One of Karsun Solutions’ government agency customers manages critical certification systems processing millions of applications globally. This agency partnered with Karsun to modernize its legacy Software AG Natural and ADABAS mainframe system used for its certification workflows. It had demonstrated expertise in mainframe modernization and clear competency in these environments. It had also previously delivered secure, compliant cloud solutions meeting federal requirements for this customer.
It migrated the system to Amazon Web Services (AWS) using modern code deployed on Karsun’s container platform. The modernized system eliminated mainframe dependencies, reduced operational costs, enabled modern integrations, and positioned the agency for continuous innovation while maintaining seamless processing for millions of certifications.
About the Customer
The customer’s regulatory portfolio consisted of approximately 10 interconnected systems handling certifications covering both professional certifications as well as equipment registrations. While serving millions of people globally, the internal processing systems are utilized by fewer than 100 examiners, indexers, and supervisors who review and approve certification applications.
Customer Challenge
The certification system operated on legacy mainframe technology using the Software AG Natural programming language and ADABAS databases. It integrated with multiple systems including an external application submission portal, document management relying on screen scraping, and a portal where individuals manage their certifications.
Moreover, documentation of business rules was limited, making maintenance and enhancement difficult. Integration required manually keyed information from digitized documents. Additionally, recruiting developers with mainframe skills was increasingly difficult, threatening long-term system sustainability.
Partner Solution
The solution architecture utilizes Java for backend services and Angular with Angular Material for the frontend. The customer selected AWS for its proven reliability with mission-critical government systems and compliance with federal security standards.
Tyrion Container Platform
The new system is hosted on Tyrion, Karsun’s Federal Information Security Management Act (FISMA) High-rated AWS GovCloud container platform based on Amazon EKS. The AWS GovCloud’s isolated region is specifically designed for U.S. government workloads providing the security and compliance framework necessary to meet regulatory requirements.
Karsun previously delivered Tyrion as part of a broader transformation initiative for this customer. It provides agency application owners a platform to build, test, deploy, host, and scale container-based software solutions.
The platform leverages multiple AWS services including Amazon EKS for Kubernetes orchestration, Amazon EC2 for compute resources, Amazon Elastic Block Store (EBS) for persistent storage, and Amazon RDS for managed database services. Tyrion’s DevOps ecosystem includes Tekton for build pipelines, ArgoCD implementing GitOps for continuous deployment, Karpenter for intelligent node scaling, Datadog for comprehensive monitoring, Kubecost for consumption apportionment across teams, and Backstage as a developer portal providing self-service capabilities.
System Consolidation and Modernization
Karsun consolidated two mainframe subsystems eliminating complex inter-system communication mechanisms. The team replaced legacy screen-scraping interfaces with RESTful APIs. This enabled real-time data exchange and eliminated brittle integration points.
Document Workflow Reimagined
Rather than simply replicating mainframe processes, Karsun reimagined workflows for the cloud environment. The new system retrieves only essential metadata from the document management system while maintaining secure access to document images. Karsun implemented automated processing for routine certification types eliminating unnecessary manual review and streamlining operations.
Requirements Validation Approach
Given the minimal documentation, Karsun established a rigorous requirements validation process. It worked closely with the mainframe sustainment team to analyze mainframe code and database schemas. Working with the customer, the team documented findings and confirmed functionalities. Requirements were captured as user stories with acceptance criteria following agile best practices, ensuring business approval at each increment.
Karsun introduced its ReDuX platform. This AI-powered platform for legacy code analysis accelerates discovery and delivery of complex modernization initiatives. Its parser ingests Natural mainframe code and creates comprehensive system blueprints. Using ReDuX the team validated business rules and identified edge cases often overlooked during traditional requirements gathering.
Results and Benefits
Certification processing transitioned from mainframe to AWS, delivering measurable business and technical benefits:
- Operational Efficiency: Automated processing of routine certifications eliminates manual examiner workload for specific application types, allowing staff to focus on complex cases requiring judgment.
- Technical Modernization: API-based integrations replaced screen scraping, improving reliability and reducing integration maintenance. The modern Java and Angular technology stack addresses talent acquisition challenges, with significantly larger developer pools.
- Platform Leverage: Deploying on Tyrion provides the application with enterprise-grade container orchestration, automated scaling through Karpenter, comprehensive monitoring via Datadog, and streamlined DevOps workflows through Tekton and ArgoCD. The FISMA High-rated platform eliminates the need for separate security authorization, accelerating time to production.
- Knowledge Preservation: Comprehensive documentation created during the project created a sustainable foundation for maintenance and enhancements, addressing the legacy system’s critical documentation gap.
About Karsun Solutions
Karsun Solutions modernizes enterprise systems enabling agencies to make the next technological advancement their next opportunity to elevate mission capability. Solutions are tailored to meet agencies’ unique needs and optimize operations. These solutions adapt and stay relevant to current trends while using secure, digital architecture built to last. It is a proven modernization partner whose expertise elevates agency capabilities and ensures every next opportunity is within reach.
Learn more about Karsun’s Cloud Solutions or Discover Modernization Accelerated with ReDuX.
Whether using as a Platform-as-a-Service, such as Docker, or orchestration through a tool like Kubernetes, the race is on for containerized solutions. In October 2021, the General Services Administration released its Containerization Readiness Guide. Containerized software solutions allow agencies to develop applications rapidly, scale quickly and optimize compute resources. The need is especially pressing for legacy applications which must also remain secure as they modernize.
Creating Dockerfiles for Containerization
When we think of containerization, the first step is to create a Dockerfile for each application. While the Dockerfile provides flexibility to build an image that is only limited by your ability to script, it also adds overhead on developers to ensure the accuracy, efficiency and security of these images. For example, the developers must ensure that the Dockerfiles are as small as possible by removing any redundant dependencies that can increase the image size, which increases the build time. They must also confirm the files don’t contain any secrets or config keys. Additionally, they should verify that the base image comes from a secure source while actively scanning the images for new security vulnerabilities. If the image contains vulnerabilities that can spread to all containers that use the vulnerable image. Without proper planning and oversight, things can quickly get messy.
Benefits of using Buildpacks over Dockerfiles
Buildpacks allow you to convert application code into a secure, efficient and production ready container image without the need to create a Dockerfile for each application. It examines applications written in Java, .NET, Python and many other languages to determine all the dependencies it needs and then configures them appropriately to run on any cloud. Buildpacks also offer the capability to swap out OS layers without rebuilding an image. This reduces build time by eliminating the need to recreate all the layers when the base image is updated.
Using Tekton for creating CI Pipelines
Tekton is a cloud-native solution for building CI/CD pipelines. Unlike Jenkins, Tekton was designed to work natively on Kubernetes and incorporates AWS EKS best practices by default. It installs and runs as an extension on a Kubernetes cluster and provides a set of open source Kubernetes resources to build and run CI/CD pipelines, such as parameterized tasks and pipelines. Just like Jenkins uses plugins to extend its capabilities, Tekton has Tekton Hub – a catalog of predefined tasks, you can create custom tasks and scripts to extend the capabilities of these tasks if you can’t find a task that precisely matches your requirements. Tekton’s modularity allows for componentization, standardization and reusability within the CI/CD workflow. Buildpacks project provides tasks that Tekton can leverage to build and deploy applications.
Additionally, Tekton also provides support for Windows containers and an ability to run Linux-only, Windows-only as well as hybrid workflows. Installing Tekton on an EKS cluster means EKS automatically manages the availability and scalability of the Kubernetes control plane nodes responsible for scheduling containers, managing application availability, storing cluster data, and other key tasks. In addition, it allowed us to take advantage of all the performance, scale, reliability, and availability of AWS infrastructure, as well as integrations with AWS networking and security services, such as application load balancers (ALBs) for load distribution, AWS Identity and Access Management (IAM) integration with role-based access control (RBAC), and AWS Virtual Private Cloud (VPC) support for pod networking.
Conclusion
In summary, integrating Tekton with Buildpacks allowed us to containerize applications easily and securely and create an end-to-end CI/CD pipeline with reusable components. Using Tekton and buildpacks we were able to containerize more than 20 .NET applications and move them to the cloud in less than six months. This initiative will reduce the technical debt by reducing application maintenance costs by 50% and increasing technical compliance score by 35% in the next two years.
About the Author
Prerak Patel is DevOps Engineer from the Karsun Solutions DevSecOps Practice. This practice is responsible for driving CI/CD, security engineering, SRE, pipelines and observability excellence at Karsun.