Achieving Continuous Delivery for Enterprise SaaS

Follow these continuous delivery best practices for DevOps in the cloud.

continuous delivery

The best development organizations are adopting continuous delivery of features to production on a weekly or daily basis. Achieving this is not easy. Proper agile planning and seasoned developers are only the first steps. To reach the promised land, your entire DevOps process must be designed and tuned for incremental releases. These following best practices are required to achieve predictable, reliable releases in a process that can be sustained for the long run.

What is DevOps?

DevOps is commonly defined as a software development methodology that combines software development with IT operations. The goal is to shorten systems development life cycle while delivering features, fixes, and updates frequently in close alignment with business objectives. The methodology can be organized into the following stages:

Environments/Pipelines

Enterprise Software as a Service (SaaS) apps are not distributed like traditional software. They are continuously running services. So continuous delivery is all about updating the service with a set of changes. In public clouds like AWS and Heroku, this is done through pipeline stages (e.g., development, testing, staging, and production). In platforms like Salesforce, stages become sandbox environments, ephemeral scratch orgs, and production instances.

Plan

Agile planning is now de rigueur for enterprise development. For continuous delivery, ensure your user stories are sized correctly and that each story rolls up to an epic that represents a standalone feature. This enables your team to release bite-sized pieces of functionality that are consumable by users and traceable back to your release plan. Also, define acceptance criteria for use in the verify stage below so you know when something is complete.

Create

There are a few practices of app creation that impact CD.

First, source code is not the only element of an enterprise solution. Schema, user interface, access control rights, and static resources like icons and images are all part of the creation process and should be managed just as diligently as source code. They should all be checked in to a version control system (VCS) as a single source of truth.

Second, ensure that developers are making changes in a segregated environment. In some low code platforms like Salesforce.com this becomes a challenge, but even in a database, multiple DBAs can step on each other’s changes when working in a shared environment.

Verify

Automated quality processes are difficult to implement for web apps, but are essential. Selenium is a great tool for testing functionality and should be part of your practice, but there are several verifications that should be made before you get to functional testing. Static code analysis tools like PMD are essential to ensure your development team is coding against a single style. Define a team style and enforce its use. Unit Test coverage is also essential. Incorporate them with a coverage of at least 75%. Finally, after these automated tests pass, implement a manual peer review. Old hands are able to spot opportunities for performance improvement where automated tools may not.

Package

Packaging for CD is about capturing changes so they can be incrementally released into the next stage or environment. Dedicate a branch for each stage and bundle incremental changes into a promotion branch so you can leverage the merge conflict detection in your VCS.

Release

Changes should be released in a defined pipeline with strict quality gates that ensure the verification steps and enforce the order of release stages. Developers should not be able to release from development and production bypassing integration and testing.

Also, minimize differences between stages. Smaller changes mean reliable, predictable releases.

Finally, automate promotions. This enables your team to validate the promotion scripts in integration, testing, and staging before releasing to production which decreases the likelihood of an unhappy surprise.

Configure

Automate configuration, especially for end-user access rights and make testing for proper configuration part of your verification process. Platforms like Salesforce have powerful profiles and permission sets that enable user access to only the right information. Improper configuration can expose personally identifiable information (PII), credit card numbers, or medical health data and get your company in the news.

Deployment to production does not mean features are visible to end users. Design code to support incremental releases. Place features behind a permission and release them when complete. Give admins a preference flag so they can enable features to their users when they are ready.

Monitor

Most SaaS companies monitor service availability and performance. Excellent companies also monitor data access to detect improper configuration changes and monitor end-user feature usage which gives product managers visibility to their usage.

Enterprise SaaS applications have many moving parts and often manage sensitive information. Implementing these best practices will create predictable, reliable releases that minimize the likelihood of downtime, defects, and exposure of sensitive information. 


SHARE
David Brooks
David Brooks is Vice President of Products at Copado. A leading mutual life insurance company uses Copado to automate code testing, gain full visibility and the ability to track any failures. As a result, the company’s delivery team was able to implement structured releases and scale the developer team from 30 to more than 130 developers.