Continuous updates to data-driven enterprise applications are a common hurdle for organizations as they embrace DevOps, but some firms turn to database DevOps tools to wrangle such apps.
Colonial Life, an insurer in Columbia, S.C., and its parent company, Unum Group in Chattanooga, Tenn., chose a tool from Datical to bring an insurance customer enrollment app up to speed with DevOps processes. Datical's release automation tool applies database changes automatically as Colonial Life's application moves through development and test stages, and keeps a 400 GB SQL Server in sync with developers' code updates.
Previously, deployment engineers and DBAs manually approved changes to the database, and made those changes one by one to deploy the app, a tedious process which was prone to mistakes and missed steps. This made it difficult to test apps effectively, as the DevOps team struggled to determine whether errors were caused by application issues or faulty database deployment, which further lengthened the process.
"There were all kinds of problems that could come up because of something being missed, scripts being misapplied on the database side, or a DLL change that didn't get moved appropriately on the code side," said Colette Casey, architect at Colonial Life.
In search of speedy database DevOps tools
Colonial Life began to replace manual updates for most of its applications in 2016 with automated DevOps pipeline tools, such as Jenkins and Octopus Deploy, but it took until 2017 to bring the enrollment app, used by sales agents to enroll customers in insurance plans, up to speed.
Colette Caseyarchitect, Colonial Life
The firm considered tools from Redgate, DBmaestro and Datical to modernize this legacy app, before it selected Datical. Redgate's tools focus on Microsoft SQL Server, and the Colonial Life team wanted something that could also support Linux applications for other Unum Group teams.
At the time, Datical's Dynamic Rules Engine feature was unique -- it enforces policies that DBAs set such as naming conventions and preferred data types, which removes manual DBA approvals to database changes from the application deployment process as well.
"DBAs didn't want to give up the ability to know what was going on in the database and being able to have governance over the way things were done, so they could avoid production issues," Casey said. "[The rules engine] gave them the confidence to have an automated tool and not review scripts [manually]."
DBmaestro added its own Policy Engine to its DevOps Platform for Databases in April 2018, which defines multilevel rules and policies, and allows operators to customize when and how they are enforced.
Database DevOps sets sights on production
Now that Colonial Life has improved database deployments to lower dev/test environments, and automated database app rollouts to production infrastructure, the next hurdle is to automate continuous application updates to production.
For now, the firm's deployment engineers still "press the button" to deploy database and application changes to production before Datical, Jenkins and Octopus Deploy tools take over to execute application rollouts, Casey said. As with many enterprises, this manual "gate" between dev/test and production is done for regulatory compliance reasons, to separate duties between application developers and those who can make changes to production environments.
DevOps best practices dictate that changes to production be continuous, automated and conducted by machines without human intervention. DevOps security experts argue that this approach is not only more efficient, but more secure than manual intervention by a gatekeeper. However, many firms find it takes time to convince the IT team, business managers and auditors of this idea, and get them comfortable with a new process, and Colonial Life is no exception to that trend.
"It's definitely something that's in the plan and we're taking baby steps to get there," Casey said. Part of the struggle is to align approaches between the affiliates of Unum Group, Unum US, Unum UK and Colonial Life, each of which have some centralized and some autonomous IT teams.
"Because these things apply at the enterprise level, it may take a little longer because we have to make sure it fits all the affiliates," Casey said.