DataCentersX > Compute Ops > Platform Reliability Engineering
DC Platform Reliability Engineering
Platform Reliability Engineering applies Site Reliability Engineering (SRE) discipline to the data center compute platform itself - the orchestration, scheduling, observability, networking, and hardware management systems that other workloads run on. Where Resilience & Reliability covers facility-layer survival through failures and SLA/SLO Management covers commitments to customers, PRE owns the operational practice that keeps the platform delivering against those commitments. The discipline includes incident response, postmortem culture, error budget enforcement, change management, and the metrics that quantify platform reliability over time.
Core practices
| Practice | What it covers |
|---|---|
| Error budget management | Tracking allowed unreliability against SLO; enforcing release freezes when budget is exhausted |
| Incident response | On-call rotation, paging, triage, escalation, communication, restoration |
| Postmortem culture | Blameless review of every significant incident; root cause analysis; action item tracking |
| Change management | Risk classification of changes; canary deployments; automated rollback; change freeze policies |
| Capacity engineering | Forecasting platform capacity needs; identifying scaling limits before they bite |
| Reliability testing | Chaos engineering, game days, load testing, dependency failure simulation |
| Toil reduction | Identifying and automating away repetitive operational work |
| Production readiness review | Gate for new services entering production; SLO definition, runbook quality, observability coverage |
The four metrics
Modern PRE practice tracks four primary metrics that quantify platform reliability and the engineering choices that affect it. The metrics align with DORA (DevOps Research and Assessment) industry benchmarks and are the standard reporting framework for engineering leadership.
| Metric | What it measures | What it tells you |
|---|---|---|
| SLO burn rate | Rate at which the error budget is being consumed | High burn = approaching SLO violation; trigger for intervention; basis for release freezes |
| Change failure rate | Percentage of changes (deployments, configs) that cause incidents | Quality of the change management process; engineering practice maturity |
| MTTR (Mean Time To Recovery) | Average time from incident detection to service restoration | Operational responsiveness; runbook quality; tooling effectiveness |
| Incident trends | Frequency, severity, and category of incidents over time | System brittleness; recurring failure modes; effectiveness of remediation actions |
Two additional DORA metrics commonly tracked alongside the core four are deployment frequency (how often changes reach production) and lead time for changes (cycle time from commit to production). The complete six-metric framework is the standard for engineering organization performance reporting.
Error budgets in practice
The error budget concept treats the gap between 100% availability and the SLO as a finite resource that engineering can spend. If the SLO is 99.9% (allowing roughly 8.76 hours of downtime per year), the team has an error budget of those 8.76 hours that they can consume through deployments, feature changes, or incidents. The framework converts the abstract reliability conversation into a concrete tradeoff between feature velocity and operational stability.
Operational implementation varies in strictness. Strict error budget enforcement freezes new deployments when budget is depleted until reliability is restored. Softer enforcement uses budget exhaustion as a signal that triggers heightened review of upcoming changes. Most large engineering organizations operate somewhere in between - explicit policy on what triggers freeze, what work is allowed during freeze (security patches, reliability improvements), and how budget is restored. Burn rate alerting is the standard early-warning mechanism, paging when budget is being consumed at a rate that would deplete it before the SLO measurement window closes.
Incident response
Incident response is the operational practice of detecting, triaging, mitigating, and restoring service during outages. The discipline includes the on-call rotation (who responds at any given time), paging system (how alerts reach the on-call), severity classification (how big is this incident), incident commander pattern (single decision-maker during the response), communication protocols (status pages, customer notifications, internal updates), and the runbooks that guide responders through known failure modes. Major incident response platforms include PagerDuty, Opsgenie (Atlassian), Splunk On-Call, FireHydrant, and incident.io.
| Severity tier | Typical definition | Response posture |
|---|---|---|
| Sev 1 / P0 | Major outage; many customers affected; revenue or trust impact | Immediate response; incident commander; war room; executive notification |
| Sev 2 / P1 | Significant degradation; partial outage; SLA at risk | Urgent response; on-call leads investigation; customer communication |
| Sev 3 / P2 | Limited impact; workaround available; non-critical service degraded | Standard on-call response; business hours sufficient unless escalating |
| Sev 4 / P3 | Minor issue; cosmetic; non-customer-impacting | Tracked for prioritization; no immediate action required |
Postmortem culture
The blameless postmortem is the foundational PRE practice for learning from incidents. After significant incidents, the response team and stakeholders meet to review timeline, identify contributing factors, document what went well and what didn't, and produce action items to prevent recurrence. The blameless framing - focusing on systemic and process factors rather than individual blame - encourages honest disclosure of what actually happened, which is the prerequisite for actually learning from incidents. The practice originated at Google and has spread broadly across the industry.
A well-run postmortem produces a written document with: what happened (factual timeline), impact (customer effect, SLO consumption, business impact), contributing factors (no single root cause; multiple factors usually contribute), what went well (parts of the response that worked), what didn't go well (gaps in detection, response, mitigation), and action items (specific, owned, time-bounded follow-ups). Major postmortem tools include Jeli, Blameless, FireHydrant, and incident.io with built-in postmortem workflows. Some organizations make their postmortems public for major incidents (Cloudflare, GitLab); others keep them internal but accessible across the engineering organization.
Change management
Change management is the operational practice that prevents changes from causing incidents and contains blast radius when they do. Modern practice combines several techniques: canary deployments (release to a small percentage of capacity first, monitor, expand), blue/green deployment (run new version alongside old, swap traffic atomically), feature flags (decouple deploy from release; turn capabilities on gradually), automated rollback (revert on detection of regression), and change freeze policies (no deployments during high-risk windows or when error budget is exhausted). The discipline cross-references Orchestration Operations for the deployment infrastructure and GRC:Controls for change-management compliance evidence in regulated environments (SOC 2, ISO 27001, FedRAMP).
Chaos engineering and game days
Chaos engineering deliberately introduces failures into production systems to verify that resilience actually works. The technique originated at Netflix (Chaos Monkey) and has become standard practice at hyperscalers and major SaaS providers. Major operators run chaos exercises that include actual generator transfers under load, BMS controller failover, network path failures, and selected equipment shutdowns - on production systems, on schedule, with documented procedures. Game days are the broader category of pre-planned reliability exercises (chaos engineering is one type) that include scenario-based response drills, war-game exercises for major hypothetical incidents, and cross-team coordination practice. The discipline produces evidence that documented resilience actually works, rather than just being designed to work. Companies like Gremlin, Steadybit, AWS Fault Injection Service, and Azure Chaos Studio provide tooling.
Toil reduction
Toil is the SRE term for repetitive operational work that has no enduring value - the same manual fix applied to recurring incidents, the same hand-cranked report run weekly, the same firefighting that follows predictable patterns. Toil consumes engineering time without producing reliability or capability improvements. The PRE discipline includes systematic identification of toil, prioritization of automation work to eliminate it, and enforcement of toil budgets that prevent operations engineering from becoming pure firefighting. Google's original SRE book set 50% as the target ceiling for toil; in practice the actual ceiling varies by organization and platform maturity, but the principle of treating toil as a measurable input that crowds out engineering capacity is universal.
Production readiness reviews
Production readiness review (PRR) is the gate that new services pass before reaching production. The review covers: SLO definition (what reliability does this service commit to), observability (does it produce the telemetry needed to operate it), runbooks (do operations procedures exist for known failure modes), capacity planning (does it scale; what are the limits), security review, and on-call coverage (who responds when it breaks). The PRR is run by the PRE team or jointly with the service team. Failed reviews send the service back for remediation; passed reviews establish the operational baseline. The practice prevents the common pattern where services launch without operational maturity and accumulate technical debt that eventually causes major incidents.
PRE in AI infrastructure
AI-specific platforms (training orchestration, inference serving, model registries, feature stores) have their own reliability engineering concerns. AI training reliability includes checkpoint integrity, cluster failover during multi-day runs, and the operational complexity of running 10K+ GPU jobs without losing state. Inference reliability includes p99 latency at scale, capacity-constrained autoscaling, model version rollback, and the customer-experience impact of degraded inference responses. Modern AI operators (CoreWeave, Lambda, Crusoe, Together AI) and hyperscalers running large AI platforms have established AI-specialized PRE practices that address these concerns. The discipline is younger than general PRE - patterns are still settling - but the foundational techniques (error budgets, postmortems, chaos engineering, change management) apply with adaptation rather than replacement.
PRE tooling landscape
| Category | Vendor examples |
|---|---|
| Incident response platforms | PagerDuty, Opsgenie (Atlassian), Splunk On-Call, FireHydrant, incident.io |
| SLO platforms | Nobl9, Datadog SLOs, Grafana SLO, Honeycomb, Lightstep |
| Postmortem and incident learning | Jeli (PagerDuty), Blameless, FireHydrant, incident.io built-in workflows |
| Chaos engineering | Gremlin, Steadybit, AWS Fault Injection Service, Azure Chaos Studio, Litmus |
| Status page and customer communication | Statuspage (Atlassian), Status.io, Better Stack, Instatus |
| DORA metrics platforms | Sleuth, LinearB, Faros AI, Cortex, OpsLevel |
| Internal developer platforms (PRE-adjacent) | Backstage (Spotify-originated), Cortex, OpsLevel, Port |
Where this fits
Platform Reliability Engineering operates under Compute Ops as the discipline that keeps the platform itself reliable. PRE consumes telemetry from Telemetry & Observability, drives SLO commitments measured by SLA/SLO Management, and enforces change discipline on Orchestration Operations deployments. Incident response coordinates with Network Operations, Hardware Fleet Management, and (for facility-layer incidents) the FACILITY OPS teams. Postmortem evidence and incident records flow to GRC:Auditability; change management practice connects to GRC:Controls. Chaos engineering and resilience testing cross-reference Resilience & Reliability.
Related coverage
Compute Ops | SLA/SLO Management | Telemetry & Observability | AIOps | Orchestration Operations | Workload Scheduling | Network Operations | Hardware Fleet Management | Resilience & Reliability | Auditability | Controls