Bridging The Gap between Development and Production Kevin Sangwell Infrastructure Architect Microsoft Regional Head Quarters

Development Environment Characteristics –Component development takes place on individual developer workstations –Developers have local admin rights –Minimal (if any) security policies applied –Runtime environment is the developer workstation (i.e. not distributed) DevelopIntegrate Test Deploy

Integration Environment Characteristics –The first time a component gets “deployed” –Minimal “formal” testing –Code often runs with admin rights –Some security policies applied –Runtime environment is semi-distributed DevelopIntegrate Test Deploy

Test Environment Characteristics –Objective is to prove functional requirements –Code runs with production (limited) rights –Full security policies applied –Runtime environment reflects production Host separation Security Zones DevelopIntegrate Test Deploy

Deployment Pains –No automated deployment –Minimal (if any) install instructions –No documented requirements for the service accounts –No list of infrastructure requirements; Firewall ports Load balancing config MDAC version DevelopIntegrate Test Deploy

A Better Way Business Requirements Development Team Infrastructure Team Business requirements –Non-functionals Availability Scalability/Capacity Disaster Recovery Branch Performance Agree contract

Infrastructure requirements/ constraints –Dev, Integration and Test need to know Operations requirements Security requirements Data Centre requirements Infrastructure Architectural Principals Share Infrastructure requirements/constraints

Infrastructure requirements/ constraints –Dev, Integration and Test need to know Operations requirements Security requirements Data Centre requirements Infrastructure Architectural Principals

Operations requirements on Dev team –Dev team are expected to provide Health Model & Instrumentation Automated Installation (MSI) Operations guides (deployment, backup, recovery, weekly tasks) Performance characteristics Disaster Recovery constraints Network constraints (high latency = page validation rather than field)

–Health Model & Instrumentation –Automated Installation (MSI) –Operations guides (deployment, backup, recovery, weekly tasks) –Performance characteristics –Disaster Recovery constraints –Network constraints (high latency = page validation rather than field)

Infrastructure requirements/ constraints –Dev, Integration and Test need to know Operations requirements Security requirements Data Centre requirements Infrastructure Architectural Principals

Security requirements on Dev team –Communication between zones –Authentication & Identity Management –Encryption & non-repudiation –Host hardening

Development Team Security requirements from Dev team –Service Accounts & Permissions –Certificates or PKI –Partner communications –New products

Infrastructure requirements/ constraints –Dev, Integration and Test need to know Operations requirements Security requirements Data Centre requirements Infrastructure Architectural Principals

Data centre constraints on Dev team –Rack space –Heat –Power

Data centre requirements from Dev team –New WAN connections –Volume of data

Infrastructure requirements/ constraints –Dev, Integration and Test need to know Operations requirements Security requirements Data Centre requirements Infrastructure Architectural Principals

–Don’t develop where infrastructure has a solution Re-use / extend existing identity store –No state stored in DMZ –Deployment requirements (automated..) –Availability & scaling strategies

The point of Integration and Test Risk Reduction –Apply production security policies to the test environment –Ensure component is installed consistently across environments –Attempt to reflect the distributed nature of production –Use virtualisation to reduce hardware requirements and achieve above

Holistic Testing Make the Test team responsible for ALL testing –Functional requirements –Non-functional requirements –Operations requirements –Security requirements Tests become end-to-end –Deployment –Test most Functional & Non-Functional Requirements concurrently –Operations tests validate other tests

“I know all this… its just plain hard!” Test Should Reflect Production –Virtualise Test Environment –“Manage” Test Environment similar to production Automated Deployment Software Distribution Monitoring

Step 1 - Eliminate Physical Errors Do thisNot this

Step 2 – Understand Production Network Architecture Storage Architecture Security Architecture Management Architecture Network Devices Computing Devices Storage Devices Network Services DNS, DHCP, WINS Firewall Services Firewall, Proxy Directory Service Deployment Services File & Print Services Data Services Web App. Services Infra. Mgmt. Services Backup & Recovery Services Certificate Services Remote Access Services Middleware Services

Step 3 – Remove The Non-Core Services Network Architecture Storage Architecture Security Architecture Management Architecture Network Devices Computing Devices Storage Devices Network Services DNS, DHCP, WINS Firewall Services Firewall, Proxy Directory Service Deployment Services File & Print Services Data Services Web App. Services Infra. Mgmt. Services Backup & Recovery Services Certificate Services Remote Access Services Middleware Services

Step 4 – Commoditize Replace high performance switches Use a single unmanaged L2 switch Windows RRAS for routing Replace hardware firewalls with software firewalls (ISA 2004)

Step 5 – Virtualize & Automate Virtualize common IT services - AD, DNS, WINS, DHCP, etc. Automate deployment, configuration & provisioning for development, testing and production Reserve actual production hardware for focused testing

Maintain Integration knowledge stays in- house Integration Team –Manages the virtual environments –Syncs them with production –Runs or coordinates testing –Hosts LOB and new service dev and test teams –Speeds the integration process

Virtualisation Cannot … Be used for driver level testing Run high scale load tests Substitute for a full scale staging environment Eliminate the need for staff to understand the production environment Substitute for good testing, change management or project management

Automate The Steps Eliminate human error Assurance that base environment works as documented Focus testing on the new IT Service rather than existing environment Also automate the new IT Service deployment, configuration & provisioning

Agile Development Move code through Integration and Test frequently Automate, automate, automate Leverage virtualisation and the operations infrastructure Benefits –Identify issues sooner –Increases confidence for deployment This is the internal Microsoft Approach

Bringing it all together Business Test / Integration DevInfrastructure Functional Requirements Non-functional Requirements Functional Requirements Code Non-functional Requirements Operations Requirements Environments Security, Operations & Data Centre Constraints Developer Environment Operations Guides Solution Deployment Constraints

Tools Today Business Test / Integration DevInfrastructure Functional Spec. in Word/Excel Serena/Borland Contract in Word/Excel Serane/Borland Word Document, VSTS MSI/Scripts Health Model (Word Document) ADS, VirtualServer, RIS, SMS, MOM VSTS Logical DataCentre Tasks in Project/VSTS ADS, VirtualPC, RIS, SMS Word Document, Health Model, SDM (VS)

Tools in the future Business Test / Integration DevInfrastructure Functional Spec. in Word/Excel Serena/Borland Contract in Word/Excel Serane/Borland Word Document, VSTS SDM (MSI/Scripts) Word Document SDM (WDS, SMS, MOM) SDM (VS LDD), Tasks in VSTS Windows Deployment Services Vista, SMS Word Document SDM (VS)

Questions?