diff --git a/docs/devops-basics/glossary.md b/docs/devops-basics/glossary.md index 379f743..f1d5063 100644 --- a/docs/devops-basics/glossary.md +++ b/docs/devops-basics/glossary.md @@ -7,44 +7,67 @@ author: the DevOps Institute - https://devopsinstitute.com This list of DevOps terms are as defined by the [DevOps Institute](https://www.devopsinstitute.com/): -Click on the following bookmarks to jump to a specific section - | [A](#a-terms) | [B](#b-terms) | +Click on the following bookmarks to jump to a specific section: -## A - Terms +| [A](#a-terms) | [B](#b-terms) | [C](#c-terms) | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | Y | X | Z | + +## __A - Terms__ | Term | Definition | | :------------------------ | :------------------------------------------------------------------------------------------------------------------------------------ | | A/B Testing | Deploy different versions of an EUT to different customers and let the customer feedback determine which is best. | | Administration Testing | The purpose of the test is to determine if an End User Test (EUT) is able to process administration tasks as expected. | -| Agile | A project management method for complex projects that divides tasks into smal "sprints" of work with frequent reassessment and adaption of plans | +| Agile | A project management method for complex projects that divides tasks into small "sprints" of work with frequent reassessment and adaption of plans | | Agile Coach | Help teams master Agile development and DevOps practices; enables productive ways of working and collaboration. | | Agile Manifesto | A formal proclamation of values and principles to guide an iterative and people-centric approach to software development. | -| Agile Portfolio Managment | Involves evaluating in-flight project and proposed future initiatives to shape and govern the ongoing investment in projects and discretionary work. | -| Agile Principles | The tweleve principle that underpin the Agile Manifesto | -| Agile Process Owner | An ITSM or other type of process own that uses Agile and Scurm principles and practices to design, manage and measure individual processes. | -| Agile Service Manager | The operational equivalent to Dev's ScrumMaster. A role within an IT organisation that understand how to leverage Agile and Scurm methods to improve the design speed and agility of ITSM processes. | -| Agile Software Development | Group of software development methods in which requirement and olutions evovle through collaboration between self-organzing, cross-functional teams. Usually applied using the Scrum or Scaled Agile Framework approach. | -| Amazon Web Services (AWS) | AWS is a secure cloud services platform offering comupute power, database storage, content delivery and otehr functionality to help businesses scale and grow. | +| Agile Portfolio Management | Involves evaluating in-flight project and proposed future initiatives to shape and govern the ongoing investment in projects and discretionary work. | +| Agile Principles | The twelve principle that underpin the Agile Manifesto | +| Agile Process Owner | An ITSM or other type of process own that uses Agile and Scrum principles and practices to design, manage and measure individual processes. | +| Agile Service Manager | The operational equivalent to Dev's ScrumMaster. A role within an IT organisation that understand how to leverage Agile and Scrum methods to improve the design speed and agility of ITSM processes. | +| Agile Software Development | Group of software development methods in which requirement and solutions evolve through collaboration between self-organising, cross-functional teams. Usually applied using the Scrum or Scaled Agile Framework approach. | +| Amazon Web Services (AWS) | AWS is a secure cloud services platform offering comupute power, database storage, content delivery and other functionality to help businesses scale and grow. | | Analytics | Test results processed and presented in an organised manner in accordance with analysis methods and criterion | | Andon (Cord) | A system that gives an assembly line worker the ability, and moreover the empowerment, to stop production when a defect is found and immediately call for assistance. | -| Ant-pattern | A commonly reinvented bu poor solution to a problem. | -| Anti-fragility | Antifragility is a property of systems that increases it capability to thrive as a result of stressors, shocks, volatility, noise, mistakes, faults, attacks, or failures. | +| Ant-pattern | A commonly reinvented but poor solution to a problem. | +| Anti-fragility | Anti-fragility is a property of systems that increases it capability to thrive as a result of stressors, shocks, volatility, noise, mistakes, faults, attacks, or failures. | | Application Programming Interface (API) | A set of protocols used to create applications for a specific OS or as an interface between modules or applications. | | API Testing | The purpose of the test is to determine if na API for an EUT functions as expected. | | Application Release | Controlled continuous delivery pipeline capabilities including automation (release upon code commit). | | Application Testing | The purpose of the test is to determine if an application is performing according to its requirements and expected behaviors. | | Architecture | The fundamental underlying design of computer hardware, software or both in combination. | -| Artifact | Any element in a software development project inclding documentation, test plans, images, data files and executable modules. | +| Artifact | Any element in a software development project including documentation, test plans, images, data files and executable modules. | | Artifact Repository | Store for binaries, reports and metadata. Example tools include: JFog Artifactory, Sonatype Nexus or Azure Artifacts. | -| Audi Managment | The use of automated tools to ensure products and services are auditable, including keeping audit logs of build, test and deplooy activities, auditing configurations and users, as well as log files from production operations. | -| Authentication | The process of verifying an asserted identity. Authentication can be based on what you know 9e.g. password or PIN), kwhat you have (token or one-time code), what you are (biometrics) or contextual information. | +| Audi Management | The use of automated tools to ensure products and services are auditable, including keeping audit logs of build, test and deploy activities, auditing configurations and users, as well as log files from production operations. | +| Authentication | The process of verifying an asserted identity. Authentication can be based on what you know 9e.g. password or PIN), what you have (token or one-time code), what you are (biometrics) or contextual information. | | Authorisation | The process of granting roles to users to have access to resources | -| Auto-DevOps | Auto DevOps brings DevOps best practices to your project by automatically configuring software development lifecycles. It automatically detects, builts, test, deploys and monitors applications. | +| Auto-DevOps | Auto DevOps brings DevOps best practices to your project by automatically configuring software development lifecycles. It automatically detects, builds, test, deploys and monitors applications. | | Auto-scaling | The ability to automatically and elastically scale and de-scale infrastructure depending on traffic and capacity variations while maintaining control of costs. | | Automated Rollback | If a failure is detected during a deployment, an operator (or automated process) will verify the failure and rollback the failing release to the previous known working state. | | Availability | Availability is the proportion of time a system is in a functioning condition and therefore available (to users) to be used. | -## B - Terms +## __B - Terms__ | Term | Definition | | :------------------------ | :------------------------------------------------------------------------------------------------------------------------------------ | -| Backlog | | +| Backlog | Requirements for a system, expressed as a prioritized list of product backlog items usual in the form of 'User Stories'. The product backlog is prioritized by the Product Owner and should include functional, non-functional and technical team-generated requirements. | +| Basic Security Hygiene | A common set of minimum-security practices that must be applied to all environments without exception. Practices include basic network security hardening, vulnerability and patch management, logging and monitoring, basic polices and enforcement and identity and access management. | +| Batch Sizes | Refers to the volume of features involved in a single code release | +| Behavior Driven Development | Test cases are created by simulating an EUT's externally observable inputs, and outputs. Example tool: Cucumber. | +| Beyond Budgeting | A management model that looks beyond command-and-control towards a more empowered and adaptive state. | +| Black-Box | Test case only uses knowledge of externally observable behaviors of an EUT. | +| Blameless Postmortems | Used for impact analysis of service incidents. When a particular IT service fails, the users, customers, other dependent service that are affected. | +| Blast Radius | Used for impact analysis of service incidents. When a particular IT service fails, the users, customers, and other dependent services that are affected. | +| Blue/Green Deployments | Taking software from the final stage of testing to live production using two environments labelled Blue and Green. Once the software is working in the green environment, switch the route so that all incoming requests go to the green environment - the blue one is now idle or used for new feature updates. | +| Bug | An error or defect in software that results in an unexpected or system-degrading condition. | +| Burndown Chart | A chart showing the evolution of remaining effort against time. | +| Bursting | Public cloud resources are added as needed to temporarily increase the total computing capacity of a private cloud. | +| Business Case | Justification for a proposed project or undertaking on the basis of its expected commercial benefit. | +| Business Continuity | Business continuity is an organisation's ability to ensure operations and core business functions are not severely impacted by a disaster or unplanned incident that take critical services offline. | +| Business Transformation | Changing how the business functions. Making this a reality means changing culture, processes, and technologies in order to better align everyone around delivering on the organisation's mission. | +| Business Value | The benefit of an approach to key business KPIs | + +## __C - Terms__ + +| Term | Definition | +| :------------------------ | :------------------------------------------------------------------------------------------------------------------------------------ | +| | | diff --git a/docs/devops-learning/devops-sfia.md b/docs/devops-learning/devops-sfia.md new file mode 100644 index 0000000..5721cee --- /dev/null +++ b/docs/devops-learning/devops-sfia.md @@ -0,0 +1,521 @@ +# SFIA Framework + +## Overview + +The purspose of this guide it to give DevOps engineers a quick overview to what the SFIA framework and how it characterises the DevOps skillsets. + +If you are not already familiar with what SFIA is or why large enterprise organisations are starting to adopt this then take a look at the following: + +- [SFIA skills overview](https://sfia-online.org/en/sfia-8) + +And for a DevOps specific skillset take a look at the following: + +- [SFIA DevOps Skills overview](https://sfia-online.org/en/sfia-8/sfia-views/devops-view) +- [DevOps Skills at a glance](https://sfia-online.org/en/sfia-8/sfia-views/devops-view) + +Also it isworth considering the following roles when reading the content/skills listed below, as it is unlikely that ALL of the skills will be needed/found in a single person/role: + +- DevOps Consultant - focuses on DevOps culture and Ways of working as below +- DevOps Engineer - focuses on DevOps automation as below +- Site Reliability Engineer - focus on SRE practices + +## SFIA 8 - Skills by category + +| Category | Skill | Levels | +|---|---|---| +| **DevOps Culture** | | | +| SLEN | [Systems and software life cycle engineering](https://sfia-online.org/en/sfia-8/skills/systems-and-software-life-cycle-engineering)| 4 - 7 | +| BURM | [Risk management](https://sfia-online.org/en/sfia-8/skills/risk-management) | 3 -6 | +| ORDI | [Organisation design and implementation](https://sfia-online.org/en/sfia-8/skills/organisation-design-and-implementation) | 4 - 7 | +| OCDV | [Organisational capability development](https://sfia-online.org/en/sfia-8/skills/organisational-capability-development) | 5 -7 | +| RLMT | [Stakeholder relationship management](https://sfia-online.org/en/sfia-8/skills/stakeholder-relationship-management) | 4 - 7 | +| LEDA | [Competency assessment](https://sfia-online.org/en/sfia-8/skills/competency-assessment) | 3 - 6 | +| MEAS | [Measurement](https://sfia-online.org/en/sfia-8/skills/measurement) | 3 - 6 | +| DLMG | [Systems development management](https://sfia-online.org/en/sfia-8/skills/systems-development-management) | 5 - 7 | +| KNOW | [Knowledge management](https://sfia-online.org/en/sfia-8/skills/knowledge-management) | 2 - 7 | +| PEMT | [Performance management](https://sfia-online.org/en/sfia-8/skills/performance-management) | 4 - 6 | +| EEXP | [Employee experience](https://sfia-online.org/en/sfia-8/skills/employee-experience) | 4 - 6 | +| **DevOps Automation** | | +| CFMG | [Configuration management](https://sfia-online.org/en/sfia-8/skills/configuration-management) | 2 - 6 | +| PROG | [Programming/software development](https://sfia-online.org/en/sfia-8/skills/programming-software-development) | 2 - 6 | +| TEST | [Testing](https://sfia-online.org/en/sfia-8/skills/testing) | 1 - 6 | +| SINT | [Systems integration and build](https://sfia-online.org/en/sfia-8/skills/systems-integration-and-build) | 2 - 6 | +| RELM | [Release and deployment](https://sfia-online.org/en/sfia-8/skills/release-and-deployment) | 3 - 6 | +| BPTS | [Acceptance testing](https://sfia-online.org/en/sfia-8/skills/acceptance-testing) | 2 - 6 | +| DBAD | [Database administration](https://sfia-online.org/en/sfia-8/skills/database-administration) | 2 - 5 | +| ITOP | [IT infrastructure](https://sfia-online.org/en/sfia-8/skills/it-infrastructure) | 1 - 5 | +| **DevOps ways of working** | | +| METL | [Methods and tools](https://sfia-online.org/en/sfia-8/skills/methods-and-tools) | 3 - 6 | +| REQM | [Requirements definition and management](https://sfia-online.org/en/sfia-8/skills/requirements-definition-and-management) | 2 - 6 | +| SWDN | [Software design](https://sfia-online.org/en/sfia-8/skills/software-design) | 2 - 6 | +| ARCH | [Solution architecture](https://sfia-online.org/en/sfia-8/skills/solution-architecture) | 4 - 6 | +| DESN | [Systems design](https://sfia-online.org/en/sfia-8/skills/systems-design) | 3 - 6 | +| PBMG | [Problem management](https://sfia-online.org/en/sfia-8/skills/problem-management) | 3 - 5 | +| USUP | [Incident management](https://sfia-online.org/en/sfia-8/skills/incident-management) | 2 - 5 | +| VUAS | [Vulnerability assessment](https://sfia-online.org/en/sfia-8/skills/vulnerability-assessment) | 2 - 5 | +| PENT | [Penetration testing](https://sfia-online.org/en/sfia-8/skills/penetration-testing) | 3 - 6 | +| CHMG | [Change control](https://sfia-online.org/en/sfia-8/skills/change-control) | 2 - 6 | +| SCTY | [Information security](https://sfia-online.org/en/sfia-8/skills/information-security) | 3 - 7 | + +## _DevOps Culture_ + +### Systems and software life cycle engineering + +Establishing and deploying an environment for developing, continually improving, and securely operating software and systems products and services. + +This skill is associated with interdisciplinary approaches to developing and operating software and systems products and services across the full life cycle. Typically (but not exclusively) labelled with terms such as DevOps, DevSecOps, site reliability engineering, developer productivity engineering. +Activities include — but are not limited to: + +- establishing secure and reliable software lifecycle principles and practices +- developing a supporting framework of methods, procedures, techniques, tools, and people with required skills, knowledge and competencies +- deploying and using this environment with the people and teams that are responsible for all systems and software life cycle engineering +- building repeatable and reliable capabilities through a process of trial, feedback, learning and continual evolution +- adapting working practices to the needs of specific products and services +- defining, controlling and improving software life cycle processes +- building in risk management, quality, security, privacy and safety +- maximising the automation of activities +- establishing software architecture and design principles to enable the desired life cycle processes +- focusing on mission, value and customers +- establishing a culture of collaboration, learning, knowledge management, adaptation and resilience +- adopting and integrating appropriate industry frameworks to guide improvements: + +### Risk management + +Planning and implementing organisation-wide processes and procedures for the management of risk to the success or integrity of the enterprise. + +Risk management can be applied to many enterprise functions as well as technical and engineering specialisms — such as, but not limited to, information and technology systems, operations, environmental, information and cyber-security, safety, energy supply. Risk is also explicitly referenced in many SFIA skills. +Activities may include — but are not limited to: + +- identifying risks +- classifying and prioritising risks — their impact and probability, and mitigation actions +- planning, developing, and implementing organisational approaches to risk management to ensure the integrity of the business, its products and services, and the end-users +- communicating and reporting on risks and mitigation actions to key stakeholders. + +### Organisation design and implementation + +Planning, designing and implementing an integrated organisation structure and culture + +Activities may include — but are not limited to: + +- facilitating changes needed to adapt to changes in technologies, society, new operating models and business processes +- identifying key attributes of the required culture and how these can be implemented and reinforced to bring about improved organisational performance. + +The scope of organisation design can be wide — including the workplace environment, location strategy and number of locations required, role profiles, performance measurements, competencies and skills. + +### Organisational capability development + +Providing leadership, advice and implementation support to assess organisational capabilities and to identify, prioritise and implement improvements. + +Activities may include — but are not limited to: + +- selecting, adopting and integrating appropriate industry frameworks and models to guide improvements +- using capability maturity assessments, metrics, process definition, process management +- building repeatable and reliable capabilities through a process of trial, feedback, learning and continual evolution +- developing appropriate techniques, tools and enhanced skills +- designing and delivering integrated people, process and technology solutions to deliver improved organisational performance in line with strategic plans and objectives +- identifying organisational priorities for enhancing performance, satisfying new business opportunities or responding to external drivers. + +The scope of improvement is typically organisation-wide but may also be highly focused on areas such as — but not limited to — business agility, software development, systems development, project delivery, service integration and management, service delivery, information and cyber-security. + +### Stakeholder relationship management + +Influencing stakeholder attitudes, decisions, and actions for mutual benefit. Activities may include — but are not limited to: + +- identifying stakeholders and analysing the relationships +- agreeing on mutually beneficial outcomes +- managing, monitoring and improving stakeholder relationships +- determining the relationship management approach to take — including roles and responsibilities, governance, policies, processes, tools and support mechanisms +- getting commitment to action through consultation and consideration of impacts. +- combining formal and informal communication channels to achieve the desired result +- operational management of stakeholder relationships and communications. + +The focus of this skill is a systematic and planned approach. This skill is not intended for general communication and developing productive working relationships. Those factors are described in SFIA's generic attributes and levels of responsibility. + +### Competency assessment + +Assessing knowledge, skills, competency and behaviours by any means, whether formal or informal, against frameworks such as SFIA. + +Assessments may be performed in many contexts such as — but not limited to — recruitment, career progression, professional development planning or accreditation/certification. Activities may include — but are not limited to: + +- evaluating and selecting assessment options +- adopting or adapting assessment methods, tools, and techniques +- taking into account the context of the assessment and how the results of the assessment will be used +- aligning assessments with ethical, legal and regulatory requirements. + +Ethical, legal and regulatory requirements are necessary to ensure the integrity of assessments and when handling personal data. + +### Measurement + +Developing and operating a measurement capability to support agreed organisational information needs. + +Measurement can be applied to organisations, projects, processes, and work products. Activities may include — but are not limited to: + +- planning, implementation, and control of activities to measure attributes of processes, products, and services +- using measures to assess performance, progress, and provide indications and insights to actual or potential problems, issues, and risks +- identifying requirements for measurement +- implementing measurement to support iterative/agile working practices +- selecting measures and measurement scales, setting target values and thresholds +- establishing data collection and analysis methods — including automation. + +### Systems development management + +Planning, estimating and executing systems development work to time, budget and quality targets. + +Activities may include — but are not limited to: + +- adopting and adapting systems development life cycle models based on the context of the work and selecting appropriately from predictive (plan-driven) approaches or adaptive (iterative/agile) approaches +- collaboration and open communication with stakeholders with a focus on delivering value from systems development +- managing risks and allowing for timely adjustment of plans and deliverables to continue to meet customer requirements and deliver value +- aligning systems development activity and deliverables with architectures and standards and ensuring quality, security and privacy are built in +- developing roadmaps to communicate systems development plans +- identifying the resources needed for all stages (planning, estimation, execution) of systems development projects and how demand will be met with a supply capacity. + +### Knowledge management + +Managing vital knowledge to create value for the organisation. + +Knowledge management aims to improve performance, support decision-making and mitigate risks. Activities may include — but are not limited to: + +- systematically capturing, sharing, developing and exploiting the collective knowledge of the organisation +- tailoring knowledge management approaches +- developing a supportive and collaborative knowledge sharing culture to drive the successful adoption of technology solutions for knowledge management +- providing access to informal, tacit knowledge as well as formal, documented, explicit knowledge +- facilitating internal and external collaboration and communications +- establishing and supporting communities of practice +- capturing, organising and developing information, knowledge and stories from employees, customers and external partners +- external benchmarking. + +### Performance managemen + +Improving organisational performance by developing the performance of individuals and workgroups to meet agreed objectives with measurable results. + +The term workgroup is used to be inclusive of different organisational structures. A workgroup is a collection of people working together on interdependent tasks to achieve shared objectives. This includes — but is not limited to — permanent/business-as-usual teams, cross-functional teams, squads or workgroups formed to deliver a specific outcome. Activities may include — but are not limited to: + +- setting workgroup objectives aligned to organisational drivers +- supporting individual growth to achieve objectives +- forming effective teams +- developing effective working relations within the workgroup +- developing effective working relations with other workgroups, partners and individuals who they collaborate with to achieve workgroup objectives. + +### Employee experience + +Enhancing employee engagement and ways of working, empowering employees and supporting their health and wellbeing. + +Activities may include — but are not limited to: + +- providing opportunities for personal growth and learning +- providing sufficient personal freedom to decide how to achieve work objectives, with support available when needed +- supporting different views, working styles and behaviours within the work environment +- providing a safe and secure working environment with the resources needed to do the job +- providing transparent communications and building trust in leadership +- providing a holistic approach in support of mental and physical well being. + +Note that the term employee is not limited to specific terms of employment. Depending on the employer it may include temporary and contract staff as well as salaried employees. + +## _DevOps Automation_ + +### Configuration management + +Planning, identifying, controlling, accounting for and auditing of configuration items (CIs) and their interrelationships. + +Configuration items (CIs) can include a wide variety of components (objects) such as — but not limited to — source code, software, products, systems, hardware, networks, buildings, suppliers, process definitions and documents. A coherent set of CIs forms a configuration. Activities may include — but are not limited to: + +- identifying and documenting the functional and physical characteristics of CIs +- identifying the relationships and maintain coherence between CIs for specific configurations +- identifying the associated configuration(s), status, version and other characteristics of CIs at distinct points in time +- controlling changes to CI characteristics, recording and reporting change processing and implementation status +- systematically controlling changes to a configuration and maintaining the integrity, coherence, and traceability of that configuration throughout the project, system and/or service life cycle +- adhering to established safety, security and quality standards +- verifying and auditing CI records for data quality and compliance with specified internal and external requirements. + +Tooling examples: - Git SVN, Artifactory or Backstage.io + +### Programming/software development + +Developing software components to deliver value to stakeholders. Activities may include — but are not limited to: + +- identifying, creating and applying software development and security standards and processes +- planning and designing software components +- estimating time and effort required for software development +- constructing, amending and verifying software components +- applying test-driven development and ensuring appropriate test coverage +- using peer review techniques — such as pair programming +- documenting software components +- understanding and obtaining agreement to the value of the software components to be developed +- selecting appropriate development methods and life cycles +- applying recovery techniques to ensure the software being developed is not lost +- implementing appropriate change control to software development practices +- resolving operational problems with software and fixing bugs + +Depending on requirements and the characteristics of the project or assigned work — software development methods and life cycles can be predictive (plan-driven) approaches or adaptive (iterative/agile) approaches. + +Tooling examples: + +- Learn at least one programming language such as Python, Go, Java or Scala, etc. +- Learn at least one scripting language such as Bash, PowerShell or Python, Ruby, Groovy, etc. +- Be comfortable working with an IDE or from CLI/Terminal + +### Testing + +Investigating products, systems and services to assess behaviour and whether this meets specified or unspecified requirements and characteristics. + +The scope of testing includes technology, system components, configurations, packages and their interfaces. This skill is applicable to all testing methodologies — which can be delivered using predictive (plan-driven) approaches or adaptive (iterative/agile) approaches. Activities may include — but are not limited to: + +- planning, designing, managing, executing and reporting of tests +- functional testing of capabilities or features +- non-functional testing of qualities such as — but not limited to — performance, security, access, backup and recovery, archiving and retention, robustness, availability, capacity, scalability, reliability, performance, stress, volume, maintainability and portability +- static testing and static analysis +- managing risks associated with testing and taking preventative action when needed +- adopting and adapting testing methods including waterfall, incremental or agile approaches +- conforming to agreed process standards, industry-specific regulations and data protection legislation +- engineering, using and maintaining testware to measure and improve the quality of the software being tested +- promoting productivity through test automation, tools and best practices +- developing scalable and reliable automated tests and frameworks. + +Tooling examples: SonarQube, Klockwork, Code Insight, etc. +Practice examples: TDD, Linting & SCA (e.g. embedding in VSCode), + +### Systems integration and build + +Planning, implementing and controlling activities to synthesise system components to create operational systems, products or services. + +The scope of integration includes system elements, subsystems and interfaces including computing, storage, networking and cloud services. +Systems integration is used to create systems for testing purposes as well as for operational use by customers and users. Activities may include — but are not limited to: + +- developing organisational capabilities, processes and procedures for automation and continuous integration of build, packaging, testing, security and deployment +- building and operating a continuous integration (CI) capability when required employing version control of source code and related artefacts +- ensuring security and privacy requirements are an essential part of systems integration and build +- testing, validation and sign off of integration to satisfy requirements, architectures and design +- monitoring and controlling integration activities and recording and reporting on the results of integration +- keeping stakeholders informed and providing feedback into risk management processes +- developing and testing disaster recovery plans and applying incident management processes for major systems integrations. + +Tooling examples: Jenkins, Argo, GitHub, GitLab, Azure DevOps, etc. + +### Release and deployment + +Applying the processes, systems and functions required to make new and changed services and features available for use. + +Activities may include — but are not limited to: + +- packaging and deploying software changes and updates for release into a live environment +- managing continuous delivery/deployment using automation tools for containerisation and orchestration +- using package management tools or application lifecycle management tools for software dependency, version and library control +- combining changes to form a release that delivers a new service or updates an existing service +- adhering to established safety, security and quality standards +- enabling the controlled and effective handover to operational management and the user community. + +Tooling examples: Docker Compose, Terraform, Nexus, Jenkins, GitHub, GitLab, etc. +Practice examples: GitOps, GitFlow, SRE release management, etc. + +### Acceptance testing + +Validating systems, products, business processes or services to determine whether the acceptance criteria have been satisfied. + +Activities include — but are not limited to: + +- setting and applying standards for acceptance testing +- planning, identifying, designing, managing, executing and reporting on the outcomes of acceptance tests +- encouraging effective and efficient collaboration with a range of relevant stakeholders +- requesting and enabling formal acceptance of systems, products or services +- creating measurable acceptance criteria related to functional and non-functional requirements, features, business processes, user stories and business rules +- devising acceptance test cases and scenarios from acceptance criteria +- enabling exploratory testing by stakeholders to discover unexpected behaviours +- deploying model office testing to simulate real-world working practices and system usage. + +The acceptance testing approach will be based on the context of the work and may be selected from predictive (plan-driven) or adaptive (iterative/agile) approaches. + +### Database administration + +Installing, configuring, monitoring, maintaining and improving the performance of databases and data stores. + +Database administration may support live operational databases in production use or internal/interim databases used for iterative developments and testing. +Activities may include — but are not limited to: + +- identifying and acting on automation opportunities to improve performance and value from databases, data stores and data pipelines +- using database management system software and tools +- applying knowledge of the logical database schema. + +### IT infrastructure + +Deploying, configuring and operating IT Infrastructure. + +IT infrastructure components include, but are not limited to, physical devices, virtual resources, infrastructure-related software, middleware, network services and data storage. Infrastructure components may be on-premises, outsourced, or provisioned as cloud services. Activities may include — but are not limited to: + +- preparing for new or changed services to meet defined needs of organisational users or providers +- maintaining and enhancing the IT infrastructure and infrastructure components, including task automation via tools and coding +- managing and applying software updates +- building and managing systems and components in virtualised and cloud computing environments +- monitoring the performance of systems and services related to their contribution to organisation performance, security and sustainability. + +## _DevOps ways of working_ + +### Methods and tools + +Ensuring methods and tools are adopted and used effectively throughout the organisation. + +There is a wide range of methods and tools supporting areas such as — but not limited to — planning, development, testing, operation, management and maintenance of systems. Activities may include — but are not limited to: + +- assessing, selecting and implementing methods and tools +- measuring, tailoring, improving and automating the use of methods and tools. + +### Requirements definition and management + +Managing requirements through the entire delivery and operational life cycle. + +Requirements may be related to software, systems, data, processes, products or services. Activities may include — but are not limited to: + +- eliciting and analysing requirements — both functional and non-functional +- ensuring that customer requirements and priorities are accurately reflected +- organising and prioritising requirements using techniques such as — but not limited to — product roadmaps, epics, user stories and backlogs +- specifying and validating requirements and constraints to a level that enables effective development and operations of new or changed software, systems, processes, products or services +- negotiating trade-offs that are acceptable to key stakeholders and within budgetary, technical, regulatory, and other constraints +- adopting and adapting requirements management life cycle models. + +The requirements life cycle approach will be based on the context of the work and may be selected from predictive (plan-driven) or adaptive (iterative/agile) approaches. + +### Software design + +Specifying and designing software to meet defined requirements by following agreed design standards and principles. + +Activities may include — but are not limited to: + +- designing software applications, components, interfaces and related characteristics (including security) +- using design concepts and patterns to develop software design and provide the basis for software construction and verification +- evaluating alternative solutions and trade-offs to facilitate design decisions +- taking into account functional and non-functional requirements such as the target environment, performance, security and existing systems +- developing prototypes/simulations to enable informed decision-making +- adopting and adapting software design models, tools and techniques based on the context of the work. + +Depending on requirements and project or work assigned characteristics, software design techniques can be predictive (plan-driven) or adaptive (iterative/agile) approaches. + +### Solution architecture + +Developing and communicating a multi-dimensional solution architecture to deliver agreed business outcomes. + +Activities may include — but are not limited to: + +- defining the planned operation and maintenance of the solution within a production environment — include changes to services, process, organisation, and operating models as well as technology +- ensuring that existing and planned solution components are compatible with relevant architectures, strategies, policies, standards and practices +- considering requirements for security, privacy and testing of solutions +- taking account of relevant architectures, strategies, policies, standards and practices +- identifying appropriate cloud services +- developing roadmaps to migrate components to cloud services +- developing and communicating an implementation roadmap +- providing guidance and risk-based governance to support solution implementation including managing requests for changes and deviations from specifications. + +### Systems design + +Designing systems to meet specified requirements and agreed systems architectures. + +Activities may include — but are not limited to: + +- using design concepts to develop system design and provide the basis for systems construction and verification +- designing or selecting system components +- designing systems compatible with cloud computing architectures and selection of components such as infrastructure as a service, platform as a service and software as a service +- developing a complete set of detailed models, properties, and/or characteristics described in a form suitable for implementation +- adopting and adapting of system design life cycle models based on the context of the work using predictive (plan-driven) approaches or adaptive (iterative/agile) approaches for system design +- adhering to regulatory requirements and organisational standards including security. + +### Problem management + +Managing the life cycle of all problems that have occurred or could occur in delivering a service. + +The primary objectives of problem management are to: + +- proactively prevent problems and resulting incidents from happening +- reactively resolve problems that have already happened +- eliminate recurring incidents +- minimise the impact of incidents that cannot be prevented. + +Activities may include — but are not limited to: + +- detecting and logging problems +- classifying and prioritising problems +- initiating actions to resolve problems +- investigating and diagnosing problems +- implementing remedies to prevent future incidents +- reporting on problems. + +### Incident management + +Coordinating responses to incident reports, minimising negative impacts and restoring service as quickly as possible. + +Activities may include — but are not limited to: + +- designing and implementing different processes and procedures for different categories of incidents including — but not limited to — major incidents, information or cybersecurity incidents, complex incidents, low impact incidents +- establishing incident response teams or security incident response teams +- routing requests for help to appropriate functions for resolution +- monitoring resolution activity +- informing users, customers and key stakeholders of progress towards service restoration. + +Incidents can impact many areas — such as but not limited to — business operations, information security, IT systems, services, employees, customers, or other vital business functions. + +Different roles/groups may be needed to diagnose and resolve incidents — such as — users, subject matter experts, service desk, support teams, suppliers, partners. Although they play a part in the incident management process, they do not necessarily need incident management skills. + +### Vulnerability assessment + +Identifying and classifying security vulnerabilities in networks, systems and applications and mitigating or eliminating their impact. + +Activities may include — but are not limited to: + +- cataloguing and classifying information and technology resources (assets and capabilities) to support vulnerability assessment +- assigning quantifiable value, rank order and importance to information and technology resources +- identifying and analysing the vulnerabilities of each resource — manually or using automated tools and information sources +- prioritising, scoring and ranking the risk associated with vulnerabilities +- business impact assessment +- mitigating or eliminating the vulnerabilities. + +Vulnerability assessment tools include web application scanners, protocol scanners and network scanners. + +### Penetration testing + +Testing the effectiveness of security controls by emulating the tools and techniques of likely attackers. + +Penetration testing may be a stand-alone activity or an aspect of acceptance testing prior to an approval to operate. +Activities include — but are not limited to: + +- ethical hacking — using the same tools and techniques as an adversary to safely exploit security weaknesses +- demonstrating how an adversary can subvert security goals or achieve specific adversarial objectives +- evaluating the effectiveness of current/planned defences or mitigation controls +- assuring the security of networks, systems, and applications +- identifying insights into the business risks of various vulnerabilities +- testing network, infrastructure, web and mobile applications for weaknesses +- checking patch levels and configurations +- social engineering. + +### Change control + +Assessing risks associated with proposed changes and ensuring changes to products, services or systems are controlled and coordinated. + +Change control is applied to anything that impacts live products, services or systems. This typically includes — applications, infrastructure, documentation, processes, configuration items, suppliers. Activities may include — but are not limited to: + +- managing the lifecycle of change requests — registering, assessing, authorising, planning, deploying +- assessing risks and reducing risks to the availability, performance, security and compliance of the products and services impacted by the change +- developing processes for standard, normal or emergency changes +- developing methods and tools to automate change control processes to enable continuous integration. + +### Information security + +Defining and operating a framework of security controls and security management strategies. + +The purpose of security controls and management strategies is to: + +- maintain the security, confidentiality, integrity, availability, accountability of information systems +- ensure information systems comply with legislation, regulation and relevant standards. + +Activities may include — but are not limited to: + +- selecting, adopting and adapting security control frameworks +- designing, justifying and implementing security management strategies +- identifying risks with technical solution architectures +- ensuring security principles are applied during design and development to reduce risk. + +Examples of types of security controls include — but are not limited to: + +- physical controls +- procedural or administrative controls +- technical or logical controls +- legal and regulatory or compliance controls. + +These activities are typically performed in collaboration with specialists in other areas including — but not limited to — legal, technical infrastructure, audit, architecture, software engineering. diff --git a/docs/devops-practices/continuous-planning/agile-development/Collaboration.md b/docs/devops-practices/continuous-planning/agile-development/Collaboration.md index 146c181..29147a6 100644 --- a/docs/devops-practices/continuous-planning/agile-development/Collaboration.md +++ b/docs/devops-practices/continuous-planning/agile-development/Collaboration.md @@ -1,8 +1,6 @@ # Collaboration -[[_TOC_]] - ## Why collaboration is important In engagements, we aim to be highly collaborative because when we code together, we perform better, have a higher sprint velocity, and have a greater degree of knowledge sharing across the team. @@ -25,7 +23,7 @@ Below are some general guidelines for pairing: - Engineers leverage feature branches for the collaboration during the development of each story to have small Pull Requests (PRs) (as opposed to a single giant PR) at the end of the sprint. - Code is committed to the repository by both members of the assigned pair where and when it makes sense as tasks were completed. - The pairing assignee is the voice representing the pair during the daily standup while being supported by the story owner. -- Having the names of both individuals (owner and pair assignee) visible on the PBI can be helpful during sprint ceremonies and lead to greater accountability by the pairing assignee. An example of this using Azure DevOps cards can be found [here](./Collaboration/Add-Pairing-Field-Azure-Devops-Cards.md). +- Having the names of both individuals (owner and pair assignee) visible on the PBI can be helpful during sprint ceremonies and lead to greater accountability by the pairing assignee. ## Why pair programming helps collaboration @@ -75,8 +73,6 @@ Knowledge sharing and bringing customer engineers together in a ‘code-with’ ## Resources -- [How to add a pairing custom field in Azure DevOps User Stories](./Collaboration/Add-Pairing-Field-Azure-Devops-Cards.md) - adding a custom field of type _Identity_ in Azure DevOps for pairing - - [On Pair Programming - Martin Fowler](https://martinfowler.com/articles/on-pair-programming.html) -- [Pair Programming hands-on lessons](https://github.com/The-V8/pair-programming-sessions) - these can be used (and adapted) to support bringing pair programming into your team (MS internal or including customers) +- [Pair Programming hands-on lessons](https://github.com/The-V8/pair-programming-sessions) - these can be used (and adapted) to support bringing pair programming into your team. diff --git a/docs/devops-practices/continuous-planning/agile-development/Collaboration/Add-Pairing-Field-Azure-Devops-Cards.md b/docs/devops-practices/continuous-planning/agile-development/Collaboration/Add-Pairing-Field-Azure-Devops-Cards.md deleted file mode 100644 index 8134bd8..0000000 --- a/docs/devops-practices/continuous-planning/agile-development/Collaboration/Add-Pairing-Field-Azure-Devops-Cards.md +++ /dev/null @@ -1,87 +0,0 @@ -# How to add a Pairing Custom Field in Azure DevOps User Stories - -This document outlines the benefits of adding a custom field of type _Identity_ in [Azure DevOps](https://docs.microsoft.com/en-us/azure/devops/user-guide/what-is-azure-devops) user stories, prerequisites, and a step-by-step guide. - -## Benefits of adding a custom field - -Having the names of both individuals [pairing on a story](./Teaming-Up.md) visible on the Azure DevOps cards can be helpful during sprint ceremonies and lead to greater accountability by the pairing assignee. For example, it is easier to keep track of the individuals assigned stories as part of a pair during sprint planning by using the "pairing names" field. During stand-up it can also help the Process Lead filter stories assigned to the individual (both as an owner or as a pairing assignee) and show these on the board. Furthermore, the pairing field can provide an additional data point for reports and burndown rates. - -## Prerequisites - -Prior to customizing Azure DevOps, review [Configure and customize Azure Boards](https://docs.microsoft.com/en-us/azure/devops/boards/configure-customize). - -In order to add a custom field to user stories in Azure DevOps changes must be made as an **Organizational setting**. This document therefore assumes use of an existing Organization in Azure DevOps and that the user account used to make these changes is a member of the [Project Collection Administrators Group](https://docs.microsoft.com/en-us/azure/devops/organizations/security/set-project-collection-level-permissions). - -### Change the organization settings - -1. Duplicate the process currently in use. - - Navigate to the **Organization Settings**, within the Boards / Process tab. - - ![Organization Settings](/.attachments/azure-devops-organization-settings.png) - -2. Select the **Process** type, click on the icon with three dots **...** and click **Create inherited process**. - - ![Create Inherited Process](/.attachments/azure-devops-create-inherited-process.png) - -3. Click on the newly created inherited process. - - As you can see in the example below, we called it 'Pairing'. - - ![Select Inherited Process](/.attachments/azure-devops-pairing-process.png) - -4. Click on the work item type **User Story**. - - ![Modify User Story](/.attachments/azure-devops-user-story-process.png) - -5. Click **New Field**. - - ![Add the new field](/.attachments/azure-devops-new-field.png) - -6. Give it a **Name** and select **Identity** in Type. Click on **Add Field**. - - ![Add the new field](/.attachments/azure-devops-add-field-to-user-story.png) - - This completes the change in Organization settings. The rest of the instructions must be completed under Project Settings. - -### Change the project settings - -1. Go to the Project that is to be modified, select **Project Settings**. - - ![Change project settings](/.attachments/azure-devops-project-settings.png) - -2. Select **Project configuration**. - - ![Change project settings](/.attachments/azure-devops-project-configuration.png) - -3. Click on **process customization page**. - - ![Change project settings](/.attachments/azure-devops-process-customization.png) - -4. Click on **Projects** then click on **Change process**. - - ![Change project settings](/.attachments/azure-devops-change-process.png) - -5. Change the **target process** to Pairing then click Save. - - ![Change project settings](/.attachments/azure-devops-change-project-process.png) - -6. Go to **Boards**. - - ![Change project settings](/.attachments/azure-devops-boards.png) - -7. Click on the Gear icon to open Settings. - - ![Change project settings](/.attachments/azure-devops-board-settings.png) - -8. Add field to card. - - Click on the green + icon to add select the Pairing field. Check the box to display fields, even when they are empty. **Save and close**. - - ![Change project settings](/.attachments/azure-devops-add-field-to-card.png) - -9. View the modified the card. - - Notice the new Pairing field. The Story can now be assigned an Owner and a Pairing assignee! - - ![Change project settings](/.attachments/azure-devops-pairing-field.png) diff --git a/mkdocs.yml b/mkdocs.yml index 15bd763..b60a48f 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -40,7 +40,9 @@ markdown_extensions: - attr_list - md_in_html +# plugin used to add search capability to site plugins: + - search - glightbox # Used for tasklists and adding checkboxes to pages @@ -72,12 +74,14 @@ nav: - Agile Development: - What is is Agile: devops-practices/continuous-planning/agile-development/whatis-agile.md - Backlog Management: devops-practices/continuous-planning/agile-development/backlog-management.md + - Collaboration: devops-practices/continuous-planning/agile-development/collaboration.md - Tools: - devops-tools/tools-overview.md - Learning: - devops-learning/learning-overview.md + - devops-learning/devops-sfia.md - About: about.md