Management

State and Local Agencies Scale Services Rapidly with DevOps

Government organizations turned to proven methodologies for rapid development to meet pandemic challenges.

Novid Parsi is a freelance writer based in St. Louis who covers technology and many other fields.

For many state and local agencies, the pandemic shifted the pace of digital transformation into overdrive. To maintain social distancing while continuing to serve citizens, these agencies quickly moved services online. Many are turning to DevOps to make these and other nimble pivots.

Agencies may use DevOps to implement contactless services, such as renewing vehicle registrations, that previously would require in-person visits.

“Think about how many government websites were set up or enhanced last year because people couldn’t walk into an agency,” says Eric Sweden, program director for enterprise architecture and governance at the National Association of State Chief Information Officers.

The agencies that adopted DevOps were better poised to much such quick pivots, he adds.

It’s not just the pandemic-related projects that benefit. From May 2019 to June 2020, the Wisconsin Department of Corrections successfully implemented a new technology platform using DevOps.

Such projects reflect a DevOps adoption that’s been years in the making. In NASCIO’s 2017 State CIO Survey (the last time the annual survey asked specifically about DevOps), only 15 percent of CIOs said they either were not implementing DevOps or didn’t know — down from 42 percent a year earlier.

What Is DevOps?

DevOps combines development with IT operations, breaking down the traditional silos between the two teams and enhancing their collaboration to develop, test and deliver software more quickly and successfully.

DevOps isn’t a certain skill set or toolbox. It’s about a collaborative culture as much as it’s about technology.

“DevOps isn’t a set of tools, although tools make it happen. It’s a methodology for delivering software into production in a fast, efficient manner,” says Jim Mercer, research director of DevOps and DevSecOps at IDC.

“The culture is what’s required to make DevOps work,” says NASCIO’s Sweden.

That’s a big change from a traditional waterfall approach. In that approach, a development team gathers all the requirements up front and releases the product only once it’s fully complete. The customer typically doesn’t see the product until the very end. A waterfall development could take months or even years — at which point the project’s business needs and requirements likely will have changed.

“While the project is in the pipeline, it may have become obsolete,” Sweden says.

DevOps takes a different tack.

With DevOps, the development and IT operations teams develop and test a solution together. They deploy small software updates that get rolled into production, or rolled back if there’s an issue.

The customer is involved every step of the way, so the IT team and business team work together. One doesn’t serve the other — or punish the other for mistakes. “It’s not us versus them anymore. We all build this together; we all have skin in the game,” Sweden says.

DevOps vs. Agile: Is It the Same Thing?

While DevOps teams often use agile operations, the two methodologies aren’t the same thing. Of the three major steps in any development project — gathering the requirements for the system or application, developing and testing it, and then operationalizing it — agile applies to the first two. Agile builds and tests iteratively to ensure that what is developed is what the customer wants.

DevOps bridges the gap between the second and third steps. Its testing of the application or system mirrors the ultimate real-world use — with the same data volumes, the same traffic, the same demand of resources.

The culture is what’s required to make DevOps work.”

Eric Sweden Program Director for Enterprise Architecture and Governance, NASCIO

“The test environment emulates the production world, so when you test something, you have the same characteristics as the system where it will reside when it’s delivered,” Sweden says. “So, there’s not going to be any surprises.”

If there are surprises, they pop up during development — not after delivery. “You test in such an incremental way that if something fails, it’s not a great big failure, it’s a small failure. And if it succeeds, it’s a small success that builds toward the larger vision,” Sweden says.

“DevOps is about making sure that when things go into production, both the development and operations teams have confidence they will work,” Mercer says.

Security also benefits from DevOps. With traditional development, “security is injected into an application as an afterthought,” Mercer says. The security team usually looks at the service or application right before release, then produces a long list of vulnerabilities, many of them false positives — all of which often delay the release.

A DevOps security approach, or DevSecOps, “shifts security to the left” in the timeline, Mercer says. Developers take responsibility for security, while security teams don’t simply point out problems but instead work alongside the developers.

DIVE DEEPER: How can cloud tools quickly enable modern applications for government?

What Are Continuous Integration and Continuous Delivery?

DevOps leverages both continuous integration and continuous delivery. With continuous integration, code changes get automatically tested and integrated into a shared code repository several times a day. That makes possible continuous delivery: producing software in short cycles so it can be reliably released at any time.

Again, it’s helpful to think of the contrasts with waterfall. In a waterfall scenario, a software build might run weekly or even nightly. However, by the time it runs, it might already be broken. What’s more, team members who don’t realize that might have kept building on it.

With continuous integration, each integration triggers an automated build and test to ensure the fundamental capabilities of the service or application haven’t been broken.

In waterfall, a build isn’t typically tested in its final format, creating problems with configuration and consistency. Continuous delivery automates that testing process, so when developers create a new version, they can rest assured it works. “It’s actually tested all along in the way it’ll run in production,” Mercer says.

CI/CD also can help improve over agile processes. With agile, developers might want to move quickly to produce small releases, but the operations team can’t always match their pace; CI/CD has checks and balances to make sure any new update doesn’t break the system. With CI/CD, DevOps helps ensure the service or application is not only developed well but also always runs well.

VIDEO: What can government IT pros learn from the rise in digital services?

What Are the Best DevOps Tool Chains?

Among a host of DevOps tools by software providers such as Chef and Puppet, GitLab offers perhaps the most complete DevOps platform. Yet rather than using any one tool chain, developers tend to pick the DevOps platform that best suits their needs, whether offered by Amazon Web Services, Broadcom or IBM, then use other tools to fill any gaps.

“What most people do is use the majority of a platform but plug in some of their own tools here and there,” Mercer says.

Some providers might claim to have an end-to-end DevOps platform, Mercer says, “but they all miss aspects of the DevOps pipeline.” For instance, a platform might have just about everything needed for DevOps, except for automated testing capabilities. In that case, developers would have to add their own testing.

What Are the DevOps Certification and Training Options?

The DevOps Institute offers a range of certifications — from the DevOps Foundation certification, which covers core concepts and practices, to the DevSecOps Foundation certification, which involves security and compliance. Some consulting firms deliver DevOps Institute-aligned training to organizations and agencies.

There are plenty of DevOps courses available via LinkedIn Learning, including tutorials on using open-source systems like Docker and Kubernetes for DevOps.

“At the end of the day, all that training is really good, but DevOps is very much a cultural change, so it takes time to adopt it,” Mercer says.

It also takes buy-in from the top, he adds. “To be successful, DevOps really needs to take hold at the leadership levels of organizations.”

gorodenkoff/Getty Images