DevOps is tools and best-practice for codifying, standardizing, and automating the building, testing, packaging, deployment, operations, and lifecycle management process for software and complex solution stacks, including apps and software-defined cloud/container infrastructure. DevOps gets you:
- Faster, more agile releases
- More insightful testing, broader test coverage, better code quality
- Mastery of complexity: easier deployment and lifecycle management of applications and infrastructure-as-code
- A more responsive business and happier customers
Biarca designs, builds, and manages continuous integration and delivery pipelines for some of the world’s biggest software projects. Continuous delivery (CD) is a software engineering strategy that aims at building, testing, and releasing software faster and more frequently. Short release cycles help keep goals reasonable and understandable. Smaller, more focused sprints touch less code, make more-focused changes, create fewer dependencies and issues, and are easier to debug (or even roll back). Organizations as a whole can more easily collaborate around short sprints, and as a result, entire businesses work more smoothly.
Continuous Integration (CI) is a way of organizing development and delivery of software components using automated “pipelines” connecting shared upstream code repositories with automated unit testing, midstream component packaging, configuration management, and deployment automation. In a typical CI setup, changes to a component (commits) trigger extensive automated unit tests, giving early warning of issues and enabling closed-loop iteration around fixes — all long before a flawed component gets a chance to break a major deployment and, in effect, giving each component its own release cadence. Downstream, packaged components are automatically configured, integrated, and deployed to QA/test environments, subjected to automated integration tests (and manual User Acceptance testing, as required), then finally, mostly automatically, deployed to production platforms, or packaged and stored for automated retrieval and installation by end users.
CI reaches its fullest expression when infrastructure-as-code techniques are applied to automate creation and delivery of upstream development environments, authoritative QA/test environments, staging, and production environments — all auto-deployed underneath the code and as part of the overall process. In many cases, these systems will be used for only short periods of time, after which they’re destroyed and resources relinquished, keeping the process very affordable, even when carried out on public clouds.
Configuration Management tooling is a cornerstone of infra-as-code strategies: a way of capturing the state of complex systems, precisely describing and localizing changes, and enabling testing and iterative fixing when changes or component updates cause issues. Once infrastructure is fully described, it need never be manually reconfigured post-deployment, but can be treated as immutable: its configuration is only touched through the Configuration Management system, and the entire stack is redeployed, whenever changes occur. Properly managed and maintained, this discipline makes all phases of deployment more predictable, prevents configuration drift, and tends to catch problems well upstream of production deployments, letting them be ironed out cleanly before end-users are affected.
Biarca is often asked to engineer CI/CD and DevOps solutions that help our customers achieve specific technical and business goals. For example, below, you’ll find a mini case-study where a customer requested that we add their preferred vulnerability scanning, before and after packaging, to an otherwise-mostly-conventional CI/CD process chain. Other customers have asked us to build deployment automation specific to the requirements of particular brands of premise infrastructure, or to devise methods to support Blue/Green release of new SaaS versions (i.e., deploy a new production cluster, deploy the new release of the app on top, cut over traffic, destroy the old cluster) or so-called ‘canary’ testing (i.e., deploy a new production stack with the new release on it, vector only some customers towards the new production system, wait and see what happens, reverse or commit based on canary-customer acceptance). As a result of these diverse requests, Biarca has had to develop great familiarity with a wide range of CI/CD software (e.g., Jenkins, Spinnaker), test automation systems, and deployers (e.g., Chef, Puppet, Ansible, Terraform, Salt, BOSH, etc.)
Biarca’s engineering strength is matched by our service and support capabilities. As with cloud transformation, some customers want us to closely manage their DevOps infrastructure as they begin their journey, even to operating the build/test/package/release pipeline as a fully-managed service. We can also provide training to help your team become more self-sufficient over time, and eventually take back full control of your process, with Biarca pulling back to a support-only role.
Hashicorp and Biarca partner on DevOps for Google Cloud Platform
Biarca recently became a Hashicorp System Integrator partner, and plans to collaborate with Hashicorp on new services portfolios for Google Cloud Platform (and potentially, other providers) based on Hashicorp’s Terraform infrastructure-as-code solution and other products.
Case-Study: Biarca creates custom CI/CD with integrated security scanning
A global information security technology and policy consultancy needed to demonstrate how static analysis and vulnerability scanning could be integrated into continuous delivery, providing improved security without compromising agility — a concept they call “DevSecOps.”
Biarca delivered, engineering a solution that applied best-of-breed vulnerability scanning during build/test, and again during automated deployment. The Biarca solution also provided integrated User Acceptance Testing as a precondition for deployment.