CONTAINERS @ NASA CASE STUDY
Agency Container Platform Implementation at NASA
According to Gartner, Containers can help enterprises modernize legacy applications and create new cloud-native applications that are both scalable and agile. Container engines such as Docker and orchestration frameworks such as Kubernetes, provide a standardized way to package applications — including the code, runtime and libraries — and to run them in a consistent manner across the entire software development life cycle.
TekFive has found, by leading NASA Agency DevSecOps based containerization projects, the key functionality for container deployment is provided at the orchestration and scheduling layers. The orchestration layer interfaces with the application, keeps the containers running in the desired state and maintains service-level agreements. Scheduling places the containers on the most optimal hosts in a cluster, as prescribed by the requirements of the orchestration layer.
The Challenge
TekFive leadership was tasked by the NASA CIO, to lead the implementation of an Agency wide DevSecOps pipeline and hybrid cloud CONTAINER infused platform. The vision of this project was colloquially referred to as a NASA Moonshot and was to provide the capability to release, “Software to the end user in under an hour…anything, anytime, anywhere” with the goal to, “develop and deploy apps and services automatically into highly available commodity platforms while enforcing compliance with NASA’s software development, configuration management, quality assurance, cyber-sec/information assurance and release management requirements”.
The project utilized DevSecOps Continuous integration (CI) and continuous delivery (CD) CI/CD automation tooling and Containerization to solve the following agency challenges:
Unable to move apps and services from on-prem to cloud infrastructure
High cost of development and operations
Manually intensive and extremely long development and release cycles (lack of GitOps and DevOps)
The shifting left of the security testing and compliance rather then just prior and in production
Our Results
The project delivered a full DevSecOps CI/CD pipeline providing automated builds, automated testing, security and health scanning, metrics reporting, automated 508 accessibility compliance, user judgements and continuous delivery across the application landscape (dev, test, stage, prod). In addition, implementing user research based demand for Human In the Loop (HIL) injection/intervention. The project goals, outcomes and impact include continuous deployment, automation, and monitoring, along with operational cost reduction, while increasing transparency, efficiency, and cybersecurity for our NASA AAO customer.
The customer-valued outcomes of our project were many, to include budget and operational efficiencies, combining and integrating resources to meet a cross functional collaborative service over multiple NASA departments, with an increase in cyber stability. The below outcomes reduced the customer IT infrastructure budget by over $400k, reducing deployment times by over 80%, with a parallel increase of over 20% new applications deployed to production. Our operational outcomes were over 120 applications leveraging the secure container and migration to the DevSecOps pipeline. The reduction in deployment investment was reduced by 80%, providing an increase in quality of life for the operational staff. The operational shift of security testing to the initial development cycle, added valuable cyber governance transparency and collaboration, early in the SDLC, rather than at critical later stage gateways. Lastly, our new operational ability to deploy applications both on-prem (OpenShift) and the cloud (Google GKE) adds the ability to deploy to a flexible hosting environment.