Bringing DevSecOps, Containerization, and Microservices to ASSYST Customers

ASSYST COO, Joe Anderson and VP of Technical Solutions, Vijay Narasimhan, reflect on the remarkable growth delivering capabilities to customers in the areas of DevSecOps, containers, and microservices.

Vijay Narasimhan leads service delivery across Federal Civilian and DoD, and he is the principal architect of ASSYST’s Green Accelerator Program. The Green Accelerator Program is our innovation lab and incubator program where we perform customer-focused applied research utilizing open-technology in the cloud infrastructure. Vijay’s focus includes native architectures, cloud-agnostic development, cloud hopping, collaborative coding, interoperability, and automation. 

In addition to his role as the COO, Mr. Anderson leads several prominent programs in the Federal marketplace, providing consultation for IT and business leaders on several leading-edge technology areas, including multi-cloud, AI/ML, microservices, shift-left implementation approaches, robotic process automation, and zero-trust architecture implementation.

Joe Anderson: Hello Vijay. I find it promising to see the Federal sector embracing DevSecOps, and I know our engineering teams are excited about this transformational shift. I’m seeing a strong correlation between Agile, DevSecOps, and cloud migration within our customer base, and the number of opportunities is growing. I think the advancements in open-technology and new approaches to security have helped fuel the growth in opportunities for businesses like ours. The growth is certainly providing better opportunities for our UCD/UXD designers, DevSecOps engineers, cloud architects, and Pipeline engineers. I’m noticing that our customers who are truly committed to the practice are becoming more interested in using cross-cloud platforms and/or cloud-native approaches for their applications because of a greater emphasis on portability. I’ve also noticed that our engineers are becoming more adept at writing code and developing applications to run on or are portable to any cloud environment. In this way, DevSecOps and open-technology are really delivering on the promises.

Vijay Narasimhan: What I like about transforming our delivery teams to DevSecOps is how collaborative our Agile teams have become. In the past, the interaction between UCD/UXD, infrastructure, pipeline, configuration, back-end engineers, and front-end developers was occurring when there was a major release or at a defined phase-gate. With DevSecOps, the collaboration between the team members is happening hourly and daily across these areas of responsibility. Anyone can be brought into a daily standup or a huddle, and barriers and/or roadblocks are resolved almost instantaneously, keeping the development process moving forward. I’m also noticing how quickly the DevSecOps team comes together and socializes, and you can see how it is more engaging and rewarding to the team members.

Joe Anderson: I continue to be impressed by the maturity and sophistication in the DevSecOps tools, especially in the area of automation with respect to security, CI/CD pipeline activities, configuration and branching strategies, and Agile processes. The ability to monitor and measure all of the activities in the environment and present the information in a single window-pane or dashboard is an elegant solution for tracking performance. Additionally, the emergence of process automation in the DevSecOps environment results in faster time to market and a significant reduction in errors and defects. The ability to automatically identify, categorize and prioritize incidents and vulnerabilities, or automate and enforce the code branching strategy, or automate the test, build and deploy process are accelerating Sprint cycles.

Vijay Narasimhan: That’s right Joe. The number of processes you can automate in the DevSecOps environment continues to grow and mature. Also, many of these technologies come with built-in analytics capability which is very helpful. One of the areas I am focused on is working with our customers to aggregate and present the analytics utilizing the DevSecOps tool-chain for infrastructure, pipeline, configuration, back-end, front-end, and UCD/UXD activities into a customer-specific dashboard to capture and display the most important metrics for measuring performance and the business impact. The other positive outcome we are experiencing on our delivery teams is a heightened awareness across the different areas of responsibility amongst team members. For example, if the infrastructure is performing security patches or upgrading CI/CD tools, the backend and front-end engineers are immediately aware, and if there is a potential impact to a Sprint cycle, they’ll huddle, walk through any issues, resolve any potential roadblocks, and pivot resources to keep the build on schedule.

Joe Anderson: I see more of our customers’ environments are supported remotely and most of our DevSecOps teams are working in a virtualized infrastructure environment in the cloud. It’s become apparent to me that for the mission and enterprise systems we are supporting, and especially those systems with high availability and high volume requirements that Kubernetes container orchestration is becoming an increasingly more important service and skills provided by our cloud architects and administrators. What I find both empowering and inspiring is how our DevSecOps teams are utilizing Kubernetes for deploying and managing containerized applications and we have fully integrated Kubernetes with our CI/CD processes.

Vijay Narasimhan: Yes, continuing to expand our capabilities in Kubernetes container orchestration and utilizing Infrastructure as Code (IaC) for provisioning virtualized computing resources to support our DevSecOps teams and customers is a primary focus of mine. The speed at which we can stand up development, quality control, and production environments, and deploy Agile teams for our customers is unparalleled. The performance improvements we are seeing with Kubernetes in AWS and/or Azure are significant, and our ability to integrate Kubernetes with our other CI/CD pipeline tools and development environment has reduced delivery schedules significantly. The ease of provisioning and configuring the technologies you need to develop, enhance or modernize a system is a major factor in improving delivery schedules, and improving quality.

Joe Anderson: ASSYST is fortunate in that the partnerships we have established with AWS, Azure, RedHat, and GCP, and the investments we have made in DevSecOps, containerization, and microservices enable us to provide our customers with innovative approaches specific to their systems, applications and operating environment. Our customers are having difficulty trying to keep up with technology changes impacting tool selection, adoption, and new technologies, and sometimes struggle to understand how it fits into their existing operating environment. These distractions are resulting in activities that deviate from the core business. I think deviations away from the core business because of technology changes is a key driver behind the importance of UCD/UXD/IXD design activities within the DevSecOps team. When the user experience is integral to the DevSecOps team you can begin to achieve frictionless services and faster paths to a Minimum Viable Product (MVP). Then based on the user experience patterns and metrics, we enhance the features of the product using low code approaches and microservices. More and more this is what our customers are expecting.

Vijay Narasimhan: I’m glad that you are bringing up the importance of frictionless services and how we are approaching this with customers. I think you have outlined the DevSecOps path to frictionless services and digital transformation succinctly. An area I am focusing on is how to utilize the DevSecOps toolchain to provide customers the ability to measure the business impact of the DevSecOps team. For example, analyzing real-time interactions of UCD/UXD/IXD, front-end, back-end, pipeline, configuration, and infrastructure activities. This is currently an initiative of our Green Accelerator Program with interest from the Department of Homeland Security, Department of Defense, Centers for Medicare & Medicaid Services, Food and Drug Administration, Health Resources and Services Administration, and the Equal Employment Opportunity Commission. Our customers need DevSecOps to provide frictionless services, and for them to transform and succeed using this new delivery model, then we as service providers need to provide solutions where customers can easily measure our performance based on the user experience.