SYS-CON MEDIA Authors: Pat Romanski, Gary Arora, Zakia Bouachraoui, Yeshim Deniz, Liz McMillan

Blog Feed Post

Top Ten Practices of Highly Effective DevOps Incident Management Teams

I recently presented a webinar with DevOps.com about the behaviors we see in teams who represent the leading edge of Incident Management. Using the Incident Management Lifecycle as a jumping off point, we explored 10 tips that nest into each of the 5 phases of an incidents’ lifecycle. Depending on a teams’ relative maturity, these ideas may represent anything from a starry eyed daydream to an example of your normal operating practice.

A recording of the presentation, polls, and Q&A can be viewed here. I’ll explore the topics discussed further below.

Incident Management Lifecycle

As we’ve discussed before, we like to break up conversations around incident management into five phases. This framework gives us a common language to discuss improvements that teams can adopt to make on-call suck less.

https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 300w, https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 768w, https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 510w, https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 1026w" sizes="(max-width: 640px) 100vw, 640px" />

Most people immediately recognize the first 3 phases, that’s certainly where all the action and adventure lives in on-call. That said, the last two are the most important for a team if reducing time-to-resolution is their focus. Analysis and Readiness is where teams focus on learning and enacting improvements. Without significant, ongoing focus on these phases, teams will rarely manage to get out of a break/fix cycle.

The Zeroth Tip

Iteration. I cannot overstate that the best thing you can do to get better at Incident Management is to keep trying to get better at Incident Management. In most environments, the reality of on-call is a kind of foggy staggering between outages. A large event will occur, after which teams will scurry around trying to implement changes to Detection, Response, Remediation, and systems all at once. A harried two weeks will come to a close with many ideas half implemented, then everyone returns to their day job of programming or systems. No further work is performed to get things better until the next big outage.

This is not a recipe for success.

Every iteration, every week, some percentage of the roadmap must be devoted to ongoing improvements to the systems, process, and people behind your on-call rotations.

Detection

Tip #1 Take a Blended Approach to Detection

Simple, static monitoring never provides a sufficient picture of system or application health. The best teams have a mature blend of Static, Synthetic, APM, Time Series, and Log Analysis systems in place.

While a blended approach gives far more insight and intelligence about what’s going on, teams must be wary of alert fatigue from too many things going beep.

Tip #2 Focus on Business Outcomes

While the aggregate network throughput on the outside interface of your load balancer is an interesting metric, it means little compared to midday revenue. Why has engineering moved so far away from business outcomes? The best teams use the businesses’ core metrics as a means to detect application health, and respond in kind to changes or variance beyond expected norms.

This expanded view of application health encourages Incident Management teams to consider the multitude of inputs (social media, NPM, etc) available for them. The best Incident Management teams are multidisciplinary, they work closely with many organizational elements in the business.

Response

Tip #3 Keep alerts actionable

So much has been said about this, you’d think we could all move on. However, the number one thing I still hear in casual conversations is how alert storms, and un-actionable nonsense is ruining a teams’ morale.

Actionability means both that the alert requires action (instead of being purely informational), and that the alert has been delivered to someone with the permission and ability to perform said action.

Tip #4 Start or grow your ChatOps practice

At any level of adoption, ChatOps is a game changer for teams. Particularly as teams move to fully integrated ChatOps environments the benefits to all phases of the lifecycle are manifest. At the most basic level of adoption, ChatOps creates a common, time-indexed and searchable record of the firefight. These transcripts are useful for others joining the action getting up to speed, and in the Analysis phase of after-action discussions.

An interesting poll result from the webinar shows that, while adoption is growing, ChatOps remains an opportunity for a lot of teams. 25% of respondents indicated no use of ChatOps in their teams.

https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 300w, https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 768w, https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 905w, https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 510w, https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 1069w" sizes="(max-width: 640px) 100vw, 640px" />

Remediation

Tip #5 Runbooks are central to remediation

As engineering teams continue to adopt complex technology systems, helping incident responders understand the what of a system becomes a critical area of focus. Getting paged for the Nth microservice created this week is great… if it’s your service. Cross training for every application is hardly practical, so the best teams rely on runbooks as a the bridge to establish context for on-call teams.

The best runbooks have several characteristics:

-clearly explain metrics and alerts
-clearly explain application or system role
-identify upstream and downstream dependencies
-identify an escalation point or Subject Matter Expert
-enumerate known failure states or symptoms
-list (through integration) recent work or incidents
are routinely updated

Tip #6 Adopt infrastructure-as-code

It’s tough to call this a tip given the work involved for any team to move from older methods of maintaining infrastructure. Adopting configuration or infrastructure as code represents a multi-year project for nearly any established business.

The difficulty of adopting this approach aside, teams who operate infrastructure in the same workstream as developing code are a breed apart. Consolidated workstreams create a step function in efficiency and adaptability for any DevOps team dealing with outages. Full transparency into all state changes in systems lead to quicker diagnosis, and the ease with which these teams actualize changes are doubly impactful to remediation efforts.

Analysis

Tip #7 Data drives investigation

If, like me, you’re tired of hearing about “data driven” things, you can mentally rewrite this tip title to read “Rigorous methodology drives investigation”. The best teams keep after-action analysis focused on clean observation, testable hypothesis, clear success criteria, and an iterative approach to learning. At their best, these approaches look more like the Scientific Method than anything else.

https://victorops.com/wp-content/uploads/2017/06/The_Scientific_Method_a... 300w" sizes="(max-width: 450px) 100vw, 450px" />

Moreover, these teams discuss the impact of cognitive biases on their work. Objectivity, rigor, and defensible analysis rule the day.

Tip #8 Keep postmortems blameless

Much like #3 above, this advice almost seems like piling on – who has been at a conference in the past year where at least one “blameless postmortem” talk was given? The number of people advocating it though, is an indication of how utterly required it is for any on-call team. Blameful culture cripples responders as they are less likely to act in the moment, and more likely to hide information after the fact.

The best teams create a culture where responders are empowered to act, expected to act, and rewarded for taking smart action. A postmortem focused on learning as much as possible from an event is one way to help foster a culture of action in your team.

Readiness

Tip #9 Keep postmortems actionable

The most objective, learning-focused, rigorous Analysis phase imaginable is worth little if no action is taken. Far too often teams go through the motions of after-action discussion, then lose track of the ideas, lose time to implement, or lose focus on those ideas through lack of leadership.

https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 300w, https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 768w, https://victorops.com/wp-content/uploads/2017/06/Screen-Shot-2017-06-12-... 510w" sizes="(max-width: 898px) 100vw, 898px" />

Improvements to Incident Management are as important, less important, or equally important as feature requests. Who knows which? Keeping Product Managers involved in your readiness will enable clear discussions about the tradeoffs with other work being planned. Adding those improvements to the same workstreams will not ensure they are actioned, but it does help you create a running backlog of desired improvements that can be added to longer term roadmap planning.

Tip #10 Organize the swarm

One of the best questions from the Q&A time at this event was (paraphrased) “How can you help a team deal with the unknown or unexpected?”. This is the heart of really everything we do. Things are going to break. They are probably going to break badly. They will break in a way you have only vaguely imagined… how can we be ready for the unknown?

The short answer is you can’t! What you can (and should) do instead is focus on setting a group of smart people up for success. Give them tools, give them clear roles and organization, and let them be smart. They’ll figure it out, as long as they aren’t also trying to figure out organization and communication at the same time.

Keep Iterating

Any one of these ideas may represent months of work for a team. None of them are going to solve all your on-call problems the first time you try it. By adopting a continuous improvement mindset, Incident Management teams can implement small changes frequently, and start walking the path to being a highly effective team. These ideas and more are explored in the new ebook The Dev and Ops Guide to Incident Management, which you can download here.

The post Top Ten Practices of Highly Effective DevOps Incident Management Teams appeared first on VictorOps.

Read the original blog entry...

More Stories By VictorOps Blog

VictorOps is making on-call suck less with the only collaborative alert management platform on the market.

With easy on-call scheduling management, a real-time incident timeline that gives you contextual relevance around your alerts and powerful reporting features that make post-mortems more effective, VictorOps helps your IT/DevOps team solve problems faster.

Latest Stories
While a hybrid cloud can ease that transition, designing and deploy that hybrid cloud still offers challenges for organizations concerned about lack of available cloud skillsets within their organization. Managed service providers offer a unique opportunity to fill those gaps and get organizations of all sizes on a hybrid cloud that meets their comfort level, while delivering enhanced benefits for cost, efficiency, agility, mobility, and elasticity.
Isomorphic Software is the global leader in high-end, web-based business applications. We develop, market, and support the SmartClient & Smart GWT HTML5/Ajax platform, combining the productivity and performance of traditional desktop software with the simplicity and reach of the open web. With staff in 10 timezones, Isomorphic provides a global network of services related to our technology, with offerings ranging from turnkey application development to SLA-backed enterprise support. Leadin...
DevOps has long focused on reinventing the SDLC (e.g. with CI/CD, ARA, pipeline automation etc.), while reinvention of IT Ops has lagged. However, new approaches like Site Reliability Engineering, Observability, Containerization, Operations Analytics, and ML/AI are driving a resurgence of IT Ops. In this session our expert panel will focus on how these new ideas are [putting the Ops back in DevOps orbringing modern IT Ops to DevOps].
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace's Enterprise Immune System is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. Installed as a self-configuring cyber defense platform, Darktrace continuously learns what is ‘normal' for all devices and users, updating its understa...
Enterprises are striving to become digital businesses for differentiated innovation and customer-centricity. Traditionally, they focused on digitizing processes and paper workflow. To be a disruptor and compete against new players, they need to gain insight into business data and innovate at scale. Cloud and cognitive technologies can help them leverage hidden data in SAP/ERP systems to fuel their businesses to accelerate digital transformation success.
Concerns about security, downtime and latency, budgets, and general unfamiliarity with cloud technologies continue to create hesitation for many organizations that truly need to be developing a cloud strategy. Hybrid cloud solutions are helping to elevate those concerns by enabling the combination or orchestration of two or more platforms, including on-premise infrastructure, private clouds and/or third-party, public cloud services. This gives organizations more comfort to begin their digital tr...
Most organizations are awash today in data and IT systems, yet they're still struggling mightily to use these invaluable assets to meet the rising demand for new digital solutions and customer experiences that drive innovation and growth. What's lacking are potent and effective ways to rapidly combine together on-premises IT and the numerous commercial clouds that the average organization has in place today into effective new business solutions.
Keeping an application running at scale can be a daunting task. When do you need to add more capacity? Larger databases? Additional servers? These questions get harder as the complexity of your application grows. Microservice based architectures and cloud-based dynamic infrastructures are technologies that help you keep your application running with high availability, even during times of extreme scaling. But real cloud success, at scale, requires much more than a basic lift-and-shift migrati...
David Friend is the co-founder and CEO of Wasabi, the hot cloud storage company that delivers fast, low-cost, and reliable cloud storage. Prior to Wasabi, David co-founded Carbonite, one of the world's leading cloud backup companies. A successful tech entrepreneur for more than 30 years, David got his start at ARP Instruments, a manufacturer of synthesizers for rock bands, where he worked with leading musicians of the day like Stevie Wonder, Pete Townsend of The Who, and Led Zeppelin. David has ...
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace's Enterprise Immune System is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. Installed as a self-configuring cyber defense platform, Darktrace continuously learns what is ‘normal' for all devices and users, updating its understa...
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
Addteq is a leader in providing business solutions to Enterprise clients. Addteq has been in the business for more than 10 years. Through the use of DevOps automation, Addteq strives on creating innovative solutions to solve business processes. Clients depend on Addteq to modernize the software delivery process by providing Atlassian solutions, create custom add-ons, conduct training, offer hosting, perform DevOps services, and provide overall support services.
Contino is a global technical consultancy that helps highly-regulated enterprises transform faster, modernizing their way of working through DevOps and cloud computing. They focus on building capability and assisting our clients to in-source strategic technology capability so they get to market quickly and build their own innovation engine.
When applications are hosted on servers, they produce immense quantities of logging data. Quality engineers should verify that apps are producing log data that is existent, correct, consumable, and complete. Otherwise, apps in production are not easily monitored, have issues that are difficult to detect, and cannot be corrected quickly. Tom Chavez presents the four steps that quality engineers should include in every test plan for apps that produce log output or other machine data. Learn the ste...
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...