A new platform lets development teams focus on applications and leaves the back end work to the Department of Veterans Affairs’ Office of Information and Technology.
A new platform lets development teams focus on applications and leaves the back end work to the Department of Veterans Affairs’ Office of Information and Technology (OI&T).
Veterans Affairs Platform One
Department of Veterans Affairs
Veterans Affairs Platform One (VAPO) is an enterprise-class hosting service that containerizes applications, allowing developers to provision environments as needed using infrastructure-as-code (IAC). The containers have templated, pre-approved features built in, including security controls. That speeds authority to operate reviews, and the overall platform cuts time off application deployment cycles.
“At core, it’s a shift to help application teams focus on their applications, and we help with the back-end integration to the underlying infrastructure resources from those technology domains,” said Kendall Krebs, senior technical adviser for infrastructure operations in VA OI&T’s DevSecOps organization and a senior sponsor on the VAPO effort. “Essentially, make the software-delivery process easier on the software team so they focus on the code..”
Application teams that want to shift to VAPO just have to ask the VAPO team, which reviews the application and then helps stand up the environment. “A long-term goal is to have preconfigured environments that we just need to make slight modifications on,” Krebs said. So far, three environments are queued up for production, three are in the proof-of-concept phase, and five are in research and discovery.
VAPO is part of VA’s IT Hosting Modernization effort. The department has about 100 applications, Krebs said.
“The VA Platform One team is one of the options for custom-coded applications,” he said. “Our compelling offering to the application team is you don’t have to do this for yourself. We have an enterprise-ready solution with security baked in that’s faster than you doing it yourself. We have the licensing and technical expertise to get you there.”
Also compelling are the two ways containers provide efficiency, Krebs added. One is through the lightness of the containerized hosting environment, and the other is the use of IAC, which increases parity among application environments: development, testing, preproduction and production. Teams can spin those up and down as needed, and that ability to turn off resources has a potential for cost savings.
Those are benefits from a developer’s perspective, but the platform itself can be scaled, too, said Matthew Fuqua, senior technical lead on VAPO. “We’re building our clusters from code,” he said. “That allows us to have consistency whether it’s on-prem or in the cloud.”
Another aspect of VAPO is dashboards that show costs, usage and other metrics that IT leaders can use to make data-driven decisions. Currently, the team cannot quantify the efficiencies application teams are gaining from VAPO, but Krebs said that measure will be available as more applications get into production.
Studies of private-sector use of containers shows promise. A February Forrester study found that similar solutions reallocate 33% to 90% of infrastructure administration labor and accelerate development cycles by up to 66%. With implementation of this technology, the VA Infrastructure Operation’s Franchise Fund team estimates annual server and infrastructure administration labor cost savings of about $48 million. The current costs are about $65 million per year.
The idea for VAPO came about in 2019, when developers began researching other organizations’ successful DevSecOps transformations and noticed that this type of hosting enables a continuous integration, delivery and deployment pipeline, Krebs said. One inspiration was the Air Force’s Customer DevSecOps Platform, “a collection of approved, hardened Cloud Native Computer Foundation (CNCF)-compliant Kubernetes distributions, infrastructure as code playbooks, and hardened containers.”
Looking ahead, the VAPO team has its eye on cloud-native solutions. “VA Platform One was designed to work both in the cloud and in traditional data centers,” Krebs said. “As we go forward, we’re going to be looking closely at some of those cloud-native solutions that are out there or potentially using some of the integrated solutions with the cloud providers as part of our solution set.”
It’s also working to shift more customers to the platform. “Of course, we’re going to continue to market ourselves so we can reach additional customers, so we can provide this benefit to pretty much everybody in the VA,” said Dwight Maloy, product manager for hosting and provisioning and responsible for standing up and implementing VAPO.