Tesco Streamlines Patch Management with Self-Checkout for App Teams
Tesco’s corporate mandate is to “Serve Shoppers a Little Better Every Day”, and that includes improved IT processes, such as a multi-year continuous implementation initiative to improve Tesco’s technology infrastructure and resilience capabilities. The operations team was managing tens of thousands of unique workloads (aka pets), including 8,000+ data center servers and 1,000s of VMs in the stores. Managing so many unique workloads and legacy systems made system updates and maintenance increasing challenging, with OS patching especially painful. Efforts were being manually coordinated monthly, downtime was involved, and it took months to get all systems patched. Patch validation was an additional chore. Tesco knew that in order to become more agile, they needed to streamline system patching.
Tesco, a British multinational groceries retailer, is ranked as the world’s ninth-largest retailer by revenue.
To meet project goals, Tesco engineering architected an end-to-end automated patching solution that included Chef to run the patches, self-heal failures and validate that a system was patched. A key project goal was to enable the app teams, who know the
app best, to independently administer patches. To accomplish this, Tesco implemented a process where the ops team tests the patches then puts them in a Nexxus repository for the app teams to access. Without having any Chef knowledge, the apps team
can then access and deploy the patches on their own using the Jenkins pipeline. Patching is managed by group policy and all the servers are registered, all manual efforts are eliminated, and downtime has been reduced. By redesigning the Chef
cookbooks and implementing self-healing capabilities, Tesco was also able to significantly reduce patch failures.
- Efficiency: 90% reduction in the time engineering spends packaging and delivering patches
- Agility: Downtime for app teams has been eliminated and they now deploy patches directly as part of CD pipelines like any other change event
- Risk Reduction: Patches can now be distributed and validated
- Cost savings: Significant savings in the cost of manual efforts related to patching