By Dan Montgomery, Director, Agile/DevSecOps Center of Excellence
When it comes to DevSecOps, nothing compares to an Agile approach to developing and implementing solutions to complex problems in the Federal Government. And there has rarely been a time when we’ve needed these solutions as quickly as we do now during the COVID-19 pandemic. Octo has been on the scene, delivering one such rapid solution through Agile DevSecOps supported by Javana, our bundled Agile DevSecOps product. The results have helped the National Institutes of Health (NIH) transform data collection and analysis.
COVID-19 and the data source challenge
The COVID-19 pandemic has resulted in massive refocusing of research to develop vaccines and treatments as rapidly as possible. Unfortunately, one of the best data sources is tissue of deceased COVID-19 patients. However, with limited autopsies performed because of risks to coroners, and overwhelming numbers succumbing to the illness, tissue samples have been unavailable, even to researchers.
NIH changed that with the creation of its Digital Pathology Repository (DPR) that anonymizes and catalogs tissue samples from the heart, lungs, liver, and kidneys of deceased COVID-19 patients from around the world. Tissue sample imagery is collected by NIH and loaded into the database for analysis.
Octo was secured to build the portal through which researchers would access this repository. However, given the urgent need for this information, development would have to occur rapidly. And it did. In a rarely seen occurrence, this program demonstrated a true partnership and collaboration between NIH, Octo, and the imagery database provider Indica Labs, all supporting research on the health threat of our time.
An Agile DevSecOps solution supercharged by Javana
U.S. Federal Government procurements of mature Agile or DevSecOps capabilities usually take months to years. Acquisition packages require time to prepare, review, and release. Competitions often are met with delays, extensions, and protests. Once the award is made, it takes weeks or months to set up and test a new development pipeline. Establishing a program-wide lexicon and standard way of speaking across all teams requires additional time.
All this stood in the way of NIH being able to secure the right tools and vendors and deliver capabilities quickly. But Team Octo overcame those obstacles. Focusing on technical innovation, Octo was able to employ capabilities of its Javana solution to rapidly conceive, design, develop, test, and implement a portal that provides limited access to the general public and authenticated access to researchers around the globe.
A bundled Agile DevSecOps solution, Javana is replete with a plug-and-play development pipeline, standardized yet customizable knowledge base, and real-time performance monitoring dashboard. A ready-to-use capability for new development efforts, Javana’s pre-built pipeline is enabled through AWS and allows access to a fully functioning development capability in minutes. The standardized knowledge base provides a means of getting teams to coalesce around common language and procedures quickly, yet also supports scalability. Federal organizations can rapidly react to emerging needs without disrupting business processes or needing to spend months developing standards or procuring systems. Enabling this in one package, Javana is available with or without Octo’s development support services.
Battling COVID-19 with help from Javana
On the COVID-19 project, Javana eliminated many of the hurdles to building solutions from scratch since it comes with a pre-built development pipeline, deployment environments, and a knowledge base. Octo’s implementation of these tools “out of the box” greatly accelerated building, integrating, testing, deploying, and bringing all stakeholders up to speed on development processes to build any application and understand the usage of those applications. The tools included with Javana were customized to work together seamlessly and came with associated documentation and processes needed to deliver quickly. It was these tools and processes that enabled Octo’s ability to deliver a working portal in collaboration with users in three weeks.
Javana’s pre-built pipeline allowed developers to start deploying with a fully functioning continuous integration and continuous deployment (CI/CD) capability within minutes. The standardized knowledge base provided a means of getting teams to coalesce around ubiquitous language and procedures quickly and supported scalability as more teams were added. Javana allowed the first production deployment for the COVID-DPR within the first week. Octo then continued to develop and deploy on-demand, moving code from commit to production in less than ten minutes to quickly validate changes with users.
Octo accomplished this using serverless and cloud-native components, eliminating the need for a middle tier. We also conducted multiple iterations with users, enabling multiple redesigns within the first two weeks to ensure consistent user experience that matched functionality of the portal. The results were astounding:
- A portal providing access to the imagery repository was conceived, designed, developed, tested, and launched within three weeks, with the first production release occurring in the first week using our DevSecOps methodology.
- Secure deployments using serverless technologies and fully automated development and production environments ensured scalable and secure components.
- Users from 75 countries can now access the database.
With Javana, the team was able to:
- Deploy a fully automated CI/CD pipeline to test, secure, package, and release the application in under ten minutes.
- Continuously monitor the codebase and deployment environments to rapidly identify and remedy security vulnerabilities.
- Deliver an initial production minimum viable product (MVP) in the first week and the product as it is today within three weeks.
- Iterate multiple times per week to develop a user-centric solution.
- Employ serverless technologies to eliminate the middle tier and utilize cloud-native authentication and authorization.
- Create and manage fully automated and immutable development, testing, and production environments.
As we continue to battle COVID-19, Octo is finding other innovative ways to support the Federal Government’s mission of protecting and aiding the public quickly, accurately, and cost-effectively. To learn more about our solutions, Javana, and our Agile DevSecOps approach, reach out to a member of Team Octo.