The Modernizing Government Technology Act (MGT) and other related initiatives are pushing agencies to move away from aging, legacy applications as well as costly, complex software projects. The goal is to have more secure, agile, and cost-effective IT infrastructures replace them.
DevOps, a moniker that is a combination of development and operations, is emerging as an approach that could help Federal agencies modernize and speed new development efforts, especially as they migrate to cloud services. DevOps is a software engineering culture as well as a practice that advocates automation and monitoring throughout the software development lifecycle. It generally pairs development teams with IT operations throughout the development cycle, eliminating the somewhat adversarial role that sometimes has naturally formed in many organizations.
“The aim is to shorten development cycles, increase deployment frequency, and ensure more dependable releases — all in conjunction with aligning IT with business processes and objectives,” noted Adam Clater, chief architect with Red Hat U.S. Public Sector. Clater compared the approach with how Toyota manufactures cars, where everyone in the process has a buy-in, and people, process, and technology are woven together.
“Government has already done a bit of retooling,” said Clater, “Government developers want to write apps in new technology.”
Some agencies have already deployed DevOps to reengineer and modernize their infrastructures, including the General Services Administration, Office of Management and Budget, Veterans Affairs, the Department of Homeland Security, and the Environmental Protection Agency. There are teams in the Department of Defense, the National Aeronautics and Space Administration, and Health and Human Services that also use DevOps
The difficult part, for some organizations, has been moving from traditional “waterfall” development methodologies to more agile development, in which solutions evolve through collaboration among self-organizing, cross-functional teams. How do you change an organization responsible for 50 years of legacy data, and move to towards a different way of writing new applications?
Understanding the culture of the organization is the first step, Clater noted. “Then, you need someone with the internal will to be the champion of DevOps and agile development,” he said. “In addition, there is a need to celebrate people, and talk about the great work they have done.”
Technology is available to help build new apps and move to virtualized environments. One often used in the private sector is OpenShift, by Red Hat. OpenShift is a container application platform that automates many of the manual processes involved in deploying and scaling containerized applications.
It is important to realize that security should not be bolted onto software as an afterthought, especially within a Federal DevOps organization. In fact, Clater notes that “Security operations people must have a seat at the table. It is not something that can be layered on at the end.” All DevOps and security teams must work together to ensure that security between platforms, operating systems, and infrastructure conforms to standard security controls and requirements.
Some metrics to track a DevOps program’s success include measuring deployment frequency, how often is the team deploying new code; the time from when new code starts development to when it is successfully deployed into production; the percentage of failed deployments; and how long it takes the team to recover after a failure, to name a few, according to experts.