DevOps & Insurance Company: Create A Bridge Between Security And Change
1 like•412 views
The document outlines Manulife's transition to a technology-driven company, emphasizing the integration of DevOps practices and modern application development methodologies. It highlights the company's strategic platform choices, including Kubernetes and Cloud Foundry, to support both legacy and new applications. Additionally, it discusses the importance of automated practices, security measures, and the company's commitment to open source contributions and community support.
DevOps & Insurance Company: Create A Bridge Between Security And Change
- 1. Jonathan Le Lous Director Engineering Engagement and Release Platforms Thibault Cohen Release Platforms Lead Global Technology 1 DevOps & Insurance Company: Create a Bridge between Security and Change
- 3. Thibault -- @ttb_lt -- github.com/titilambert 3
- 4. 4 Ratings A.M. Best A+ DBRS AA (low) Fitch AA- Moody’s A1 S&P AA- Serving 1 in 3 Canadians Founded in 1887 Canada’s largest insurance company 20+ countries Employee volunteer hours: 107,288 Community investment: $39.9M Investments in renewable energy and energy efficiency projects: $10.9B Manulife economic impact Assets managed and administered $1 trillion Statistics as of December 31, 2017 Manulife
- 5. 5 New technology companies Our market is changing
- 6. ‘Honouring our Past, Engaging our Future’ “transforming our business to be much more of a technology-driven company” Roy Gori, Manulife’s CEO. ▪ Legacy – Reducing the Run and Modernize Apps ▪ Net New – Leveraging Micro-services and APIs 6
- 8. Platform Strategy: Kubernetes & PCF ‘‘While Cloud Foundry's PaaS can free up developers from infrastructure management worries, Kubernetes' container orchestration and cluster management functions can preserve control over the infrastructure for ops.’’ TechTarget (03/27/2017) 8 1. Legacy Apps 2. DevOps 1. Build Net New apps 2. Production Platform 1. Convergence strategy 2. Decision Framework
- 9. DevOps = removing barriers = CI CD
- 10. Example 1: The easy one ▪ All developer teams are using Scrum methodology ▪ All new projects are micro services running in PCF ▪ These projects are stored in GitLab using forking strategy ▪ The CI is based on Jenkins Pipelines ▪ Unit tests, SonarQube, BlackDuck, Fortify, ... ▪ The CD is based on Concourse ▪ 4 persistent PCF environments : DEV/TEST/QA/PROD 10
- 11. Example 2: Back to the future ▪ Bring a 28 years old application to Gitlab/Jenkins ▪ Migrate more than 30000 commits from Harvest to Git ▪ Reproduce Harvest concepts with Gitlab/Jenkins ▪ Reduce developer learning curve ▪ Next steps: ▪ Move away from Harvest concepts to standard DevOps concepts ▪ Add more automated tests in Jenkins (SonarQube, BlackDuck, Fortify, ...) ▪ Add more tools in the pipeline (Doxygen, HyperSQL, ...) 11
- 12. Automate Best Practices 12 ▪ Generic CI: Code Review, Security, Open Source Governance, QA.. ▪ Security: ▪ Automated Security Scans (Code) ▪ Implemented by-default Security tasks inside project ▪ Risk Fixe: Upstream Contributions
- 13. 13 ▪ By-default Open Standard ▪ Support Communities (event, membership) ▪ Contribute upstream ▪ Hiring Top Talent ▪ Talk at Open Source Events BUILD: Leverage Open Source Open Source Ecosystems Manulife Technical Leader