Gitlab hero border pattern left svg Gitlab hero border pattern right svg

IT Ops

Welcome to the IT Ops Handbook

The IT Ops department is part of the GitLab Business Ops function that guides systems, workflows and processes and is a singular reference point for operational management.

GET IN TOUCH

On this page

Mission Statement

IT Ops will work with Security, People and Business Operations to develop automated on-boarding and off-boarding processes. We will develop secure integrations between Enterprise Business Systems and with our Data Lake. We will develop tooling and process to facilitate end-user asset management, provisioning and tracking. We will work to build API Integrations from the HRIS to third party systems and GitLab.com. We triage IT related questions as they arise. We build and maintain cross-functional relationships with internal teams to champion initiatives. We will spearhead on-boarding and off-boarding automation efforts with a variety of custom API integrations, including GitLab.com and third-party resources, not limited to our tech-stack, with scalability in mind.

Access requests

For information about the access request process, please refer to the access request project.

Baseline Entitlements

For all incoming team-members, access to systems is handled through on-boarding issues. If your on-boarding issue is complete and closed but you still need access to a system listed below, please create a new access request issue and add a link to this page in lieu of manager approval:

Systems that all team-members should have access to

100% of team-members should have access to the following systems at the following levels of access as part of their work at GitLab. This list has been pre-approved so if any team-member needs access to these systems they can reach out directly to the system admin(s) and request access based on this pre-approval.

System Name Business Purpose System Role (What level of access) Data Classification
1Password User Password Management Team Member RED
BambooHR Human Resource Platform Employee RED
Calendly Add-in for meeting Scheduling Employee YELLOW
Carta Shares Management Employee RED
CultureAmp 360 Feedback Management User YELLOW
Expensify Expense Claims and Management Employee ORANGE
GitLab.com Gitlab Application for Staff Employee RED
Greenhouse Recruiting Portal Interviewer RED
Gsuite Email, Calendar, and Document sharing/collaboration GitLab.com Org Unit RED
Moo Business Cards User YELLOW
NexTravel Travel booking Employee ORANGE
Sertifi Digital signatures, payments, and authorizations User YELLOW
Slack GitLab async communications Member RED
Periscope Data Data Analysis and Visualisation User RED
Will Learning Staff Training and Awareness Portal User YELLOW
Zoom For video conferencing / meetings User RED

Role-based baseline entitlements have been established for the following roles:

  1. Site Reliability Engineer - SRE
  2. Security Engineer, Operations - SecOps
  3. Security Engineer, Automation
  4. FrontEnd Engineer
  5. Backend Engineer

Automated Group Membership Reports for Managers

If you would like to check whether or not a team-member is a member of a Slack or a G-Suite group, you can view the following automated group membership reports:

G-Suite Group Membership Reports

Slack Group Membership Reports

Two factor issues and requests for support

While we are well positioned to provide support to all teams, our focus and preference is always on larger projects. We ask that all efforts be made to self-resolve before contacting IT Ops for support.

Certain support items like 2FA resets are time sensitive but there are some things you can do to help yourself. For 2FA related problems for your Gitlab accounts, please use your backup codes or try generating new ones.

Follow these steps to successfully set up 2fa for your Google account.

When you get a new device, before you get rid of the old one, make sure to set up your authenticator app on the new device. You will need to log into your accounts with the old device and disable 2fa for your accounts. Then delete the accounts off the old device and re-enable the 2fa on your accounts on the authenticator app on the new device.

As a distributed team, our current standard coverage window is ~13:00-22:00 UTC. High volumes of issues being triaged can dictate the delay in response within that window. If the issue is extremely time sensitive and warrants escalation, use judgement on whether or not it can wait until ‘business hours’. Contact details can be found in slack for escalation.

How to contact us, or escalate priority issues outside of standard hours:

Team members contact details can be found in slack profiles.

Slack is not ideal for managing priorities of incoming issues, so we ask that all such requests get sent to it-issues@ or create an issue at IT Ops Issues and we will triage and address them as soon as we can. All issues created in the servicedesk queue are public by default.

Privileged or private communications should be sent to itops@ where all new issues are private by default, visible only to the reporter and appropriate team members.

Screenshots and videos are very helpful when experiencing an issue, especially if there is an error message.

Laptops

Laptop Ordering Process

The laptop ordering process starts as soon as an offer is accepted by a candidate and the initial Welcome email is sent by the Candidate Experience Specialist. This email will include a link to the Notebook Order Form where the new team member will state their intent for obtaining or ordering hardware.

Team members that live in these countries can be serviced via the IT Laptop Ordering Process:

USA, Canada, Japan, Mexico, UK/Ireland, France, Spain, Germany, Italy, Australia, Russia, Netherlands, Thailand

Please note that we are adding supported countries to this list as we discover our ability to order in them. You can test this by going to order a Macbook Pro from the regional Apple store, and seeing if they let you customize a build or alternately refer you to local retailers. If the latter, see below.

Team members that do not live in these countries will need to procure their own laptop and submit for reimbursement. If the team member desires financial assistance the Company will advance the funds to help facilitate the purchase (see Exception Processes below).

Key Performance Indicators

KPI 99% of laptops will arrive prior to start date or 14 days from the date of order.

Exception Processes

If you are in a region where we are not able to have a laptop delivered, and you need to request funds be advanced in order for a local purchase to take place ; Obtain two quotes from local retailers (online or physical).

Email your manager with those quotes attached, requesting the funds advance and detailing the reason why (geo region, unable to have laptop delivered). Your manager will then forward their approval to Wilson & Jenny in Finance for final approval and dispensation.

Should a laptop not be available to a new GitLab team-member upon their start date, but is pending, interim options include ;

- Using personal non-windows hardware (mac, linux, mobile)
- Renting and expensing non-windows hardware
- Purchasing and expensing (or returning) a Chromebook

Laptop Configurations

GitLab approves the use of Apple and Linux operating systems, Windows is prohibited.

Apple hardware is the common choice for most GitLab team-members, but if you are comfortable using and self-supporting yourself with Linux (Ubuntu usually) you may also choose from the Dell builds below.

Apple Hardware

Linux Hardware

We strongly encourage Macs, but we do allow Linux if you are capable of self-support and updates.

For Linux laptops, we recommend purchasing a Dell computer pre-loaded with Ubuntu Linux. The reasons for using Dell for a Linux laptop are as follows:

** NOTE : for this model, it is suggested to also purchase and expense (or request in your initial laptop order) an inexpensive webcam. The built in webcam looks straight up your nose. Also note that 1Password does not yet have a native client for Linux, but there is a browser extension. Max price: the price of the equivalent Mac laptop

Laptops are purchased by IT Ops when a team-member comes on board; the team-member will be sent a form to fill out for ordering.

Laptop Refresh

Replacement laptops for broken GitLab laptops can be purchased as needed by creating an issue in the IT Ops issue tracker project and using the repair_replace template.

This process can also be followed for laptops that are not broken but old enough that you are having trouble completing your work. Please refer to the spirit of spending company money when deciding whether or not it is appropriate to replace your functioning laptop. Everyone's needs are different so it is hard to set a clear timeline of when computer upgrades are necessary for all team-members, but team-members become eligible for an updated laptop after 3 years.

Many team members can use their company issued laptop until it breaks. If your productivity is suffering, you can request a new laptop. The typical expected timeframe for this is about three years, but it can depend on your usage and specific laptop. Laptops paid for by the company are property of GitLab and need to be reported with serial numbers, make, model, screen size and processor to IT Ops by adding it to this form: GitLab laptop information for proper asset tracking. Since these items are company property, you do not need to buy insurance for them unless it is company policy to do so (for example, at the moment we do not purchase Apple Care), but you do need to report any loss or damage to IT Ops as soon as it occurs. Links in the list below are to sample items, other options can be considered.

Configuring New Laptops

New laptops should be configured with security in mind. Please refer to security best practices when configuring new laptops. All team-members must provide proof of whole-disk encryption within the new laptop order issue.

Laptop Buy back Policy

Should an employee depart Gitlab, they have the option of purchasing their laptop for current market value. IT Ops will email all offboarded employees asking If they would like to send back or purchase their laptops. If purchasing, our Business Ops Director will approve, and we will send the offboarded employee an email with the determined value. Then, if the employee decides to move forward with purchasing, our accounting department will reach out with payment information.

Returning Old/OffBoarded Laptops

Part of the IT Ops replacement laptop process is providing each team-member with instructions about how to return their old laptop (whether outdated or broken). All laptops must be returned within 2 weeks of receiving the replacement laptop, so please prioritize transferring information between laptops within this timeframe.

If an offboarded employee decides not to purchase, then we will have them ship to our 3rd party vendor that handles sell backs, SellYourMac. SYM will send them a shipping label, and in the US, a shipping box as well.

All team-member laptops must be securely erased before being returned. This not only protects the company, but also protects you since it is possible for personal information to exist on these machines. Reformatting a computer is not sufficient in these cases because it is possible for sensitive data to be recovered after reinstalling an operating system.

Other Resources

Okta

In an effort to secure access to systems, GitLab is utilizing Okta. The key goals are:

To read more about Okta, please visit the Okta page of the handbook.

Full Disk Encryption

To provide proof of Full Disk Encryption, please do the following depending on the system you are running.