If you were like me, you thought that cloud and compute virtualization technologies were transforming the data center, but they are nothing compared to what is coming our way. The IT landscape evolution is accelerating with the advent of application containers, network and storage virtualization, big data, and integrated and hyper-converged infrastructures, to name just a few. IT and business unit roles for infrastructure and application support and management are also changing; driving the need for solutions that are not found in the traditional IT playbook.
The competitive online marketplace is placing increasing pressure on businesses to deliver services and application updates faster to market. While the increased focus today is on the applications themselves, the reality is that they are dependent on infrastructure in order to be delivered to the end user or customer. The inflexibility of traditional IT operations to deliver needed infrastructure impedes development teams from meeting that need for speed in service delivery, causing a disparity between ITOps and development teams.
The availability of infrastructure resources from cloud service providers today is viewed by application/service owners and development teams as a faster and more flexible way to get infrastructure for application and service delivery. When the business units and development teams begin to circumvent traditional IT operations to get the agility they require to meet their rapidly evolving needs, it creates what I call ShadowOps.
ShadowOps is characterized by the clandestine proliferation of outsourced infrastructures and services, which further impedes the relationship between IT and development operations and creates risk, affecting everything from governance and compliance, to business continuity disaster recovery, service quality and more.
The infrastructure that application/service owners and developers require to run their applications is supported and managed by IT Operations. The business’ perception is that IT operations is a barrier. They are too slow and inflexible. This causes the businesses to seek outside infrastructure and thus a ShadowOps strategy is born.
ITOps has an enormous responsibility to meet certain requirements, such as regulatory or security audits, while also making sure there are disaster recovery and business continuity plans and systems in place; essentially planning for everything and anything that may happen.
Developers, on the other hand, live in the business unit and often have no baseline understanding of what IT Ops goes through on a daily basis, or how their procedures and needs are impacted by their operations.
While developers can typically deliver multiple releases per day, mostly unfettered as they traverse testing, development, QA and pre-production, once they enter the production environment, IT Operations is often unsuspecting of new or changed application behavior and underlying infrastructure requirements and are often left scrambling to deliver what new and changed applications need.
This causes the impacted developers to begin to look for infrastructure solutions that can give them the ease and speed they crave. So they go to Rackspace, or Amazon, or Microsoft Azure and simply buy the infrastructure they need to support their application and pay for it on a monthly basis.
When developers and application owners begin to outsource infrastructure, often with little regard for risk, they tend to overlook things like compliance requirements, audits, and the fact that a simple change can significantly impact IT operations.
IT Operations is burdened with certain regulatory demands and company policies, which makes them “slow” in the eyes of the application owners. External infrastructures are extremely appealing to application support and DevOps teams because of the pace at which cloud service providers can provision and deliver what is needed.
IT Operations is also saddled with legacy monitor systems, which requires a huge manual effort. Not only are there separate tools for monitoring storage, database, network and middleware, now with ShadowOps, there are separate infrastructures altogether and IT Ops has extremely limited insight into or control over external resources. They often don’t even know they exist until someone calls into the help desk unable to get to their application or unable to process a transaction. This is when things start to get out of control.
The Allure and Consequence of ShadowOps
ShadowOps is alluring to the developer for a few reasons: better time-to-value, time-to-market, agility, speed, responsiveness, which are all good things until they begin to impact availability or increase risk with no disaster recover or business continuity or audit ability on the part of IT operations. When developers purchase cloud service provider offerings rather than working through IT channels you have to deal with multiple providers – project management suffers, costs get out of control and you don’t get economies of scale.
So if each business unit, or development team goes this route independently, you have to ask yourself: Are they meeting business continuity requirements? Do they have redundancy in place? Are they backing up on a regular basis? Are they logging everything required? Are they controlling which administrators have access to certain systems? And finally, will it pass an audit, and how will the provider give access?
The consequence of a ShadowOps environment is not only multiple providers, but also the lack of a point person to negotiate response rates and SLAs that will meet the needs of their business unit, so when there is a security issue, there is no one to respond in a time frame to enables its resolution.
Unify, Automate, and Empower IT
So how do you eliminate ShadowOps and give developers the agility they need while also empowering IT?
It begins with enabling developers from central IT for better coordination, with better tools that address the needs of the changing IT landscape.
Providing IT operations with a unified, automated performance and availability monitoring tool, with a single UI and single datastore, along with event management for your entire infrastructure wherever it’s deployed is a big step towards overcoming the hurdles that lead to ShadowOps.
With a unified model that is automatically built and updated you’ll always be able to monitor the most accurate view of your entire IT environment, contain costs, promote shared resources and allow different units to make better purchases that meet evolving business demands.
A key symptom of a ShadowOps environment is an inflexible IT Ops organization, where it controls everything in-house with a strict menu of services and SLAs that developers are forced to deal with to meet their requirements. By leveraging a unified monitoring solution, you can empower IT to adapt and relinquish some of that control and facilitate a common ground with developers where IT acts as an enabler rather than an enforcer.
If the business unit wants to use an outside provider, IT operations can help them choose the right one, assign a project lead, help them set it up and make it work with the right controls.
IT is then free to be consultative with the business and development teams, guiding them to make better purchases and have more control of their environment, potentially combining multiple business units’ needs with a particular provider that specializes in the infrastructures they actually need.
IT operations, along with X-as-a-service (infrastructure, platform, software, etc.), allows greater flexibility to support rapid prototype and delivery. It allows IT to be a technology enabler for development teams, rather than forcing them to rely solely on their existing infrastructure and inevitably seek out ShadowOps.
For more on how you can eliminate ShadowOps by leveraging a unified monitoring tool to make IT Ops more agile and meet the evolving needs of your development teams, read our full report on aligning ITOps and DevOps here.