While the intelligence community (IC) wants to migrate legacy applications to the cloud to lower costs and increase agility, cloud adoption poses unique challenges to the community. Enterprises only need to code and test once to move a legacy application to the cloud, but IC agencies may need to code and test four times—once each for unclassified, classified, secret, and top-secret enclaves. IC developers cannot use code developed for the low side for the high side, and they cannot use the same Git instances for different enclaves. In addition, the security team has to separately scan the code for each enclave, delaying deployment, increasing costs, and leading to false positives that produce more delays.
A simpler approach to migrating legacy applications to the cloud helps the IC:
- Comply with the federal government’s Cloud First Policy.
- Lower operational burden associated with managing hardware, software, network updates, and patches.
- Compete with the private sector for hiring and retaining developer talent by providing a modern development environment.
THE IDEAL APPROACH: DEVELOP ONCE FOR ALL ENCLAVES
What if you could develop one version of a cloud application for the low-side network using open source tools, and then deploy it to any or all high-side networks without repeating the certification process? It is possible today—with containers and open source technology. Many IC apps can be containerized, including procurement systems, departmental websites, and geospatial apps. Even if the legacy application has some components that cannot be containerized, such as a very large database, you can containerize the front end and other components and deploy these containers in the cloud. The process is actually quite simple. To illustrate, suppose you need to move an existing high-side application to the cloud. Say the app is built on Apache Tomcat, JavaTM, and SQL, and is 95% unclassified. Here is how you would move the application to the cloud:
- Start on the low side, and containerize the application on a low-side laptop. Take advantage of open source tools for version control and code troubleshooting. Obtain certification and security scanning according to your agency’s usual processes. Export the container to one or more of the classified clouds shown in Table 1.
- With just a few minor tweaks to domain name system (DNS) files and networking variables, the container works in the new environment. That is the beauty of container portability: It just works.
BENEFITS OF CONTAINER-BASED DEVELOPMENT FOR THE IC
- Increase developer productivity. Developers can access a centralized source-control management system for any application, whether it will be deployed on the low side or high side. Red Hat OpenShift also automates back-end networking and load balancing.
- Deploy faster to higher-level networks. Deploying a container developed for the low side to the high side requires no additional paperwork or security scans. Most containers comply with Open Container Initiative (OCI) standards, easing the transition from development to production—and from the low side to the high side.
- Avoid downtime. Without containers, code upgrades require hours or days of downtime. With containers, you can make updates in real time—and roll back to the previous version with a click.
- Boost morale—and compete with the private sector for developer talent. Giving developers tools to automate repetitive tasks frees up time for actual development, increasing job satisfaction.
RED HAT APPROACH
The software and services you need for container-based development are available from Red Hat—see Figure 1:
- Red Hat® Container Development Kit, a prebuilt container development environment based on Red Hat Enterprise Linux®.
- Development and hosting environments. Deploy containers on any Red Hat container host or platform, including Red Hat OpenShift Container Platform. Use Openshift.com for free, or pay for a monthly subscription that provides additional CPU, RAM, and HDD. OpenShift.com is owned and operated by Red Hat and backed by Amazon. Use development and tooling on Openshift.io, operated by Red Hat.
- Red Hat Training and Red Hat Consulting. Options range from two-week engagements to multimonth residencies. For an immersive, residency-style training, join us at Red Hat Open Innovation Labs, where you will learn to use open source tools and experience open source culture during an engagement lasting 4-12 weeks. You can attend Red Hat Open Innovation Labs at our location or yours.
- Online resources and documentation. Find answers to common questions in Red Hat’s extensive online documentation and knowledgebase.
Container-based development simplifies the intelligence community’s move to the cloud. The container facilitates development for an enclave on the low side, using the Red Hat Container Development Kit. After receiving accreditation, you can deploy the container to classified clouds with almost no modification. Benefits include increased productivity, faster deployment, and a modern development environment that helps you attract developer talent.
For more information on Red Hat solutions for government, visit: redhat.com/en/technologies/industries/government