Operations, Observability, and SRE

Site Reliability Engineering (SRE) is a discipline, not a tool. Google's SRE Book, published in 2016 and available free online, defines SRE as "what happens when you ask a software engineer to design an operations function." The key insight is that reliability is a software engineering problem, not purely an operations problem.

The SLI/SLO/SLA hierarchy provides a precise vocabulary for reliability targets. A Service Level Indicator (SLI) is a specific, measurable property of a service. Common SLIs are: request success rate (percentage of HTTP requests that return a non-5xx response), latency percentile (P99 latency under 350ms), and throughput (requests per second). An SLI is a number you can measure.

A Service Level Objective (SLO) is a target value for an SLI. "99.9% of requests will return a non-5xx response in a rolling 30-day window" is an SLO. SLOs are internal commitments that drive engineering decisions. They are set by product and engineering teams.

A Service Level Agreement (SLA) is a contractual commitment to an external party, typically a customer, with defined consequences for breach. An SLA is usually a weaker target than the SLO: if the SLO is 99.9%, the SLA might be 99.5%, giving the team a buffer before contractual penalties apply. AWS, Google Cloud, and Azure publish SLAs for their services with specific credit structures for availability failures.

The error budget is derived from the SLO. If the SLO is 99.9% availability over 30 days (43,200 minutes), the error budget is 0.1% of 43,200 minutes, which is 43.2 minutes. This is the amount of downtime the team is allowed per month. The budget creates accountability: when it is spent, deployments halt.

Observability is the ability to understand the internal state of a system from its external outputs. The term was popularised in the software context by Charity Majors (co-founder of Honeycomb) and the OpenTelemetry project. Observability differs from monitoring: monitoring watches known failure modes; observability enables investigation of unknown failures.

The three pillars are metrics, logs, and distributed traces. Each answers a different question, and all three are required for effective diagnosis of failures in distributed systems.

1. Metrics: time-series numerical data aggregated over time. Request rate, error rate, and latency percentiles (P50, P95, P99) are the canonical metrics for any service, collectively called the RED method (Rate, Errors, Duration). Metrics answer: "is something wrong right now?"
2. Logs: timestamped records of discrete events. A log entry records that something happened at a specific time with specific context. Logs answer: "what happened?" Structured logging (JSON format) makes logs searchable and parseable by tools such as Elastic, Splunk, and Datadog.
3. Distributed traces: follow a single request through all the services it touches, recording how long each service spent. Traces answer: "where did this specific request get slow or fail?" In a system with 30 microservices, metrics tell you P99 latency is elevated; only a trace identifies the slowdown as occurring in the database call inside the payment service.

OpenTelemetry (OTel) is a Cloud Native Computing Foundation (CNCF) project that provides a vendor-neutral standard for collecting metrics, logs, and traces. It reached general availability for traces in 2021 and for metrics in 2023. The OpenTelemetry Collector is an agent that receives telemetry from applications, processes it, and exports it to any compatible backend (Jaeger, Prometheus, Elastic, Datadog, Grafana, and others).

Before OpenTelemetry, each observability vendor had its own SDK, requiring application code to import vendor-specific libraries. Switching from one observability platform to another required code changes across every service. OpenTelemetry separates instrumentation (in the application code) from the backend (where data is stored and queried). Changing the backend requires only a configuration change to the collector.

The OTel semantic conventions define standard attribute names for common operations: http.method, db.system,service.name. This standardisation means that traces from a Python service and a Go service can be correlated without custom parsing, enabling end-to-end trace visualisation across polyglot systems.

Incident management is the process of detecting, responding to, mitigating, and learning from service disruptions. The incident management lifecycle has five stages:

1. Detection: alerting fires based on SLO violations or anomalies
2. Triage: assessing severity and blast radius
3. Mitigation: restoring service, not necessarily fixing the root cause
4. Resolution: addressing the root cause
5. Post-mortem: learning from the incident to prevent recurrence

PagerDuty and OpsGenie are the dominant incident alerting platforms, routing alerts to on-call engineers based on severity and schedule. Well-designed alert policies fire on symptoms (high error rate, elevated P99 latency) rather than causes (CPU usage), reducing alert fatigue. A team receiving 200 alerts per day has no alerts; it has noise.

Blameless post-mortems (also called incident reviews) are a practice originating at Google and popularised by Etsy. The principle is that incidents are caused by system conditions, not individual error. A post-mortem documents: what happened, when, what the impact was, what actions were taken, what the contributing factors were, and what specific actions will prevent recurrence.

The UK's National Cyber Security Centre (NCSC) guidance on operational resilience recommends that organisations define "important business services" and set tolerance levels for disruption, aligning with Bank of England and FCA operational resilience requirements introduced in 2022 for financial services.

Chaos engineering is the practice of deliberately injecting failures into a production or production-like system to identify weaknesses before they cause incidents. The discipline was formalised by Netflix with the publication of the Chaos Engineering Manifesto in 2014 and the open-sourcing of their Chaos Monkey tool.

Netflix operates across Amazon Web Services and must tolerate the failure of individual AWS availability zones. Chaos Monkey randomly terminates virtual machine instances during business hours, forcing Netflix's engineering teams to build services that are resilient to instance failure. The logic is: if instances fail randomly in production, engineering teams have a strong incentive to build fault-tolerant services. If instances only fail during planned maintenance windows, the incentive is weaker.

Gremlin is the leading commercial chaos engineering platform, providing controlled failure injection across CPU, memory, network, and infrastructure layers with automatic blast-radius limiting and rollback. GameDays are structured chaos engineering exercises in which teams run failure scenarios against production systems with full organisation awareness, learning how systems and teams respond under controlled conditions.

The NCSC's Resilience guidance recommends that organisations in critical national infrastructure sectors (energy, finance, healthcare, transport) conduct regular resilience testing, including simulated outages, to validate their recovery capabilities against stated tolerance levels.