Speeding cloud software delivery via DevOps framework
- By Stephanie Kanowitz
Agile developers looking to upgrade government IT systems and move to the cloud may get some help from a new DevOps framework. The eGlobalTech DevOps Factory, which was tested at the Department of Health and Human Services and the Federal Emergency Management Agency, is now broadly available.
The DevOps Factory offers advanced security and cloud deployment automation tools that align with federal policies and standards, such as the Federal Risk and Authorization Management Program and Federal Information Security Management Act.
The goal was to offer agencies a secure and flexible model that allows them to "continuously iterate and scale with changing business needs,” said Rajiv Kadayam, senior director of technology strategy at eGlobalTech.
Using DevOps Factory, HHS cut the time it took to release workloads to the cloud to about 30 minutes from four or five hours, Kadayam said. At FEMA, the technology assists users with publishing and consuming geo-coded data. It also helps scale a cloud-based geospatial disaster management support environment used by all FEMA regions plus the Army Corps of Engineers and the Department of Homeland Security to coordinate response to natural disasters.
“When an emergency happens, usage really spikes,” Kadayam said.
There are two main components of DevOps Factory. One is Espial, which automates and integrates penetration testing as part of the continuous-integration, continuous-delivery pipeline. This triggers early detection and remediation.
“Rather than having penetration testing done right before deployment by an independent third party -- we still have that -- we wanted to have early visibility to those … issues that are typical in a web application project,” Kadayam said. “We want to be able to detect those issues early in the process, and this tool helps us to do just that.”
Espial works alongside Cloudamatic, which eGlobalTech launched in 2016. Compatible with Amazon Web Services and Microsoft Azure, it accelerates automatic deployment of secure applications onto any cloud platform by provisioning, configuring, orchestrating and managing complex software configurations.
“The idea of DevOps Factory is to provide flexibility to agencies" in meeting systems engineering and development lifecycle guidelines, Kadayam said. “Our approach is to be able to make a lot of those more and more electronic.”
For example, at FEMA, eGlobalTech implemented a fully electronic change management process for developers. It used Jira, Atlassian's issue-tracking software, to give developers visibility and help them easily track "appeals and recordkeeping rather than having onerous meetings and onerous document-based approaches,” Kadayam said.
Because eGlobalTech supported FedRAMP from inception, he added, it instituted a security-by-design approach and automated security and compliance processes for controls such as National Institute of Standards and Technology SP800-53 and FISMA.
DevOps Factory users are agile developers who want to independently code and push changes to development testing environments while automating many functional aspects. But “the bulk of DevOps Factory automation and engineering is happening behind the scenes, such as being able to orchestrate complex deployments, multiple [virtual private clouds], multiple security and firewall settings, interconnections to other systems and whatnot,” Kadayam said.
Looking ahead, the company plans to add more capabilities to provide metrics and may add Jenkins, an open source automation server, so users can work with multiple pieces concurrently and have visibility into where each is in the pipeline.
Stephanie Kanowitz is a freelance writer based in northern Virginia.