Analysis of DevOpsBy Jon ReevesI7625172 ?IntroductionMany institutions as well as business enterprises which use and develop Information Systems (IS) usually have separate software departments. The most common pattern that these organizations follow entails separating their system operations and the software development functions. However, with the current rapid advancement in technology and the need for continuous delivery and integration of the information systems, the separation of the two functions is no longer ideal. This has brought about major discussions which are mainly centered on a model or concept known as DevOps. The concept (DevOps) is a model that advocates for the integration of the operations and the software development functions when using and developing the Information Systems (Erich, Amrit & Daneva 2014). Instead of separating these two roles or functions in an organization, the DevOps approach recognizes their interdependence. Therefore, by compounding them into one unit, the methodology aids an entity in deploying software on a continuous basis. At the same time, the entity gets to maintain service stability. In addition to this, DevOps provide the organizations with an opportunity to gain the speed that is a prerequisite for more innovation to be achieved (Farid, Helmy & Bahloul 2017). Due to its benefits and the level of potential, DevOps has gained a lot of traction in recent times. This paper will, therefore, provide an in-depth analysis of the methodology. Overview of DevOpsThe term DevOps was fast used by Andrew Shafer and Patrick Debois back in 2009. The concept refers to a methodology that compounds the software development (Dev) and the operations (Ops) roles in an organization. Conventionally, the two roles are separated into distinct software departments or teams. However, with the DevOps methodology, the departments or teams are brought together to enhance the level of collaboration, cohesion, and communication between them (Farid, Helmy & Bahloul 2017). The figure below illustrates the DevOps concept. In the Venn diagram, the point of intersection between the software development and operations form the DevOps approach. At this point, the functions of the software development and operations departments or teams are interlinked to come up with one unit in an organization. This boosts the quality of the activities conducted by the institutions or business enterprises that develop and/or use Information Systems (IS).The DevOps approach mainly stemmed from the continuous change in the market needs as well as the need for the organizations to deliver and adapt quickly. In addition to this, the methodology was developed to enhance lean software development. By integrating the operations and development teams or departments, DevOps increases the speed of new software delivery. In addition to this, it minimizes the amount of time that organizations take to respond to the new customer needs (Farid, Helmy & Bahloul 2017). Debois (2008) established that the software development team in organizations had no idea of what was happening to the software once it was deployed. Similarly, the operations team had no part in the planning of the software development projects. The two teams had their own goals and missions which were not interlinked. Thus, there was a need to bridge the gap between the two teams to boost the level of collaboration. This is where the DevOps methodology came in (Farid, Helmy & Bahloul 2017). DevOps makes the software deployment or implementation process to be highly automated. This enables the continuous delivery of software which is used to meet the organizational needs as well as the consumer needs (Erich, Amrit & Daneva 2014). The methodology improves productivity by reducing overheads and accelerating the consumer feedback cycles. DevOps can also be a source of competitive edge for a business enterprise by providing several capabilities. To start with, the approach allows for a holistic collaborative task by uniting all the stakeholders in the organization. This speeds up the planning and generation of innovative ideas (Lehtola et al. 2009). Secondly, it enhances continuous delivery by eliminating waste and automating the process of delivering software to cater to the consumer demands and organizational needs. Finally, the DevOps approach brings about competitive advantage by enabling the software development and operations teams to work together in identifying problems as early as possible. This means that it provides a quick feedback cycle and continuous learning in a given organization (Debois 2008).The Toolset Required to Implement DevOps in an Organization DevOps has the potential of adding substantial value to the operations of a business entity. For this reason, it is essential to utilize the best practices to implement the DevOps methodology in an organization. One of the key steps entails choosing the right toolset that will ensure that the methodology aids the organization in achieving its strategic objectives as well as goals. Several software tools can be used to ensure that the DevOps approach streamlines business processes as well as ensuring that there is a lean software development process in the organization. The essential toolset required for an organization to implement the DevOps program are provided as follows.JenkinsOne of the key toolsets required to implement DevOps in an organization is Jenkins. The software tool is one of the most widely used continuous delivery and integration toolsets. The main reasons why Jenkins is popular includes its versatility and extensiveness which makes it ideal for accomplishing a wide range of project objective. In addition to this, it is an open-source software tool. Jenkins simplifies the process of implementing a DevOps program because it is a cross-platform application. Therefore, it is an ideal DevOps software tool for an organization that is using different software platforms or operating systems in their information technology infrastructure. The chief reason why Jenkins is recommended for the organizations is its ability to consider the distributed environments which are used to minimize the strain on each of the servers used by the enterprise. This is particularly beneficial for teams or departments that are required to continuously integrate and develop numerous projects (Pathania 2017). ChefThe other essential tool that is needed to implement the DevOps methodology in an organization is Chef. This is a DevOps toolset that enables an organization to control and manage multiple cloud-based resources as well as servers. The principal feature of this software tool is its capability to describe an organization’s IT infrastructure in a domain-specific language. In addition to this, it has the ability maintain and configure the infrastructure in a complex environment. With Chef, an organization implementing a DevOps program will have granular control over its IT infrastructure since it provides a human-readable language. The chef is an ideal toolset for a business enterprise interested using the DevOps program due to its high-level of agility when it comes to the configuration of the infrastructure. It also provides a human-readable and reusable domain-specific language (DSL). In addition to this, the software tool is recommended for business entities due to its time-saving capability. This is so because the Chef software enables quick deployment and reconfiguration of new IT infrastructure elements (Marschall 2015). AnsibleThis software tool forms part of the most popular toolsets used to implement DevOps in various types of organizations. The main reason why Ansible is an ideal tool for DevOps implementation in an organization is its ease of use as well as configuration. The software tool does not possess complex modules that might slow down the activities of the DevOps project team. Ansible also provides a human-readable DSL which means that the organization can have granular control of its IT infrastructure. One of the key benefits that an organization can gain by using Ansible to implement the DevOps program is the management and control of the configuration options from one location using the Ansible Tower (Geerling 2015).The Relationship between DevOps and SaaS, PaaS and IaaS DevOps can be integrated into services that use IaaS, SaaS, and PaaS. These are the three cloud computing layers. IaaS, which is the Infrastructure as a Service layer, is responsible for the provision of such services as computing, storage, and networking. It allows users to come up with platforms for public use and provide infrastructure within a short time (Aguado et al. 2016). The Platform as a Service layer allows users to create cloud-aware applications in a provided programming language through the machines created using IaaS (Red Hat 2016). The third layer, Software as a Service, is responsible for the provision of applications to the end users using the cloud (Verona, Duffy & Swartout 2016). The three layers benefit DevOps significantly. They also rely on this methodology. For one, SaaS operates using DevOps to improve the speed of service delivery to consumers and automate the entire project lifecycle. Most of the companies providing SaaS have adopted DevOps to increase their competitiveness by improving the quality of their services. DevOps also assists consumers in moving their applications to PaaS and IaaS (Carlson 2013). It can also assist in the incorporation of many providers into the same cloud. Since all the applications are easily destroyed by error and could incur high support expenses, DevOps helps to increase the consumer satisfaction and profitability of the cloud. This is a significant competitive strategy. The services provided by IaaS allows for the provision of services throughout the delivery process. PaaS, on the other hand, is significant in the innovative part of software development project. PaaS and IaaS are also used to separate the development and operation aspects of DevOps (Bass, Weber & Zhu 2015). Security Implications of DevOpsBreaches of information security have become a major issue in the present world. This is due to the increase in devices used to store and access information and the tricks adopted for breaching data security. IT insecurity causes bad publicity for organizations and financial losses. If such problems occur in national institutions, it may affect national security. For these reasons, any institution using information technology should be aware of the security risks they face and work towards preventing them from being realized (Elder et al. 2014). Organizations using DevOps should consider the following security issues:Supply Chain WeaknessesSupply chains in software development include components of the software made outside the project. The software contents may be made by suppliers in the organization or external service providers. The safety attributes of the software in the supply chain significantly affect the safety of the project software. Development projects involve the assessment of the security of the software in the supply chain (Elder et al. 2014). The assessment entails a review of the content documentation, conducting safety scans, and looking for approval regarding the supportability and licensing. The developers of DevOps have the optimal freedom to create designs, code, and incorporate decisions if the project is ongoing. As a result, the developers may choose supply chain contents that are more focused on the ease of incorporation and functionality than their safety (Elder et al. 2014).It is important to deal with this risk before the entire project is compromised. This can be achieved using thorough quality assessments of the software supply process. These checks should be conducted continuously and at every step of the delivery process. The assessment results should be provided to the consumers of the contents. Since DevOps allows for deliveries to be made in small portions, any small alterations in the components can be noted and the risk can be mitigated in good time (Swartout 2014).Insider BreachesA good number of the security breaches in companies are caused by insiders. The breaches can lead to the destruction or loss of source codes, or a sabotage of the organization’s development process. Such attacks can come from the insiders’ direct perpetration or malware attacks on the servers or networks (Soni 2016).Such attacks can be dealt with by installing attack detectors into the organization’s system. Streamlined and advanced automation in the DevOps area can make it more difficult for attackers to be detected. Thus, it may allow for the company’s source code to be stolen or destroyed or allow entry of malware. Thus, the risk can be prevented through the black box and white box security assessments throughout the process of delivery. These safety checks can help detect attacks occurring at any stage of the process. The virtual software-determined infrastructure allows for modifications in the configuration process to be controlled and audited. To prevent malware attacks, the DevOps assembly pipeline should be broken down and reconstructed repeatedly (Soni 2016).Source Code Destruction or LossTypically, development projects rely on project management and tracking devices that give an arranged workflow as well as the checkpoints for task completion. A review of the project is conducted before the final product is released. The review involves an assessment of the conclusive evidence of the major tasks. Projects using DevOps have shorter supply cycles which frequently deliver small parts or adjustments of the project. These short supply cycles lead to less thorough reviews of the projects and less attention to the completion of the main tasks. Thus, the supply cycle provides a loophole for some anomalies in the project to go unnoted. Nonetheless, considering that DevOps is aimed at providing small project components to the quality inspectors, the small errors and changes can be corrected before the delivery is made. The risk of losing or destroying the source code can be mitigated if the small errors are dealt with as they come (Elder et al. 2014).Problems with the Code, Integration, and DesignOnce the project is protected from errors and internal attack, the next risk to prevent is that of problems with the software. These problems can create loopholes for attack and may be present in the integration, coding, and design. These risks can be mitigated through repeated tests or the use of a ‘secure by design’ technique. The repeated tests can be conducted on small projects without any time and budget constraints. The tests are also applicable on projects with comprehensive testing techniques (Elder et al. 2014). The security risks are faced by all types of DevOps projects as well as the waterfall and agile projects. Since the DevOps projects have an advanced and streamlined automation, the conditions and events that relate to such risks should be continuously detected and mitigated (Swartout 2014).ConclusionDevOps are significant contributors to the improvement of computer and cloud technology. This is because it helps reduce the discord between operations and software development. This methodology integrates the functions of the two teams, thus improving the relationship between them. Software projects conducted through DevOps involve the delivery of small software contents at many intervals. This form of delivery exposes the projects to certain risks. Without the right techniques and tools for detecting these risks, it is possible that the entire project may be ruined. Therefore, the use of DevOps should entail rigorous checks for risks in the delivery of software components and its development.WORD COUNT (EXCLUDING REFERENCES): 2462ReferencesAguado, D, Andersen, T, Avetisyan, A, Budnik, J, Criveti, M & Moti, 2016, A practical approach to cloud IaaS with IBM SoftLayer: Presentations guide, IBM.Bass, L, Weber, I & Zhu, L 2015, DevOps: A software architect’s perspective, Person Education, Old Tappan, New Jersey.Carlson, L 2013, Programming for PaaS: A practical guide to coding for Platform-as-a-Service, 1st ed, O’Reilly Media, Sebastopool, California.Debois, P 2008, ‘Agile infrastructure and operations: how infra-gile are you?’, IEEE, Toronto.Elder, M, Crume, J, Hahn, T, Pogue, S & Sharma, S 2014, ‘Security considerations for DevOps adoption’, IBM.Erich, F, Amrit, C & Daneva, M 2014, ‘Report: DevOps Literature Review’, University of Twente, Enschede.Farid, AB, Helmy, YM & Bahloul, MM 2017, ‘Enhancing Lean Software Development by using DevOps Practices’, International Journal of Advanced Computer Science and Applications (IJACSA), vol 8, no. 7, pp. 267-277.Geerling, J 2015, Ansible for DevOps: Server and Configuration Management for Humans, Midwestern Mac LLC.Lehtola, L, Kauppinen, M, Vähäniitty, J & Komssi, M 2009, ‘Linking business and requirements engineering: Is solution planning a missing activity in software product companies?’, Requirements Engineering, pp. 113-128.Marschall, M 2015, Chef Infrastructure Automation Cookbook, 2nd edn, Packt Publishing Ltd.Pathania, N 2017, Learning Continuous Integration with Jenkins.: A beginner’s guide to implementing Continuous Integration and Continuous Delivery using Jenkins, 2nd ed, Packt Publishing.Red Hat 2016, Platform-as-a-Service, DevOps, and application integration, Author.Soni, M 2016, DevOps for Web Development, Packt Publishing Ltd.Swartout, P 2014, Continuous delivery and DevOps – A quickstart guide, Packt Publishing.Verona, J, Duffy, M & Swartout, P 2016, Learning DevOps: Continuously deliver better software, Packt Publishing, Birmingham.