Patrick Lightbody (New Relic)  Monitoring evolved from servers and networks to applications to what users do with applications Reflections on mountain moving, from the first year of USDS Mikey Dickerson

failure rate: how often software fails during production. Mean-time to recovery: how long it takes applications in the production stage to recover from failure. Key Principles to implementing a successful infrastructure must be measured and quantified, so that the total risks and impacts to software applications are understood.  Deploy immutable infrastructure, such as containers. The concept of immutable

recorded for auditing h. ENSURE SECURITY OF OUR SOFTWARE SUPPLY CHAIN i. Were often assembling applications from third-party components and integrating them with our business logic. We inherit the vulnerabilities objectives and integrate security telemetry into the same tools k. CREATING SECURITY TELEMETRY IN OUR APPLICATIONS i. Create relevant telemetry 1. Successful/unsuccessful logins 2. Password resets 3. Email

haven’t been introduced iv. Integration tests – ensure correct interaction with other production applications and services g. CATCH ERRORS AS EARLY IN OUR AUTOMATED TESTING AS POSSIBLE i. A test suite’s configuration of middleware 4. Copying packages to production servers 5. Restarting VMs, containers, applications, etc. 6. Generating configuration files 7. Run automated smoke tests 8. Running test procedures

a subset of the IS ICD scope and/or Capability Drop (CD) documents for smaller items such as applications o Replace comprehensive Preliminary Design Reviews (PDRs) and Critical Design Reviews (CDRs)

impossible to use. There’s a million mandatory fields and most of the time, the drop down boxes for ‘applications affected’ don’t even have what I need. It’s why I’ve stopped even putting in change requests

deployability? iii. Successful Brownfield transformations 1. CSG – COBOL mainframe and supporting applications a. They 2X release frequency b. Resulted in increased application reliability c. Reduced deployment

of “rogue” application development, or shadow IT. There has been good reason for that. Rogue applications are often unreliable and insecure; IT winds up having to fix them when they become mission critical