Telos Corporation is a leading provider of cyber, cloud, and enterprise security solutions whose customer base includes a diverse group of enterprises that function in all the major cloud infrastructures as well as on-premise data centers. The organization was in the process of modernizing its flagship cybersecurity risk management platform, Xacta. This next-generation risk management platform delivers world-class cybersecurity, governance, risk, and compliance solutions for highly regulated commercial enterprises as well as federal agencies looking to achieve their Authorization to Operate (ATO). The goals of this modernization initiative were to:
- Create a portable DevOps solution that automates the creation and roll out of the platform’s cloud native infrastructure for the AWS Commercial, AWS GovCloud, AWS C2S regions, on-premise VMWare clouds (with Azure capability in the works).
- Automate the full lifecycle deployment of the Xacta platform to any Kubernetes clusters within the target cloud environments.
- Create a solution that automates the creation of risk management platform artifacts and services as container workloads and deploys to the target Kubernetes clusters.
- Reduce the deployment cycles and enable the rapid release of software features and security enhancements.
Telos was looking to modernize the entire deployment lifecycle to adhere to modern DevOps and cloud native principles. Oteemo was asked to lead the effort in streamlining the product deployment model and to fully automate the implementation for their application stack using current DevOps methodologies and cloud native architectures. The end goal was to provide an automated solution that would achieve a faster, consistent, predictable, and compliant application and platform deployment.
The initial target of this effort was a SaaS use case, followed by custom deployment workflows into Amazon Web Services (AWS).
Oteemo started the engagement with a thorough discovery of the application’s current deployment model and its dependent services. A detailed analysis was performed to gain an understanding of the system architecture, build and deployment process, and the steps involved in creating a deployment artifact. Manual steps and deployment inconsistencies were identified. Opportunities to change the existing architecture were discussed and documented. Based on the findings, goals and objectives of Telos’ stakeholders, Oteemo created a strategy and roadmap to implement the cloud native DevOps automation solution. Oteemo and Telos created a dual delivery model and the team’s approach took into consideration all aspects of People, Process, and Technology to ensure successful transformation.
A Deployment Automation Framework was designed to handle the following: 1) Installing cloud native resources and services in the target cloud environment 2) Configuring these services appropriately to ensure deployment readiness and 3) Deploying the Xacta.io application services into the target cloud native environment. The solution leveraged various tools across the CNCF and cloud ecosystem. Some tools to highlight are: Kubernetes, Docker, Jenkins, Nexus, GitLab, Packer, Ansible, AWX, Terraform, and CloudFormation. AWS managed services used for the deployment include RDS, ECR, ElastiCache, and Elasticsearch. Other services used are Zookeeper, Kafka.
Phase 1 (AWS Commercial and AWS GovCloud):The first phase of the solution focused on implementing the framework for AWS commercial and AWS GovCloud. A Jenkins CI/CD pipeline was developed and integrated within the automation framework that uses Packer to create an AWS AMI containing both the tooling necessary for automation and dependencies required for a successful deployment. The AMI allows one to provision an AWS EC2 instance with a fully functional web service UI to be used for the automated deployment. The customer would then login, answer a few required entries (AWX Survey) and launch the deployment. The workflow integrates KOPS (for Kubernetes deployments), AWS managed services (via Cloud Formation), application dependent services such as Zookeeper and Kafka, and finally the Xacta.io application.
The output of the automated workflow provides endpoints for the customer to access and manage: the database (AWS RDS), the monitoring platform (AWS Elasticsearch), and the customer application to be used for managing cybersecurity, governance, risk, and compliance solutions.
Phase 2 (AWS C2S/SC2S and On-premise Air-Gapped): Once the automated deployment solution was implemented for AWS in the Commercial and AWS GovCloud environments, our teams started the work to extend this capability to the AWS C2S/SC2S environments and on-premise air-gapped environments running on VMWare.
Due to the nature of air-gapped environments, KOPS was no longer a viable solution for deploying Kubernetes. After assessing the constraints of air-gapped environments and doing necessary research and development, the Oteemo team worked on multiple proof of concepts to analyze and understand the pros and cons of various tools and approaches to provisioning the Kubernetes platform in multiple air-gapped environments. Finally, the team picked Rancher’s RKE Kubernetes platform due to its portability across the various cloud and on-prem environments; its air-gapped solution, security, ease of use, documentation and support among other criteria.
A Nexus repository was created for maintaining Docker images and packages required for the deployment solution. Terraform was introduced for provisioning the infrastructure in each of the cloud environments. Terraform was chosen due to its cross-platform nature with the thought of portability between AWS and other cloud providers because infrastructure automation is a feature that was lost when KOPS was replaced. Oteemo then redesigned the Deployment Automation Framework and developed a solution around Rancher’s RKE Kubernetes provisioning model delivering a single artifact that provides a fully automated deployment of the customer’s application stack across AWS Commercial, AWS GovCloud, C2S/SC2S environments as well as VMware On-premise air-gapped environments.
During this process, our teams also applied security measures for CIS and STIG compliance at both the OS and Docker image levels.
"As part of our journey to AIOps, we were in the process of transitioning our product platform to a microservices architecture. This transformation involved quite a bit of orchestration using containers, kubernetes and other cloud native services. We engaged Oteemo to provide that expertise and help accelerate our transformation. We are extremely pleased to have Oteemo as our strategic partner."
- Fully automated portable deployment solution across AWS Commercial, AWS GovCloud, C2S/SC2S and On-premise air-gapped environments running VMWare.
- Infrastructure-as-code and configuration-as-code practices that allow rapid engineering and enhancements for the future.
- CI/CD pipeline that always results in a consistent, secure and compliant deployment artifact.
- Monitoring and Analytics solution for monitoring application performance and Kubernetes platform metrics.
- Standardized DevOps tooling for a modernized infrastructure and application delivery model.
- Agile DevOps Methodologies provide quicker reporting and feedback loops allowing for redirection of design and features when needed.