2405 - Using Git with Rational Team Concert and Rational ClearCase in enterprise environments

Bartosz ChrabskiExecutive IT Specialist

WW Competitive Sales Team

bartosz.chrabski@pl.ibm.com

Peter HackClearCase Architect

pahack@us.ibm.com

Open Source SCM market is changing – Git is important

• Git provides better auditing of

branch and merge events

• Backing up Subversion repositories

centrally is potentially simpler -

since you can choose to distributed

folders within a repo in git

• Git repository clones act as full

repository backups

• Subversion's UI is more mature than

Git's

• Git is much faster than Subversion

• Git's repositories are much smaller

than Subversions (for the Mozilla

project, 30x smaller)

• Git was designed to be fully

distributed from the start, allowing

each developer to have full local

control

• Git branches are simpler and less

resource heavy than Subversion's

• Git branches carry their entire

history

Why IBM loves GIT

2

Configuration management - Trends

3

Version control system Control of Roles and Users

Configuration management - Trends

4

Build tools Environment Configuration

Pressure on Software / Hardware Team Leaders

5

Corporate

• Process!

• Security!

• Regulatory compliance!

• …

Developers

• Get out of my way!

• Performance!

• …

What problems You need to solve with an SCM system

6

• Developers• SCM just gets in the way

• Large “undo buffer”

• Parallel development

• Isolation

• Merging

• Performance

• Offline work

• Development Organization /

Corporate• Security

• Time machine

• Parallel development

• Isolation

• Large-scale merging

• Variant management

• Component structures

What problems You need to solve with an SCM system

7

• Corporate (continued)

• Distributed teams

• Traceability

• Project lifecycle

• Change tracking

• Build and release

• Process automation / enforcement

• Regulatory compliance

• External audits

• Classified development

• Hardware / Software co-

development

• Management of large binary files

• Subcontracting

• Scalability

• Performance

Small deployments of SCM systems – challenges

8

• Key challenges to solve by SCM system• Easy to learn / use

• Limited parallel development

• Low admin overhead

• Lightweight process

• ALM integration

• Platform support (Windows Linux)

• Distributed team (maybe)

• One of the big problems, that is often ignored is,

"What do we do if we're successful?“

• Often, that's when choosing a low-end tool ends

up being an unfortunate choice

• Planning for success can often pay off (i.e.

choosing a more powerful tool than you "need").

Git can be great for this situation

9

Free and open source

Fast and small

No need of powerful hardware

Stores Snapshots

not differences

Implicit backup

• It is fully distributedAnyone can have any/all versions/files from other

repositories

• Everyone works on their own branch(es)No branch sharing (effectively, branches are "mastered"

at one repo and mastership cannot be transferred to

another)

• Access control is unimportant - it's open

source

• Simple security modelAlthough their data integrity validation provided by use of hashes is sometimes imprecisely referred to as "security"

• Entire repository copy for each workspaceThis can cause disk space challenges when multiple copies are needed for parallel development.

• Rebase operation can modify past history• No process automation• Support for sharing done by merging

Branch owner "approves" of changes through act of merging

Medium to Enterprise deployments of SCM systems – Challenges

10

• Source code security (Access control) Security

• Usability for non-iT users

• Simplicity that fits all Usability

• Ability to adapt to corporate standards

• Ability to store and manage binary files and high volumes of data

• Support exclusive checkout (locking files).

Standards

• Service Level Agreement or 24/7 support

• Backup and data recovery

• Scaling up

• Traceability with work itemsand other ALM artifacts

Enterprise Scale

SDLC Environments are not built based on one vendor solutions

Rational

ClearCase

Challenges related to multi-vendors SDLC = REALITY

12

One size does not fit all

13

Git IBM Rational Team Concert IBM Rational ClearCase

• It is fully distributed

Anyone can have any/all versions/files from

other repositories

• Everyone works on their own branch(es)

No branch sharing (effectively, branches are

"mastered" at one repo and mastership

cannot be transferred to another)

• Access control is unimportant - it's open

source

• Simple security model

Although their data integrity validation

provided by use of hashes is sometimes

imprecisely referred to as "security"

• Entire repository copy for each workspace

This can cause disk space challenges

when multiple copies are needed for

parallel development

• Rebase operation can modify past history .

• No process automation

• Support for sharing done by merging

Branch owner "approves" of changes through

act of merging

• Tuned for Agile Development

• Flexible Deployment solution

Ability to work over the WAN with a

centralized repository and file proxy

caching

Dashboard spawning multiple

projects/repositories

• Advanced collaboration support

In context, collaboration among software

developers

• Agile development support

Integrated, end to end, scalable support of

Agile development processes such as

Scaled Agile Framework

Iteration planning and end to end business

visibility

• Powerful source control management

• Integrated Build Management

• Supports incremental adoption with

ClearCase, ClearQuest, Synergy, Change,

Subversion, Git, etc

• Tuned for the Enterprise

Broadest set of platform support in the industry

Supports globally distributed development

• Flexible Deployment Solutions

Optimized to work over the WAN with a

centralized repository

CC MultiSite for Distributed Repositories

Private cloud or on premises deployment

• ClearCase Dynamic Views and Automatic

Views for Instant-on access to assets

• Handles very large configurations & files

• Highly customizable and scalable

UCM for out of the box process enactment

ClearQuest ALM Schema

• Highly secure repositories and processes

• Business IT governance infrastructure: access

control, electronic signatures, repeatable

processes, audit trails and lifecycle

traceability

• Extensible integration with CLM and other

ALM solutions

Why different SCMs should work together ?

14

What is the cost to move off any SCM now ?

• High migration costs and time

• Loss of history and metadata

• Expensive consulting and addtional

education

• Higher risk for current projects

• Lower productivity

• How much automation do they have with CC

or current SCM today - i.e. builds - that need

to be rebuilt with Git? How much effort is this?

Any type of co-existance is actually cheaper than

migration ?

• Product delays, possible errors introduced to new

releases - what are they making and what is the

impact of a failed or delayed release?

• Reduced productivity as developers learn a new tool

and build new integrations and automation

• Possible loss of code history, will they be able to

rebuild past releases if needed

• Loss of integrations to existing tools

Risk of migration between SCMs

15

Any SCM system cannot be mapped 1:1 to Git (There is no magic tool)

• Always You need some type of workaround

Be aware that there will be problems and

not always working workarounds

• Files are compressed in memory (2 GB on

32-bit systems)

• Binary files increase the repo size

• Repository size vs. bandwidth

• Authentication / Protocol Security

• Access Control (ClearCase is OS-level

permission scheme, Git has NO file-based

Access Control)

Be aware of:

• It is alway better to focus on co-existance and

expansion of tool landscape to accomodate

Open Source & Enterprise systems

• Try to focus on how IBM SCM tools

enhance/improve their process & security

together with existing tools

• is not an answer to all the issues related to

SCM. It is not innovation, just new software,

which is focused on developers.

• ClearCase or RTC can and should co-exist

with other SCMs in the mature organization

which is not ruled only by developers.

RTC Tracking & Planning as a change management hub

16

• RTC provides an out-of-the-box integration with Git

– Supports vanilla Git today, GitHub and GitHub Enterprise

– Compatible with other open source tools commonly used with

Git

• Git with Gerrit for code review

• Git with Jenkins for build

– Provides governance:

• Users must authenticate with RTC in order to check in

changes

• Provides and enforces linking between Git commits and

RTC work items

• Grant permissions for who can commit changes,

create/delete branches, etc.

– Teams get the benefits of RTC: Agile planning, workflow

and approvals, etc.

Teams using

RTC SCM Teams using

ClearCase

Teams using

Synergy

Teams

using Git

IBM Rational Team Concert – Connecting GIT with ALM

Rational Team

Concert

Rational

Quality

Manager

Rational

DOORS NG

GIT is missing some features use RTC to enrich it

18

Protection of intellectual property

• Every developer has the complete code base on his or her

laptop. Do companies really want to take that risk with their

valuable source code?

• No fine-grained access control over directories or files within the

code base.

• No control over data leaks. If something slips out, there's no way

to find all the places it could be.

Support for advanced development and strategic

reuse • Manage relationships between components, as needed for

product line engineering

• Baselines contribute to Global Configurations for managing

versions and variants across the lifecycle

Manage all your development teams with RTC

• Some teams may need RTC SCM, and others may okay with Git

that's fine.

• RTC can provide common CCB process, reports, metrics, and

governance across all teams.

Enterprise scale and support

• Git does not address enterprise level operational aspects.

Qualities of service like high availability or replication of multiple

repositories have to be done leveraging additional tools.

• As any other open source system Git does not have proper

support. Any enterprise system must offer a piece of mind in

addition to technical qualities.?

Tight integration with IBM's Application Lifecycle

Management solution for full traceability

Why even consider IBM ClearCase and GIT working together

19

Customization & integrations

• Highly customizable and controllable SCM process support to

fit many different modes of development including Agile, Waterfall,

and custom

• ClearCase integrates with many other software development

and delivery tools within Rational as well as outside of IBM

Rational

• ClearCase and IBM Rational provide greater ALM flexibility

rather than only addressing one piece of the puzzle (SCM)

• Lower risk allowing to use ClearCase as well as explore

alternatives for those that are looking for something different,

possibly IBM Rational Team Concert

• ClearCase provides a sound platform for SCM with managed

security, configuration management, runtime environment

(WAS) and integration ecosystem (including Jazz and Open

Source)

Enterprise scale and support

• IBM Rational provides 24x7 support for ClearCase and its

maturity on the market makes it a reliable SCM solution

Flexiblity

• ClearCase supports Deltas as a storage method but is far

more flexible. Out of the box, we provide deltas, compression,

and uncompressed storage options on an element by element

basis

• CC provides 4 different types of views depending on the needs

of the developer and/or task. No other product provide this

degree of flexibility.

• Extensive suite of GUIs as well as a comprehensive command

line.

• Flexible security model, including access control down to the

individual file level, if needed.

ClearCase is HERE to secure Your GIT deployments

20

"How a bug in Visual Studio 2015 exposed my

source code on GitHub and cost me $6,500 in

a few hours"

- https://www.humankode.com/security/how-a-

bug-in-visual-studio-2015-exposed-my-source-

code-on-github-and-cost-me-6500-in-a-few-hours

• Authentication

• CCRC requires explicit authentication

• Authorization

• Fine-grained access control

• Access Control Lists (ACLs)

• Unix-style permissions

• Auditing

• Detailed change history

• Fine-grained build auditing

• Access violation logging

• Encryption

• Data in motion: CCRC supports https

• Data at rest: Disk encryption

Customer Case – Git challenges mitigated with IBM CC

21

Situation: Large development team doing extensive parallel

development

Challenges and ClearCase solutions:

• Parallel development causing massive data duplication

• Dynamic and automatic views avoid needless duplication

• Parallel development causing massive redundant builds

• “Winkin” and binary file management avoid redundant

builds

• Must introduce fine-grained access control

• Access Control Lists (ACLs)

• Automate processes to prevent accidental (or intentional)

mistakes

• Triggers and metadata help developers

Q&A

22

Thank YouYour Feedback is Important!

Access the InterConnect 2016 Conference Attendee

Portal to complete your session surveys from your

smartphone,

laptop or conference kiosk.