CTAC AWS DevOps Case Study for Automation Services
Introduction to Customer
Open Source Role Based DevOps Intranet on AWS
The General Services Administration (GSA) had a requirement to modernize its intranet platform. As a large organization, GSA needed an enterprise environment that could support many organizational divisions with shared processes, but clear separation of duties. With multiple teams and projects operating concurrently, meeting requirements for self-service for developers and release managers was critical to success.
Overview of Challenges
The CTAC team needed to implement a robust and highly available DevOps and delivery platform meeting GSA and Federal FedRAMP, NIST, and FISMA security requirements. CTAC needed to implement a system in which different teams could access their workflow within one system that included pre-defined processes. The solution needed to utilize a single environment, limiting team access to just the applicable jobs for their project(s). Each business group that was to be supported also had their own set of pre-defined processes and needs along with future business groups.
Details of Solution
CTAC chose AWS (and over 20 AWS services) and several AWS technology partners to build the GSA intranet DevOps platform. CTAC was able to securely integrate AWS services with Jenkins, an open source automation server. Jenkins orchestrates multiple types of defined Jobs in which predefined processes can be established for each team/project. The Job categories we utilized include:
- Admin Only
Three roles were established within Jenkins to include:
- Release Manager
The Admin role administers the systems and services, and manages permissions to project resources. The Developer role accesses project logs, initiates application builds, and performs actions on pre-production such as deployments and database loading. The Release Manager role has all of the same permissions as the Developer role, plus the ability to deploy to production. Each user needs to be provided both role type permission and project permission to access the specific, predefined Jobs.
The solution lessened the reliance on and burden upon the System Administrator group. While only the Admin has access to the systems, the Developer and Release Manager now have access to the logs and information necessary to diagnose issues without compromising the system. This allows real-time troubleshooting to determine the cause of potential build or runtime errors. Because each build creates the server from the most up to date templates — allowing this process to serve as automated patch management solution — every team is now directly involved in the patching process. This level of self-service greatly enhances the users’ ability to work in an agile environment, servicing their business needs and utilizing time effectively. With multiple projects working in parallel, it was important to keep track of user actions. The solution provides traceability such that details of each user’s actions in the system are tracked.
By integrating open source automation services in AWS, CTAC was able to provide our federal client with a modern DevOps approach supporting its enterprise intranet needs. Key principles of CTAC’s solution were:
- Removing bottlenecks and human errors from deployment processes
- Empowering developers with access to tools to troubleshoot and respond to issues
- Providing push-button deployments with auditing and compliance baked into processes