As part of its transformation programme, the Luxembourg Stock Exchange (LuxSE) has adopted CI/CD to better respond to new market developments. Marie-Christine Waisse, CIO Office Manager of LuxSE, shares her perspectives on the opportunities and challenges offered by this new software development approach.
Accompanying the DevOps trend, Continuous Integration and Continuous Delivery - CI/CD - is a set of practices intended to accelerate delivery and boost accuracy, providing developers with the modern tooling they need to implement improvements on a continued basis and eventually produce better products.
"We are in the process of implementing a new CI/CD platform, Azure DevOps, to modernise the way we build and deliver applications to users and customers", says Marie-Christine Waisse. "This shift requires significant standardisation efforts. We need to set up a consistent framework that allows us to manage all of our operations with the same rigour, regardless of which team is involved. We want to streamline and industrialise our application development processes from integration to deployment, through the intermediate testing phase."
CI/CD addresses the conflicting needs of, on the one hand, development teams who want to make rapid and frequent changes to software packages, and on the other hand, operations teams who constantly seek to ensure application stability. Thanks to the automation possibilities brought by CI/CD, developers can now make more frequent changes. At the same time, operations teams get enhanced stability. In fact, environments have standard configurations, there is continuous testing in the delivery process, the version deployed is the last one that was validated in each environment, and rollback procedures are automated.
Ensuring consistent quality
"Our approach is part of the DevOps trend, meaning that the process that is applied to development teams is also applied to operations teams. The same platform, with the same framework and the same processes, is used by everyone. This building, integration and deployment chain, also known as the CI/CD pipeline, is common to all people involved in delivering code into production, which ensures consistent quality whatever the delivery or team," explains the CIO Office Manager of LuxSE.
While CI/CD is widely recognised as one of the best software engineering practices for DevOps, it also helps IT organisations get the most value from Agile implementations. Since a significant number of steps of the software development lifecycle are automated, CI/CD allows developers to concentrate their efforts on business requirements, code quality, and security.
"The CI/CD platform also meets our need for agility," says Marie-Christine Waisse. "Industrialisation, automation, and automatic quality controls will allow us to reach our objectives in terms of agility and faster time-to-market. This same chain also enables shorter time-to-repair. Moreover, we are agile in the way we are implementing our platform," she adds. "New features are rolled out as we go, allowing us to capitalise on the experience acquired during the successive deployment phases."
Testing, the cornerstone of risk mitigation
"The implementation of a testing strategy is a key point in our initiative," Mrs Waisse points out. "The testing phase allows us to ensure the quality of our deliverables from the standpoint of both security and integration. Those controls reinforce and complete the business acceptance tests."
With test automation frameworks, engineers in charge of software quality are able to define, execute, and automate different types of tests to help development teams know whether or not a software build meets their expectations.
"User feedback is collected both during the testing phase and once the applications are deployed into production. In the longer term, our aim is to move on Canary Deployment," confides Marie-Christine Waisse. "The idea is to first deploy new releases to a small subset of users or customers, test them, and then roll the changes out to the rest of the users. The canary deployment serves not only to confirm proper deployment, but also as a pilot phase that consists in submitting new products to a subset of customers in order to collect their feedback and improve those products in the direction expected by the market."
"In order to mitigate risks, our architecture is split into two fully redundant parallel environments. All our processing chains are being divided in the same way," says Mrs Waisse. "So, we can deploy all our applications on one node and make sure that everything works properly before deploying them on the second one. This approach, called Zero Downtime Deployment, allows our teams to ensure that users and customers are not impacted by software deployment activity."
One step further
"Although part of our long term vision, Automatic Deployment is not yet in production and, at this stage, the deployment process is still manual. Automatic deployment entails a whole series of constraints, including knowing exactly the state of what you want to deploy," Marie-Christine Waisse explains.
Continuous Deployment extends beyond what Continuous Delivery permits and, with this practice, every change that is validated through the different steps of the production chain is released to end users. Since no human intervention is possible at this stage, nothing apart from failing one of the tests could stop a new change from being deployed into production.
"Achieving Automatic Deployment requires a great deal of thoroughness at all stages of the development chain, as manual interventions are no longer possible," says Marie-Christine Waisse. "Everything must be properly thought out and described from the outset, every communication between elements, every port opening,... and this demands great mastery from all teams. When we get to that point, we will have achieved a superior level of quality and risk mitigation. That is something we are actively working on as we roll out our programme."
Interview by Michael Renotte