DevOps framework speeds software delivery
Connecting state and local government leaders
Designed to align with federal policies and standards, eGlobalTech's DevOps Factory gives agencies security, flexibility and a process model that allows them to continuously iterate and scale.
A new DevOps framework can help agile developers securely upgrade government IT systems and move to the cloud. After about almost a year of testing at several agencies, including the Department of Health and Human Services and the Federal Emergency Management Agency, eGlobalTech has made its DevOps Factory broadly available.
An end-to-end DevOps framework and suite of advanced security and cloud deployment automation tools, DevOps Factory was designed to align with federal policies and standards, such as systems development life-cycle deliverables, governance and compliance with the Federal Risk and Authorization Management Program and Federal Information Security Management Act.
“The ultimate core objective of DevOps Factory is the rapid transformation of nascent business ideas and requirements into functioning production release offerings,” said Rajiv Kadayam, senior director of technology strategy at eGlobalTech. The goal was to offer agencies security, flexibility and a process model that allows them to "continuously iterate and scale with changing business needs.”
At HHS, DevOps Factory cut the time it took to release workloads to the cloud from four or five hours to about 30 minutes, Kadayam said. At FEMA, the technology helps users publish and consume geo-coded data. It also helps scale a cloud-based geospatial disaster management support environment used by all FEMA regions plus the Army Corps of Engineers and the Department of Homeland Security to coordinate response to natural disasters.
“When an emergency happens, usage really spikes,” Kadayam said.
There are two main components of DevOps Factory. One is Espial, which automates and integrates penetration testing as part of the continuous-integration, continuous-delivery pipeline. This triggers early detection and remediation.
“Rather than having penetration testing done right before deployment by an independent third party -- we still have that -- we wanted to have early visibility to those … issues that are typical in a web application project,” Kadayam said. “We want to be able to detect those issues early in the process, and this tool helps us to do just that.”
Espial works alongside Cloudamatic, which eGlobalTech launched in 2016. Compatible with Amazon Web Services and Microsoft Azure, it accelerates automatic deployment of secure applications onto any cloud platform by provisioning, configuring, orchestrating and managing complex software configurations.
“The idea of DevOps Factory is to provide flexibility to agencies" in meeting systems engineering and development lifecycle guidelines, Kadayam said. “Our approach is to be able to make a lot of those more and more electronic.”
For example, at FEMA, eGlobalTech implemented a fully electronic change management process for developers. It used Jira, Atlassian's issue-tracking software, to give developers visibility and help them easily track "appeals and recordkeeping rather than having onerous meetings and onerous document-based approaches,” Kadayam said.
Because eGlobalTech supported FedRAMP from inception, he added, it instituted a security-by-design approach and automated security and compliance processes for controls such as National Institute of Standards and Technology SP800-53 and FISMA.
DevOps Factory users are agile developers who want to independently code and push changes to development testing environments while automating many functional aspects. But “the bulk of DevOps Factory automation and engineering is happening behind the scenes, such as being able to orchestrate complex deployments, multiple [virtual private clouds], multiple security and firewall settings, interconnections to other systems and whatnot,” Kadayam said.
Looking ahead, the company plans to add more capabilities to provide metrics and may add Jenkins, an open source automation server, so users can work with multiple pieces concurrently and have visibility into where each is in the pipeline.
NEXT STORY: GSA looks to bring AI to proposal reviews