Particle41 Case Study.
About The Organization.
A large government systems integrator (SI) provides actionable intelligence to a government agency. The SI needed a consistent way to create secure platforms for its portfolio of over 450 applications in AWS. The platform had to follow the Defense of Information Systems Agency’s (DISA) Security Technical Implementation Guide (STIGs) guidelines to secure operating systems, commercial and open source COTS packages. The goal of the project to create secured and scanned operating system images so they can be used as a base for application deployments.
In addition, the software pipelines have to perform numerous unit and integration tests. .
Create Continuous Integration / Continuous Deployment (CI/CD) pipelines to perform automated testing and creation of DISA STIGed images
Update / create Terraform scripts for AWS infrastructure automation
Continue to meet stringent security and compliance requirements at every step
Establish reliable deployment practices
Integrate with existing and new testing frameworks such as Gradle, JUnit, and Cucumber
When the client approached RestonLogic, they were looking for a reliable means of creating software delivery pipelines including automated testing of their application. The number of clients were increasing every month and the software version deployed for each customer’s cloud instances was different. This caused confusion, additional overhead and multiple software branch streams to support a particular version. The customer needed a fool-proof method of updating application on these clusters without incurring any downtime.
The application stack used several AWS services such as ECS, RDS, ELB, EC2, Kinesis and Redshift. Our team got to work immediately and met with software, network, data architects to understand the complex workflow and component interactions. We understood the authentication, data flow, application roles, deployment, monitoring, KPIs and scaling challenges.
We presented our approach, toolsets, deployment and testing strategies, milestones and gap analysis. Our approach and attention to detail was well received and after incorporating feedback from customer, we began Phase 2 of the project.
Our team relied on existing SCM tools (Gitlab), Chef cookbooks, testing frameworks, build tools (ANT) and audit procedures to save time. The missing piece was an orchestration engine and integration with new tools such as Terraform. Next, we used Terraform to spin up AWS resources while other teams were working on testing tools and enhancements such as converting ANT scripts to Gradle build system. Another team tested binary and software repository like Artifactory for intermediate and final app artifacts.
We used Jenkins extensively to build and integrate STIG cookbooks, install Nessus agents and create secure AMIs using Hashicorp’s Terraform and Packer tools.
The complete setup is captured in the following diagram:
These efforts are part of a multi-year cloud migration and refactoring project but it’s off to a great start. At this stage, the customer has:
- A well-tested suite of Jenkins pipelines that produce secure and Nessus scanned Amazon Machine Images (AMIs)
- Ability to spin up app clusters using these AMIs using Terraform
- Ability to leverage existing tools such as ANT build tools and Chef cookbooks
- A central repository of approved images and COTS packages
- Ability to easily extend the framework we put in place for additional software packages