Welcome!

Blog Feed Post

Top Ten Practices of Highly Effective DevOps Incident Management Teams

I recently presented a webinar with DevOps.com about the behaviors we see in teams who represent the leading edge of Incident Management. Using the Incident Management Lifecycle as a jumping off point, we explored 10 tips that nest into each of the 5 phases of an incidents’ lifecycle. Depending on a teams’ relative maturity, these ideas may represent anything from a starry eyed daydream to an example of your normal operating practice.

A recording of the presentation, polls, and Q&A can be viewed here. I’ll explore the topics discussed further below.

Incident Management Lifecycle

As we’ve discussed before, we like to break up conversations around incident management into five phases. This framework gives us a common language to discuss improvements that teams can adopt to make on-call suck less.

https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 300w, https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 768w, https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 510w, https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 1026w" sizes="(max-width: 640px) 100vw, 640px" />

Most people immediately recognize the first 3 phases, that’s certainly where all the action and adventure lives in on-call. That said, the last two are the most important for a team if reducing time-to-resolution is their focus. Analysis and Readiness is where teams focus on learning and enacting improvements. Without significant, ongoing focus on these phases, teams will rarely manage to get out of a break/fix cycle.

The Zeroth Tip

Iteration. I cannot overstate that the best thing you can do to get better at Incident Management is to keep trying to get better at Incident Management. In most environments, the reality of on-call is a kind of foggy staggering between outages. A large event will occur, after which teams will scurry around trying to implement changes to Detection, Response, Remediation, and systems all at once. A harried two weeks will come to a close with many ideas half implemented, then everyone returns to their day job of programming or systems. No further work is performed to get things better until the next big outage.

This is not a recipe for success.

Every iteration, every week, some percentage of the roadmap must be devoted to ongoing improvements to the systems, process, and people behind your on-call rotations.

Detection

Tip #1 Take a Blended Approach to Detection

Simple, static monitoring never provides a sufficient picture of system or application health. The best teams have a mature blend of Static, Synthetic, APM, Time Series, and Log Analysis systems in place.

While a blended approach gives far more insight and intelligence about what’s going on, teams must be wary of alert fatigue from too many things going beep.

Tip #2 Focus on Business Outcomes

While the aggregate network throughput on the outside interface of your load balancer is an interesting metric, it means little compared to midday revenue. Why has engineering moved so far away from business outcomes? The best teams use the businesses’ core metrics as a means to detect application health, and respond in kind to changes or variance beyond expected norms.

This expanded view of application health encourages Incident Management teams to consider the multitude of inputs (social media, NPM, etc) available for them. The best Incident Management teams are multidisciplinary, they work closely with many organizational elements in the business.

Response

Tip #3 Keep alerts actionable

So much has been said about this, you’d think we could all move on. However, the number one thing I still hear in casual conversations is how alert storms, and un-actionable nonsense is ruining a teams’ morale.

Actionability means both that the alert requires action (instead of being purely informational), and that the alert has been delivered to someone with the permission and ability to perform said action.

Tip #4 Start or grow your ChatOps practice

At any level of adoption, ChatOps is a game changer for teams. Particularly as teams move to fully integrated ChatOps environments the benefits to all phases of the lifecycle are manifest. At the most basic level of adoption, ChatOps creates a common, time-indexed and searchable record of the firefight. These transcripts are useful for others joining the action getting up to speed, and in the Analysis phase of after-action discussions.

An interesting poll result from the webinar shows that, while adoption is growing, ChatOps remains an opportunity for a lot of teams. 25% of respondents indicated no use of ChatOps in their teams.

https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 300w, https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 768w, https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 905w, https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 510w, https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 1069w" sizes="(max-width: 640px) 100vw, 640px" />

Remediation

Tip #5 Runbooks are central to remediation

As engineering teams continue to adopt complex technology systems, helping incident responders understand the what of a system becomes a critical area of focus. Getting paged for the Nth microservice created this week is great… if it’s your service. Cross training for every application is hardly practical, so the best teams rely on runbooks as a the bridge to establish context for on-call teams.

The best runbooks have several characteristics:

-clearly explain metrics and alerts
-clearly explain application or system role
-identify upstream and downstream dependencies
-identify an escalation point or Subject Matter Expert
-enumerate known failure states or symptoms
-list (through integration) recent work or incidents
are routinely updated

Tip #6 Adopt infrastructure-as-code

It’s tough to call this a tip given the work involved for any team to move from older methods of maintaining infrastructure. Adopting configuration or infrastructure as code represents a multi-year project for nearly any established business.

The difficulty of adopting this approach aside, teams who operate infrastructure in the same workstream as developing code are a breed apart. Consolidated workstreams create a step function in efficiency and adaptability for any DevOps team dealing with outages. Full transparency into all state changes in systems lead to quicker diagnosis, and the ease with which these teams actualize changes are doubly impactful to remediation efforts.

Analysis

Tip #7 Data drives investigation

If, like me, you’re tired of hearing about “data driven” things, you can mentally rewrite this tip title to read “Rigorous methodology drives investigation”. The best teams keep after-action analysis focused on clean observation, testable hypothesis, clear success criteria, and an iterative approach to learning. At their best, these approaches look more like the Scientific Method than anything else.

https://victorops.com/wp-content/uploads/2017/06/The_Scientific_Method_a... 300w" sizes="(max-width: 450px) 100vw, 450px" />

Moreover, these teams discuss the impact of cognitive biases on their work. Objectivity, rigor, and defensible analysis rule the day.

Tip #8 Keep postmortems blameless

Much like #3 above, this advice almost seems like piling on – who has been at a conference in the past year where at least one “blameless postmortem” talk was given? The number of people advocating it though, is an indication of how utterly required it is for any on-call team. Blameful culture cripples responders as they are less likely to act in the moment, and more likely to hide information after the fact.

The best teams create a culture where responders are empowered to act, expected to act, and rewarded for taking smart action. A postmortem focused on learning as much as possible from an event is one way to help foster a culture of action in your team.

Readiness

Tip #9 Keep postmortems actionable

The most objective, learning-focused, rigorous Analysis phase imaginable is worth little if no action is taken. Far too often teams go through the motions of after-action discussion, then lose track of the ideas, lose time to implement, or lose focus on those ideas through lack of leadership.

https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 300w, https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 768w, https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 510w" sizes="(max-width: 898px) 100vw, 898px" />

Improvements to Incident Management are as important, less important, or equally important as feature requests. Who knows which? Keeping Product Managers involved in your readiness will enable clear discussions about the tradeoffs with other work being planned. Adding those improvements to the same workstreams will not ensure they are actioned, but it does help you create a running backlog of desired improvements that can be added to longer term roadmap planning.

Tip #10 Organize the swarm

One of the best questions from the Q&A time at this event was (paraphrased) “How can you help a team deal with the unknown or unexpected?”. This is the heart of really everything we do. Things are going to break. They are probably going to break badly. They will break in a way you have only vaguely imagined… how can we be ready for the unknown?

The short answer is you can’t! What you can (and should) do instead is focus on setting a group of smart people up for success. Give them tools, give them clear roles and organization, and let them be smart. They’ll figure it out, as long as they aren’t also trying to figure out organization and communication at the same time.

Keep Iterating

Any one of these ideas may represent months of work for a team. None of them are going to solve all your on-call problems the first time you try it. By adopting a continuous improvement mindset, Incident Management teams can implement small changes frequently, and start walking the path to being a highly effective team. These ideas and more are explored in the new ebook The Dev and Ops Guide to Incident Management, which you can download here.

The post Top Ten Practices of Highly Effective DevOps Incident Management Teams appeared first on VictorOps.

Read the original blog entry...

More Stories By VictorOps Blog

VictorOps is making on-call suck less with the only collaborative alert management platform on the market.

With easy on-call scheduling management, a real-time incident timeline that gives you contextual relevance around your alerts and powerful reporting features that make post-mortems more effective, VictorOps helps your IT/DevOps team solve problems faster.

Latest Stories
This session will provide an introduction to Cloud driven quality and transformation and highlight the key features that comprise it. A perspective on the cloud transformation lifecycle, transformation levers, and transformation framework will be shared. At Cognizant, we have developed a transformation strategy to enable the migration of business critical workloads to cloud environments. The strategy encompasses a set of transformation levers across the cloud transformation lifecycle to enhance ...
Your job is mostly boring. Many of the IT operations tasks you perform on a day-to-day basis are repetitive and dull. Utilizing automation can improve your work life, automating away the drudgery and embracing the passion for technology that got you started in the first place. In this presentation, I'll talk about what automation is, and how to approach implementing it in the context of IT Operations. Ned will discuss keys to success in the long term and include practical real-world examples. Ge...
The challenges of aggregating data from consumer-oriented devices, such as wearable technologies and smart thermostats, are fairly well-understood. However, there are a new set of challenges for IoT devices that generate megabytes or gigabytes of data per second. Certainly, the infrastructure will have to change, as those volumes of data will likely overwhelm the available bandwidth for aggregating the data into a central repository. Ochandarena discusses a whole new way to think about your next...
So the dumpster is on fire. Again. The site's down. Your boss's face is an ever-deepening purple. And you begin debating whether you should join the #incident channel or call an ambulance to deal with his impending stroke. Yes, we know this is a developer's fault. There's plenty of time for blame later. Postmortems have a macabre name because they were once intended to be Viking-like funerals for someone's job. But we're civilized now. Sort of. So we call them post-incident reviews. Fires are ne...
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations, in addition to network and systems administration expertise. Prior to joining F5, MacVittie was an award-winning technology editor at Network Computing Magazine where she evaluated and tested application-focused technologies including app secu...
CloudEXPO New York 2018, colocated with DevOpsSUMMIT and DXWorldEXPO New York 2018 will be held November 12-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI and Machine Learning to one location.
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
ICC is a computer systems integrator and server manufacturing company focused on developing products and product appliances to meet a wide range of computational needs for many industries. Their solutions provide benefits across many environments, such as datacenter deployment, HPC, workstations, storage networks and standalone server installations. ICC has been in business for over 23 years and their phenomenal range of clients include multinational corporations, universities, and small busines...
This sixteen (16) hour course provides an introduction to DevOps, the cultural and professional movement that stresses communication, collaboration, integration and automation in order to improve the flow of work between software developers and IT operations professionals. Improved workflows will result in an improved ability to design, develop, deploy and operate software and services faster.
Headquartered in Plainsboro, NJ, Synametrics Technologies has provided IT professionals and computer systems developers since 1997. Based on the success of their initial product offerings (WinSQL and DeltaCopy), the company continues to create and hone innovative products that help its customers get more from their computer applications, databases and infrastructure. To date, over one million users around the world have chosen Synametrics solutions to help power their accelerated business or per...
All in Mobile is a place where we continually maximize their impact by fostering understanding, empathy, insights, creativity and joy. They believe that a truly useful and desirable mobile app doesn't need the brightest idea or the most advanced technology. A great product begins with understanding people. It's easy to think that customers will love your app, but can you justify it? They make sure your final app is something that users truly want and need. The only way to do this is by ...
Authorization of web applications developed in the cloud is a fundamental problem for security, yet companies often build solutions from scratch, which is error prone and impedes time to market. This talk shows developers how they can (instead) build on-top of community-owned projects and frameworks for better security.Whether you build software for enterprises, mobile, or internal microservices, security is important. Standards like SAML, OIDC, and SPIFFE help you solve identity and authenticat...
The digital transformation is real! To adapt, IT professionals need to transform their own skillset to become more multi-dimensional by gaining both depth and breadth of a wide variety of knowledge and competencies. Historically, while IT has been built on a foundation of specialty (or "I" shaped) silos, the DevOps principle of "shifting left" is opening up opportunities for developers, operational staff, security and others to grow their skills portfolio, advance their careers and become "T"-sh...
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Whenever a new technology hits the high points of hype, everyone starts talking about it like it will solve all their business problems. Blockchain is one of those technologies. According to Gartner's latest report on the hype cycle of emerging technologies, blockchain has just passed the peak of their hype cycle curve. If you read the news articles about it, one would think it has taken over the technology world. No disruptive technology is without its challenges and potential impediments t...