About the Customer
The Defense Logistics Agency (DLA), a vital component of the U.S. Department of Defense, plays a critical role in supplying the nation’s military forces and supporting their operations. DLA ensures the availability of necessary resources and materials, spanning across a vast range of logistical needs. DLA’s Procurement Integrated Enterprise Environment (PIEE) is the primary system for DoD procure-to-pay activities.
Customer Challenge
Credence has partnered with the DLA to establish a compliant managed services platform in AWS GovCloud which now hosts 17 mission critical systems. This platform is one of the most advanced and complex IL 4/5 AWS cloud platforms in the DoD, with close to 100 VPCs, thousands of EC2 instances, hundreds of RDS databases, dozens of containerized clusters purpose-built by Credence for the DLA to manage the scale, complexity, and operational demands of DoD mission critical systems. While critical systems were hosted in this platform, some applications were being developed and tested in other enclaves. The customer required a more efficient and compliant process which integrated development, security, and operations.
Credence Solution
Credence architected and deployed a robust DevSecOps platform hosted and maintained in the Credence managed AWS GovCloud environment supporting DLA programs. Credence designed and built a fully integrated DevSecOps approach, including achieving Continuous Authorization to Operate (cATO) with a fully vetted catalog of tools and cloud native services to enable CI/CD from end to end.
As illustrated in the diagram below, developers access the DSO platform through approved DoD compliant networking. From there, they are able to access a GitLab-based CI/CD pipeline and commit code to GitLab, triggering automated build, scan, test, release/deliver, and deploy stages. Each stage is represented by purple icons, with three approval control gates before moving between DEV, TEST, PREPROD, and PROD AWS accounts. This solution includes integration with tools like SonarQube for code quality scanning, Nexus Repository Manager as an isolated proxy/repository manager, Kaniko for container builds, and Kubernetes/EKS for orchestration. AWS services include RDS/Postgres DBs, AWS Lambda APIs for GitLab/SonarQube integration, S3 storage for artifacts, ECS Fargate for container orchestration, ECR for image storage, and EFS storage solutions.
This architecture is an example of how modern secure software delivery pipelines can be structured in cloud environments with strict security controls and multi-stage approvals. It highlights integration points between development tools and cloud infrastructure while ensuring compliance through gated approvals and artifact signing.
Results and Benefits
The Credence managed DevSecOps Platform offers several significant benefits, particularly in the realm of security and compliance. One of the primary advantages is the achievement of cATO, which ensures that the system remains secure and compliant at all times. This continuous monitoring and assessment reduces the risk of security breaches and enhances the overall security posture of the tenant applications. Additionally, the integration of a fully vetted catalog of tools and cloud-native services enables seamless CI/CD processes, ensuring that code development, testing, and deployment are efficient and secure.
Another notable benefit is the enhanced collaboration and communication among development, security, and operations teams. By integrating these functions into a single platform, teams now work more cohesively, share insights, and address issues more efficiently. This collaborative approach helps in identifying and mitigating security vulnerabilities early in the development process, reducing the likelihood of security incidents in production. The use of tools like Jira and Confluence further facilitates this collaboration, ensuring that all team members are on the same page and can track progress effectively.
Furthermore, the DevSecOps Platform has significantly improved the overall quality of DLA software by incorporating continuous testing and feedback loops. This continuous testing approach helps in identifying and resolving defects early, leading to higher-quality software releases. The feedback loops ensure that any issues are promptly addressed, and improvements are continuously made, resulting in more reliable and robust applications. This not only enhances the user experience but also reduces the time and cost associated with fixing issues post-deployment.
Additionally, the use of advanced tools and technologies such as GitLab, Nexus, SonarQube, and containerized deployments into EKS ensures that the CI/CD pipelines are secure and efficient. These tools integrate Infrastructure as Code (IaC), automated scripts, and AI capabilities to support code development, testing, and deployment. The use of AWS services like RDS/Postgres DBs, Lambda APIs, S3 storage, and EFS storage solutions further enhances the platform’s capabilities, ensuring that it can handle the scale and complexity of DoD mission-critical systems. This comprehensive approach ensures that the DevSecOps Platform is not only secure and compliant but also highly efficient and scalable.
About Credence
Credence, an AWS Premier Tier Partner, possesses multiple AWS Competencies and Service Delivery designations, including the Migration and Modernization Consulting Competency, Government Consulting Competency, GenAI Competency (pending approval), and is part of the Managed Services Provider Program, demonstrating our specific expertise in these areas. As a leading Cloud MSP at DLA and across the DoD, Credence has the capabilities and experience of managing the full cloud lifecycle from initial migration to modernization.
Credence further distinguishes itself in the realm of IT operations through AIOps, GitOps, and DevSecOps. Our proficiency in microservices architecture and DevSecOps principles assures the development and deployment of scalable, secure, and agile applications. Credence’s mastery of cloud infrastructure optimization further showcases its comprehensive capabilities.