually built some services and systems on top of cloud foundry that provide what we call kind of a policy based approach to managing application security groups so application security groups are a mechanism built in into cloud foundry which allow you to provide egress controls for your container on outbound access so what we've done is provided kind of a policy based mechanism that knows we know what business unit you may be part of we know if you're a nonprofit forces production we know different security categories such as internal versus external and then we can apply some standard access control here to your to your application or to your space in Cloud Foundry so you don't necessarily by default if you're doing something standard that will just come for you and we have automated things like space creation and org creation org management so the system is actually doing that and can automatically apply these rules and other thing that this does is allow us to have consistent view for application developers across all of our cloud foundry instances so I mentioned before we have you know three instances and our three different locations and our domestic data centers AWS deployments coming online we want to have something that when somebody goes and deploys something or if they need to deploy in multiple locations or if they're maybe moving it from one location together we want it to kind of be the principle of least surprise so we actually have ways that we can synchronize all of these kind of policy based security groups across across those different locations as well so it's still there's there some things in AWS that make this a little bit more difficult in terms of mapping security you know application security groups to AWS security groups and we've also provided a set of tools so people can kind of figure out if connectivity is blocked by say a firewall or an absolute application security group or so on and so forth but I think this is something that has given the security teams a lot of comfort in knowing that we have these controls in place and they're very 100 percent can you know automated and consistent but the app teams can move faster because it's automatically put in place for them the other thing I mentioned a little bit before is the impacts to the developer so we can I briefly mentioned we kind of control all of the the management and provisioning of things like orgs and spaces so as part of that what we do is we provide a lot of common services out of the box so that app teams don't know have to figure out how do I you know get my syslog configured to go to this you know specific log aggregation service or how do I figure out what the license keys are so we can look in our APM monitoring solution so anytime a new space is provisioned automatically we create services for giving them access to different logging providers centralized logging providers and we actually have set those up so that they flow through a system that does log enrichment and we add additional data for those of you familiar with Cloud Foundry there's a lot of goods and other things that are involved it can make it very hard for app application teams coming in to find their logs when you send them into a centralized login provider so what we've done is done enrichment over top of that to add things like org space and app name that makes sense for the developer we've also kind of tried to bridge the gap between the the new and the old world and have built some encryption services that allow teams to manage credentials and check-in into their code credentials that are you know basically the cypher text which removes us from being kind of a central bottleneck of having to manage credentials in in environment variables we is kind of a little bit of a bending of the third of the twelve factors in terms of how we've managed configuration but it's provided us a bridge effectively so that we can provide self-service but still have a way to sense manage sensitive information such as passwords and other things first services that are managed outside of the platform so one of the things I think is really important is kind of when you go down this path of especially building cloud native applications moving into the cloud is that you really should be building and operating for that cloud native environment you you know you need to move into that and adopt app model holistically but at the same time in a large enterprise you're gonna have to coexist with a very diverse legacy ecosystem and that may be things from a technology perspective and that may mean things from a you know an operational perspective from a process perspective from a cultural perspective so there are aspects of that that you really are gonna have to bridge one of that one of those things for us has been a change management and I think traditionally as you look at change management you know and going through change boards and having to get long lead times on making any changes clearly that is not at all conducive to getting it into production and in just a few minutes so what we have done is kind of looked at what are some options that we can we can do to live within this world it is something we have systems you know api's that are integrating across this new cloud world with our legacy systems there's no way we could just kind of cut the cord and say hey here's this new world over here that is completely separate from this world so the you know from an eye to or ITSM perspective the concept of a standard change is something that actually fits quite well in into this model if you look at what continuous delivery pipelines do they're well known you know we do the same thing over and over again it's you know totally standardized automated procedure that's been predefined ahead of time and it's relatively risk-free especially when you take into account things like zero downtime Bluegreen deployments and the amount of testing and visibility you get into it so what we've worked with our change management teams and application teams is around getting standard changes of for any application or for applications going in into cloud foundry and because we have a lot of templates and patterns that we follow as new teams come in and that pipeline is the API into the platform in many cases we've been able to raise that to portfolio level so if you have a lot of micro services being actively developed every time you have a new service you don't have to go through this process of you know achieving a standard change but because everything starts to look a lot more similar from a pipeline perspective you can actually raise that up a bit from a to a portfolio level and then what we do is on production deployments we've baked directly into the pipeline one of the steps on a production deployment is to open a standard change when the deployment starts and close that standard change when the deployment finishes and it means the app teams actually never have to interact with that change management system and everything is just automatically there but we're still working within the bounds of that existing ecosystem so I've been talking a lot about apps and things in in Cloud Foundry this is this is a process that we've been really putting in place for everything and anything kind of going in the new cloud direction so if we look at the way we manage Cloud Foundry itself we actually you know take those same exact principles and apply them to managing the platform itself and we use those same exact principles actually to manage lower-level things in AWS such as our V pcs and subnet creations and everything from the ground up of creating a brand new V PC and and and everything that goes into it all flows through pipelines and even in the case of something like PCF which is a multi-tenant environment used across all of our business units we've even been able to get a standard change approved for changes in that environment just to the you know the reproducibility of everything we do because of the full automation so there it's definitely as we look at where we're headed we've had a lot of teams you know a significant number of teams who have really been able to to build on top of this again this is really an enabling platform if you don't combine this with changes in the way that the application teams application teams work and the broader culture around them it's just an enabling platform nothing has changed much so we definitely have some teams who have been taking advantage of this what we're really interested in doing now is making this much more mainstream so that's a big focus of what we're doing right now and we are also looking at making this whole platform much more self-service we've we focused a lot more to date on well once you we give you that pipeline how do we make it as easy as possible right now we're we're gonna try to make it as easy as possible for you get the pipeline in the first place to make that completely self-service and that goes back to the idea of you should be able to now go from idea to production as fast as possible not just commit to production and as I mentioned before we're trying to apply this everywhere again not just apps we're trying to apply it to two platforms and ultimately all of our infrastructure and everything that is done in that place so we're looking at how we start to mature those other as well as one of our our major focuses as we move forward and again kind of want to reiterate it's not something that kind of happens overnight you know as we've been working through a lot of gaining the trust of teams like audit and security these are kind of conversations that have occurred over long periods of time and I think looking at how you gain that trust is just seeing and giving that transparency into into your process so with that said I will take any questions [Applause] so the first question was if there are any manual steps in the in the in the pipeline how do you handle that so I think there's a couple places one is that there's a lot of I show the very simple kind of pipeline up there and the high level stages there are still you know in a lot of cases and rightfully so you may want to be wanting to do exploratory testing you know through through your API or through your UI or something like that those things really fall into kind of where that test you know stage is they're you know ultimately that's going to be dictated by this you know a speed of the developer checking something in and rolls over to the person who actually needs to do that exploratory testing and in saying you know hey it's ready to go can you take a look at it and they're actually aligned to do it right away I think some of the other areas are are arounds you know we we have to we can't just rope roll it through from a continuous deployment perspective we do have to have those stops before production which we can ensure that there has been some form of separation of duty we haven't done anything that is required like in the middle of a Bluegreen deployment to say like hey let's manually check something everything our Bluegreen deployments we built in automated smoke testing in the middle so it's not just hey the app started it's like we actually execute some smoke tests but we have no mechanism today that to support some type of manual interaction there so it's been mostly moving kind of in that automated fashion and the second question was around moving kind of some of the legacy in so I think one of the things is is looking at and having kind of evangelist for the you know for the process for the platform's is one area where we've started to have some good luck so you can get out there and get in front of people and show what some of these teams have done and we've started to do kind of you know Show and Tell type of workshops where people can drop in and we can you know help them out we've actually as part of our internal hackathon series that we have across our company we've actually used some of these technologies and platforms to showcase them so while those are not necessarily you know process and cultural things you at least get some of the developers focus to the possibilities of what exists but it's it's definitely a hard thing and I think you know is is you give more visibility into everything that goes on in and you can kind of walk through people everything that is is there you can start to build up a little bit of that trust but at the same time you're talking an end to end process and most people are not used to seeing and then process they're used to their little silo so it can also be very overwhelming aspect of things all of the microservices so I think that's something as a from a platform perspective we've been maybe providing some tools but we haven't been necessarily looking at kind of the broader architectural when people deploy onto the platform we've been treating it much more as as as a service offering when we say you know on top of it we defined this well-defined API you can consume it however you want and we'll provide some additional tools but we do consume the platform ourselves to deploy some of our you know automation and services I think there's definitely some opportunity especially from from a services perspective to integrate much more of a kind of like an API marketplace is something that we're actually actively working on so not only how to get your app you know your API is out there too you know to run them but actually how do you discover and consume them easily it is something we're actively working on I think I'm out of time so I can take any questions in the back offline if you [Applause] [Music]