Nikhil Davangre Basavaraj’s Innovation Center internship not only helped him prepare for an AWS certification, it also gave him real-life DevOps experience. Nikhil, a Computer Science Masters student, advanced these skills while working on tools used by Karsun teams. Along the way, he built Terraform scripts, assessed costs for AWS services and developed on Karsun’s AI-Asssisted Redux Platform. Take a deep dive into Nikhil’s process and his experience during his internship in this interview. 

First, please tell us about yourself. Where are you going to school? What are you studying? What do you like to do in your free time?

Hi all !! My name is Nikhil. I am currently doing my Masters in Computer Science at The University of Texas at Dallas (UTD). In my free time I like to play cricket or go for a swim. I love watching movies and anime as well.

Could you share a little bit about the project you worked on as part of this internship? What challenges does it solve? What technologies and tools are you using?

Initially, I built an Appsheet app called “Fedelivery”, which helps Government Organizations spread across the US to handle deliveries of confidential items. After this I was working with a fellow intern on implementing push notifications for the KIC Konnect app using Firebase. 

Later on, I started working on DevOps tasks. My first task was to configure logging in the Application Load Balancer level in AWS using Terraform. Although it was my first time working with Terraform, with the help of my mentors, I was able to understand and complete the task successfully. 

The next task that I took over was to enable Application Logging in the EKS level, where data is logged in AWS Cloudwatch from EKS using Fluent Bit. The logs in CloudWatch are to be stored for 7 days which will then be moved to an S3 bucket for further storage for 30 days. Later on, the data will be moved to Infrequent Access Storage for 60 days, and finally, the logs will be transferred to Cold/Glacier Storage for a year. I had to use Fluent Bit for log forwarding to Cloudwatch, and I wrote the script for the above in Terraform. I was successfully able to complete the task and push the code to [Karsun’s] Redux Platform. 

Right now, I am working on implementing a Terraform script to deploy WAF (Web Application Firewall) to the Load Balancers on AWS. WAF protects applications from web-based attacks and hence is very crucial. I even have to do research regarding the pricing of the WAF service to help the company plan budget-wise. So far, the tasks are going well, and I am enjoying the work I am doing here at Karsun.

What is your favorite part about working with the Karsun Innovation Center? Is there a weekly meeting or ritual you enjoy? The opportunity to learn more or get a new certification?

I think the best part about working with the Karsun Innovation Center is the opportunity to solve real-world problems and get mentored by top-notch developers. I even got the opportunity to prepare for my AWS certification because of the Udemy course offered by Karsun. I like meeting with my mentor weekly to discuss various things, like what we did during the weekend or what blockers I am facing. The people are what make the company, and I am delighted to be a part of this wonderful team.

What is your biggest takeaway from your experience as an intern at Karsun?

My biggest takeaway from Karsun is the insights I received from this internship. It has helped me to grow both personally and professionally. My entry into the field of DevOps was made possible because of this internship. Initially, I had to do a lot of reading and research to get the tasks done, which helped me learn a lot.

Nikhil’s internship was completed with support from the Karsun Innovation Center and the DevOps Practice Area. The resources in our Innovation Center’s practice areas are available to all Karsun teams. Connect with Nikhil on LinkedIn to learn more about his experience.

HERNDON, VA – Karsun Solutions announced today that it achieved Amazon Web Services (AWS) DevOps Competency status. This is the third AWS Competency designation for the IT modernization firm serving federal civilian agencies. In addition to the AWS Government Competency and AWS Migration Competency it already achieved, Karsun is also a Public Sector Partner (PSP) and participates in AWS Partner Network (APN) Immersion Days.

The AWS DevOps Competency designation recognizes companies helping customers implement continuous integration and continuous delivery (CI/CD) practices or helping them automate infrastructure provisioning and management with configuration management tools on AWS. Achieving the AWS DevOps Competency differentiates Karsun as an AWS Partner that provides specialized demonstrated technical proficiency and proven customer success with a specific focus on CI/CD, Monitoring, Logging and Performance, Infrastructure as Code, and Consulting. To receive the designation, AWS Partners must possess deep AWS expertise and deliver solutions seamlessly on AWS.

“The AWS DevOps Competency validates our commitment to implementing technology the right way to meet our customer’s mission,” said Terry Miller, President of Karsun Solutions.

AWS enables scalable, flexible, and cost-effective solutions from startups to global enterprises. To support the seamless integration and deployment of these solutions, AWS established the AWS Competency Program to help customers identify AWS Partners with deep industry experience and expertise. 

“Every solution from Karsun uses industry best practices applied to the latest advancements in technology,” said Badri Sriraman, Senior Vice President, Karsun Innovation Center. “We’re proud to be among the AWS Public Sector Partners that have achieved the AWS DevOps Competency.”

Karsun migrates, builds and optimizes in the cloud. Its expert DevOps teams introduce industry best practices using repeatable frameworks and playbooks which enable digital transformation at an accelerated pace. Its cloud architecture, platform and legacy application modernization solutions address agency needs today while preparing customers’ systems for the future.

An Advanced Consulting Partner, Karsun software development, cloud and data solutions teams all deliver on AWS. As an APN member with AWS Migration Competency status, its customers may utilize Karsun’s access to AWS Migration Acceleration Program (MAP) resources.  When applicable, Karsun implements these financial incentives as part of AWS MAP. Its government customers may also leverage Karsun’s extensive experience modernizing large, complex systems with Cloud Runways, a portfolio of purpose-built toolkits optimizing migration to the cloud.

Learn more about Karsun’s AWS DevOps Practice at https://karsun-llc.com/solutions/cloud-solutions/aws-devsecops/.

About Karsun Solutions

Karsun Solutions modernizes enterprise systems enabling agencies to make the next technological advancement their next opportunity to elevate mission capability. IT solutions from Karsun are tailored to meet agencies’ unique needs and optimize operations. These solutions adapt and stay relevant with current trends while using secure, digital architecture built to last. It is a proven modernization partner whose expertise elevates agency capabilities and ensures every next opportunity is within reach.

Company Contact: marketing@karsun-llc.com

Leveraging improved efficiency and reduced costs while ensuring availability, cloud native development is a must for complex enterprise modernization projects. Modern cloud native architectures involve applications developed and deployed through cloud service providers such as AWS. These use services like AWS VPC, EC2, S3, Kinesis, DynamoDB, RDS, and others.

While utilizing cloud native architecture can provide impressive operational improvements, maintaining security and compliance standards using manual processes can quickly limit those outcomes. This is a common concern for our agency customers. Applications deployed in federal agencies obtain Authorization to Operate, an ATO. 

Getting an ATO involves categorizing the information system, then selecting, implementing, and assessing the controls. Risks are identified based on this assessment, and final authorization is provided to operate the system. In most cases, this process relies on manual tasks, like copying security control documentation into a  Governance, Risk, and Compliance (GRC) document, then manually updating this documentation on a regular basis. Continuous deployment of new workloads and features in an agile environment being a necessity, manual processes and massive documentation effort adds significant delays to the authorization process.

AWS DevOps and OSCAL Compliance for cATO and Zero Trust

One solution is the Open Security Controls Assessment Language (OSCAL). OSCAL is a set of formats expressed in XML, JSON, and YAML developed by NIST. These formats provide machine-readable representations of control catalogs, control baselines, system security plans, and assessment plans and results. Govready-q is an open source GRC platform for highly automated, user-friendly, self-service compliance assessments and documentation which supports OSCAL. AWS is the first cloud service provider to provide OSCAL formatted system security plan (SSP). Integrating a GRC tool like Goveread-q part of the DevSecOps toolchain and using OSCAL for documenting all the controls automates most aspects of the ATO process enables us to do continuous ATO (cATO) and alleviates the documentation burden and most manual processes associated with it.

Enabling DevOps with Karsun Solutions 

At Karsun, we promote the adoption of OSCAL for the documentation of security controls and use automated GRC tools like GovReady-q. When applications deploy on AWS, we can leverage OSCAL documentation created by AWS. This enables faster, more accurate authorization packages, decreases customers’ security documentation burden and reduces service authorization timelines.

Working with an experienced cloud solutions partner such as Karsun ensures you do not need to trade security for efficiency. In particular, we are an AWS Advanced Consulting Partner with both a Government Services Competency and a Migration Services Competency. Partner with our experts, modernize with cloud native architecture, and optimize both operations and security.

About the Author

Judewin Gabriel is a Subject Matter Expert and the DevSecOps Practice Lead at Karsun Solutions. An advocate for DevSecOps best practices, he drives Driving CI/CD, security engineering, SRE, pipelines, and observability excellence.

Karsun Solutions is an AWS Advanced Consulting Partner. After more than a decade of delivering complex cloud solutions, we are experts in optimizing outcomes for our government agency customers. Not only do we deliver superior solutions, but our Karsun Innovation Center (KIC) in-house research and development team constantly experiments, prototypes and validates technology to ensure the implementation of best practices.

We previously shared one way our KIC brings the latest technologies to our teams, leveraging our AWS partnership to enhance Karsun’s proprietary GoLean platform. In the last five years, Karsun continued to expand our toolkit offerings. Through our technology partners, like AWS, our toolkits allow our teams to jumpstart new projects with readymade resources based on best practices.

GoLean Grows Up

As DevOps matured, so too did our approach. The GoLean platform grew and matured alongside it. 

“DevSecOps is a natural evolution of DevOps,” explains Badri Sriraman, Senior Vice President of the Karsun Innovation Center. “In the same way continuous deployment ensures improved functionally for the user, DevSecOps ensures a hardened security infrastructure is implemented for the successful operation of software in production.”

Our GoLean platform not only includes a robust lean measurement toolkit but also incorporates metrics and automates processes to accelerate the adoption of DevSecOps best practices. Our continuous delivery framework enables DevSecOps teams to decouple a feature deployment from its release so that Developers can self-manage the feature, test it in production and incrementally roll it out to users after validation of its operational performance in a shadow data network. Utilizing a low-code open source data pipeline tool enables fine-tuned data synchronization between legacy and modernized components. Additionally, our Duke Test Automation Framework supports continuous testing at scale.

Karsun Adds Cloud Runways

In addition to GoLean, Cloud Runways built on AWS or other cloud services now provide enhancements to our DevSecOps solutions. The toolkits allow teams to not only migrate legacy applications to the cloud but fully optimize them for DevSecOps. The Replatform Runway introduces DevSecOps automation using Terraform, Ansible, and Packer for Windows containers while migrating Windows apps into AWS ECS or Redhat OpenShift.

In addition to the Replatform Runways, we created nine robust runway toolkits based on best practices. This includes extensive experience delivering on AWS. We achieved both an AWS Government Competency and an AWS Migration Competency, validating our ongoing commitment to delivery excellence. A public sector partner, we are committed to helping agencies modernize to meet their mission.

As modernization requirements evolve, so too has our modernization suite. Karsun’s GoLean platform continuously adapts to the latest security and development approaches. Simultaneously we strengthened and enhanced our migration offering via Cloud Runways to optimize for DevSecOps adoption. Ongoing research and development into automation, CI/CD and DevSecOps are one of many ways Karsun ensures our architecture is built to last.

Whether using as a Platform-as-a-Service, such as Docker, or orchestration through a tool like Kubernetes, the race is on for containerized solutions. In October 2021, the General Services Administration released its Containerization Readiness Guide. Containerized software solutions allow agencies to develop applications rapidly, scale quickly and optimize compute resources. The need is especially pressing for legacy applications which must also remain secure as they modernize. 

Creating Dockerfiles for Containerization

When we think of containerization, the first step is to create a Dockerfile for each application. While the Dockerfile provides flexibility to build an image that is only limited by your ability to script, it also adds overhead on developers to ensure the accuracy, efficiency and security of these images. For example, the developers must ensure that the Dockerfiles are as small as possible by removing any redundant dependencies that can increase the image size, which increases the build time. They must also confirm the files don’t contain any secrets or config keys. Additionally, they should verify that the base image comes from a secure source while actively scanning the images for new security vulnerabilities. If the image contains vulnerabilities that can spread to all containers that use the vulnerable image. Without proper planning and oversight, things can quickly get messy.

Benefits of using Buildpacks over Dockerfiles

Buildpacks allow you to convert application code into a secure, efficient and production ready container image without the need to create a Dockerfile for each application. It examines applications written in Java, .NET, Python and many other languages to determine all the dependencies it needs and then configures them appropriately to run on any cloud. Buildpacks also offer the capability to swap out OS layers without rebuilding an image. This reduces build time by eliminating the need to recreate all the layers when the base image is updated.

Using Tekton for creating CI Pipelines 

Tekton is a cloud-native solution for building CI/CD pipelines. Unlike Jenkins, Tekton was designed to work natively on Kubernetes and incorporates AWS EKS best practices by default. It installs and runs as an extension on a Kubernetes cluster and provides a set of open source Kubernetes resources to build and run CI/CD pipelines, such as parameterized tasks and pipelines. Just like Jenkins uses plugins to extend its capabilities, Tekton has Tekton Hub – a catalog of predefined tasks, you can create custom tasks and scripts to extend the capabilities of these tasks if you can’t find a task that precisely matches your requirements. Tekton’s modularity allows for componentization, standardization and reusability within the CI/CD workflow. Buildpacks project provides tasks that Tekton can leverage to build and deploy applications.

Additionally, Tekton also provides support for Windows containers and an ability to run Linux-only, Windows-only as well as hybrid workflows. Installing Tekton on an EKS cluster means EKS automatically manages the availability and scalability of the Kubernetes control plane nodes responsible for scheduling containers, managing application availability, storing cluster data, and other key tasks. In addition, it allowed us to take advantage of all the performance, scale, reliability, and availability of AWS infrastructure, as well as integrations with AWS networking and security services, such as application load balancers (ALBs) for load distribution, AWS Identity and Access Management (IAM) integration with role-based access control (RBAC), and AWS Virtual Private Cloud (VPC) support for pod networking.

Conclusion

In summary, integrating Tekton with Buildpacks allowed us to containerize applications easily and securely and create an end-to-end CI/CD pipeline with reusable components. Using Tekton and buildpacks we were able to containerize more than 20 .NET applications and move them to the cloud in less than six months. This initiative will reduce the technical debt by reducing application maintenance costs by 50% and increasing technical compliance score by 35% in the next two years. 

About the Author

Prerak Patel is DevOps Engineer from the Karsun Solutions DevSecOps Practice. This practice is responsible for driving CI/CD, security engineering, SRE, pipelines and observability excellence at Karsun.

HERNDON, VA – Karsun Solutions, an IT modernization firm serving the United States government, announced today the formation of a new DevOps practice within the Karsun Innovation Center. Samir Bham will head the new practice. Bham is a seasoned technical executive with over 25 years of experience.

Karsun Solutions was founded in 2009 with a focus on introducing both Agile and DevOps methodologies in government IT modernization initiatives. Karsun Solutions’ GoLean modern software development methodology incorporates robust DevOps/DevSecOps practices. The software development unit, utilizing GoLean as its methodology, was assessed at CMMI Level 5 Dev earlier this year. An AWS Advanced Consulting Partner, the firm was also recently awarded AWS Government Competency status.

The new innovation center practice takes DevOps adoption as core theme with employee enablement as its focal point. With the group’s founding comes a new focus on collaboration across programs and renewed focus on innovation for current clients. It also allocates specific resources toward developing offerings for future customers. Rather than targeting entry into a specific industry or agency, Karsun Solutions utilizes a capabilities-driven approach to new work. The Karsun Innovation Center identifies real world problems then proactively creates working solutions. Once these solutions are validated the firm seeks out new work ensuring customers are presented with proven approaches to their modernization challenges.

Under Bham, the DevOps Practice will increase resources for employee technical excellence and growth. The firm recently announced the opening of a new headquarters in Herndon, Virginia. The Karsun Innovation Center will be housed at this new location along with additional training facilities. The new DevOps Practice will utilize these resources to add new collaborative events and increase the professional development offerings available to Karsun team members.

About Samir Bham

Samir Bham serves as the Director of the DevOps Practice at Karsun Solutions. He is an accomplished technology executive with over 25 years of extensive experience leading diverse multi-disciplinary engineering teams. Samir is responsible for adopting Cloud and DevSecOps practices for software delivery across programs at GSA, FAA, and FEMA. Prior to joining Karsun Solutions, Samir held leadership positions at Neustar Inc. where he led several software delivery teams that delivered solutions for commercial and federal clients using Agile and DevOps methodologies. Samir’s thought leadership includes a continuous improvement philosophy while leading and developing next-generation high-performing teams with an emphasis on professional development, and collaboration. Samir holds a Master’s degree in Computer Science from Villanova University.

About Karsun Solutions

The federal IT modernization experts, Karsun Solutions enables enterprise transformation for its government customers including the Department of Homeland Security, Federal Aviation Administration and General Services Administration. An innovation-based and performance-driven culture, Karsun Solutions teams deliver extraordinary software development, cloud and advanced analytics solutions to their customers.  Karsun Solutions’ commitment to quality includes a DCAA Approved Accounting System, a CMMI Level 5 – DEV appraisal plus ISO 9001, ISO 20000 and ISO 27001 certifications.