HOW TO INFECT YOUR ORGANIZATION WITH HUMANE OPS Matty Stratton DevOps Advocate, PagerDuty @mattstratton
A presentation at Microsoft TechDays 2019 - Finland in February 2019 in Helsinki, Finland by Matt Stratton
HOW TO INFECT YOUR ORGANIZATION WITH HUMANE OPS Matty Stratton DevOps Advocate, PagerDuty @mattstratton
@mattstratton
🔥📟 @mattstratton Who here has been on one of those phone calls where you are trying to troubleshoot an issue when something’s going wrong, and you’re trying to problem-solve with fellow human beings? Who here really enjoyed that experience and wants to do it all the time?
@mattstratton
THE DATA 50,000 RESPONDERS RECEIVING A TOTAL OF 760 MILLION NOTIFICATIONS â–¸ 60 million notifications during dinner hours â–¸ 82 million notifications during evening hours â–¸ 250 million notifications during sleeping hours â–¸ 122 million notifications on weekends â–¸ A total of 750,000 nights with sleep-interrupting notifications â–¸ A total of 330,000 weekend days with interrupt notifications @mattstratton PagerDuty commissioned a study across over 10,000 companies over 100 different segments.
LET’S HAVE SOME DATA THE MOST MEANINGFUL METRICS ON ATTRITION ARE ▸ Number of days where a responder’s work and life are interrupted ▸ Number of days when a responder is woken overnight ▸ Number of weekend days interrupted by notifications. @mattstratton
EXAMPLES OF MEMES ARE TUNES, IDEAS, CATCH-PHRASES, CLOTHES FASHIONS, WAYS OF MAKING POTS OR OF BUILDING ARCHES. JUST AS GENES PROPAGATE THEMSELVES IN THE GENE POOL BY LEAPING FROM BODY TO BODY, SO MEMES PROPAGATE THEMSELVES IN THE MEME POOL BY LEAPING FROM BRAIN TO BRAIN VIA IMITATION. @mattstratton Richard Dawkins @mattstratton
SNOW CRASH ▸ In the book, “Snow Crash” itself is a neurallinguistic virus. ▸ The bad guys figure out how to unlock it, and it spreads from hacker to hacker like a meme ▸ Plus, lots of swordplay “IDEOLOGY IS A VIRUS.” - NEAL STEPHENSON @mattstratton Remember, memes are another way of evolving across generations. This happens in the world of Snow Crash, but it can happen in your organization as well.
WHAT IF YOU ARE THE SUPREME LEADER? ▸ “Command and control” doesn’t work ▸ Use measurement for good, not for evil ▸ Avoid “executive swoop” @mattstratton
MIDDLE MANAGEMENT TIPS ▸ Encourage safe post-incident review spaces ▸ Drive for a culture of learning ▸ Take care of your people @mattstratton If people are up in the middle of the night, give them some comp time to recover. But this must be done within 24 hours, 48 at the max; it’s not a reward, it’s recovery time.
REVIEW. REVIEW. REVIEW A CULTURE OF LEARNING ▸ In a generative, performance-oriented organization, “failure leads to inquiry.” ▸ Don’t take my word for it. Ask Ron Westrum. ▸ You can also ask Dr. Nicole Forsgren - @nicolefv http://bit.ly/2KpzKKW @mattstratton If we don’t treat every outage or alert as something to learn from or something to improve, we run the risk of the Normalization of Deviance effect. In this case, we start to accept alerts or degradations as acceptable. Our standards suffer. We let things slip through the cracks.
USE THE FORCE, EVEN IF YOU AREN’T A JEDI @mattstratton
REVIEW ALL THE THINGS @mattstratton Andy Fleener, Platform Operations Manager, Sportsengine - “We review every alert from the last 24 hours/weekend every day. No broken windows.” Operational reviews are a thing - check out reviews.pagerduty.com for some guidance.
REVIEW. REVIEW. REVIEW NORMALIZATION OF DEVIANCE ▸ The gradual process through which unacceptable practice or standards become acceptable. As the deviant behavior is repeated without catastrophic results, it becomes the social norm for the organization. ▸ This happened to NASA. Twice. ▸ In our case, we start to accept alerts or degradations as acceptable. http://bit.ly/2Ihj1wV @mattstratton If we don’t treat every outage or alert as something to learn from or something to improve, we run the risk of the Normalization of Deviance effect. In this case, we start to accept alerts or degradations as acceptable. Our standards suffer. We let things slip through the cracks.
QUESTION METRICS @mattstratton Let’s make sure that we are setting the proper expectations. We don’t want to just expect five 9’s of reliability because “well, five is better than four.” Why do you need five? Have you tied your metrics to a business outcome? Likewise, your speed metrics shouldn’t be “faster than last month.” And beware of inaccurate extrapolation. You might have data suggesting that if your page load time increases by a second, conversion drops by 50 percent. But that doesn’t mean that if you reduce load time by a second, conversion will increase by 50 percent. Correlation doesn’t always equal causation, and the same numbers don’t move the dials in both directions.
QUESTION METRICS WHY ARE WE USING THESE NUMBERS? ▸ What is the data that drive your incident process ▸ Are your metrics tied to business outcomes? ▸ Correlation doesn’t always equal causation @mattstratton Let’s make sure that we are setting the proper expectations. We don’t want to just expect five 9’s of reliability because “well, five is better than four.” Why do you need five? Have you tied your metrics to a business outcome? Likewise, your speed metrics shouldn’t be “faster than last month.” And beware of inaccurate extrapolation. You might have data suggesting that if your page load time increases by a second, conversion drops by 50 percent. But that doesn’t mean that if you reduce load time by a second, conversion will increase by 50 percent. Correlation doesn’t always equal causation, and the same numbers don’t move the dials in both directions.
SIMPLE. ALWAYS. @mattstratton Don’t over-design systems. Resume-driven development is almost always a recipe for on-call disasters.
KEEP IT SIMPLE THE MORE RESILIENTLY THE SYSTEM IS DESIGNED, THE MORE LIKELY IT IS TO CAUSE A NEGATIVE BUSINESS IMPACT Stratton’s Law of Catastrophic Predestination @mattstratton At the heart of every complex resilient system is the hubris that someone believed they could predict everything that could go wrong. Fate, and the internet, laughs It’s not about how resilient the system IS…it’s about how resilient the attempted design.
COMMUNICATE. TALK TO PEOPLE â–¸ Who are your customers? What are their expectations? â–¸ Whose customer are you? Can you help them out? â–¸ What are the perceptions of your team? @mattstratton ask how the on call is feeling during stand ups. give them the opportunity to mention they might be burning out.
HUMANS, PEOPLE ARE â–¸ Consider contextual on-call â–¸ The Golden Rule â–¸ Bake cookies @mattstratton
LEARN TO TAKE COMMAND INCIDENT COMMAND @mattstratton volunteer to help as an incident commander (what’s that? Maybe we should have them!)
MAKE IT NICE ON THE BRIDGE DURING A CALL ▸ Have clearly defined roles ▸ Avoid bystander effect ▸ Rally fast, disband faster ▸ Don’t litigate severity ▸ Have a clear mechanism for making decisions @mattstratton You want to get all the right people on the call as soon as you need to…but you also want to get them OFF of the call as soon as possible.
SHARING IS CARING SHARE ALL TESTS @mattstratton
SHARE ALL TESTS TESTS ARE FOR SWE AND SRE BOTH â–¸ All functional tests used in preproduction should have a corresponding monitor in production â–¸ All monitoring functionality in production should have corresponding tests in the build/release process â–¸ Monitoring is testing with at time dimension. There should be full parity between preproduction and production. @mattstratton
EVERY SPRINT DO ONE NICE THING @mattstratton
HELP YOUR RESPONDERS IN EACH AND EVERY SPRINT ▸ In each sprint/work unit, add value to your responders ▸ Even if it’s not on a card ▸ You rebel, you. @mattstratton Even if it’s not on a card
ADDING VALUE SOME EXAMPLES ▸ Provide better context in logging (stacktraces alone don’t count) ▸ Remove some technical debt. Yes, you have some. ▸ Add some (useful) tests ▸ Remove something unused @mattstratton These might seem obvious, but if they’re so obvious, I assume you’ve done them already?
ADDING VALUE ▸ If you use feature flags, add a description field to the configuration ▸ If you use runbooks, ensure they are up to date every time you cut a release. If you don’t do this, abandon the runbook altogether (an incorrect runbook is considered harmful) ▸ SIMPLIFY, MAN! @mattstratton
@MATTSTRATTON LINKEDIN.COM/IN/MATTSTRATTON MATTSTRATTON.COM ARRESTEDDEVOPS.COM SHARE YOUR ON-CALL STORIES WITH ME LATER @mattstratton
MATTSTRATTON.COM/SPEAKING @mattstratton
FURTHER READING AND REFERENCES â–¸ Improving Your Employee Retention With Real-Time Ops Data - http://bit.ly/ 2rGTnq4 â–¸ Page It Forward! - http://bit.ly/2In8Lzc â–¸ The study of information flow: A personal journey - http://bit.ly/2KpzKKW â–¸ The Normalization of Deviance (If It Can Happen to NASA, It Can Happen to You) - http://bit.ly/2Ihj1wV @mattstratton
â–¸ Snow Crash by Neal Stephenson - http://bit.ly/2Iiuc8L â–¸ The Cybersecurity Canon: Snow Crash - http://bit.ly/2InDYGI â–¸ Disasters! Arrested DevOps Episode 37 - https://arresteddevops.com/37 â–¸ PagerDuty Incident Response - http://response.pagerduty.com @mattstratton