Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Continuous Delivery Foundation / Interviews / 10 May 2023
Continuous Delivery Foundation / Interviews / 10 May 2023
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Fatih Degirmenci & Gerard McMahon | Open Source Summit NA 2023

Description

Fatih Degirmenci & Gerard McMahon talk with John Furrier & Rob Strechay at Open Source Summit NA 2023 in Vancouver, Canada.

#ossummit #linuxfoundation #thecube

A

Welcome back everyone to the live Cube coverage here in Vancouver for open source Summit 2023 I'm John Furrier, with my co-host Rob streche we're going to talk about the CD Foundation. We've got a great end user, Fidelity Investments here inside the cube, Fati jamachi who's, the executive director of CD foundation of the Linux foundation and Gerard McMahon product area, leader for Alm tools and platforms at Fidelity Investments. Gentlemen, thank you for coming on. Thanks.

B

For having us.

A

So, thank you for coming on Fidelity great end use. I know you guys do a lot of r d, a lot of development. It was on the Forefront of it at Foxy. The foundation is doing very well. Congratulations on your momentum. Yeah yep! Let's get into the momentum, give us some updates from the snapshot of what you guys were releasing and on stage today. Some great news share the update, yeah.

B

We were pretty excited actually doing to keep morning kinos of Open Source Summit North America, one of our community members, Tracy Reagan, talked about some of our projects such as CD, Vines, ortelius and tecton, and those projects are actually are the projects we made announcements.

B

This week we see great momentum for those projects and many different organizations are joining to support our mission because continuity Foundation is a place for everyone to come and contribute, and collaborate on contractor and devops topics to make sure we push domain forwards in a collaborative Manner and one of the announcements we made was about cdos project which brings interval to continuous ecosystems, so the organizations could use these different content server Technologies in an interoperable manner, which is a big win for everyone in the ecosystem. We.

A

Will talk about platform engineering for years on the cube this past year we got definition around kind of what it is. It's not SRE. That's what Google does all the big guys it's more more, it's we call it a kubecon, more mainstream, a lot of traction, a lot of stories around that. But you know the CD is big part of platform, engineering, interoperability and supply chain. Fidelity. You guys have some news open sourcing, some tools, um let's get into that. What's the update yeah.

C

We're delighted we're you know: financial services company we're very much into our digital transformation now within Cloud adoption, and one part of it is how do we Embrace open source? More um open source brings the world of many thousands and thousands of developers from all over the world with all different experiences, and essentially they create better code. When you have a thousand eyes on a piece of code and you have a thousand people collaborating communicating discussing Etc, you know that you can trust in that code and it scales out faster.

C

So we as part of the day, you know we're an end user member of the contiguous delivery foundation and one thing we contributed recently as part of CD events was Jenkins plugin. So as Jenkins runs and runs pipelines, it runs. You know what you do in your pipeline, your different stages and steps Etc. We just wanted to know what that all that data was. You know compliance security, quality et cetera, so we've contributed that to the open source back to the community.

C

It's part of the continuous delivery foundation and we hope to get more contributors from elsewhere and other users. So know we can, they can contribute additional features which we can just inherit then and.

A

The benefits of the plug-in is what consistency, what's the main benefit for the plugins, so.

C

What helps us understand the continuous integration and continuous delivery of process for each application as they're deploying to Cloud. So are you security scanning? Have you got any vulnerabilities? Have you done code quality scanning? Have you done your chaos, testing or performance engineering? Have you run your governance and your compliance checks? So we can have evidence of security and compliance around the srlc process and have a really consistent then for every application team in Fidelity. How.

D

Does that play into I mean again being an end user and financial services heavily regulated, and how does this help you from platform engineering perspective and bringing things together? So if.

C

You, you know think if you think way back um the monolith. You know we deployed to Data Centers. You had this giant artifact that was produced over a period of time, and that was that was the extent of it. You handed that to somebody and they put it into the environment today with Cloud, we think of there's infrastructures codes. There is your applications, your microservices, so the complexity and the amount of work that an application team has to do.

C

Every application team has to do is getting greater and greater, and it's reducing the amount of time we're spending on business value. So platforms enables us provide platforms for developers to use in order for them to just focus on.

D

Business does that help when you're rolling out yet you're transforming your internal applications as you digitize them and as you transform them to be more Cloud native? Is this helping you report back to the health of those applications and where they are in supporting your your customers? Absolutely.

C

So one thing is: it provides us the consistency in how to get to the Cloud, so we can build those guardrails into the platform. So, as teams are going to Cloud, they can go as fast or slow as they're capable of doing or as their maturity increases. But the guard Reds are constantly there to keep them safe and secure.

D

Yeah and how how different do you think your journey has been than say, others that are outside of the Financial Services Industries we've seen some others here as well, but we.

C

Were having this conversation um yesterday that we're all solving the same problem and that's I, think one of the benefits of the foundations is. We can all work together through the open source Community to solve these problems as an industry, and then everybody all the Enterprises can then adopt those Solutions, um because it is it's common.

A

Bobby, what's that issue in the interoperability of interoperability in the ecosystem? What are the core challenges? What's going on to solve those problems? This is one example of of a highlight with Fidelity, but interoperability in the ecosystem has been something that you guys been working on.

B

What's the update quite a long time? Well, it's actually what you asked about platform engineering as well like, if you think about a typical Pipeline and if you have different, you know technologies that I want to make those capabilities available to our the open door organization that Pipeline and surrounding Technologies need to be integrated to platform. So the developers don't see those details and they focus on adding business value, as JR said, but currently because of lack of interability within the ecosystem.

B

That effort bringing those different Technologies together, whether it is like software code configuration management, build tools, artificial cicd, orchestrators, test, Frameworks, observability tools, application security tools because of lack of Internet common language. The problem becomes so huge and everyone needs to do this. Integration themselves, spending time, effort and energy, it's costly and it's open to problems because open source Community is more fast. Your integration may be broken the next day. What interability brings into picture is to remove this complexity and actually make sure all these different types of Technologies can speak on the same language.

B

We can have them as part of your platform and hook them into your platform using that language and then the rest of the organization. Don't need to worry about that. So that is what it brings to the tables.

D

Yeah, so do you see that I mean fidelity goes in those Jenkins? Do you see that others are going to have to contribute in that ecosystem, or is this something that's being embraced by those other projects and those other yeah other.

B

Tools that is one of our announcements we made during our cdcon event, Monday and Tuesday this week. In addition to Jenkins Ericsson, for example, from telecommunications industry, they contribute a request for comment to Spinnaker project, which was accepted by the speaker comment recently, and the implementation is currently happening and if you think, Jenkins and Spinnaker many organizations use these two technologies together. Junk is for CI, perhaps technical, for continuous, deploying on sites, and this will allow them to use these different Technologies together seamlessly because of this City events.

B

Protocol or interval Tech Force we have the third project, is stacked on they're, an experimental controller again using CD runs bringing into reality, and we got a question recently asking like what about the projects outside of CD foundation, and we have a project called test curve, which is an independent, open source project and they recently introduced test. Events to CD runs protocol making test framework to speak in same language So.

B

Currently, we have these four projects adopting CD events, bringing interoperability for their users, and we are talking with cncf projects such as Argo, Lux, Harbor and so on, to find out how we can bring them to this. You know broader collaboration effort and having traveled across different projects, regardless of where they are.

D

Yeah I think it also the one thing and I think Tracy actually brought it up. Was that uh security right? Because I look at this and you know s-bomb is the he. You know the the sexy new thing to talk about all everybody's got. You know we do this for s-bomb. We do that for s-bomb. How does this play into the security aspect of that as well?

D

You.

B

Contribute the case study to contains their Foundation talking about some of the security concerns. This might help address yeah.

C

So it's you know. Security starts with the developer. The idea at their fingers and security is continuous when that, when your application is running in production, security is continuous and it happens across every stage. So how you know how we maintain that, how we ensure that we are secure and safe on a continuous basis. You know that's where we I look and see the events as well as a way of how can it um provide a you know the consistent way to talk about security, communicate with you around the end of right security.

C

So we can constantly monitor security across whether it's the developer coding, whether it's you know something like log4j, which can after the fact right. So it was something that have secure one day, not secure the next day, so that it allows us build tooling, build monitoring, build observations, observability, honor security, posture and no matter at what stage of the sdlc.

B

And one thing: sorry: if.

A

I might ask now.

B

One of the key things, especially when we talk about microsource, Cloud native and this you know desegregated. You know world if you think about like a comet going through pipelines and getting part of many microservice and getting employed to many different regions around the world. The traceability becomes a big issue and security and traceability closely related. If you learn that there's a CV in one of the applications running in production amount in one of the regions around the world, you don't have too much time to fix that issue and such interability helps.

B

You track your steps back from the deployment back to Comet, so you can easily identify which comment actually introduced that problematic dependency, for example. So we I personally think the intervals and security they go hand in hand like if you don't have interoperability, you can't trace back to the origin of the problem and that actually becomes much more difficult thing and the other thing, if you think about integration integration. In this context, integration causes loss of information, because when you integrate photos together, then some things will not be available.

B

You lose that data, but with interoperability. The information data model is there as long as you have that you have all the data with you.

A

So they're tied together, you got the interoperability which gives you the signals for the supply chain, so the s-bomb can connect to a Telemetry or data vulnerability. Data happening in real time, that's more efficient than not having visibility into the Container yeah.

C

And it also allows you prove right. So if you sign anything so it allows, you prove that this object, whatever it contains and what you've signed it is it allows you verify that, and so you can be constantly. You know there is a trust model, but you're almost always able to verify that trust. At many points it's.

A

Interesting I want to get you guys, thoughts on on a concept. That's been kicked around by some people, not us, but others. They're saying that platform engineering has emerged because of the complexity of kubernetes and containers.

A

um Don't think that's accurate, I think it's more of platform. Engineering came from infrastructure as code which comes from you know, SRE kind of mindset so I want to get your definition of what platform engineering is I mean for the mainstream market, because there's the hardcore hyperscalers that do stuff at such scale, but I call them a little bit of an anomaly they're like a unicorn. They do their thing, but Enterprise is starting to get that scale going. So, as platform engineering comes in, what does it mean? What is it and then?

A

How is that different from say the the developer developers in the CI CDC CDC cicd pipelining? So what's that? What's your question.

C

Actually, the organization of Workforce called cloud and platform engineering we just actually we were the cloud engineering team so enabling Cloud for Fidelity and now we're adopt. You know going moving into the platform space, so when you think of an application team they're taking an application, their business value, their business code, putting it onto the cloud environment and then making you know so, their customers can access that value.

C

There's a tremendous amount of infrastructure and Resort Cloud resources that need to be created as part of just enabling that technology or that value to be accessible um every you know we have 4 000 application teams. If every application team is cons, is building out that application infrastructure building out all of those resources they're taking time away from the values Market that our customers are looking for us so but the platform to me enable application teams deploy their value much quicker.

A

There's another piece here: there's the platform, engineering team setting standards and scale the app teams which has developers yes in them, can be sitting on top sitting on.

C

Top of that, you guys enable them. We enable them, then adopt all of these tools and capabilities.

A

Okay, now the next question great. Thank you very much for highlighting that super valuable. Now, the next level is, as third party tools come in and manage services from skill, Gap standpoint. How do you guys look at that? Obviously Fidelity a little bit probably have more developers to say the average company, but for the most part, how do you deal with managed services and things of that nature? So we.

C

We look at the platform not as as an abstraction on top of either Individual Services capabilities. We write ourselves manage services, our third-party tools, and you know that we might purchase from a vendor and then it's the platform and the experience of consuming that platform is where we then look at creating on top right. So you can have like if we take CI CD, you have your Source control management system. You have your CI system, your CD system, your code scanners, your security scanners, you've got all of these things.

C

Now, if a developer team, well they have to use this one. Then they have to talk to this one and they're chaining all of these things. So if we can create a platform and an experience, a consumable experience, then we that's how we enable the development.

A

And the final question on this platform engineering definition is: is that there's an abstraction between the app teams and the platform teams? And then the next question is: is that can you have too many platforms?

A

It becomes a platform. You can't have it's like tools, tools, you have a lot of tools, but the company can't have 10 platforms.

C

Correct I.

A

Mean platform engineering is almost like: it is the foundation Bedrock. Yes, basically,.

C

Yeah, it becomes and that's why we in Fidelity we've centralized as platform engineering, so we're we're serving the entire Enterprise as part of making these platforms available. But.

A

If you talk about the dynamic here, because everyone loves pla, it seems to be platform like love right, well, I'm gonna, build a platform like I mean it's almost like aspirational, but like not really real or or not. In.

B

My previous life.

A

Before uh joining the senior Foundation.

B

I was working as software engineer, working with different tools and Technologies, and no for software Engineers. When you see a problem there you have. This urge I need to go and fix this, and if you do something three times manually on all you go and think I need to automate this, and this actually results in creating solutions that becomes useful to your friends within your team. Then it becomes useful to other teams, and then you grow this kind of platform like thing from within the team, and that's been there quite for quite some time.

B

You know you create these things, put a web interface in front of it, and people just push few buttons feed boxes, that's the platform in very simple terms, but where we are going now is we are still you know, learning what the platform engineering means: In, This, Cloud native world, or in this you know new age, I. Think as JR said, like every passing day, we will be putting different Technologies under this platform.

B

If we see our developers, our development organization, well spending so much time on doing something or if the cognitive load on developers increasing unnecessarily, then that could become part of platform as well. So it's like I think it's.

A

Because platform, engineering- the way you describe it- is a centralized operational construct as well, but you can have an application that could be system oriented with dependencies yeah across groups. Yeah, that's an application, yeah yeah! You could they're different, but kind of not right, correct.

C

They're different but yeah, but they're, similar in function and again yeah. This was, is you know if we take and then the other thing that platforms can do is, and there is a finite number right? It's it. There's not just multiples is platform to platforms. So that's another opportunity, I think. So, if we take, you know observability in SRE, in your Production Services and you've got your software delivery. Can you combine the data and the intelligence between them to offer something of more value? Do you.

D

Find that that actually gets pushed back from the developers because they feel like they're constrained in what platforms they can use. Just speaking out of my experience at Amazon, it was the Wild West right. Every two Pizza team could go and do whatever the hell they wanted, which I think it's the complete opposite.

C

Of that, like developers, love to develop, they love to innovate, right they're in technology, that's their chosen career and that's why they do it so being told to do something and use something particular can be conflict.

A

I think you're understating the revolution that well, they.

C

Rejection, you know, there's you know we're all very opinionated.

A

Better.

B

Than your ways.

C

Better in your way and um yeah, so so that's a constant balance right, I think you've got to find a way to allow developers, innovate and allow them allow their ideas to come back in right. So we say hey well, this is a fantastic idea. We see Five Ten teams adopting this. Maybe that's a time to bring that back in into the center and.

A

I think that's the thing about platform. I might bring this up because I'm a platform thinker, I love platforms, but everyone you can have a app that looks like a platform. That's not platform engineering, it's just software.

B

Engineering yeah.

A

Development, so then you have pure software development. So it's it's a nuance point, but it's important to understand that some people think they're the platform yeah.

C

But they're not but they're, not yes, yeah and it's. How do you allow them innovate and how? How do you allow them to contribute backs? We talk about open source being um in the community. Can you have inner source? So you know one of the concepts we have in Fidelity is: how do we enable the inner Source community so all of our internal developers and that they can contribute and that's where I think you get adoption and openness to you know to to use these things because you're part of creating it yeah.

A

Well, we got to leave it there, Patsy thanks for coming on Gerard thanks for the Fidelity Investment master class on platform.

C

Engineering.

B

And interoperability.

A

Software Supply! Congratulations! All your accomplishments! The state of CD is out yeah, give a quick plug.

B

State of City report is a report we publish on a yearly basis during our silicon event, which the fourth one was published. This Monday and state of City report aoles the software delivery performance across different types of organizations, small medium, large, Enterprises, different Industries and so on. So the report is available on our website city.foundation and it has many interesting findings like use of different Technologies, how it helps organizations to become better performing organizations and so on. So I I think you should.

A

Change devops continues to devsec. Ops continues infrastructure as code really amazing story. Cloud continues to Boom platform engineering, enabling develops to be faster and more secure, and this is what it's all about in open source. It's thecube bring you all the action from open source Summit here in Vancouver, I'm John Furrier with Rob stretchy stay tuned for more segments. After this short break.

A

Foreign.

A

Foreign.