More
    HomeCloud-Native / NFVGitOps, developers' experience and security as code are increasingly critical for telcos

    GitOps, developers’ experience and security as code are increasingly critical for telcos

    -

    Philippe Ensarguet*, Group CTO at Orange Business Services, explained why in an interview at MWC.

    Many telcos have a handle on CI/CD/CT – continuous integration, delivery or deployment, testing as part of their DevOp adoption. Now, according to Ensarguet, they need to get to grips with GitOps and continuous deployment, continuous operations (CD/CO) – that is, move the methodology further along the delivery pipeline, which involves moving from a prescriptive to declarative model.

    Ensarguet explained that as data centres, networks and storage become “more or less turn fully software” his biggest concern is how to make all employees affected by this shift “more effective, more productive”. A key strand is changing from a prescriptive way of implementing things to declarative, which supports full automation.

    The declarative approach is coming to the fore as companies, which typically started their journey to the cloud with the lift and shift approach, move to cloud native to get the best out of the infrastructure. As Ensarguet explained, “If you rely mainly on the prescriptive approach, the day you want to move into production and scale up the number of applications you implement… you have to manage it purely with humans and you hit the wall on scalability.

    “If you are not able to automate longer or deeper than with the CI/CD, then you have no lever to manage the scaling – and that’s critical to the whole thing.”

    Ensarguet added, “This is not about you or me typing the command on the console; it’s about adding an orchestrator that is constantly assessing the level of working within the infrastructure and trying to figure out if there is a difference between what is held in the [Git as the] source of trust – the code of the declarative burden – and what is  running in production. It’s all about this reconciliation loop that checks the desired state”.

    Moving beyond CI/CD/CT

    Alexis Richardson, Founder and CEO of Weaveworks, coined the term GitOps (watch his explanatory video here). It began life in 2017 as a way to manage Kubernetes clusters and application delivery. It uses a reconciliation loop picks up discrepancies between the encoded desired state or source of truth, then reconcilers take appropriate action, depending on the nature of the divergence, such as updating or undoing [rolling back] the step that created the issue.

    Git developers in the delivery pipelines submit pull requests, which modify the state of the Git repository. Once the proposed modifications have been verified and merged, then the live infrastructure is synched with the it. This speeds and streamlines deployment of applications and operations tasks to Kubernetes – and ensures that any system’s cloud infrastructure can be reproduced immediately, based on the Git repository’s single source of truth.

    Ensarguet stressed: “The topic of developers’ experience for me is a very strong. It has to be…Today the networking vendor or the telco vendor ecosystem must have 100% production-grade, secure blah, blah in the core. These things are table stakes; differentiation will depend on other things. The company that can bring a global experience to the market that makes the development teams productive – very fast, in a smooth way, with an approach you can scale across the company – will have a game changer.”

    He continued, “A second gamechanger is if [vendor] contributors can reach lower, to the cognitive load of the team that implements services. A key issue is for us is how fast we can achieve operations to implementation?”

    He added, “Orange Business Services’ case we are a network operator but also a digital company and IT integrator. When we have to deploy a private network and end-to-end services for IoT or whatever other use cases, It’s a part of the telco play, but also a part of IT and digital. This is why the story around developer experience is very, very important.”

    In 2021, 41% of Orange group’s revenue and activities come from digital, IT and integration services. This is expected to rise to 55% by 2025.

    Security at speed and scale

    Ensarguet also highlighted security as code as a critical factor. It maps how changes to code and infrastructure are made to DevOps tools and workflows, and identifies where to implement security checks, tests and gates without incurring unnecessary cost or delay.

    It is also a way of codifying security and policy decisions, and socialising [sharing] them with other teams as a fast, robust way of implementing security testing and scans in the CI/CD pipeline where they automatically and continuously detect vulnerabilities and bugs.

    Policy as a code is intrinsic to security as a code. “What’s more asset-critical than the security of your services and reputation?,” Ensarguet asked. “With policy as code, we will consider the implementation of verification control – who can access what, on which machine, on which clusters and so on. If you can express it by code, you get all the benefits in addition to those we talked about [with GitOps].

    “It drives what I call trusted application delivery if you can add the benefits of CI/CO to policy as code – covering, for instance, role-based access control, role binding and who can do what on the application cluster… you can apply very regulated or highly constrained [conditions], because you’re able to prove the security rules that are running on your infrastructure.”

    Open Policy Agent

    From Ensarguet’s point of view, the Open Policy Agent (OPA) standard is at the heart of policy and service as a code. OPA is anopen-source engine that provides a way of declaratively writing policies as code and then using those policies as part of a decision-making process.

    Work began on the OPA in 2016 with the aim of unifying policy enforcement across different technologies and systems. OPA was accepted as a Cloud Native Computing Foundation (CNCF) project in 2018 and attained Graduated project status. Now it is used by Big Tech players. For instance, Netflix uses OPA to control access to its internal API resources. Cloudflare, Pinterest and others use OPA to enforce policies on their platforms such as Kubernetes clusters.

    Ensarguet credits Styra’s OPA-based product with boosting interest in this area, and he said it has resulted in many other companies striving to supportpolicy as a code. “It’s so interesting because, for example, take the usual suspects we mentioned; [policy as a code] means that the level of verification and checking is definitively a big step up in terms of quality and reliability at a scale that was not previously possible.”

    A trigger for the industry at large

    Ensarguet continued, “All the people here today – those working on the core network are software, based on open source or open standards. For me, it’s the trigger for this industry – it’s happened for digital and IT, and it’s more or less underpinning the network.”

    Progress was demonstrated under the auspices of the O-RAN Alliance at MWC, where, as Ensarguet explained, “The Big Five operators in Europe [Deutsche Telekom, Orange, Telefonica, TIM and Vodafone] and Mavenir [plus Ericsson and Nokia] implemented one of the of the first telco cloud-run services.

    “We have different operators but a common stack and we are able to implement services to run on the top. Before it was always a black box from the usual vendors, now we’re moving forward with disaggregation and recomposition is not done not by a closed or black box, but by software, APIs, open standards and open source.

    “It’s a question of convergence and the current business space needs us to accelerate. We have a unique conversion case around the cloud-native and the cloud story. Whether you’re doing IT, digital network or telco, the stack is converging. For a company like us it means tomorrow we will have a different operational model to run network services, digital services, or IT services. For us it’s a question of productivity and efficiency [for] our customers.”

    Meeting market needs

    He concluded, “I think it’s what the market needs. It will be a tough, long journey because honestly, if you want a concrete implementation, fine, but we need to do more than shuffle projects. We want the company to be able to run 50, 60 or 70% of all our projects in this model. I’m truly confident it will happen, but I can’t give you a date.”

    He added, “The world was very static and mostly we were able to do what we called forecasting. With such an intense, dynamic, high pressure business today, our ecosystem is so dynamic… we are trying to do is now-casting – trying to understand what’s happening now, considering we have an explosion of areas to manage.

    “At the moment, if we want to do our job the best it can be done, the limiting part is that the number of hours we are able to spend doing it. We want more digital. We want OT [operational tech] to match the IT world but there will be an explosion of devices and we will have to manage the explosion of data. We will have to implement, release, manage and secure more and more applications and services.”  

    Philippe Ensarguet won Mobile Europe’s Trailblazer CTO of the Year Award 2021 and will be giving the closing keynote speech at our free-to-attend Telco to Techco event on 30 March 2022. His subject is Leveraging new revenue streams beyond connectivity.