In our last article we discussed how to smartly select a pilot project to prove out the benefits of a DevOps organization. As you begin to put your DevOps adoption plan in place, one thing that should be included -- regardless of the project chosen -- is a Landing Zone. As you transition from a traditional Development - IT Operations framework, the Landing Zone is important as it provides needed efficiency, standardization, and governance.
At Flux7, we have extensive experience as a DevOps sherpa to organizations and in the process have learned a lot, including creating a DevOps model for success. Called the Enterprise DevOps Framework, one of its key components is the Landing Zone. The Landing Zone is a critical foundational piece as it serves three incredibly important functions:
Traditionally, development handed over its code to IT operations for release to production and production would in turn be responsible for not only the service-agnostic components, such as networking, but also the service-specific components such as a virtual machine with Java 6.x installed or getting a mySQL 5.0 database up and running before an app can be deployed.
However, within DevOps, development teams own the service-specific components,including things like configuration, infrastructure, and everything specific to the services they create. Owning the service code and all its relevant dependencies allows Development to move faster as they have fewer dependencies.
In this DevOps model, it is best to include service-agnostic components as part of the Landing Zone; as a result, development increases efficiency as they only focus on service-specific components and expect service-agnostic components to be present already. Focused on catching service agnostic components as they are delivered via pipelines, the Landing Zone makes it easier to onboard staff, and faster and easier to provision.
The Landing Zone provides important standardization as apps are deployed. Every organization has a baseline of services that all applications are required to have per operational and security policies.
The Landing Zone can provide greater situational awareness through logging and monitoring solutions that proactively alert operators to systems management issues and/or issues that might bring systems into conflict with existing policy. For example, operators could receive an alert notifying them that a CPU is running hot, or that a database query is taking too long resulting in a decrease in application performance.
Disaster recovery (DR) is also easy to operationalize with a Landing Zone and provides a consistent path to backup and restore that is baked into all apps flowing through it. As a result, not every application needs to be built with logging and monitoring as a consideration as it is provided by the Landing Zone.
When it comes to security, a layered approach is favored. Across the stack, intrusion prevention (IPS) and intrusion detection (IDS) are important. With the Landing Zone, you can protect your environment -- from the edge of applications up to AWS accounts -- by detecting potentially nefarious activity. The Landing Zone can also provide preventative DevOps controls to your environment through IPS that embeds best practices like CIS security benchmarks images, Web Application Firewall rules, and secret management.
Cloud-based pilot projects will find that they share responsibility for cloud security. AWS refers to this as a “Shared Responsibility Model” and it’s important to understand where the responsibility of the public cloud provider ends and where yours begins. For example, AWS operates, manages and controls the components from the host OS and virtualization layer down to the physical security of the facilities where it operates. Customers are responsible for management of guest OSs, application software, AWS WAF and more. As a result, Landing Zone security is important and should be carefully considered.
Last, the Landing Zone increases IT governance as it increases efficiency, speeds the time with which new services can be released to production and does so with the application of detective and preventive security controls. A Landing Zone eradicates the need to regularly reinvent the wheel, creating an environment where Development instead focuses on creating business value through new apps and services. And, standardization breeds consistency and quality that are the backbone goals of IT governance.
Your first DevOps pilot can play a gating role in determining your organization’s journey forward. And, a Landing Zone can play a critical role in determining success while also being a great investment for future growth and velocity. To learn more about implementing a Landing Zone, or to get a professional assessment for which DevOps pilot project is right for you, schedule a call today.
And, stay tuned for the rest of our series on motivating DevOps adoption and IT transformation by subscribing to our blog below.