Devops SDLC - Software Development Life Cycle

Implementing business Logic, personal experiences.

Realization is being in some lost environment without much help arround.
Clockwise or counterclockwise there is no direct way to do both at the same time.

Even with clear described to achieve goals the dependicies on others can make it hard.

🔰 Too fast .. previous.

---

Contents

Reference	Topic	Squad
Intro	Implementing business Logic, personal experiences.	01.01
it2it	Automatization of automation engineers.	02.01
👓 JST value	JST, home made tool 1990´s value (constraints).	02.c71
👓 JST tech	JST, home made tool 1990´s technicals.	02.t51
manage releases	Release mangement, Versions of business logic.	03.01
👓 deployments	Repeating story of contraints in deploymnent.	03.c66
👓 version tools	The silver bullet expectation by version tools.	03.t46
Tenants	Multi tenancy and Security, Etl perfomance.	04.01
👓 portfolio security	Building up a reusable security portfolio.	04.c22
👓 capacity security	Running portfolio security lean - complicated.	04.t33
DataOPS	Data modelling, process scheduling.	05.01
👓 control deliver	Control building, Running data processes models.	05.c81
👓 execute delivery	Execute building, Running data processes models.	05.t91
What more	Initiatives Result & More.	06.00
	Followinf Steps	06.02

---

Progress

• 2020 week:08
  1. Adding the link to theory of constraints.
  2. Rebuild the JST page as a improvement story (two pages).
  3. Rebuild Release management including security into subpages.
  4. Added multi tenancy, securiy etl performance.
  5. Added Data modelling, process scheduling.
• 2019 week:18
  1. Changing the first failed one.
     Rework on old pages and infographics.
  2. Going for the DLSC related topics using SAS and others.
     Code examples (SAS) for later to add.

---

Automatization of automation engineers.

Automatization is common usance doing at business lines, value strems. It can als be done on ICT. New words getting used is for example IT4IT although the thoughts of that are similar to the old AIM (Amsterdam Inormation Model). The administrive process supporting the value stream is another area using software.

---

JST, my own made tool

The tool JST had the mission of automatization testing. The verifying an validation of software (end 80´s) for improving business and new (administrative) products.

👓 (link figure)
JST for politics, value and impact.

At 7 measurement of delivery (releases)

At 5 measurement of manufacturing steps (Software building)


JST for technical solutions. 👓 (link figure)

Aside the testing also covering the technical routines like backup restore and compares. There is no technical difference to those. Only the processed information is different.
Covering all of the DTAP, Development, Test, Acceptance, Production, combined with release management by header and trailers. The organisation did work with a DBMS. Release management tools and manage releases were there and got replaced.

---

Removing constraints, being Agile

👓 The Bottleneck Rules (Clarke Ching 2018) has a nice story on a development team.

There was a waiting room for work in progress in the flow. Testers could not work faster.

It is mura (unbalance) in the system.
Unbalance and Muri (overburdening) are too often negelected only mentioning waste (muda).

---

Developers changed tools for testers to improve their throughput.
Then end situation, Work got managed by what testers could finish. :

• Not too much
• Sufficiënt they would not run out of work.

Improving the throughput of testers by better tooling is also what JST did. Even more, there were other bottlenecks, eg at the operations delivery department and some hidden at development.

---

Release mangement, Versions of business logic.

Release management has a lot of challenges. It is requiring to know what is in those releases, how to do a roll back when the deployment fails technically or in functionality.
Another requirement when processing information is to know which production version has been used to do the processing.

---

Dtap life cycle and authorisations in roles using tools

Having defined the software life phases the follow up is answering who is doing what. Responsibilyt Accountablity Consulted Informed with autorisations.

👓 (link figure)
Release management politics realisations, value and impact.

At 4 preparation getting tools.

At 6 with quality control the deployment.
What is defined is:

• software library. That are storage locations where the source in any type is located.
• The master, main development, line. Used for normal maintenance.
• An emergency fix development.
• Some parallel lines. The goal complete redesign of what is there of new product lines that are not certain to merged into the master.

Parallel development has the question of merges. There will alwasy be a human review for the impact.

---

💣 Words are often not covering the intentions and meanin in the requires context. One of the abused ones is "versions". The versions used in production are important, what a developer did is not relevant. Version tools focus on that developers work.

JST was doing the automation of running jobs in each DTAP environment. Minimizing by concatenation using load libraries it is vary easy to see what has changed.

---

The project triangle at Sofware Development life Cycle> 👓 (link figure)

Wanting artefacts deployed, ⬅
💣 forgot the goal at production with the artefacts quality and their impact.

Wanting deployed into production, ⬅
💣 forgetting to have selected verified well functional artefacts.

Wanting at production artefacts, ⬅
💣 forgetting deployment, lifecycle.

---

Securing resources relations is part of the relase train. It are technical resources with some technical privileged roles. Security, roles and multi tenancy, is more described separately. It must be in place having production software managed.

In the release train integration approvals and more is done with the goal of achieving fulfilling business requirements. The approval / disapproval rollback, are moments for deployment are the moments were a good cooperation with the business is necessary.
Having this process organised well in a secure lean way is not easy. Just getting tools won´t help for fundamental issues.

---

Multi tenancy and Security, Etl perfomance.

Using a technical environment that is successful will result in more business departments to usage the same. When there is only one machine (mainframe) you are force to solve that question at the logical level. Just putting in more machines is avoiding that questions but causing more issues.

---

Intra references

---

Securing Information, roles relations.

Having the software managed the business data also needs attention. These software and data (business information) probls and new (administrative) products.

What kind of information is needing what level of getting secured is a business impact analsyses (BIA). The result of a BIA are some CIA indicators (confidentiality, integrity en availability). It is best positioned at 2 (control), implemented at 3 ,4 (inbound) and the result outbound area (8,9).

👓 (link figure)
Securing:
  ➡ resources
  ➡ relations
data areaes.
👓 (link figure)

It are technical resources with some technical privileged roles.

⚠ Not all roles a HR department is used to manage.

---

In the releastrain there also information, data areas, used. What kind of information that is, fake or real, that depends.
Using shared data areas for several information consumer will decrease of waste caused by copying data to several locations. The disadvantage could be that there are different cia levels for the inforation. In that case an addtional copy of the inormantion is needed. Having different cia levels like frontend usage and backend usage will also easily result in a logical machine segregation.

---

Securing:
  ➡ resources
  ➡ relations
data areaes.
👓 (link figure)

⚠ These are real business information assets to manage.

---

When there are interfaces to other processes those processes are required to concenct only at the same DTAP level stage.
This a important difference to the software DTAP release as there is a promotion integrations of artfacts between the levels. Roles (privileged acounts) to implement with security are by that different between software and data artefacts.

---

Data modelling, process scheduling.

Running the operational processes for the business lines, planned in a way everything is delivered in time. The mindset in this is completely different to the ones that are trying to do changes. Stability - no changes. Predictable processes - secured applications, monitoring in place.

---

Running information transformation processes

The stability of delivering is automating what information is coming into what can be used by the information consumers (push). What should by delivered is a reaction on what information consumers are expecting (pull). When the demand variety is high, requests for changes in the delivery will be high.

👓 (link figure)
Information request & delivery in a full pull-push cycle.

The numbering looks not logical:
   I , II push delivery
   IV , III pull control
The push was already there and numbered in that order, numbering the corners left to right. The cycle:
   IV, III, I , II

---

Delivering Results As A Services. 👓 (link figure)
Planning the operations is by using tuned applications in a automated time frame not overloading the system.

The service delivery moment is to agreed with the intended usage. For Management information systems is will be (almost) never a real time alert. A daily weekly quarterly yearly moment is normal. When there is a high impact to achieve deadlines than just in that period the needed service class is high.

The Disaster Recovery, a fall back system, and more for availability are part of a delivery service. The DRAAS abbreviation could be for several services.

At 8 preparation of delivery.
At 9 doing the delivery.

---

What about Sales - marketing?

😉 commercial
Sales - marketing are managing the "pull cycle" at 1,0. They are of course an important part in the organisation having their information questions.
🤔 public service
With a public service the load at the "pull side" is not influenced by marketing but a result of political decisions. The effect of those political could be complicated.
Controlling the load and capacity is different to commercial enterprises.

---

What about Archiving - retention policies?

⚠ Being compliant at data retention policies is too often ignored. It are basic information requirements that should be part of the system.

1. How long must information kept available at the first line?
2. What and how must information archived at a second or third line?
3. When should information be destroyed?

With the GDPR the personal identification questions are pushing to do this better.

---

Initiatives Result & More.

SMART buzsword to get an ohter name by reordering and using others words.
 

SIAR not STAR, PDCA

When seeing and recognizing an issue when involved and committed to the process the following questions arise:

1. Why?
2. Possible improvements?
3. Who can help?
4. What can I do?
5. When to do it?

Situation going for Initiatives that are by Actions getting into Results: SIAR

"T" (Task) replaced by I. Tasks are dictated. Initiatives are using the experiences from what is going on.

The PDCA cycle is the same, shifted IARS. Do is actions and Act (decide what next) analysing the Situation.

---

The external input, external service provision (left) and external ouput, external delivery support (right) is not in a logical time order. To break this illogical order somewhere in the continous cycle a start must be made.

---

Not included is:

6. With what?

The toolset to be used should not be a leading one. Preferable is to use what is already there. Reuse at no additional cost investments or dependencies. Removing waste, overburden, unevenness (muda muri mura).

Avoided is:

7. Where are the benefits?

This question is soemtimes problematic as not all benefits are short term term financial ones. Personal favors can play an important role.

---

Following steps

These are practical sdlc experiences.

Business Intelligence & Analytics 👓 previous
bpm, business process next 👓 topic .



Others are: concepts requirements: 👓
BPM SDLC Bianl:

---