1 of 43

Slide Notes

DownloadGo Live

Incident Management in a Nutshell

Published on Jun 23, 2016

Incidents that disrupt the service are not simply anomalies....disruptive events are weaknesses in your system being revealed because of a specific configuration of events. We then need to look at our incident management as a method for us to foremost reduce weakness and improve. How might we do that, and what do we need?

View Outline

MORE DECKS TO EXPLORE

PRESENTATION OUTLINE

1.

Incident Management

in a nutshell
Photo by steffenz
2.

Response to Service Impacting Events

...aka, Incident Management 
Photo by taberandrew
3.

Thinking about Incident Management

Photo by ansik
4.

Incidents aren't anomalies

Photo by ansik
5.

Outages are weakness revealed

6.

We can't fix weakness during an outage

7.

During incidents, our main job is to communicate effectively

8.

Communicate with

  • Stakeholders
  • Problem Solvers
  • Customers
9.

COMMUNICATION

  • Observe
  • Notify
  • Marshal
  • Assess/Inform
  • Describe
10.

...UNTIL INCIDENT RESOLVED

11.

We improve after an incident

12.

We Improve:

  • Process
  • Culture
  • Systems
13.

We improve by making incremental fixes

14.

Incremental > Systemic

one part versus the whole elephant
Photo by digitalART2
15.

Incremental Improvement through post-mortems

16.

Blameless post-mortems are vital.

Photo by bizstone
17.

Identify changes to be made and track them.

18.

ITERATE

small but constant changes 
Photo by coloneljohnbritt
19.

Problems

Our workload versus our structure
Photo by coloneljohnbritt
20.

Ops lacks structure for improvement...

21.

...and also the time/resources to dedicate to building structures

22.

aka, Firefighting

Fix current problem and try to catch it earlier next time.
Photo by U.S. Pacific Fleet
23.

We grow into problems.

We learn to get by, afraid of systemic pain points.
Photo by garryknight
24.

What to do about Incident Management

Photo by Jed Sullivan
25.

During Incidents

establish procedures/structures for better communication
26.

Contacts

  • who do I contact when X breaks?
  • Who do I call for S4? S1?
  • Where is Vendor contact information?
27.

Simple

but add up time lost searching/not knowing.
28.

Have who to contact and when to contact in *1* easy to find place

29.

How to talk

Determine ahead of time communication in stressful situations.
30.

Incident Communications

  • Use Incident Command System
  • Lines of Communication
  • Pre-made text for outside communications
31.

After Incidents

Supporting and Tracking Growth.
32.

Post-mortems

blameless. scheduled immediately after incident. 
33.

Post-mortems

  • provide a standard form for reporting
  • create and track tickets
  • regularly follow up on progress.
  • create high level summaries for execs.
34.

Observability

What exactly is going on in our system?
Photo by washingtonydc
35.

Observability

  • Improve our knowledge about resources as they are used
  • Monitor off of data instead of "what hit us most recently"
  • Metrics and analysis
36.

People

Culture and Mental Models
37.

Troubleshooting Ability Varies

Can you/can't you teach it?
Photo by cesarastudillo
38.

Troubleshooting

  • Whether teachable or not, can supply basic processes and tools
  • Focus on giving people the best tools
  • Empower people to use tools
  • Provide good documentation
39.

....this is just the beginning

40.

Where I've Started

  • Working on Monitoring (Icinga + InfluxDB + Grafana)
  • Creating Post-mortem Workflow with Jira (following best practices)
  • Confluence Best Practices
41.

Thinking > Technology

Mental Tools > Software Tools
Photo by Howdy, I'm H. Michael Karshis
42.

Thank You!

Comments/Questions?
43.

Untitled Slide

Quinn Murphy