The original ITIL framework definition was published in the 1980s, but contrary to many opinions, it has evolved since then, provided one takes a more flexible view. Fast forward to ITILv3, and the framework has been shifted to the view that IT is a service that needs to support business initiatives and strategy.
In parallel, the “DevOps Movement” has continued to gain momentum, and is now the “culture” at many forward-thinking organizations. So, that begs the question, “Can I have my ITIL framework and still transform my IT Org to embrace DevOps?”
First, as a refresher, let me quickly outline the key components of ITILv3.
- Service Strategy — The service lifecycle must stay focused on meeting the business goals and objectives.
- Service Design — Architectural blueprint for the service
- Service Transition — Outlines the change management and release cycle practices
- Service Operation — Focuses on the delivery and control processes for the service
- Service Improvement — Focuses on how to continually improve the processes for Service Delivery
Now let’s lay out an engagement model for the transition of the culture to DevOps.
- DevOps Strategy — Establish metrics that outline Business Objectives and Value
- DevOps Design — Establish Capacity, Availability, and Security Best Practices
- DevOps Transition — Establish Organizational Structure and Define SLAs
- DevOps Operation — Shift to Agile; Programmatic CMDB and Change
- DevOps Improvement — Automate Incident, Problem, and Event remediation; Feedback loop
As you can see, there isn’t a huge gap between the two worlds, and I assert that the main changes are cultural, not technical, but one can use technology to start shifting the culture.
This is where the concept of a Security Fabric plays an integral role. Here is an example of how an Enterprise Reference Architecture can be organized to combine the best parts of ITIL and DevOps:
- Policy Definition — Allows you to define Users, Groups, Hosts, Layers, and Interdependencies
- Secrets Management — Allows you to store Secrets in a vault and access them programmatically in a secure manner with a complete Audit Log
- SSH Management — Allows you to securely manage SSH public-keys and session interaction with a complete Audit Log
- Host Factory — Allows you to instantiate and register new hosts or containers into your infrastructure
- Identity/Service-Defined Authorization– Allows you to control interaction between your hosts or containers via Policy and Gatekeeper
IT now has a powerful platform to map Business Objectives to Identity, Hosts, and Processes. Once that mapping is established, previously static and brittle activities such as managing Secrets and SSH public-keys, can be moved into the Continuous Delivery pipeline, which maps directly improving Service Transition, Operation, and Continual Improvement.
Agility and Scale are programmatically added via various tools, which allows for frictionless and auditable Change requests, as well as rapid response to Incidents, Events, and Problems.
The diagram below attempts to pictorially show the co-existence of ITIL and DevOps and how the features of a Security Fabric are common between the two.
The shift to a DevOps culture should be approached as a continual evolution. ITIL was a great starting framework, but over time added too much structure and rigidity. You can leverage the Best Practices of DevOps to overcome that and transform into an extremely agile and productive environment.
About the Author/Mike Kail
Mike Kail was Yahoo’s CIO and SVP of Infrastructure, where he led the IT and Data Center functions for the company. He has more than 24 years of IT Operations experience with a focus on highly scalable architectures, prior to joining Yahoo. Most recently, Kail served as VP of IT Operations at Netflix. Prior to that, he was VP of IT Operations at Attensity, where he was responsible for the Americas data center operations team; including managing various big data systems with their Hadoop cluster, HBase, and MongoDB components. He has been recognized widely for his insightful industry commentary on Twitter, and was recently named by the Huffington Post as one of the “Top 100 Most Social CIOs on Twitter.” He holds a B.S. in Computer Science from Iowa State University. Reach out to him on Twitter or LinkedIn.