ANSIBLE ACCELERATES DEPLOYMENT AT SOCIÉTÉ GÉNÉRALE

Fabrice Bernhard CTO, Theodo@fabricebfabriceb@theodo.co.uk

Justin Nemmers Product Owner, Ansible by Red Hat@justnemsjnemmers@redhat.com

29 June 2016

THE DIGITAL REVOLUTION SCARES LARGE ORGANISATIONSECONOMIC CONTEXT

1

“Technological competition would reduce profits from non-mortgage retail lending, such as credit cards and car loans, by 60 per cent and revenues by 40 per cent over the next decade.”

McKinsey, via FT.com - 30th September 2015

BANKS FACE WIPEOUT IN SOME FINANCIAL SERVICES

Time to market is vitally important

ON THE INTERNET, THE FAST EAT THE SLOW

A study by two Oxford professors on 1 471 large IT projects shows that 1 out of 6 projects has cost on average 3x more than expected!Source: http://users.ox.ac.uk/~mast2876/WP_2011_08_15.pdf

?TRADITIONAL IT IS TOO SLOW AND RISKYTHE DANGERS OF V-CYCLE

Deployments per day

2 30 3000+

… WHILE THE FAST ARE VERY FASTCOMPARISON OF DEPLOYMENT RATES

THE STORY OF“FAST-IT” AT

SOCIÉTÉ GÉNÉRALE

Bruno Delas, then CIO of corporate IT, had a vision… and met me...

A VISION AND SERENDIPITY AROUND LUNCH IN 2013

Fast development?Scrum

Fast deployment??Devops

Fast customer validation?Lean Startup

WHY NOT USE THE SAME APPROACH AS WEB LEADERS?AGILE METHODOLOGIES

PROCESS INNOVATION WITH EXISTING CLIENTS REQUIRES AN INDEPENDENT INTERNAL TEAMTHE INNOVATOR’S DILEMMA MODEL

BUILD THIS “FAST-IT” TEAMTHE THEODO / SOCIÉTÉ GÉNÉRALE PARTNERSHIP

Société Générale

150 years old

€25 billion revenue

172,000 employees

… WITH A STARTUP FOCUSED ON AGILE WEB & MOBILE DEVTHE THEODO / SOCIÉTÉ GÉNÉRALE PARTNERSHIP

Theodo

Started in 2009

100 people in Paris

15 people in London

Web and mobile engineers

NodeJS, Angular, React, React-native, Symfony, Python...

THE DEFINITION OF SUCCESS: BUILD AND DEPLOY NEW APPS IN LESS THAN 2 MONTHSSTRATEGY

No consulting, just build apps

Focus on lead time

Clearly defined standard shared with everyone: 2 months

Weekly ”tactical” meeting for continuous improvement

Start with Theodoers, progressively integrate SocGen developers

Dev

Ops

AN INTERESTING DEVOPS CHALLENGE: SILOS

28 KM

Respectably powerful development machines

Introducing a new stack: NodeJS/Angular

Internal apps reachable on the Internet

MOST CHALLENGES TO BE MORE STARTUP-LIKE WERE ORGANISATIONAL

Devs and Ops in the same room

Product owner

Decent Internet access

WEEKLY RETROSPECTIVE INVOLVING SECURITY TEAMSCONTINUOUS IMPROVEMENT MEETINGS

Security is the main bottleneck in a large organisation

Without a great InfoSec executive on board, every week, we would not have innovated fast enough

HERE

GET VERY VERY VERY HIGH SPONSORSHIPYOUR SPONSOR IS CRITICAL

But most important: keep the challenging spirit!

NO COMPROMISE ON THE STARTUP CULTURE!

This is about cultural change. Embrace it and bring startup culture to the boring office!

DecorationsWeekly standup meetingsBrown bag lunchesCool computersFun ☺

ROLE OF ANSIBLE AND ANSIBLE TOWER

BANKING SECURITY REQUIREMENTS CHALLENGED OUR STARTUP METHODSAGILE SECURITY

Architect

You are here for agile mobile development?

NodeJS is cool with me!

Dev

WE ARRIVED WITH CANDOUR AND WERE SUPPORTED BY THE ARCHITECTSPROVISIONING WITH ANSIBLE

Dev

NodeJS this week???

Install everything yourself AND in

user-space

Ops

OPS WERE NOT INVOLVED EARLY ENOUGH

ArchitectDev

Automate the compilation of the whole NodeJS + ElasticSearch stack

in 3 days???

ANSIBLE please help me!

DEVS INTRODUCED ANSIBLE AS AN EMERGENCY SOLUTION

ANSIBLE WAS CHOSEN BECAUSE OF ITS SIMPLCITYWHY ANSIBLE?

WHAT IS ANSIBLE?

It’s a simple automation language that can perfectly describe an IT application infrastructure in Ansible Playbooks.

It’s an automation engine that runsAnsible Playbooks.

Ansible Tower is an enterprise framework for controlling, securing and managing your Ansible automation with a restful API and UI.

Human readable automation

No special coding skills needed

Tasks executed in order

Get productive quickly

App deployment

Configuration management

Workflow orchestration

Orchestrate the app lifecycle

Agentless architecture

Uses OpenSSH & WinRM

No agents to exploit or update

More efficient & more secure

SIMPLE POWERFUL AGENTLESS

THE FIRST PRODUCTION DEPLOYMENT… WAS DONE BY TRAINMANUAL DEPLOYMENT PROCESS

WEEKLY MEETINGS WITH INFOSEC HELPED ITERATESECURITY PRINCIPLES

To move away from this temporary solution, we needed to innovate.

InfoSec gave us their two key requirements:

• Separation of concern• Traceability

SEPARATION OF CONCERNS 1SERVER ROLES VS. APPLICATION ROLES

OPS DOMAINOps are responsible for server-related roles

They require root accessMost were written by devs but validated by ops

Devs can contribute to server-related roles through pull-request

DEV DOMAINDevs are responsible for app-related roles

They are stored in the same repository as the app

Devs have full write access to app-related roles

TRACEABILITY: ANSIBLE TOWER LOGS EVERY ACTIONUSER ACTION LOGGING AND AUDITING

SEPARATION OF CONCERNS 2ANSIBLE TOWER API

OPS DOMAINProduction deployments can only be done from the ops network

Ansible Tower is in the ops network

DEV DOMAINJenkins is in the dev network

Jenkins has access to the Ansible Tower APIdevs can trigger a deployops keep full control on the pipeline

Dev Ops

DEVOPS IS NOT ABOUT TOOLS

Dev Ops

DEVOPS IS NOT ABOUT TOOLS… BUT SOME TOOLS HELP

https://github.com/FastIT

RESULT: 11 OF LAST 14 PROJECTS IN PRODUCTION IN 2 MONTHSLEAD TIME IMPROVEMENT

THREE THINGS TO REMEMBER FROM THIS TALKTHE ALL-IMPORTANT TAKE-HOME MESSAGE

The digital revolution is about organisational transformation

The key measure to focus on is innovation lead time

Simple tools, like Ansible, help transform IT organisations

QUESTIONS?fabriceb@theodo.co.uk

www.theodo.co.uk

ADDITIONAL ANSIBLE SESSIONSwww.ansible.com/red-hat-summit-2016