DevOps vs. SRE: What are the Differences

Hope is not a strategy (Site Reliability Engineering)

Site Reliability Engineering (SRE) is a philosophy that has been steadily gaining followers in recent years, despite being conceptualized in 2003 by Ben Treynor Sloss at Google. With DevOps practices already firmly established in many organizations, is a conflict between the two imminent? Is SRE nothing more than a passing trend? Does SRE complement DevOps or vice versa? Let’s review.

Wikipedia defines DevOps as a “set of practices that combines software development (Dev) and IT operations (Ops). It aims to shorten the systems development life cycle and provide continuous delivery with high software quality.” According to Site Reliability Engineering, “SREs are focused on finding ways to improve the design and operation of systems to make them more scalable, more reliable, and more efficient.” By simply reviewing the definitions above, one can see that the DevOps definition is more focused on practices, while the SRE definition includes words like design and reliability. It’s true that both covers both, that is: DevOps doesn’t ignore design and reliability and SRE doesn’t go without practices, however when we look at the focus of each approach, we will see that these subtle differences in the definitions of the two are apparent in their actual implementation. We’ll examine some of the more readily apparent distinctions by exploring each in a bit more depth.

DevOps vs SRE – Differences

Culture

Let’s begin by understanding the cultural aspect – both DevOps and SRE are adopted by organizations as a culture rather than a practice area and in this sense, they are the same, even though teams may be designated as primarily responsible for practices supporting that culture. Although each culture is flexible – that is allowing for teams focused on DevOps or SRE practices directly vs embedded practitioners across teams – it is common for organizations to adopt SRE as one or more focused teams while DevOps practitioners commonly tend to be dispersed amongst teams.

For example, and referring to the book once again, in 2016 Google employed over 1000 site reliability engineers with responsibilities that support a culture of SRE across the Conversely, an organization that employs site reliability engineers but does not embrace SRE culture is not likely to be successful with respect to SRE practices. Although more nebulous, the same dichotomy exists for organizations with respect to DevOps culture.

Risk

Next, we should examine the respective approaches to risk – a core attribute of SRE. Both SRE and DevOps seek to minimize risk exposure as well as maximize detection and responsiveness to impact, however, SRE culture views risk management as the goal rather than the more common DevOps approach of managing a symptom. Suppose two nearly identical web application companies – one pursuing DevOps and the other pursuing SRE – wish to implement a new feature as part of their respective applications. Further, suppose that each respective change has the exact same probability of introducing unreliability in the application. Because SRE cultures invest in risk tolerance definitions, immediately this company necessarily has a better understanding of how to react to the proposed change; likely before a line of code has been written to support it. Certainly, DevOps organizations may define and maintain risk tolerance profiles – that is that nothing precludes DevOps from having the same practice – but making risk tolerance definition a core principle of SRE positions the context of risk in the conversation at the outset as a matter of course.

Opportunity Cost

On the opposite side of the scale from risk tolerance can be found opportunity cost. Continuing with the former example, it is likely that the DevOps organization is better positioned to minimize the loss in opportunity cost. This is expected because the SRE organization has specifically and intentionally positioned opportunity cost as secondary to risk management. Restated – the SRE organization accepts lost opportunity costs as necessary in order to achieve the desired risk tolerance. This is not to say that either organization wishes for lost opportunity cost but is to highlight the slightly different prioritization.

Observability

It’s a common saying in DevOps that “if it isn’t being tested then it isn’t working”. Active testing is certainly an important activity for both DevOps and SRE practices, however, the way in which test results are consumed is central to SRE philosophy. Back to our favorite book (chapter 3): “As standard practice at Google, we are often best served by identifying an objective metric to represent the property of a system we want to optimize. By setting a target, we can assess our current performance and track improvements or degradations over time.” Let’s imagine two organizations – one following DevOps and one following SRE. Each organization tracks a Key Performance Indicator (KPI) of failed deployment rate or the frequency with which new deployments result in a negative impact on service. Both organizations may want to target a low value for this KPI – say 5% or less – but the way in which each organization conceptualizes the metric is different: the DevOps team may target a low value as a way to reduce disruption to the service while the SRE team will consume the KPI as a part of calculating the error budget for the service (more on error budgets below).

Error Budget

In order to contextualize observability – both in terms of the value of a metric as well as success in optimizing a metric – SRE teams often concern themselves with a budget. In concept an error budget is no different than a financial one – define how much to spend and track actual spending against that limit. Error budgets are implemented as an agreement between an SRE team and one or more development teams – DevOps or otherwise. This strategy can help to reduce tensions between the two teams, despite their logical opposing priorities of stability (SRE) and velocity (Dev); as long as a development team has not spent their error budget within a timeframe then an SRE team should not need to raise concerns about stability and collectively the teams should maintain the desired velocity.

Postmortem

Despite the best planning and preparation, service interruptions will occur. Handling such interruptions is an important part of both DevOps and SRE practice, but so is what comes after an interruption – a postmortem. Recording the event, actions are taken to correct it, and what actions will be taken to prevent the event from recurring all comprise a postmortem and help to ensure that incidents do not overwhelm a team or an organization. Although any organization may perform postmortem investigations, SRE philosophy specifically prescribes the practice and should be expected from any team pursuing this culture. A DevOps engineer that would fix a failure, would certainly analyze it, document what went wrong in some way, and would, of course, try to avoid that failure in the future. But it is not necessarily required that this DevOps engineer would conduct a full post-mortem analysis of the failure, once fixed. If you are a DevOps engineer and you do perform comprehensive post-mortems, that’s OK, it might just mean that you are implementing the SRE philosophy, whether you know it, or not.

Adopting SRE Culture

There are a few questions to answer about adoption – who, why, and how.

Who?

Although SRE culture is more than simply a set of tools – or even a list of practices – at its core SRE focuses on reliability. An organization that benefits from an increased focus on its technical reliability – not only potential improvements to uptime but also the ancillary gains in improved observability, a greater focus on value-add metrics, and the exercise of error budgeting – is a good fit for the addition of SRE culture.

On an individual level, anyone can become an SRE engineer by adopting the philosophy. Don’t get me wrong, I’m not arguing that you can just become an SRE. I do think, though, that a good engineer can learn to adopt SRE principles and thus pursue the SRE culture. There’s nothing that prevents a motivated individual from learning how to follow SRE practices.

In some organizations, this involves transitioning existing DevOps practitioners to roles focused on SRE practices, either as a single centralized group or embedded within existing teams. Because SRE is largely born out of DevOps philosophy, many of the skills acquired by practitioners will translate in both directions.

It is to be noted that though SRE culture comes from Google, it is not only organizations of Google scale that can benefit from it.

Why?

An increased focus on reliability may benefit many different organizations, however, the primary benefit of SRE comes from its culture – a focus on actionable metrics, viewing a technology stack through error budgeting, incident management practices, and so on. There are many ways – technical and cultural – to improve reliability but pursuing SRE is inherently a mindset as well as a practice.

How?

Because each organization is unique, pursuing an SRE culture will also be inherently distinct to each organization. Some organizations may have internally built DevOps practices, or follow the Information Technology Infrastructure Library (ITIL) framework for delivering information technology services, or adhere to Agile methodologies to organize software development effort – no matter the existing pattern, SRE can be a fit. That said, considering these questions may help to get the ball rolling:

Should SRE replace DevOps?
Some organizations integrate the two, capturing natural complementary goals and benefits; in fact, some practitioners view SRE as an implementation of DevOps – “One could view DevOps as a generalization of several core SRE principles to a wider range of organizations, management structures, and personnel. One could equivalently view SRE as a specific implementation of DevOps with some idiosyncratic extensions.” (DevOps or SRE – Chapter 1, Introduction – Site Reliability Engineering). Some teams find that embedding one or more SRE specialists within individual DevOps teams is an effective way to ensure horizontal adoption of SRE practices, while some other teams build an SRE center of excellence.
Should SRE replace ITIL?
Much like DevOps, some organizations find that ITIL and SRE are very complementary, with both emphasizing a form of governance around change management and an adherence to SLO.
Is Agile a requirement for implementing SRE culture?
Not at all; while many organizations find Agile methodology to be a good foundation for the iterative processes of SRE and a match for an error budget approach, any methodology can be compatible. SRE is focused on the outcome rather than the production of software per-se, the methodology for producing the software is not directly relevant. As an example, an organization that follows a waterfall methodology would implement a phase of risk assessment and abatement in accordance with SRE’s error budgeting and testing approaches.

Why Not

SRE philosophy may have many benefits for many organizations, but to turn the phrase “for everyone but not everything” – SRE is not for everyone nor for everything.

Not all organizations benefit from increased reliability or, restated, the incremental cost of increased reliability does not return an equal or greater incremental value for all organizations. For some organizations this is a question of scale; Google’s global scale is not the only one potentially benefiting from SRE, however, a small startup with a few thousand users may not yet justify the investment.
The reduction in development velocity may not be justified by increased reliability for some organizations. By focusing on practices such as error budgeting, SRE organizations necessarily reduce velocity; and should do so with intent.
By establishing an SRE practice, organizations can fall into a trap of thinking “reliability is now exclusively an SRE responsibility”; reliability is an SRE responsibility, but it is shared across the organization, just like it was before adopting SRE. While this is not directly a reason to avoid adopting SRE, it can lead to organizations not reaching full SRE potential and even abandoning the adoption.
Re-labeling teams or team members as “SRE” does not mean that an organization is aligned to the philosophy. For example, an SRE team not implementing error budgeting can hardly be said to be aligned to SRE pillars. Such gaps can lead to organizations viewing SRE as the latest buzzword and dismissing it as a passing fad; at the least such gaps reduce even the nominal value of SRE.

Conclusion

SRE is more than a passing fad but not a silver bullet – it is a culture built on understanding and accepting risk within certain parameters that can be measured.

Organizations wishing to adopt an SRE culture can do so without disrupting their existing DevOps, Agile, ITIL, or other existing strategies – in fact, SRE intentionally fits in. Although all of the ins and outs of SRE are outside of the scope of this article, there are many great resources available on the Internet from SRE practitioners – and even the team who invented it – to help take the next step:

Yohai West

Yohai has over 15 years of product marketing experience in which he successfully crafted, launched, and executed multiple high-impact campaigns for global enterprise companies.

Cookie	Duration	Description
ARRAffinity	session	ARRAffinity cookie is set by Azure app service, and allows the service to choose the right instance established by a user to deliver subsequent requests made by that user.
ARRAffinitySameSite	session	This cookie is set by Windows Azure cloud, and is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session.
cf_use_ob	past	Cloudflare sets this cookie to improve page load times and to disallow any security restrictions based on the visitor's IP address.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	2 years	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
_gat	1 minute	This cookie is installed by Google Universal Analytics to restrain request rate and thus limit the collection of data on high traffic sites.
_uetsid	1 day	Bing Ads sets this cookie to engage with a user that has previously visited the website.
_uetvid	1 year 24 days	Bing Ads sets this cookie to engage with a user that has previously visited the website.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_UA-8508435-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_hjIncludedInSessionSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's daily session limit.
_hjTLDTest	session	To determine the most generic cookie path that has to be used instead of the page hostname, Hotjar sets the _hjTLDTest cookie to store different URL substring alternatives until it fails.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
MR	7 days	This cookie, set by Bing, is used to collect user information for analytics purposes.
utm_campaign	2 months	Google Ad Services sets this cookie to store session campaign value if present.
utm_content	2 months	This cookie is used for storing the session content value if present.
utm_source	2 months	This cookie is used to record from where the visitor came to the website orginally. This information is used by the website operator to know the efficiency of their marketing.
utm_term	2 months	This cookie is used to record from where the visitor came to the website orginally. This information is used by the website operator to know the efficiency of their marketing.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
_mkto_trk	2 years	This cookie, provided by Marketo, has information (such as a unique user ID) that is used to track the user's site usage. The cookies set by Marketo are readable only by Marketo.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
MUID	1 year 24 days	Bing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
personalization_id	2 years	Twitter sets this cookie to integrate and share features for social media and also store information about how the user uses the website, for tracking and targeting.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
utm_medium	2 months	This cookie is used to record from where the visitor came to the website orginally. This information is used by the website operator to know the efficiency of their marketing.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

SRE vs DevOps: What’s the Difference Between Them?

DevOps vs SRE – Differences

Adopting SRE Culture

Conclusion

Yohai West

Table of Contents

Shorten your builds

Related Posts

10 minutes Measuring the Value of Development Acceleration

10 minutes Platform Engineering vs DevOps: A Comprehensive Comparison

10 minutes 8 Reasons Why You Need Build Observability

Cookie	Duration	Description
_hjSession_2537450	30 minutes	No description
_hjSessionUser_2537450	1 year	No description
AnalyticsSyncHistory	1 month	No description
BIGipServersn-mch-v2-80	session	No description
BIGipServersn02web-nginx-app_https	session	No description
ib_last_referrer	2 months	No description
incap_ses_1319_2167377	session	No description
li_gc	2 years	No description
muc_ads	2 years	No description
nlbi_2167377	session	No description
original_req_url	past	No description
referrer66_00f	1 month	No description
visid_incap_2167377	1 year	No description
visitorId	1 year	No description