Last week we looked at the crazy things people insist are the lore of Release Management. This week we continue to highlight so called “truths” and debunk them. My goal here is to put you in charge of determining what Release Management is. After all, you’re the one on the hook for making it happen!
5: Not every change needs to go through the release management process – wrong!
Every change needs to go through some process of verification (testing) and approval. However, it doesn’t necessarily mean that every change goes through the same process. Emergency fixes need a fast-track process with minimal stage gates and approvals. Major releases need more rigorous processes and complete stage gates.
4: A release management infrastructure will slow down my project – wrong!
Imagine if there were no air traffic controllers (ATC’s): would the free-for-all that ensues be good for on-time departures and arrivals, would it be safe, would stakeholders be happier, would it be quicker? Of course not. In fact, the point of ATC is to improve the throughput of flights to maximize the use of the runways. The same is true of release management. Without the infrastructure in place, you will never be able to deal with the volume of changes, the complexity of the dependencies between releases and the competing needs of the many stakeholders. With the right release management solution, you can increase the number of releases you deploy, improve control and governance, eliminate errors and downtime and do it with fewer resources.
3: We cannot make our releases any smaller – wrong!
A major reason why release management has become more complex is because the size of the releases has increased to a point now where they are often bigger than the original system they are based upon. This size means that the releases are very difficult to test and the inter-dependencies of other changes in other projects in the release make it nearly impossible to have any confidence in the testing outcome. Many organizations are taking a leaf from the Agile-playbook and moving to smaller, incremental releases more often. By breaking the release into dependent and non-dependent changes, it improves the testability of the code and the deployment is no longer held up waiting for other changes. Also, moving to thematic releases, keeping the changes to a small area of the code base, improves the ability to test and deploy with confidence.
But many more releases cannot be achieved without automated infrastructure in place. One release manager told me that they were moving from 4 releases per year to 3 releases per year because “it is taking too long to test and deploy.” When I asked the business what they wanted, they told me “more stuff sooner.” The answer is not bigger releases less frequently; it is smaller releases more often. And that is only possible through automating release management processes.
2: The business wants us to change things less frequently – wrong!
No they don’t. What they want is that the changes are deployed more successfully. Think about your smart phone: you get updates every day; you have become the release manager on your own device. You now update without caring because you know the changes are small, unlikely to disrupt the functioning of your device and are, in short, safe. We need to get the business to have that same confidence in our releases. Small changes more frequently are easy for users to absorb, have a smaller impact, require little (if any) training, are easier to test and, generally, low risk. The business gets to prioritize the changes they want and constantly adjust those priorities almost up to the point we put things into production.
1: Developers won’t accept not having access to production– wrong!
With the requirement for the “separation of duties” now being the law, the very idea of anyone having access to the production area seems very 20th century. Still, in many organizations, for whatever historic reasons, many people have access to the production areas and they use this privilege wisely and carefully. But the time for this has to stop! Now! As we have seen, the addition of a layer of process automation improves the speed of the release process and improves the audit trail. In an emergency outage situation, the first question anyone asks is “what changed?” Unapproved changes, even those with the best of intentions, are often undocumented changes. Even if they are not the cause of the outage, the inconsistencies they represent hinder and delay the analysis and remediation of the problem. If someone needs access, then ensure there is a process to let them have it, with appropriate approvals and a mechanism to withdraw it when the need has gone away.
I hope you have enjoyed some of these thoughts. Please share your own debunking examples of the “rules” of release management.