Federal agencies often find themselves under pressure to implement DevOps in order to increase the pace of mission impacts and responsiveness to citizens. The benefits are clear: DevOps drastically improves an agency’s ability to deliver new software and services to its customers in a timely fashion. But figuring out where to start in that process can be a daunting task, and no two agencies are alike. So what’s the best way for agencies to get started?
Booz Allen has been on the DevOps transformation journey for years now, and Jeff Fossum, digital transformation architect, said it’s important to remember that DevOps is not an end in and of itself.
“I can tell you truthfully that you don’t have to master or implement every DevOps practice to begin delivering software faster,” Fossum said. “I like to think of it as a maturity model, where you accelerate the delivery of software to users and production over time to help illustrate this point.”
Many agencies, when first starting on their own DevOps transformation journey, make the mistake of trying to do everything at once. Instead, Fossum recommends that they take a step back and identify the practices where it can have the biggest impact, and start there. A modest DevOps push is the best way to get started and is most likely to succeed early on.
It can also help if agencies employ only a few tools when just getting started. For example, implementing a modern configuration management system or a pipeline to support continuous integration and automated testing can have an outsized impact on the delivery of software, especially as time saved begins to stack up over longer periods.
“Booz Allen Hamilton helped modernize an agency’s grant systems, including several dozen applications by first moving from a waterfall approach to an agile approach to speed the development of software. Next, we employ just a few DevOps tools and techniques,” Fossum said. “A modern configuration management system, and a modest DevOps pipeline to support continuous integration and automated testing that reduced software delivery to production from weeks to just a few hours. And we did it with fewer deployment issues. Over the course of the year, this actually saved 12 weeks of time in simply releasing software to production time the agency could better spend on developing and delivering new and better features for its users.”
Once an agency begins to get comfortable with DevOps processes, it can begin to move into the DevSecOps phase. This is where an agency will begin to form tightly integrated teams of software developers, testers, security engineers, and IT operations specialists. This is an important step, because DevOps isn’t just about the technology. The people and processes are just as important to a proper DevOps implementation.
This DevSecOps integration allows for security and operations to come together during the software design process, rather than only weighing in after the fact, which often necessitates additional work to integrate their feedback. But when an agency reaches the DevSecOps stage, the processes become more streamlined and efficient, and the speed of software delivery continues to increase.
“Booz Allen partnered with a federal department to implement additional DevOps practices including infrastructures code and continuous delivery, including an approach referred to as blue-green deployments. This allows for identical cloud environments to be used in the deployment process where you upgrade one environment. Then simply flip a switch to the newly upgraded environment for production use no downtime at all, for users,” Fossum said. “This DevOps implementation allowed the department to now align production deployments to the end of each and every agile sprint, delivering responsive mission impacts every two weeks, across the enterprise. So instead of four quarterly software deployments per year, this department is now deploying impactful software 26 times per year that real DevOps impact for some federal missions, a full implementation of all DevOps practices is warranted.”
Whether agencies progress through a series of small steps, or they’re able or forced to implement a full complement of DevOps practices, this provides agencies with better outcomes and sustainability. It also allows for a continuous flow of new software and features that get delivered to production almost immediately after they’ve been developed. This mirrors the patterns of many modern private sector technology companies, which are constantly updating their products with new features.
“This level of DevOps maturity allows for the developed code to be checked in, and immediately flow through the DevOps pipeline into production for maximum responsiveness, just like Netflix,” Fossum said.