DXC Technology creates DevSecOps and CI/CD for mainframe and Java using Amazon AppStream 2.0

DXC Technology is a global IT service leader providing end-to-end IT services on digital transformation to businesses and governments.  DXC is active in the areas of mainframe technology transformation to help customer move to Agile and DevSecOps practices using the cloud.

DXC created an in-house DevSecOps platform at a global insurer for IBM Z series mainframe development. We applied current CI/CD best practice for application development resulting in a modern development environment based on DevOps methodology and cloud-enabled tools. Among other improvements, there was a 30% productivity improvement over the existing environment.

In this blog post, we’ll discuss how DXC and Amazon created a platform to make mainframe DevSecOps available to everyone.

The problem

How could DXC make the benefits of this platform available to a much wider set of customers? The in-house solution was successful resulting in Figure 1.  The left side of the table in the purple color indicates the the business and technical areas in which the customer can benefit by adopting the DevOps methodology.  The right side of the table shows a typical cost savings achieved by transitioning to the DevOps model.  For example, a DXC customer can improve software developer productivity by about 30% by adopting a Modern Development approach using DevOps.

Figure 1 – DXC DevSecOp platform performance

How could customers use the work done creating the original platform, but consume it in a more flexible way?  For ease of consumption and scalability, we decided to develop the platform on AWS.  The intention was providing a way of modernizing applications development and preparing development teams for a DevSecOps world.  We also intended on realizing the productivity and quality benefits of CI/CD best practice and allowing a much more agile development schedule.                   The cost saving generated from the framework is then channeled into further mainframe modernization efforts.  Another notable benefit is the cost avoidance of freeing mainframe MIPS.

The DevSecOps concept is to share the responsibility of security and delivery across the development and operational teams.  The process integrates the software development team and the operations team.

The DXC DevSecOps Platform provides the tools and workflow to adopt a secure, integrated development and IT change management methodology for software delivery teams.  Here are some of the benefits.

• Modern Integrated Development Environment (IDE) based on Eclipse for mainframe with comprehensive analysis and debug capabilities
• Open standard tool chain and plugins for enabling agile development and Continuous Integration (CI)
• Bringing together on and off mainframe COBOL developers to transition to Java using a shared code pipeline
• Shift-Left early detection of problems in the development cycle and greater transparency of developer activities
• Delivered on AWS by DXC as a fully implemented and managed the end-to-end service to straightforward availability service levels
• Digital Transformation is enabled as part of customer engagement. This includes coaching and training of client team on DevSecOps

Key decisions

Key to the success of the DXC DevSecOps platform is ease of consumption and smooth provision of functionality.

The DXC DevSecOps Platform provides the tools and workflow to adopt a secure and integrated development, operational, and IT change methodology for mainframe software delivery teams.

The key concepts of the DXC DevSecOps Platform solution are:

• Tools and technologies – a solution that allows COBOL and Java developers, security, and IT operational teams to adopt DevSecOps methodology.
• Operational support – planning, onboarding, training, and reference material that supports the customer through the migration and adoption phase of the DXC DevSecOps Platform.

The IT architecture of the DXC DevSecOps Platform is based on open standard products and services. They complement and provide a language-specific (COBOL and Java) pipeline environment.  These tools provide the functional layer and support the developers in their daily activities.

The DXC DevSecOps Platform is built on AWS Cloud that provides the operating software, infrastructure, and security. This base infrastructure layer allows the DXC Platform to be deployed globally, near the developer, in a resilient and performant manner.  It is managed, on behalf of the customer, via DXC AWS Gold Managed Services.  Here are the benefits of this service.

Benefits of DXC Managed Services:

• Integrated operations, governance, and change management framework
• Continuous monitoring and service reliability
• Industry-leading security and data protection
• Financial dashboards and security alerts
• Consolidated billing and reporting
• Real-time financial clarity and expense management

Operational excellence

Customer infrastructure is deployed to the Amazon VPC via CloudFormation templates. The test environment and production environment are maintained separately. The infrastructure is deployed and maintained as code, ensuring consistency between environments. The infrastructure codes are maintained in code repository and version controlled.  The codes are deployed to the production account via automated pipelines under change management process.

The infrastructure is monitored by CloudWatch, and audited by CloudTrail and VPC Flow Logs. The data is then pulled into the DXC Management VPC where the relevant events are ingested into the ITSM process.

Security

In addition to the usual AWS security and key management, standard user access is controlled via Active Directory federation. Active Directory federation grants temporary SSO access using SAML tokens and the appropriate IAM role.  The customer controls access to the AWS resources via their own AD groups.  A user connects to the application via the web browser on their desktop using Amazon AppStream 2.0. Any changes to the working environment are performed under strict change control.

Amazon GuardDuty is integrated with the AWS account as part of the DXC Gold Managed Services.  It is controlled from the DXC AWS management VPC.  AWS Secrets Manager retains application-specific secrets.

Reliability

The AWS account operates in a single AWS Region and deployed across two Availability Zones for high availability; thus, reducing the risk of service interruption.  CloudWatch and automatic scaling ensure that the infrastructure keeps pace with the demand.

Performance and efficiency gain

The platform is designed to stream the development tools from the Amazon VPC to the developer’s desktop over HTTPS using AppStream 2.0.  This architecture improves the programmer experience by retaining connectivity to the Dev and Test environment anywhere via a URL or from the AppStream desktop agent on any supported devices.  This method allows the use of generic end computing devices, such as Windows or Mac workstations, the developers are already familiar, without having to use specialized Mainframe access devices, contributing to developer productivity gains.

Cost optimization

The solution is deployed into the DXC Gold Managed Services environment, configured with CloudCheckr.  This is a self-service tool that is used to create billing alarms and recommendations from AWS Trusted Advisor. The solution uses several managed AWS services to help reduce overall cost, and ensure an optimized environment.

An AWS Well Architected Review is taken annually. The review seeks out cost savings, and looks for the opportunity to take advantage of new services or features.

The DXC Solution on AWS

Off-mainframe-based Integrated Tool Chain Development as a-Service consisting of:

• Well-integrated collection of open standard tools in a single development environment
• Isolation and strangulation of Mainframe environment
• Resilience and scalability built on top of AWS
• Simplified billing – charged per developer, per month

Figure 2 – Integrated tool chain on standard PC or macOS

Figure 3 – DXC DevSecOps toolchain

The overall architecture

The overall architecture is in two distinct sections as shown in the following diagram:

Figure 4 – DXC DevSecOps AWS service architecture

The DevSecOps solution

It is a software as a service solution contained within a single Amazon VPC. The solution uses a number of different AWS services including:

• Amazon AppStream 2.0
• Amazon EC2
• Amazon RDS with PostgreSQL
• Amazon S3

The Eclipse IDE, and supporting applications, are streamed using AppStream 2.0 to an end-user using a web browser.  This allows developers to access the solution without having to change their existing desktop environment.  Each session is created from a single image, which reduces management overhead.  Session user settings are persisted to Amazon S3 storage.

When code is committed by the developer, a Jenkins pipeline is triggered to run the automated testing.  The entire pipeline applications stack is hosted on EC2 within the same VPC, creating a self-contained solution.

The DXC management layers

The management of the service layers is represented within the preceding diagram as the service and security layer. Services are enabled based on requirement. This allows DXC to automate management of the DevSecOps platform. Automation enables DXC to respond to events and integrate with their ITSM systems.  The centralized management layer is scalable. This allows DXC to have a single pane-of-glass view on the health status of the DXC DevSecOps platform.  This service allows DXC customers to focus on their application code and data.

What did DXC achieve?

To summarize, DXC DevSecOps platform as a service provides the following benefits:

Modern development:

• 30% improved developer productivity
• 50% reduction in training time
• 40% reduction in onboarding new programmers

Automated delivery pipeline:

• 50+ percent faster team delivery
• 100% on-time delivery vs 60% previously observed at customer site
• 25+ percent improved team productivity.

Shift-left testing:

• 10+ percent production defects reduction
• 50% software quality improvement

Infrastructure:

• 40% mainframe MIPS savings

Why DXC?

With over 10,000 AWS accredited professionals, DXC understands the complexities of migrating workloads to AWS in large-scale environments, and the skills needed for success. DXC bridges the gap in migrating applications across traditional, private cloud and AWS environments. We have established AWS tailored roadmaps and processes for migration and for Cloud Native Apps for Digital Transformation.

I am inviting you to read this related blog on this topic: Enable agile mainframe development, test, and CI/CD with AWS and Micro Focus

For details you can reach out Hywel Wilson at: Hywel Wilson from DXC

About the authors

Andrew Dare Andrew is CTO for Banking and Capital Markets at DXC. He brings a mixture of legacy as well as current application and platform experience that he uses to assist clients in their modernisation and digital transformation journeys.

Jamie Pulman Jamie is an AWS Solutions Architect for Professional Services within Cloud and Platform Services at DXC. He works with customers to understand their business problems and technical requirements and transforms them into technology solutions. He works across multiple industries and brings experience of architecture, design, application and infrastructure support.

Bernard Bergeron Bernard is a Senior Partner Solution Architect with AWS, and passionate about transforming enterprise IT into an agile business units. Building migration factories with AWS services tooling and use Machine learning in modern applications are his passion.

Taiji Saotome Taiji is a Senior Solutions Architect with AWS. He is a seasoned IT services professional with +25 years of deep hands-on IT operations management, service delivery and strategy development experience. While not working at AWS, he teaches undergraduate cybersecurity courses at Roger Williams University.