Philippe Ensarguet, Group CTO at Orange Business Services, explained how GitOps is the evolution of DevOps and why forecasting isn’t the right focus to Contributing Editor, Annie Turner.

Philippe Ensarguet was an interesting choice as CTO of Orange Business Services when he was appointed back in September 2019. Previously he was CTO for the digital and data division of Orange Business Services, not a telco veteran with a traditional ‘network’ background. Rather he says he is driven by software, automation, cloud and infrastructure.

His big theme right now is the importance of nowcasting as opposed to forecasting, which he said was all very well when the operational environment was more static but is not sufficiently useful in today’s dynamic ecosystem “considering we have an explosion of areas to manage,” Ensarguet said. “We are…trying to understand what’s happening now”.

Putting the heart rate up

He has described the in part technology-driven acceleration as, “A short sharp shock that exploded the heart rate of the production and delivery rhythm” and said the “Acceleration is all about convergence”. He explains that that ‘digital’, IT, Network and telco – which were seen as somewhat separate entities – are converging as they all become based on the four pillars of software, APIs, automation and disaggregation.

Ensarguet adds that businesses are pushing hard for Orange Business Services (and its counterparts in other operators) to change for reasons including: businesses constantly evolve; works is an activity, not a place; the internet is the universal standard; cloud-first applications; and increased exposure to cyberattacks. He says, “For a company like us it means tomorrow we will have a different operational model to run network services, digital services, or IT services. For us it’s a question of productivity and efficiency [for] our customers.”

At the moment, the limiting factor of being able to do the best possible job, Ensarguet argues, is the number of working hours that humans have at their disposal, but the approach of simply throwing more people into the mix cannot achieve the necessary speed and scale and increases complexity.

In short, Ensarguet explains, “We want more digital. We want OT [operational tech] to match the IT world but there will be an explosion of devices and we will have to manage the explosion of data. We will have to implement, release, manage and secure more and more applications and services.”

GitOps ups the ante

Typically, he appears to be delighted by the prospect and is fizzing with ideas about how this can be achieved. Prime among them is GitOps which started out in 2017 as a way to manage Kubernetes clusters and application delivery. The founder and CEO of Weaveworks, Alexis Richardson coined the term (watch his explanatory video here). GitOps uses a reconciliation loop that picks up discrepancies between the encoded desired state held in the Git (also known as the source of truth) and reality. Reconcilers iron out the discrepancies according to what caused the divergence, by updating or rolling back whatever step caused the issue.

Many telcos are still in the throes of adopting the DevOps metholdologies of CI/CD/CT – continuous integration, delivery or deployment, testing. Ensarguet is focused on applying GitOps – using continuous deployment, continuous operations (CD/CO) – to move this approach further along the delivery pipeline, closer to production.

A key element here is that it involves moving from a prescriptive to declarative model: declarative code encapsulates the desired results without explicitly listing the commands or steps needed to reach that outcome. A declarative approach can support full automation so that as data centres, networks and storage are softwarised, the people working in these areas make all employees affected by this shift “more effective, more productive,” Ensarguet says. “If you are not able to automate longer or deeper than with the CI/CD, then you have no lever to manage the scaling – and that’s critical to the whole thing.”

Ramifications ripple across the industry

Ensarguet gives the impression that it is not possible to exaggerate the importance of the developers’ experience in all of this. He says that the companies that typically comprise the telco vendor ecosystem offer much the same things which he sees as table stakes and argues that the thing that will differentiate the winners will be, “The company that can bring a global experience to the market that makes the development teams productive – very fast, in a smooth way, with an approach you can scale across the company – will have a game changer.”

Another avenue for a vendor to become a gamechanger, according to Ensarguet is if they can lighten “the cognitive load of the team that implements services. A key issue is for us is how fast can we achieve operations to implementation?”.

He points out that Orange Business Services is a digital company and IT integrator as well as a network operator, and all three elements come into play for example when deploying a private network and end-to-end services for IoT. “This is why the story around developer experience is very, very important.”

Security as code is critical

Ensarguet includes a certain level and type of inbuilt security in what he describes as vendors’ “table stakes” and thinks this should too be a differentiator and part of that all-important developers’ experience. He points to security as code which works by mapping how changes to code and infrastructure are made to DevOps tools and workflows and thereby identifies where security checks, tests and gates should be implemented – and all without adding cost or delay.

Security as a code codifies security and policy decisions, so that they can be socialised [shared] with other teams so they can be checked in the the CI/CD pipeline which automatically and continuously looks for  vulnerabilities and bugs.

Policy as a code is integral to security as a code. Ensarguet explains Orange Business Services is considering implementing verification control using policy as code to control who can access what, on which machine, for what purposes etc. He says, “If you can express it by code, you get all the benefits in addition to those we talked about [with GitOps]…it drives what I call trusted application delivery.”

He continued, “If you can add the benefits of CI/CO to policy as code…you can apply very regulated or highly constrained [conditions], because you’re able to prove the security rules that are running on your infrastructure.”

Policy and security as a code are built around the Open Policy Agent (OPA) standard which is an open-source engine that suports writing policies as code declaratively so the policies can themselves become part of a decision-making process.

Work started on the OPA in 2016 with the goal of unifying policy enforcement across different technologies and systems. It was accepted as a project by the Cloud Native Computing Foundation (CNCF) in 2018, attained Graduated project status and now is wide use, for example by Big Tech players. Netflix uses OPA to control access to its internal API resources. Cloudflare, Pinterest and others use OPA to enforce policies on platforms like Kubernetes clusters.

He call outs Stryra’s OPA-based product for particular mention as its work encouraged many other firms to move towards supporting policy as code which he says “the level of verification and checking is definitively a big step up in terms of quality and reliability at a scale that was not previously possible.”

Striving for a common stack

Referencing the recent MWC he said many of the people there were working to softwarise the core network were following what has already happened in the digital and IT world –adopting open source and other open standards.

The implications for greater interoperability and flexibility was demonstrated as an O-RAN Alliance initiative at MWC. Deutsche Telekom, Orange, Telefonica, TIM and Vodafone, working and Mavenir as well as Ericsson and Nokia, implemented one of the of the first telco cloud-run services.

Although five operator groups were involved, there was only a single, common stack and all their services ran on top of it. Ensarguet says this proves the value of disaggregation and recomposition being taken out of tightly integrated black boxes and instead happening through the four pillars of convergence he started this interview with – software, APIs, open standards and open source.

He cheerfully acknowledges, “It will be a tough, long journey…We want the company to be able to run 50, 60 or 70% of all our projects in this model. I’m truly confident it will happen,” even though right now he cannot say exactly when.