learning from failures
play

Learning from failures Kripa Krishnan Technical Program Director - PowerPoint PPT Presentation

Nov 12, 2022 •252 likes •431 views

Learning from failures Kripa Krishnan Technical Program Director Sep.3.2014 Google Confidential and Proprietary Topics DiRT: Disaster simulation exercise at Google What we learned Applying these lessons Google Confidential

  1. Learning from failures Kripa Krishnan Technical Program Director Sep.3.2014 Google Confidential and Proprietary

  2. Topics ● DiRT: Disaster simulation exercise at Google ● What we learned ● Applying these lessons Google Confidential and Proprietary

  3. Introducing DiRT ● DiRT ○ Annual disaster recovery & testing exercise ○ 8 years since inception ○ Multi-day exercise triggering (controlled) failures in systems and process Google Confidential and Proprietary

  4. Introducing DiRT ● DiRT ○ Annual disaster recovery & testing exercise ○ 8 years since inception ○ Multi-day exercise triggering (controlled) failures in systems and process ● Premise ○ 30-day incapacitation of headquarters following a disaster ○ Other offices and facilities may be affected Google Confidential and Proprietary

  5. Introducing DiRT ● DiRT ○ Annual disaster recovery & testing exercise ○ 8 years since inception ○ Multi-day exercise triggering (controlled) failures in systems and process ● Premise ○ 30-day incapacitation of headquarters following a disaster ○ Other offices and facilities may be affected ● When ○ "Big disaster": Annually for 3-5 days ○ Continuous testing: Year-round Google Confidential and Proprietary

  6. Introducing DiRT ● DiRT ○ Annual disaster recovery & testing exercise ○ 8 years since inception ○ Multi-day exercise triggering (controlled) failures in systems and process ● Premise ○ 30-day incapacitation of headquarters following a disaster ○ Other offices and facilities may be affected ● When ○ "Big disaster": Annually for 3-5 days ○ Continuous testing: Year-round ● Who ○ 100s of engineers (Site Reliability, Network, Hardware, Software, Infrastructure, Security, Facilities) ○ Business units (Human Resources, Finance, Safety, Crisis response etc.) Google Confidential and Proprietary

  7. DiRT - Structure ● First 24 hours ○ Crisis response Operations failover ○ ● Rest of DiRT ○ Series of injected failures ○ 100s of smaller tests run by individual teams ● Team ○ Command Center - 30-40 'insiders' ○ 'Storyteller' narrates the test ○ 100s of teams respond to the tests Google Confidential and Proprietary

  8. DiRT - Structure ● First 24 hours ○ Crisis response Operations failover ○ ● Rest of DiRT ○ Series of injected failures ○ 100s of smaller tests run by individual teams ● Team ○ Command Center - 30-40 'insiders' ○ 'Storyteller' narrates the test ○ 100s of teams respond to the tests ○ 100s of teams write post-mortems for each of the tests ○ 100s of teams fix issues found in post-mortems Google Confidential and Proprietary

  9. Rolling out a disaster (Example 1/4 - first 6 hours) ● Research and Test ○ Scenario: Bay area earthquake, later an aftershock ○ Story: Meteor hit the bay area. Zombies emerge from ground. ○ Structural damage, flooding communications hampered ● Response ○ Safety (Evacuations?) ○ People 'Finder' and ‘Alerter’ ○ Incident management, team and operational failovers ○ Communicate Communicate ● Did we learn anything? ○ Mass evacuations ○ Satellite phones - a good idea? ○ People 'alerter' Record. Fix. Google Confidential and Proprietary

  10. Rolling out a disaster (Example 2/4) ● Test ○ Distributed offices responsible for carrying operations ○ Oh wait! Unrelated fiber cut incident! Datacenter down! ● Response ○ Teams bring back systems with no help or communication from HQ ● Did we learn anything? ○ Where is our monitoring? ○ Is it possible to DoS cafes? ○ Great - approvals system works! Now what? ○ Phones - wait... ○ How quickly can we recover? Good enough? Record. Fix. Google Confidential and Proprietary

  11. Rolling out a disaster (Example 3/4) ● Test ○ Oh wait! Massive power outage! Many days! ● Response ○ Emergency funding to respond. ○ Run on backup generators. ○ Longer-term outage - capacity concerns addressed. ● Did we learn anything? ○ Can we seamlessly cut to generators at full load? ○ For how long? Do we get into trouble? ○ If the datacenter was down for n hours, and we fixed everything why is nothing coming back up? Record. Fix. Google Confidential and Proprietary

  12. Rolling out a disaster (Example 4/4) ● Test ○ Meanwhile at HQ, there are a lot of issues to resolve. ○ 'I am travelling, send me back.' ○ 'Do customers need to pay us?' ● Response ○ New policies on the fly ○ Sharing resources (food, shelter etc.) ● Did we learn anything? ○ Creativity and a culture that promotes flexibility helps a lot. ○ Communications is hard ○ Exhaustion and decisions Record. Fix. Google Confidential and Proprietary

  13. Meta: What did we learn? ● Post-mortem culture: Failures are inevitable - the best we can do is be prepared for them and learn from them. Fix! Google Confidential and Proprietary

  14. Meta: What did we learn? ● Post-mortem culture: Failures are inevitable - the best we can do is be prepared for them and learn from them. Fix! ● Continuous simulations and testing: An untested plan is not really a plan. Test against them. All the time. Google Confidential and Proprietary

  15. Meta: What did we learn? ● Post-mortem culture: Failures are inevitable - the best we can do is be prepared for them and learn from them. Fix! ● Continuous simulations and testing: An untested plan is not really a plan. Test against them. All the time. ● Test everything: There is no real distinction between business continuity and disaster recovery - people and technology co-exist. Google Confidential and Proprietary

  16. Meta: What did we learn? ● Post-mortem culture: Failures are inevitable - the best we can do is be prepared for them and learn from them. Fix! ● Continuous simulations and testing: An untested plan is not really a plan. Test against them. All the time. ● Test everything: There is no real distinction between business continuity and disaster recovery - people and technology co-exist. ● Rinse and repeat: Repetition is important. A system or document that is never used is not helpful when it matters. Google Confidential and Proprietary

  17. Thank you! Google Confidential and Proprietary

Recommend

Investigation of Failures 49 CFR 192.617 192.617 Investigation of Failures Each operator

Investigation of Failures 49 CFR 192.617 192.617 Investigation of Failures Each operator

Investigation of Failures 49 CFR 192.617 192.617 Investigation of Failures Each operator shall establish procedures for analyzing accidents and failures, including the selection of samples of the failed facility or equipment for

948 views • 55 slides
Zero-Shot Learning for Word Translation: Successes and Failures Ndapa Nakashole, University of

Zero-Shot Learning for Word Translation: Successes and Failures Ndapa Nakashole, University of

Zero-Shot Learning for Word Translation: Successes and Failures Ndapa Nakashole, University of California, San Diego 05 June 2018 Outline Introduction Successes Limitations 2 Zero-shot learning Zero-shot learning: ) at test

881 views • 49 slides
Protection and Restoration Introduction Fact: Networks fail. Types of failures: Path

Protection and Restoration Introduction Fact: Networks fail. Types of failures: Path

SYSC 5801 Protection and Restoration Introduction Fact: Networks fail. Types of failures: Path failures Link failures Node failures Results: packet losses, waste of resources, and higher delay. What IGP does in the event

721 views • 35 slides
Failures and Consensus Failures and Consensus Coordination Coordination If the solution to

Failures and Consensus Failures and Consensus Coordination Coordination If the solution to

Failures and Consensus Failures and Consensus Coordination Coordination If the solution to availability and scalability is to decentralize and replicate functions and data, how do we coordinate the nodes? data consistency update

712 views • 36 slides
Software Failures Perdita Stevens perdita@inf.ed.ac.uk

Software Failures Perdita Stevens perdita@inf.ed.ac.uk

Software Failures Perdita Stevens perdita@inf.ed.ac.uk http://www.inf.ed.ac.uk/teaching/courses/sapm/ Original slides: Dr James A. Bednar & Dr David Robertson, changes by Dr Massimo Felici, Mr Conrad Hughes, me SAPM Spring 2010: Failures

771 views • 27 slides
Understanding Process Safety & Avoiding Catastrophic Failures LEARNING FROM 30 YEARS IN

Understanding Process Safety & Avoiding Catastrophic Failures LEARNING FROM 30 YEARS IN

Understanding Process Safety & Avoiding Catastrophic Failures LEARNING FROM 30 YEARS IN MAJOR HAZARD RISK CONTROL Ian Travers Process Safety Consultant www.iantravers.co.uk IAN TRAVERS LTD. PROCESS SAFETY CONSULTANCY WWW.IANTRAVERS.CO.UK

797 views • 38 slides
s rsrt Market failures Tyler Moore

s rsrt Market failures Tyler Moore

s rsrt Market failures Tyler Moore When markets fail Market failures occur when the free-market outcome is inefficient Monopolies/oligopolies Public goods Information

301 views • 15 slides
MySQL High Availability Solutions Alex Poritskiy Percona The Five 9s of Availability

MySQL High Availability Solutions Alex Poritskiy Percona The Five 9s of Availability

MySQL High Availability Solutions Alex Poritskiy Percona The Five 9s of Availability Clustering & disasters Geographical Redundancy power failures network failures Clustering Technologies hardware failures software failures

593 views • 47 slides
Availability models Dr. Jnos Tapolcai tapolcai@tmit.bme.hu http://opti.tmit.bme.hu/~tapolcai/

Availability models Dr. Jnos Tapolcai tapolcai@tmit.bme.hu http://opti.tmit.bme.hu/~tapolcai/

Availability models Dr. Jnos Tapolcai tapolcai@tmit.bme.hu http://opti.tmit.bme.hu/~tapolcai/ / 1 Failure sources HW failures Network element failures Type failures Manufacturing or design failures Turns out at the testing

553 views • 31 slides
Political Market Failures and Corruption November 2008 () Political Market Failures and

Political Market Failures and Corruption November 2008 () Political Market Failures and

Political Market Failures and Corruption November 2008 () Political Market Failures and Corruption November 2008 1 / 9 When Does Political Competition Lead to Optimal Provision of Public Goods? Political economy models predict that policy in

103 views • 9 slides
Predictive maintenance Predicting failures using machine learning company confidential 3

Predictive maintenance Predicting failures using machine learning company confidential 3

HKUST predictive maintenance contest May 8, 2018 Predictive maintenance Predicting failures using machine learning company confidential 3 nexperia.com company confidential Semiconductor packaging 4 nexperia.com company confidential

357 views • 12 slides
Prepared by Cindy Safrit and Daphne Cartner Dam Failures Do Occur No one knows precisely how many

Prepared by Cindy Safrit and Daphne Cartner Dam Failures Do Occur No one knows precisely how many

Prepared by Cindy Safrit and Daphne Cartner Dam Failures Do Occur No one knows precisely how many dams have failed in the US from January 1, 2005 through June 2013 All State Dam Safety programs have documented failures From this the Association

565 views • 34 slides
Analysis of link failures in an Analysis of link failures in an IP backbone network IP backbone

Analysis of link failures in an Analysis of link failures in an IP backbone network IP backbone

Analysis of link failures in an Analysis of link failures in an IP backbone network IP backbone network Gianluca Iannaccone Gianluca Iannaccone Sprint ATL Sprint ATL joint work with: Chen-Nee Chuah, UC Davis Richard Mortier, Microsoft

231 views • 10 slides
Software Failures Dr. James A. Bednar jbednar@inf.ed.ac.uk http://homepages.inf.ed.ac.uk/jbednar

Software Failures Dr. James A. Bednar jbednar@inf.ed.ac.uk http://homepages.inf.ed.ac.uk/jbednar

Software Failures Dr. James A. Bednar jbednar@inf.ed.ac.uk http://homepages.inf.ed.ac.uk/jbednar Dr. David Robertson dr@inf.ed.ac.uk http://www.inf.ed.ac.uk/ssp/members/dave.htm SAPM Spring 2012: Failures 1 Recall: Criteria for success For

565 views • 22 slides
Failure Sketching: A Technique for Automated Root Cause Diagnosis of In-Production Failures

Failure Sketching: A Technique for Automated Root Cause Diagnosis of In-Production Failures

Failure Sketching: A Technique for Automated Root Cause Diagnosis of In-Production Failures Baris Kasikci, Benjamin Schubert, Cristiano Pereira, Gilles Pokam, George Candea Debugging In-Production Software Failures Today 2 Debugging

937 views • 93 slides
Root Cause Analysis How to Understand and Prevent Failures 09 MAR 2020 9 March 2020 UNCLA

Root Cause Analysis How to Understand and Prevent Failures 09 MAR 2020 9 March 2020 UNCLA

MI MILITARY SE SEALIFT CO COMM MMAND Root Cause Analysis How to Understand and Prevent Failures 09 MAR 2020 9 March 2020 UNCLA LASSIFIE IED//FOU OUO Training Goals Identify the roots of mechanical failures and use logic analysis to

1.23k views • 44 slides
Root Cause Analysis How to Understand and Prevent Failures 09 MAR 2020 8 April 2020 UNCLA

Root Cause Analysis How to Understand and Prevent Failures 09 MAR 2020 8 April 2020 UNCLA

MI MILITARY SE SEALIFT CO COMM MMAND Root Cause Analysis How to Understand and Prevent Failures 09 MAR 2020 8 April 2020 UNCLA LASSIFIE IED//FOU OUO Training Goals Identify the roots of mechanical failures and use logic analysis to

628 views • 45 slides
Software Failures Dr. James A. Bednar jbednar@inf.ed.ac.uk http://homepages.inf.ed.ac.uk/jbednar

Software Failures Dr. James A. Bednar jbednar@inf.ed.ac.uk http://homepages.inf.ed.ac.uk/jbednar

Software Failures Dr. James A. Bednar jbednar@inf.ed.ac.uk http://homepages.inf.ed.ac.uk/jbednar Dr. David Robertson dr@inf.ed.ac.uk http://www.inf.ed.ac.uk/ssp/members/dave.htm SAPM Spring 2007: Failures 1 How Software Projects Fail

380 views • 21 slides
On Symmetric Encryption with Distinguishable Decryption Failures Alexandra Boldyreva, Jean Paul

On Symmetric Encryption with Distinguishable Decryption Failures Alexandra Boldyreva, Jean Paul

On Symmetric Encryption with Distinguishable Decryption Failures Alexandra Boldyreva, Jean Paul Degabriele , Kenny Paterson, and Martijn Stam FSE - 12th Mar 2013 Outline Distinguishable Decryption Failures The Multiple-Error Setting

893 views • 43 slides
What Can We Learn from Four Years of Data Center Hardware Failures? Guosai Wang, Lifei Zhang, Wei

What Can We Learn from Four Years of Data Center Hardware Failures? Guosai Wang, Lifei Zhang, Wei

What Can We Learn from Four Years of Data Center Hardware Failures? Guosai Wang, Lifei Zhang, Wei Xu Mo Moti tivati tion: n: E Evolving ng F Failur ure Mo Mode del Failures in data centers are common and costly - Violate service

870 views • 48 slides
Internet Resiliency to Attacks and Failures under BGP Policy Routing D. Dolev, S. Jamin, O.

Internet Resiliency to Attacks and Failures under BGP Policy Routing D. Dolev, S. Jamin, O.

Internet Resiliency to Attacks and Failures under BGP Policy Routing D. Dolev, S. Jamin, O. Morkyn, Y. Shavitt Presenter: Shiva Kasiviswanathan Pennsylvania State University University Park Internet Resiliency to Attacks and Failures under BGP

920 views • 61 slides
Advanced Network Security 6. Agreement and consensus II: Byzantine failures Jaap-Henk Hoepman

Advanced Network Security 6. Agreement and consensus II: Byzantine failures Jaap-Henk Hoepman

Advanced Network Security 6. Agreement and consensus II: Byzantine failures Jaap-Henk Hoepman Digital Security (DS) Radboud University Nijmegen, the Netherlands @xotoxot // * jhh@cs.ru.nl // 8 www.cs.ru.nl/~jhh Byzantine failures are real

477 views • 30 slides
Contention-Related Crash Failures Anas Durand LIP6, Sorbonne Universit, Paris April 1st,

Contention-Related Crash Failures Anas Durand LIP6, Sorbonne Universit, Paris April 1st,

Contention-Related Crash Failures Anas Durand LIP6, Sorbonne Universit, Paris April 1st, 2019 1 / 25 Anas Durand Contention-Related Crash Failures Set Agreement and Renaming in the Presence of Contention-Related Crash Failures SSS 2018

1.02k views • 52 slides
of I Want to use all paths How Why Using Multiple Paths to Handle Failures y B of HI Yo d

of I Want to use all paths How Why Using Multiple Paths to Handle Failures y B of HI Yo d

Potpourri Announcements Lab 5 is oat No classy next week hotline of I Want to use all paths How Why Using Multiple Paths to Handle Failures y B of HI Yo d Quickly detecting and switching Control II Data Can we do Never drop a packet

544 views • 6 slides

More recommend