On deployment and enviromental risk

One hot topic that you often get when you have project teams delivering functionality for user acceptance testing while support are testing ad hoc fixes for production issues is "Who owns the environment and how do we stop support and project work from interfering with each other?".

I feel that all code changes and deployments to customer facing sites should have some kind of change management paperwork raised. Because of this you are able to catch scheduling/work conflicts in the change advisory board. A good change control process should help you think about the risk to your project and also help flag to other stakeholders that they might have a risk to consider.

A very basic rule of thumb for deploying anything to production in a manually controlled environment is don't expect that no other changes to have been made since you took your base to work on and always check before merging in. Here I think a "manually controlled environment" is somewhere that developers and application support have write access directly to production and UAT servers and that deployment is typically done manually by a developer or application support developer copying files and installing etc.

In this environment I would consider it a project risk that any UAT sites have the potential to have emergency support changes made and/or in test. A Few things that I would do to help mitigate this in the short term:

•    Use the CAB process as fully as possible, this makes everyone aware of what you intend to change and when 
•    Confirming with support before proceeding and referencing the CAB form – do you need to do anything? Is there any reason we shouldn’t proceed?
•    Check what is there as you deploy – is it what was there before we started development? Have any CABs been raised for these clients/environments that might impact our project?

This is assuming that any inter-project team conflicts over environments can be resolved in regular PM/programme management meetings - I would place the onus on the project work as I would have thought that project deployments should be able to be planned far enough in advance to do this. IMHO it is typically a lot easier for project teams to check and plan for this than it is for support given the nature of the work.

In the longer term it makes sense to migrate those clients to an auto-deployment structure from a "source of truth", for which I would strong recommend a good source control system. Then place stricter controls on environment access at the server level. Ideally I wouldn't want anyone other than operations staff performing anything other than infrastructure tasks directly on the server. For things like logging there are enough ways of piping logs off and examining Windows event logs remotely that developers and application support shouldn't need much - if any - server access.

Comments

Post a Comment

Popular posts from this blog

CONFERENCE: TTI Summer Forum 2017 – Getting to Grips with GDPR

Image
T his week I was at the Travel Technology Initiative's Summer Forum . The subject was the new EU (and UK!) data protection laws. These are due to come into force in May 2018. It's a large topic where the individual member state's laws and guidance are evolving. There were three main points that I picked up from the presentations. First from Dai Davis , GDPR expert at Percy Crow Davis & Co. His lively presentation talked about how a large part of the change is in how rights communicated. Before this was by "fairness" through registration of usage with a central body. The shift is to transparency by informing individuals directly. This means that the consumer mindset could then shift to match how legislation is framed. For example, with the repetition of many companies holding personally identifiable information now having to inform what they are collecting and how they are processing it. Currently, awareness isn't high and the compensation not high eno
Read more

On HBX and online education

Image
I have written this blog post as a reflection on what has occupied me a lot in the past 3 months. After finishing my Post graduate Certificate in Technol ogy Manage ment with the O pen U niversity I was looking at what to do next in continuing my education - being a life long learner! I was looking at different online plat forms for interesting courses.  I was looking at sites like Coursera and  Future Learn , when I came across a new extension to Harvard Business School and a course they run called HBX CORe. This one paragraph pitch they provide sums it up pretty well: HBX CORe (Credential of Readiness) is a 120-150 hour certificate program on the fundamentals of business from Harvard Business School. CORe is comprised of three courses - Business Analytics, Economics for Managers, and Financial Accounting – developed by leading Harvard Business School faculty and delivered in an active learning environment based on the HBS signature case-based learning model. Sinc
Read more

On performance and environment

Image
Hobbies are a great way to relax and unwind from work. They are also an excellent opportunity to practice some skills and learn about yourself.  Photography shows a clear visual representation of how practice with tools can improve output . Running I have found has taught me a couple of lessons about performance and motivation. Here are my top four Goals are important   An arbitrary goal, doesn't fit in any plan but I feel good Yes, even arbitrary goals . As long as they have a narrative that you can use as a guide. They provide a sense of progress and small achievements to celebrate.  For example as an individual runner, it makes no real difference to my life running 10km just under an hour. Or a bit faster at 51 minutes. But the difference in the sense of pride and achievement in my progress was real.  Your environment matters Periodically I pause from running then have to restart. Sometimes this also involved a house move and I need to find a new route. On one of
Read more