Treat the DevOps Disease, Not Just the Symptoms.
You recognize the symptoms a mile away. The early stages of a sore throat. That cough that seems to have come from nowhere. Darn. Why didn’t I get a flu shot this year!?
Is the health of your business critical applications really all that different? Here the symptoms are web application performance glitches, security vulnerabilities and even outages. Darn. Why didn’t I do more to prevent this?!
The consequences of glitches, security problems and outages are so severe that we naturally throw a lot of treatments at the symptoms. Those treatments include ITSM/ CMDB, Discovery Tools, Server Configuration Automation, Configuration Management, Performance & Availability Management, App Release Automation/ Continuous Delivery and Regulatory/ Security Compliance. Some of these treatments specialize in informing you just how sick your applications are. (You are running a fever and your white blood cell counts are shooting through the roof!). Others will temporarily ease symptoms. (Popping sore throat lozenges works well. Until it doesn’t.) And of course some tools are more advanced. These are the enterprise equivalent of antibiotics.
They “cure” what ails you…until the underlying cause mutates.
DevOps Disease: The Cause
As their user groups grow and their environments change, your business critical, custom web applications also need to change.
But each software change, even from well-intentioned employees and trusted contractors, represents a new opening and a new risk. Most software, middleware and server configuration changes are executed without negative consequences. But hackers and other intruders only need to be successful once. So your changes must be handled with care – or more specifically, your changes must be managed with care.
So much of DevOps disease is preventable because the root cause is poor configuration health and practices.
How it happens
Perhaps a configuration setting drifted and it needed to be reset. Perhaps IT Operations wrote a PowerShell script in order to deploy a configuration update across multiple servers. In the process of deploying that intended change, that well-meaning IT Operations employee inadvertently caused an unintended change as well, one that opened a security vulnerability. Changing this broke that.
Change? Yes. Chance? No.
Whether it is the use of homegrown scripts, reliance on spreadsheets and tribal knowledge or direct access to servers, many IT Operations organizations are concluding that the stakes are too high to leave their business critical applications to this much chance.
The Cure: Orca
Rather than using band-aids and point solutions to treat the symptoms, IT Ops is seeking to kill the disease of full stack infrastructure configuration management for your applications, not the symptoms – a way of letting them operate in a changing world while minimizing risk of web glitches, security vulnerabilities or outages.Orca kills the disease by helping the silos of teams in your development and operations organizations collaborate together around infrastructure change from every perspective; performance, availability, security, regulatory compliance, environmental constancy to a gold standard and pre and post production infrastructure compares for smooth application portability. Now anyone making a change for the right reasons, also sees the effect of that change on other application dependencies so that drift or application security and health is not impacted.
IT Ops uses Orca’s powerful RBAC and Scheduling to control what changes are made, when they are made, where they are applied, who can make them, and even who can approve them. And using Orca’s intuitive interface, users do not have to operate at the command line, write custom scripts or directly access servers. They collaborate around a visual object model of relationships and dependencies to build a workflow of changes and schedule when and where they are to be deployed. And even before they are executed users can preview and dry-run those changes in order to understand their impact and gain required approvals.
People, Process, Technology
Many large IT organizations are a complex web of Windows and Linux environments in Dev, test, QA, production and DR environments. To manage that complexity, IT organizations often rely heavily on hiring top professionals and instituting complex processes to address infrastructure configuration change control for physical, virtual and hybrid cloud environments. In addition to those “people and process” approaches, Orca offers a technology solution to manage this near-intractable complexity. Orca was purpose-built as an application configuration automation and compliance solution for these complex, heterogeneous environments.