As agency software development teams engineer applications for cloud environments, end-to-end automation of the entire Dev/Sec/Ops workflow is critical for successful deployment of cloud services.
To that end, the Homeland Security Department is hoping by year end to launch Cloud Factory, a platform offering shared services capabilities to provide a fully automated provisioning and delivery lifecycle for cloud services.
“Cloud Factory is coming to fruition and with U.S. Digital Services we are doing an assessment” as the platform goes through an authority to operate, said Kshemendra Paul, cloud action officer with DHS.
The idea of end-to-end automation is critical for Dev/Sec/Ops and cloud transformation. “You can’t have an automation step and then a manual step, and an automation step and a manual step. That defeats the purpose,” Paul said. Paul spoke at the ACT-IAC Federal Insights Exchange and IT Management and Modernization COI Program, featuring the Department of Homeland Security Cloud Forecast, in Washington, D.C on July 11.
Cloud Factory will serve as a “reference of implementation of how to do end-to-end automation.” The aim is for DHS headquarters to collaborate with the department’s component organizations on sharing best practices, lessons learned, scripts, and code. Then, “DHS can coalesce around common approaches to realize automation for productivity gains,” Paul said.
Cloud Factory “supports the build, test and deploy aspects of dev/ops as well as the operational (production) support needed to host and secure the application and its mission,” the agency writes in its 2019 budget justification to Congress.
“The system will ingest user code, assemble the desired machine images (MI), customize the MI configurations, validate security configurations, and deploy the environment in hours as opposed to months. It will utilize account monitoring tools which the business owner will be able to view usage statistics, costs, utilization data and various at hand dashboards to ensure they are meeting mission objectives,” according to DHS.
U.S. Immigration and Custom Enforcement (ICE) and U.S. Citizenship and Immigration Services are the DHS components furthest out in terms of looking at cloud engineering and the tool chain, Paul noted.
At USCIS development teams are looking at automation as a process to help standup up a dev/op environment. In general, when developers want to make a change to an application, they create feature releases inside the application. The first step is to stand up infrastructure to support that application. They might use an automated software server like Jenkins to create a cloud formation template or a script tool to build out the infrastructure, said Steve Grunch, branch chief of enterprise cloud services with USCIS.
Then a development team would lay the application on the infrastructure where they might deploy configuration management tools to install the software and to make the required configuration changes. Automated testing will mostly likely be a part of the process. Once all these functions clear the gates, then a final job launches the new changes and executables out to the production environment.
“Ideally, what we are looking for automation [to do], in terms of that process, is [ensure] that the team that developed the application has developed an immutable process of getting that application code out into the cloud environment,” Grunch said. And, there should not be any manual process stubs that are occurring to get that product in service.
“At the end of the day, that is what we are looking for,” Grunch said. He noted that automation is being deployed in other areas such as for governance controls.
As agencies move to the cloud and modernize their networks and consolidate security operation centers, it is important that IT managers do not forget about the need to continue to mature the enterprise data management function, so the quality of data is better managed and there is better transparency of data, Paul said. There are movements within DHS to improve data management, which is making an operational impact on DHS components’ administration of their missions, he noted.
“To realize the targeted benefits for the cloud we have to be very aware about the data,” Paul said. “Vice versa, I don’t think the folks on the data side are going to make the progress they think they can make without reducing the friction on dealing with data from an infrastructure perspective.”