Blog Feed Post

Top Ten Practices of Highly Effective DevOps Incident Management Teams

I recently presented a webinar with DevOps.com about the behaviors we see in teams who represent the leading edge of Incident Management. Using the Incident Management Lifecycle as a jumping off point, we explored 10 tips that nest into each of the 5 phases of an incidents’ lifecycle. Depending on a teams’ relative maturity, these ideas may represent anything from a starry eyed daydream to an example of your normal operating practice.

A recording of the presentation, polls, and Q&A can be viewed here. I’ll explore the topics discussed further below.

Incident Management Lifecycle

As we’ve discussed before, we like to break up conversations around incident management into five phases. This framework gives us a common language to discuss improvements that teams can adopt to make on-call suck less.

https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 300w, https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 768w, https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 510w, https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 1026w" sizes="(max-width: 640px) 100vw, 640px" />

Most people immediately recognize the first 3 phases, that’s certainly where all the action and adventure lives in on-call. That said, the last two are the most important for a team if reducing time-to-resolution is their focus. Analysis and Readiness is where teams focus on learning and enacting improvements. Without significant, ongoing focus on these phases, teams will rarely manage to get out of a break/fix cycle.

The Zeroth Tip

Iteration. I cannot overstate that the best thing you can do to get better at Incident Management is to keep trying to get better at Incident Management. In most environments, the reality of on-call is a kind of foggy staggering between outages. A large event will occur, after which teams will scurry around trying to implement changes to Detection, Response, Remediation, and systems all at once. A harried two weeks will come to a close with many ideas half implemented, then everyone returns to their day job of programming or systems. No further work is performed to get things better until the next big outage.

This is not a recipe for success.

Every iteration, every week, some percentage of the roadmap must be devoted to ongoing improvements to the systems, process, and people behind your on-call rotations.


Tip #1 Take a Blended Approach to Detection

Simple, static monitoring never provides a sufficient picture of system or application health. The best teams have a mature blend of Static, Synthetic, APM, Time Series, and Log Analysis systems in place.

While a blended approach gives far more insight and intelligence about what’s going on, teams must be wary of alert fatigue from too many things going beep.

Tip #2 Focus on Business Outcomes

While the aggregate network throughput on the outside interface of your load balancer is an interesting metric, it means little compared to midday revenue. Why has engineering moved so far away from business outcomes? The best teams use the businesses’ core metrics as a means to detect application health, and respond in kind to changes or variance beyond expected norms.

This expanded view of application health encourages Incident Management teams to consider the multitude of inputs (social media, NPM, etc) available for them. The best Incident Management teams are multidisciplinary, they work closely with many organizational elements in the business.


Tip #3 Keep alerts actionable

So much has been said about this, you’d think we could all move on. However, the number one thing I still hear in casual conversations is how alert storms, and un-actionable nonsense is ruining a teams’ morale.

Actionability means both that the alert requires action (instead of being purely informational), and that the alert has been delivered to someone with the permission and ability to perform said action.

Tip #4 Start or grow your ChatOps practice

At any level of adoption, ChatOps is a game changer for teams. Particularly as teams move to fully integrated ChatOps environments the benefits to all phases of the lifecycle are manifest. At the most basic level of adoption, ChatOps creates a common, time-indexed and searchable record of the firefight. These transcripts are useful for others joining the action getting up to speed, and in the Analysis phase of after-action discussions.

An interesting poll result from the webinar shows that, while adoption is growing, ChatOps remains an opportunity for a lot of teams. 25% of respondents indicated no use of ChatOps in their teams.

https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 300w, https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 768w, https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 905w, https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 510w, https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 1069w" sizes="(max-width: 640px) 100vw, 640px" />


Tip #5 Runbooks are central to remediation

As engineering teams continue to adopt complex technology systems, helping incident responders understand the what of a system becomes a critical area of focus. Getting paged for the Nth microservice created this week is great… if it’s your service. Cross training for every application is hardly practical, so the best teams rely on runbooks as a the bridge to establish context for on-call teams.

The best runbooks have several characteristics:

-clearly explain metrics and alerts
-clearly explain application or system role
-identify upstream and downstream dependencies
-identify an escalation point or Subject Matter Expert
-enumerate known failure states or symptoms
-list (through integration) recent work or incidents
are routinely updated

Tip #6 Adopt infrastructure-as-code

It’s tough to call this a tip given the work involved for any team to move from older methods of maintaining infrastructure. Adopting configuration or infrastructure as code represents a multi-year project for nearly any established business.

The difficulty of adopting this approach aside, teams who operate infrastructure in the same workstream as developing code are a breed apart. Consolidated workstreams create a step function in efficiency and adaptability for any DevOps team dealing with outages. Full transparency into all state changes in systems lead to quicker diagnosis, and the ease with which these teams actualize changes are doubly impactful to remediation efforts.


Tip #7 Data drives investigation

If, like me, you’re tired of hearing about “data driven” things, you can mentally rewrite this tip title to read “Rigorous methodology drives investigation”. The best teams keep after-action analysis focused on clean observation, testable hypothesis, clear success criteria, and an iterative approach to learning. At their best, these approaches look more like the Scientific Method than anything else.

https://victorops.com/wp-content/uploads/2017/06/The_Scientific_Method_a... 300w" sizes="(max-width: 450px) 100vw, 450px" />

Moreover, these teams discuss the impact of cognitive biases on their work. Objectivity, rigor, and defensible analysis rule the day.

Tip #8 Keep postmortems blameless

Much like #3 above, this advice almost seems like piling on – who has been at a conference in the past year where at least one “blameless postmortem” talk was given? The number of people advocating it though, is an indication of how utterly required it is for any on-call team. Blameful culture cripples responders as they are less likely to act in the moment, and more likely to hide information after the fact.

The best teams create a culture where responders are empowered to act, expected to act, and rewarded for taking smart action. A postmortem focused on learning as much as possible from an event is one way to help foster a culture of action in your team.


Tip #9 Keep postmortems actionable

The most objective, learning-focused, rigorous Analysis phase imaginable is worth little if no action is taken. Far too often teams go through the motions of after-action discussion, then lose track of the ideas, lose time to implement, or lose focus on those ideas through lack of leadership.

https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 300w, https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 768w, https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 510w" sizes="(max-width: 898px) 100vw, 898px" />

Improvements to Incident Management are as important, less important, or equally important as feature requests. Who knows which? Keeping Product Managers involved in your readiness will enable clear discussions about the tradeoffs with other work being planned. Adding those improvements to the same workstreams will not ensure they are actioned, but it does help you create a running backlog of desired improvements that can be added to longer term roadmap planning.

Tip #10 Organize the swarm

One of the best questions from the Q&A time at this event was (paraphrased) “How can you help a team deal with the unknown or unexpected?”. This is the heart of really everything we do. Things are going to break. They are probably going to break badly. They will break in a way you have only vaguely imagined… how can we be ready for the unknown?

The short answer is you can’t! What you can (and should) do instead is focus on setting a group of smart people up for success. Give them tools, give them clear roles and organization, and let them be smart. They’ll figure it out, as long as they aren’t also trying to figure out organization and communication at the same time.

Keep Iterating

Any one of these ideas may represent months of work for a team. None of them are going to solve all your on-call problems the first time you try it. By adopting a continuous improvement mindset, Incident Management teams can implement small changes frequently, and start walking the path to being a highly effective team. These ideas and more are explored in the new ebook The Dev and Ops Guide to Incident Management, which you can download here.

The post Top Ten Practices of Highly Effective DevOps Incident Management Teams appeared first on VictorOps.

Read the original blog entry...

More Stories By VictorOps Blog

VictorOps is making on-call suck less with the only collaborative alert management platform on the market.

With easy on-call scheduling management, a real-time incident timeline that gives you contextual relevance around your alerts and powerful reporting features that make post-mortems more effective, VictorOps helps your IT/DevOps team solve problems faster.

Latest Stories
@DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises - and delivering real results.
With tough new regulations coming to Europe on data privacy in May 2018, Calligo will explain why in reality the effect is global and transforms how you consider critical data. EU GDPR fundamentally rewrites the rules for cloud, Big Data and IoT. In his session at 21st Cloud Expo, Adam Ryan, Vice President and General Manager EMEA at Calligo, examined the regulations and provided insight on how it affects technology, challenges the established rules and will usher in new levels of diligence arou...
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
"We started a Master of Science in business analytics - that's the hot topic. We serve the business community around San Francisco so we educate the working professionals and this is where they all want to be," explained Judy Lee, Associate Professor and Department Chair at Golden Gate University, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
DXWorldEXPO LLC announced today that Dez Blanchfield joined the faculty of CloudEXPO's "10-Year Anniversary Event" which will take place on November 11-13, 2018 in New York City. Dez is a strategic leader in business and digital transformation with 25 years of experience in the IT and telecommunications industries developing strategies and implementing business initiatives. He has a breadth of expertise spanning technologies such as cloud computing, big data and analytics, cognitive computing, m...
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
There is a huge demand for responsive, real-time mobile and web experiences, but current architectural patterns do not easily accommodate applications that respond to events in real time. Common solutions using message queues or HTTP long-polling quickly lead to resiliency, scalability and development velocity challenges. In his session at 21st Cloud Expo, Ryland Degnan, a Senior Software Engineer on the Netflix Edge Platform team, will discuss how by leveraging a reactive stream-based protocol,...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
DXWorldEXPO LLC announced today that Kevin Jackson joined the faculty of CloudEXPO's "10-Year Anniversary Event" which will take place on November 11-13, 2018 in New York City. Kevin L. Jackson is a globally recognized cloud computing expert and Founder/Author of the award winning "Cloud Musings" blog. Mr. Jackson has also been recognized as a "Top 100 Cybersecurity Influencer and Brand" by Onalytica (2015), a Huffington Post "Top 100 Cloud Computing Experts on Twitter" (2013) and a "Top 50 C...
Digital transformation is about embracing digital technologies into a company's culture to better connect with its customers, automate processes, create better tools, enter new markets, etc. Such a transformation requires continuous orchestration across teams and an environment based on open collaboration and daily experiments. In his session at 21st Cloud Expo, Alex Casalboni, Technical (Cloud) Evangelist at Cloud Academy, explored and discussed the most urgent unsolved challenges to achieve fu...
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications. Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio addr...
As DevOps methodologies expand their reach across the enterprise, organizations face the daunting challenge of adapting related cloud strategies to ensure optimal alignment, from managing complexity to ensuring proper governance. How can culture, automation, legacy apps and even budget be reexamined to enable this ongoing shift within the modern software factory? In her Day 2 Keynote at @DevOpsSummit at 21st Cloud Expo, Aruna Ravichandran, VP, DevOps Solutions Marketing, CA Technologies, was jo...
Predicting the future has never been more challenging - not because of the lack of data but because of the flood of ungoverned and risk laden information. Microsoft states that 2.5 exabytes of data are created every day. Expectations and reliance on data are being pushed to the limits, as demands around hybrid options continue to grow.
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.