 Yn y gwirionedd yw yno, hyffordd yr aelod yng Nghymru, y cyflwyng, gwirionedd, rym ni gôl... Mae'r feddyl yn caelíllach yma'r llaw, ac mae'n ochr i'r llwyr yng Nghymru, fe fydd yn gweithio'r adrodd ar y cwrddol, i wedi'u meddwl i'r newid yng nghymru, yn fath ymddwr, o'i ddechrau'r bwrdd o'r adrodd awardediau, ac mae'r adrodd adrodd award ymddwch dw i'r adrodd wedi amser ..wyddyn ni'n meddwl i ni'n inghntiaeth iddyn nhw'n gwneud cydweithio. Mae'r ei dŵl yn gwneud iawn yn cynhyrchu phaith yn ei ieith. Mae'r ddyl Modd яw'r ddymhwysau'r rhai hynod, i edrych fel gweithreirs. Mae nhw'n mynd i chi'nious, wrth me'n bwysig yw'r aell yn y tarif yn y teimlo i chi pob i chi, ac mae'r ddysgu'n gwneud bitsrwydd. Felly, y ceisio fel yr unig bwysig yw'r bod yn y ddylodbwynt i ddweud yw iawn. is that there are ways that we are able to manage our entire solution in a single entity and therefore building factors where we are able to deploy the better, manage the better and version our entire solution so not just versioning our application versioning our API that is communicating with your little protein sydd ymdilyn. Mae'r sinaun ei fod yn ddylch i'r teamai. Wrth gyrddwch am yr ydych chi'n gŵr ydych chi'n gŵr, ac mae'n meddwl i'r hyn, gan dda o'r unig cyffredin, o'r blaen ychydig, iawn y gallu ffordd, o'r bach, o'r amser, o'r lleion yma, o'r ddweud. Padaf yn grant hwnnw, ond i'n meddwl i'r bach, o'r cyffredin, o'r ffordd, o'r maes. Mae elasticity cyfnodd yn mynd i ddegonnwys yn awosio a'i llawd yn afael i ddim yn ddegonnwys cyfeirio'r bobl o gennym eich syniad o ddegonnwys a'i rymellio'r bobl yma o Yazin mor cadw pedigolio i ddechrau yn ddigonnwys ac mae'n teimlo i driadio ychydigol i ddegonnwys i ddigonnwys iawn. ac mae'r dalebydd yn llaw'r cyflau o'r cyflawn. Mae'r gleis cyflawn o'r ystyried o ddech chi bywyd yn ffots yw yn pethau yn ei ddweud ysguent i'r ddechrau yw'r teimlo? Mae hyryd yn colli olos, fel ygoch chi'n bywyd ei ddod o'r cyflawn o ddechrau ac ydych chi eistedd o'r ddechrau'r cyflawn o'r ddechrau. O'r ddechrau yw'r di- dus, mae'n gweithio i bwysigol, Ewch ymgynchiddordeb am y cyfnodau yng nghefn yn ein bwysigiau i gael i'r talog ac nid i'w gael ei hoffio dim yn iawn. Wrth gwrs, mae'n ddellon sydd wedi atoedd ystafell o'r toll, ap gallai'r prif, ac mae'n cael ei roi gael ei hoffio i eistedd yn y gael i'r brif sydd ac mae'n gael ei hoffio i eistedd yn ei hoffio i'r toll. I'm now here today and I'm going to touch and mainly on continuous investment delivery with GIL RCI, and infrastructure is private and integration management, you can tell from my name, but we've built a few bits where we touch on particular areas and how they are actually very complementary in what you're delivering as an end solution. This is a picture of me. This is kind of my role in the loads. I'm a DevOps consultant. I have a cloud company called Heliclumps. We've already made the rest of the missions, I think. I also work a hundred jobs at DevOps in general. I'm also a get-up hero, a get-up community person. I'm also a dog-up community leader, so we've got to set those containers. I don't know if you can be an expert in that one, but the main thing is that now I spend very little time developing my tool and spend a lot more time developing processes for delivering solutions, whether that's purely software or the software and infrastructure. That's my Twitter on LinkedIn. If you have any questions, then you can certainly try me some questions on Twitter on LinkedIn. I would love to try and make time with people, so if there's anything that follows up after this that you think, I really like the work that you've got at the start, then send me a request on LinkedIn. I'm trying to find a path now. When we're thinking about continuous integration into the group, I'm delivering this via get-ups.com, but it's the whole idea of being process-based iteration for solution management, so that we can automate, build, test and release software in a stable way. We're delivering the tools and techniques back out to software teams from a developed perspective, which really is encouraging people to make the right decisions. So I don't think that there is a separation for me in between the minutes of where people can write code for. I think that you can write code in the group or you can write code into, pretend you can write code that controls what's going to be the drawing things, and you can write code that's actually made to manage that configuration by force. I don't think that there is a separation for me in the minutes of what we'd expect or guiding people to write a code for. Now, whenever we turn into continuous integration and delivery for infrastructure, rather than just for the software, we're actually looking at the models that we're deploying on that. The greater amount of time you can iterate and integrate the changes to working environments, actually you start to find that it reveals a lot of assumptions and errors around how you deploy it, and should eventually do the right bit of speed to the relative security for what you're doing, whether that is that your estate has some inherent problems in its security, that might be huge terms of passwords, API keys, that it won't set you out. So these are the problems, whether it's that you're delivering onto an existing platform that requires some other configuration API keys. We don't immediately accept any retrieval for the majority of hastened IP that we've done, but we've not done everything as mixed in just as we did in the previous keynote. We've not done everything just for one dreamer, actually, but we're actually delivering a range of services that are around the experience that we can get. So, what I'll have in the pipeline board that I'm going to demo today is this kind of structure that we have in the testing and planning of playing, and then we're going to need to answer all the opinions and the configuring of our infrastructure, and through that, we are attempting to make sure that that's secure. Now, part of the volume of deliverance extra security is the fact that, actually, no-one touches deliverance. So, deliverance happens entirely in pipelines, and so we have ultimate transparency visibility, and we can iterate on that process to deliver a lot better amount of security. And generally, what I'm dealing with most of the time is that that's where we're delivering their setbacks in continuous inspiration and infrastructure as code, is through these pipelines to basically start to deliver security at every stage. Now, when we're dealing with infrastructure as code, and the configuration library, largely focusing on these top areas, which is making sure that things are easily reproducible, that things like it's focusable, that they're consistent, and that change is easy to have reproducible. The reason I like being entitled back to what they're doing eventually is that, actually, when things are easily reproducible, they actually become far more disposable, and if they're far more disposable, they have to be consistent in how you deliver them, and when they're consistent, actually, the cost of change is easy to have reproducible. So, we're able to normalise different environments in the industry, we can build our own workflows in a specific way to complete services, and we're able to manage the delivery of environments to people through an international fashion, and actually build up the great and great power of what we do. So, I often pose a question to people that it's great to know what version of software is on, but I really want to know what version of infrastructure is on, because that is hard for your solution. We look at infrastructure as code, normally I'm going to go into two different areas, so we have infrastructure provisioning, where we're actually going and requesting infrastructure, and the configuration management. So, that's largely the great part of what we have and how we hide it. There's actually some legal role when we look at the tools that can do this. So, in infrastructure provisioning, largely, in the 1905s, that the work that there is in infrastructure provisioning is terrible, and configuration management, I've made and helped you as for the past, and I continue to use that, but I'm using the telephone more for the configuration services as well now. But I hope that they fit together really well, because they know what they're doing now, in terms of delivery of solutions. So, the configuration management is the optimal delivery. It's about managing installations, versions, and the state of the services that you already have. It's going to be a large and focused time to pre-finding structures, so the infrastructure of all that exists, although you can use Ansible to build your infrastructure stacks, if you will. It's not for me the ideal that they're going to do it. But it is really good at managing virtual machines, managing clusters, and managing existing software, especially if that software is in a mutable state. You're not going to be able to be in a mutable state. So, where we're doing a mutable infrastructure, really we have the idea that we need some kind of data for systems of that service. So, where that will be, it actually is sort of the thing that is in the service of controlling it and interfaces. You can, obviously, it's a lot, back in the day, that I did this, but managed a large amount of features with visual installations on it, and more different parts of the tools that are installed in the work. And when we're looking more at infrastructure vision, we're really dealing about defining how our infrastructure is established. So, that might be setting up how much compute we have, how much storage we have, the network we have, or something of the service, and also the scale of it. And we're talking about terrible, we're going to play against AWS, GCD, Azure. We can do it on-premium solutions, so that we'll be aware of. We can also do lots of other actions for these services. And what we're doing is provisioning the kinds of interface that we need that's going to fit with architecture for the service and the solution that we're going to put. Now, the great thing that we start to build when we've got software-defined infrastructure is the fact that we can then do versioning on the infrastructure that we have. So, as an example, managing scale in an application is interesting, especially if you're having to add more than no time, take no time away. I believe that to understand where you work exactly at a specific version is really important, because the hardware that it's actually running on is part of the platform that you're delivering. We can also look at mixing measures to addition management, so that everyone becomes aware of when we'll resolve the processes and how that issue is being resolved in the end of the moment. We can build change nodes for how we're changing the software that's underlying our infrastructure or the infrastructure on top, and we can build a great amount of board into this. So, everyone can see what we're changing our infrastructure and how those changes are likely to affect the application. That runs on the other side. Now, if you're having, when you're building an infrastructure, then it can be then visible and stable and secure and visible. Now, we start to be able to build these in iterative factors, but being able to build security and visibility to the overall solution improves the whole team's awareness of what they're delivering as a service. Okay. So, if we're thinking about buying an infrastructure as part of a lifecycle, we have this idea that we're provisioning, configuring, employing, monitoring, and destroying our infrastructure as part, and then we iterate on that process. So, that fits really nicely into doing that continuous deployment model because we have this idea that we are continually changing what we're doing. I hope that you find the part where you're able to iterate and that more easily you'll be able to deploy changes to your passion and you'll start to be able to build in those extra features that people won't be able to do in a much quicker way. And hollir to this is really starting to come across the idea that when we used to think that we were using a regress or any cloud provider as an infrastructure as a service provider, you're now not really using that as infrastructure as a service. So, it has become another idea that has become part of your software solution. So, whether it's that it's your pretty compute services on there, so you might be requesting the resources for it to be at its cost amount or whatever that passion of. And in that you may also, you are going to inter-set our networking for it and our networking is going to be running and load balances for it so that you're able to distribute load across your cluster and you may even have the value-added services so you may have an idea that we're going to do. So, email sending to the SES or another service or we might be doing the same like we should have learned it with the images that people are putting on there or we might be doing something similar to adding in the usual education with a new phone that we're having to scan across a different service. And when we start to be able to do it, we deliver solutions that take advantage of the entire stack of all the load. So, it can be a solution that you're building. Maybe you want to use, you know, the managed document that you need for doing something, some kind of service or you want to use a managed service for doing databases so you might be wearing them really well. And what we start to get is a new usability then of those solutions because you're abstracting away from, you know, putting on a console in an address or a new console and you're making that guarantee for a structure as part of it so when you were to reuse that solution for another application or to build a company specific wide to different databases, then you're able to reuse those solutions. And it's really driving towards the idea that what you're doing is you're building a cloud as the operating system and that's going to be delivering all the services that you need to deliver the experiences that you want. So, whether that's, you know, you might be pulling into a dynamic DB or elastic search. You might be storing things in S3 and then delivering them for a CDN somewhere. We might be looking at that. But we've got to do a direct connection to something that's on-prem with what you're running. We're going to be looking at linking in our solutions to having CloudWatch and CloudTrial potentially so that we're able to see the effects of doing monitoring on our service and doing learning on our service and that gives us the ability to then make decisions with regards to what we have. Then you've got to be looking at some additional machine learning for some business intelligence or doing something with spreadsheets where we're going to put in five items into a database. So, yet I'm trying to suggest that is that whether we've moved across the barrier of understanding that we're delivering a solution with a set of infrastructure as code and that that's going to be there, the pull of the telephone and the configures, which is useful, we can actually start to move that to be a lot more of an entire solution for what people are wanting with their applications, like them being a single idea of a solution and we're doing everything together and we can put in the overview and we can put in a number of functions to operate alongside this or we can add in extra areas as our solutions involve and we can, as a platform, as a platform, whether you're delivering that in a federated structure or delivering office-side capabilities with access to office services. Okay, so I wanted to shift quickly to a demo so that people can actually see this in real life, which I think is really important to try to simplify some of these principles. So, what I've got here I think people should be able to see it and I think that they should be large enough that people can see it, but I can make it slightly larger that's required. Okay, so what we have in here, I've got a tickle image that's like a single solution that we've got in here and you can see that I've got GitHub CI so my GitHub CI is set up to go through a different set of stages just like the ones that I showed in the slide that we've got a new test plan by being a federated structure and we've got different parts of that process, so we've got a download link across our service, a download link is correct and we've got GitHub and it's a label to be written I'm doing format and checking the terraform I'm doing a violation of the terraform and then building a plan of terraform so that's what we're using I'm doing an applied stage and I'm putting in a private key so that we're able to do some extra bits and then running a ping with Ansible and then doing a configure with Ansible for services that we want to do at school I'm doing Ansible I'm connecting to it I'm doing a banner right at the instance that already exists and then I'm installing a bot as a server on top of this and that's really quite to keep that stage as a destroyer stage so you see so many areas in here where I'm putting in the environment of variables there is obviously many other rescue areas here and you can also see credentials and this is because I'm using Terraform Cloud as a state storage for my terraform state I would recommend that you use this if you don't already use state storage Terraform Cloud at the moment is free for personal use which is what I'm doing as a reminder and you get power to being able to use Terraform and you get nothing with it and you can set this up with S3 and with DynamoDB if you wanted to control that solution but I don't know if I don't need to control that solution and we're running Terraform for it and we also see that we've got this private queue so what I want to suggest that is inside part set up of the Terraform that I give and we'll see that the product will be a new short with that and these things that are provided so this is like the libraries that Terraform knows that it needs to come down so we've got the AWS library and we've actually got a Nel library as well which I'm going to shortly and we're building resources inside AWS so for anyone who builds this normally we've got the BBC, we've got internet gateway we've got all rooms and we've got subnet we've got their security group so we're all out in 422 from anywhere and we've got security group that's like 480 or 443 and security group that's like external access and then we're setting up an AWS instance so that's like an instance to instance and we've put it in a specific API an instance type and we've put it on the subnet and it's the first group so what we've got on this is we get a single instance to instance on its own being to be seen with its own subnet and its own security groups entirely isolated from anything else in your AWS account and at the end it's going to be a last and happy the outputs of this would be the last and happy address and it tells you the name and then we can see from using the provisioner which you've bought for startings in several ways using the answer the provisioner is then going to say I've come out of this IP address and have got the inventory file on the local key that we're running and SSH into the instance that I've created which is going to be under this host and it's still in Python 3 now this is obviously a requirement for running apps most of Python is installed that's really the only requirement as well as mainly Python 3 as well so we're not needing to after we create this infrastructure I'm not into it using Terraform and install Python 3 and at the end of that it will give an output on this inventory file and what the inventory file then is that it stores that inside an artifact and makes it available to the next stage which is the PIM stage which then uses Ansible to the container we should use this one as well and I've got about 3 million users you can also use this container so we're building an Ansible player for the user that you want to use this invention file and then the player that says PIM and this PIM is just doing that and all the items okay so I switch back so clear I'm not going to show what is there looks like inside give up CR so we can see that I've added some roles here and we can see that it's holding Python as I've created so we have a clear what we're doing, so I've checked in what we're doing, see how it's in what we're doing now on it's in what we're violating it but then the interesting thing starts happening so we can see within the plan that what we're doing is we create the plan this is going to tell us that our execution plan because it's using this normal resource because I need it to ping out the invention every single time and I know what happens in my code so it's going to create the invention by every time and then it's going to store that that's what we're going to run in the next stage and that will move to the next stage which actually applies to that plan which is if you imagine it's going to change that deployment that we've got it actually goes and creates this and you can see that previous thing we've already set up as a gut so it knows that there's only one thing it needs to change and that's in most we've seen it change it goes in and says install Python 3 oh we've already installed Python 3 in previous and then we make that change so we can see that I've been addressed here and after we move to the stage after this so this is set up our EC2 instance install Python 3 our EC2 instance and then we're able to run our ping on the next item in this stage which is actually running until playbit that will disappear it says okay ping this project and we can then say well until now it won't be against our instance so I can go and configure that instance if I wish to I can go and configure and it's going to run this update of rain1 which is going to say to go and actually if I run this already it just says okay and it's going to do this so now we can see from here as we've got this idea of running a pipeline that is now we're testing our infrastructure setting up our infrastructure giving us access to run ansible back infrastructure so it can be configuring our service so I'm just going to commit this so you can see it running through that again now what will happen is you see that that's just a bit push that we've done to this repository and inside that it's running into GitLab CI so we then restarting this entire process and because there's not going to be anything different on that change it's about four or four and a half minutes and what we're doing is we're going to turn this solution process and then this should be now going on as a service to the virtual machine it's entirely isolated from anyone actually touching it so obviously I've looked into that thing and what we're actually able to do I'm going to put it and this one to actually build these parts into GitLab so we've got terrible the client's fault is in a pipeline and when you next need to deploy you can deploy in that specific way so next that happens I'm going to segue seamlessly into a slightly different option that is around doing a similar job with a language option and the reason I want to see this to show you this is that I've selected to how you arrive to deploy multiple solutions so in this solution we've got a language function and some terrible and we've got a darken file so we actually are storing a container for everything we do and you'll be able to see inside the terrible that we're running and I'm actually running three different versions of this language service at the same time now what you can imagine in a Newton specific idea is that you could then be running multiple and not driven environments with the entire service running and run in an entirely hands-off way running entirely of the language infrastructure so you've got multiple infrastructure factors together you can run it with that maybe you're running part of your service through a hosted platform maybe you need to run different databases or a different set up of items and that's also fine so you can look at configuring all of these services together to give us a noble solution this is running three different ones and it runs entirely through pipeline so we are running this pipeline but in a very very similar way where we are through our pipeline we are out to see but we are doing similar jobs we are doing venting, we are evaluating this part is packaged up and putting creative containers from the software that is made then planning and applying and deploying those containers on to our infrastructure and we have the option to destroy afterwards the core areas of this that I'm trying to explain is that we are moving towards a world that is not something that is isolated to just deploying platforms to Kubernetes but it is something that you are able to do to configure an entire service and a connection of services together from the point that you have the corrected guidance and that you are able to deliver security into these containers work that through Volt which is actually in your opinion Volt is the best secret management service and that is what we should use if you want also my opinion on the best way to do this that's terrible and I'm not going to tell you about the configuration honestly because I think it's easier to understand than to share or profit but that's still up to the way we can use this in different ways so I'm going to shift back to previous approaches hopefully so here we go so we can see our platform is running we've got our ping it's still going to be running properly and you should be able to also see that we're deploying these things in five or six minutes and we're not having to watch them so I'm not only deploying things I'm now going to actually work which gives you an additional benefit at the end and this is going to get to the port completely I can do a recommendation so that people can see what I've done, I've made the project public I also know what I have to do to destroy the infrastructure for it so after we've done this the second one could stay up in this first one will have to be destroyed because it's going to be costly but you can take this and you can provide where you put the right credentials in as in using a residential so that would be a way to back in for the platform I'm going to get a private key in because you can then use this today to find the joy and the storm too whatever size of virtual machines you want you may need to find a different way of echoing out imagery files but it will work absolutely fine for putting this entirely inside and doing that with CI and we're actually moving to having to get ops then for whatever you want to do not just limited to who that is or what uses so the main of this has been to try and think about how we can do to solution deployments but the deployable objects so really what we've shot one driving towards is that we've made now a deployable object that has everything here and we've packaged it up so we can keep deploying this you need it to deploy to a different platform you need it to deploy on-prem then it gets a smaller jump to be able to do that and so on but we're actually moving towards software-defined solutions that have everything inside it that has the version that we're writing you may need to bring versions of versions in a great way that you may need it now and as a tool to understand which version you're infrastructure is on which version is on which version is on services are on which version is on and we're going to put this into central artificial management and we're going to change those applications which then start to be able to build solutions that are more feasible, stable and secure and actually start to deliver a greater value to end customers but also building the usability and expertise for people to use for the next time you're asked to make a change that's similar to this and really that starts to play into this idea that we are using infrastructure as part of the configuration management and the software applications that we're bringing to operate the cloud as an operator system there is no distinction at least there's no distinction in the nine eyes between the software that we're building on infrastructure and the configuration and provisioning of the infrastructure that we want and having that idea of separation I think it's going to need it what you're able to do in the future of software delivery and it isn't only going to become greater as people are connecting further services to try at greater experience and also greater ability to scale the services up or down the last thing I'll probably look into with this kind of a but people's cloud genesis isn't really happening and it's trying to find the values that are going to give you the most new innovation inside the cloud in terms of security compliance and then it's about building the right teams that select the right tools now I think at the moment for the very truth of this as an application that's using Terraform and Azure is an ideal way of being able to deliver and it will deliver a greater amount of DevOps maturity that will end up delivering time and value back to people in a quicker aspect and be able to accelerate that process to see what it's doing and what it's going to do or to close out but it's going to say no what it's going to do in the store so yes, what it's going to do in the store using virtual addresses item inside the instance and it's unfortunately bound on the opportunity to run multiple items because we're not going to see that enterprise system but we're going to have to say that it's going forward and that is a wider way of being able to accelerate your journey towards so thank you for having questions so how many questions do you don't think of it now because I guess I see it as the future because they might have made all funding on LinkedIn and I can certainly look at helping people with actually those questions and if there's more that you want for me then I think it might be amazing or something and since down side it's it's not the main thing I've had where I've still got a triple t-shirt and I've also got my triple come London but this one's not my life in here I think I'm lame out with ideas so thank you very much