The DevOps Drumbeat - Part 1
October 19, 2015

Jason Bloomberg
Intellyx

What it means to build quality software has taken a beating over the years. We're no longer content to strive for defect-free code. We must also make sure the software meets both its functional and nonfunctional requirements. Only now with the rise of more Agile ways of thinking, we've placed the notion of a software requirement under the microscope, as building flexible, resilient software often trumps checking items off our requirements list.

As a result, the tried and true Project Management Iron Triangle has taken its lumps. We've been trying to bend or rework the Iron Triangle for years, with limited success. Today, thanks to DevOps and Agile Architecture, we finally can.

Adding Corners to the Iron Triangle

You remember the Iron Triangle: vertices at scope, cost, and time. Any project might fix two, but the third must be allowed to vary. Inadvertently fix all three? Then quality suffers – an unacceptable result.


The Iron Triangle

We've tried adding quality to the triangle over the years to let us fix the other three constraints, turning it into the Project Diamond, but that move was a rather academic exercise. After all, you can't go to your boss and say “we delivered on all the requirements on time and on budget, but sorry, it just doesn't work!” People insisted on taking quality as a given, and lived with the triangle as-is.

Other additions to the triangle: The Project Management Body of Knowledge (PMBOK) added risk to the triangle – helping to expand it to a six-pointed star. Risk, however, is more than a project constraint, as there are many types of risk. In addition to the risk of violating any individual constraint, there are also systemic risks like opening a security hole or violating a regulation. Adding risk, therefore, muddies the purpose of the triangle.

The Agile world also contributed a variation of the triangle with Jim Highsmith's Agile Triangle. Highsmith collapsed all the constraints into a single vertex, and differentiated value from quality to populate the other two corners. Quality, according to Highsmith, represents the current quality of the project while value represents “future quality – ‘can the product continue to deliver value in the future?',” according to Highsmith. He explains: “responding to the unanticipated future requires adaptability, and the key to adaptability is keeping technical debt low.” In other words, software value depends upon its adaptability, and adaptability depends upon lowering technical debt.

Highsmith makes some important points, but by collapsing the traditional Iron Triangle constraints, he doesn't provide a clear explanation for how to balance quality, value, scope, cost, and time – and now with added implicit constraints of adaptability and technical debt, the resulting model isn't all that useful. There is also widespread confusion about the challenges of both inherent flexibility and “good” technical debt (be sure to read my discussion of technical debt, if you haven't already).

Remember that Hightower ties inherent flexibility to value – a critical connection for any Agilist to remember. However, he inadequately addresses the connection between adaptability and technical debt, jumping to the conclusion that keeping technical debt low is always a good thing. In fact, careful and temporary acquisition of technical debt, just like the careful borrowing of money that generated the metaphor – is in reality an essential part of Agile development.

In my 2013 book The Agile Architecture Revolution, I took a different, but similar approach to extending the Iron Triangle by adding agility to the mix as an explicit constraint, turning the triangle into the Agile Architecture (AA) Quality Star below.


The Agile Architecture Quality Star

In the figure above, the traditional Iron Triangle continues to represent the scope/cost/time tradeoff, while an additional triangle – the agility/quality/time Best Effort Triangle – represents a separate tradeoff: the more time you devote to quality, the less agile you become. The point to the AA Quality Star is to elevate agility to the status of a metarequirement and thus a constraint to the project, which in turn requires us to rethink how we deal with quality when agility is a priority.

Beyond The Agile Architecture Quality Star

While Highsmith's value constraint and my agility constraint both recognize that the ability for software to be inherently flexible – that is, the ability to respond to future requirements as well as current ones – is an important added constraint to any software that claims to be Agile, neither of us fully explored the fact that inherent flexibility and resilience are actually two separate constraints. Inherent flexibility supports an organization's desire to be more innovative and responsive, which are two of the three elements of business agility. The third element is resilience: the ability to recover from adverse events.

In the past, we typically took a brute force approach to building resilience into our software by hammering on it until it passed its performance tests and then hoping it wouldn't break in production. Today, however, we have a deeper understanding of resilience, as cloud computing has forced us to rethink how we deal with failure. It's no longer adequate to build software with the goal of preventing failure. Rather, we must build software that automatically recovers from failure. Expecting and planning for failure, including the graceful degradation of functionality should faults develop – what we might call Chaos Monkey Engineering – is an essential part of building software that supports the business agility driver.

Read The DevOps Drumbeat - Part 2

Jason Bloomberg is President of Intellyx.

Share this

Industry News

April 14, 2021

SmartBear has integrated TestComplete, its UI test automation tool, with BitBar, its native mobile device cloud.

April 14, 2021

Elastic announced an expanded strategic partnership with Confluent to deliver the best integrated product experience to the Apache Kafka and Elasticsearch community.

April 14, 2021

Threat Stack announced its ability to support AWS Graviton2-based instances through the Threat Stack Cloud Security Platform.

April 13, 2021

Broadcom and Google Cloud announced a strategic collaboration to accelerate innovation and strengthen cloud services integration within the core software franchises of Broadcom.

April 13, 2021

Nylas announced the launch of Components, JavaScript UI/UX solutions that allow developers to bring productivity features to market faster without needing to design front-end elements from scratch.

April 13, 2021

Perforce Software announces its new version control desktop client — Helix Sync — enabling non-coders such as artists and designers to version digital assets, with a simple drag-and-drop UI.

April 12, 2021

ShiftLeft introduced ShiftLeft CORE, a unified code security platform.

April 12, 2021

GrammaTech announced a new version of its CodeSonar SAST (static application security testing) product that helps developers build safer and more secure code without disrupting workflows.

April 12, 2021

Panaya announced a strategic partnership with Being Guided, a Salesforce Consulting Partner, specializing in the CRM and Salesforce ecosystem, to bring Panaya's ForeSight solution to a wider audience.

April 08, 2021

Palo Alto Networks announced the second generation of Checkov, the static analysis tool for infrastructure as code (IaC).

April 08, 2021

Postman now allows any team with up to three members to collaborate in Postman with unlimited shared workspaces and unlimited shared requests at no cost.

April 08, 2021

Taos, an IBM company, has announced 24x5 managed service availability.

April 07, 2021

VMware unveiled expanded cloud workload protection capabilities to deliver security for containers and Kubernetes.

April 07, 2021

Catapult CX is launching the DevOps Institute’s (DOI) Assessment of DevOps Capabilities (ADOC).

April 07, 2021

Equinix announced that Tinkerbell, an all-in-one open source bare metal provisioning platform, has added significant new features since joining the Cloud Native Computing Foundation (CNCF) Sandbox program.