After a decade, the move to DevOps is still a major challenge in many enterprises. Why? Because many organizations are following a model that's best suited to organizations--like Facebook--that were born in the digital era. For the rest of us there's a better way: Build a Software Factory.
At Micro Focus, we launched our SW Factory program, an integrated set of tooling, services, data, and processes that help our engineers to plan, build, test, release, and/or operate and manage the software we deliver to our customers.
So how do you build a SW Factory? We started by conducting a gap analysis of our starting point, defining our guiding principles, creating a reference architecture and mapping our value streams. Then we began to build. Here are the pieces we chose and how it all fits together:
Application Lifecycle Management (ALM)
Our solution is based on ALM Octane--a comprehensive lifecycle management platform for high-quality application deliver. It is the core of the SW Factory as it is our main system of record capturing all the artifacts and their traceability, as well as providing the required insights for managing the lifecycle. It was a perfect fit for our needs for several reasons:
- It is open and extensible which enabled us to integrate it with our toolchain (IDEs, continuous integration, support system, portfolio management, etc.).
- It is scalable and flexible with the right balance for providing a scaled agile solution for the portfolio level, as well as the flexibility on the team level to operate in their optimal flavour of agile.
- It has quality at its core and enabled us balance our speed of delivery with the enterprise level quality expected from our solutions.
The Build Factory
Our build factory spans the application development lifecycle from when the developer pushes a code change from the integrated development environment (IDE) to the source-code management (SCM) system, which in turn triggers the continuous integration (CI) to run, executes the required tests, and pushes the build results into an artifact repository.
- IDEs: Due to the relative strong attachment our developers have to their IDEs and the wide variety in use, we decided not to standardize on one, but to support the three most popular ones: Eclipse, Visual Studio and InteliJ.
- SCM: we are using a Git solution and practice for our inner sourcing project and to foster collaboration across the portfolio, which complements other SCMs such as StarTeam, Accurev, Dimensions CM and PVCS which are used by respective teams.
- CI: We standardized on Jenkins as our primary CI system, its relatively rich plug-in eco-system was key to integrating it with our tool chain as well as the rich out of the box integration with ALM Octane and testing tools.
- Binary repository: we found JFrong Artifactory as a comprehensive solution to address our needs including rich artifact types support (Maven, BPM, Docker etc) as well as being enterprise ready.
We integrate functional, performance, and security testing with our CI to provide early detection, and with ALM Octane to enable quality management and insights. By consolidating all of our data into ALM Octane, we can detect risky areas that require more attention, which we address through manual tests and additional validation cycles.
- Functional Testing: We are using a variety of tools, including Unified Functional Testing (UFT). Besides its broad technology coverage (web, mobile, web services, Java etc), which is key to support our rich portfolio, we required a solution that would keep tests resilient with the rapid application changes. UFT, through its broad object identification solution (including artificial intelligence), enabled just that.
- Performance Testing: LoadRunner is our solution. It supports a broad set of technologies which we require, it enables our shift left by integrating with factory services and leveraging existing test assets, and is scalable to enable the respective users run load tests from tens to millions of users in a click.
- Security Testing: We implemented a set of security testing practices that give us complete security coverage, including static code analysis with Fortify SCA, dynamic code analysis with Fortify WebIspect, third-party dependency checks using OWASP Dependency Check, container scanning with Clair, and infrastructure scanning.
We integrated all of these technologies as part of our CI in order to shift left and provide earlier detection. The results are being audited and governed through our security intelligence tool, Fortify Software Security Center, and qualified security defects are integrated with ALM Octane. This enables us to shorten security validation cycle time, reduce risk, and manage security as an integral part of the delivery cycle.
We are using the Hybrid Cloud Management (HCM) solution. It manages a shared poll of resources that span our own data centers, as well as public cloud resources, and a variety of resource types and form factors including physical, virtual and containers and middleware. It enables providing infrastructure on-demand in a self-service experience to the engineering teams which is key to empower the SW Factory.
This is a one-stop shop that provides access, support, and knowledge for all of the SW Factory services we offer.
- Service catalog: We are using Service Management Automation X (SMAX), this is where engineers can get access to the SW Factory services, knowledge and support in a smart self-service experience, we are using Service Management.
- Collaboration: We use MS Teams as a ChatOps platform, besides powering collaboration for ongoing topics of interest (Java development, UI/UX etc), we provide a bot that enables interfacing with the SW Factory for the day 2 day activities (e.g. build status and progress, backlog management, etc).
- Insights: With the large and ever-increasing amount of data we have across the SW Factory, we needed to set up a big-data system that could gather all of the data, analyze it, and generate the required reports for continuous improvement. We are using Vertica as the big data analytics system integrated with Tableau for reporting.
Getting started: Four steps you can take now
To successfully roll out an SW Factory, you need to take four steps:
- Take an outside-in view of your operation to get a holistic view of the value streams required to power the business and processes and integrations with external functions.
- Take an inside-out view to capture the main engineering services and integrations you'll need for those value streams.
- Operate in an agile fashion, deliver an MVP, and continuously evolve it based on consumer demand and feedback.
- Use this as an opportunity to transform: Re-evaluate your tool choices, modernize, consolidate, and integrate your tool chain to deliver faster and at a higher level of quality.
That's how we built our SW Factory. How will you build yours? Post your questions and comments below.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.