your123 - stock.adobe.com

CloudBees scales its Jenkins CI, previews SaaS platform

About a year after acquiring ReleaseIQ, CloudBees prepares the fruits of its integration for launch and adds long-awaited scale-out to its commercial version of Jenkins.

CloudBees now supports horizontal scaling for Jenkins CI servers -- a sought-after improvement to the pipeline software that was rolled out this week as the vendor prepares the next iteration of its software delivery platform for launch next quarter.

The next release of CloudBees CI, the commercial version of open source Jenkins, will add high availability and scale-out cluster deployment options for Jenkins team controllers. Team controllers are a component of CloudBees CI architecture that govern Jenkins build jobs and their associated plugins for development teams within organizations.

Shawn Ahmed, chief product officer, CloudBeesShawn Ahmed

The open source community has also supported Jenkins servers that run within scale-out Kubernetes container clusters under the Jenkins X project. But the CloudBees CI update will function with both containers and VM-based deployments, said Shawn Ahmed, chief product officer at CloudBees. With this update developers will be able to use one logical team controller and send their jobs to that, Ahmed explained.

"If that logical controller fails for any reason, or a platform engineering team has taken it down to service it, the job automatically goes to the next available replica of that controller … creating an active-active experience," he said.

Other updates to CloudBees CI due Sept 20 include caching data associated with Jenkins workspaces and directories that are used to create build jobs. Previously, that data had to be loaded with each job before it could run, according to Ahmed.

"Normally this goes pretty fast … so people don't care too much. But when you're getting to the scale of 10 to 15,000 developers in an organization, then it starts mattering. Because every single time you're doing this, you're wasting time waiting for the job to execute," he said.

With the new CloudBees CI capabilities, users can write and read a cache and share that cache between jobs. On average, Ahmed said, job execution speeds increase by a minimum of 20% to 30%.

One CloudBees CI customer welcomed the additional resilience and efficiency for team controllers.

Gerard McMahon, head of ALM tools and platforms Fidelity InvestmentsGerard McMahon

"A single cluster for Jenkins has an upper ceiling of how many team controllers can exist … then you end up packing more jobs into [each] team controller," said Gerard McMahon, head of application lifecycle management tools and platforms at Fidelity Investments, based in Boston. "Now you can use the horizontal scaling. [Without] that, you can only have so many active jobs at a time. … For upgrades, you can do them live without outages, which is also a great thing."

CloudBees has not donated these Jenkins CI improvements to open source, but hasn't ruled that out, either, according to Ahmed.

"I think they should," McMahon said. "It's a fantastic feature and … you could have the whole community build upon what they've created."

CloudBees readies another swing at DevSecOps platform

CloudBees regrouped last year following executive changes and somewhat incomplete efforts to launch a new progressive delivery platform with the appointment of its current CEO, Anuj Kapur, in August 2022 and the acquisition of ReleaseIQ for SaaS-based pipeline automation in late September.

Now you can use the horizontal scaling. [Without] that, you can only have so many active jobs at a time. … For upgrades, you can do them live without outages, which is also a great thing.
Gerard McMahonHead of ALM tools and platforms, Fidelity Investments

CloudBees had planned to offer a hosted software delivery management platform that could support multiple CI/CD tools based on its acquisitions of feature flag startup Rollout and value stream management vendor Electric Cloud in 2019. But those plans never fully came to fruition. ReleaseIQ brought in SaaS platform functionality and enhanced support for third-party DevOps tools.

On November 1, CloudBees will make a new DevSecOps platform generally available that folds in all of its acquired IP, including CloudBees Compliance. In addition to multi-tenant SaaS, the new CloudBees platform will be available in single-tenant and self-hosted versions. It will be built on event-driven pipeline automation open source project Tekton and includes a domain-specific language (DSL) akin to GitHub Actions' scripting tools that engineers and app developers can share, Ahmed said. In future versions, the platform may expand to support GitHub Actions directly as well, he said.

Meanwhile, CloudBees competitors GitLab and Atlassian have had years to market their versions of hosted, heterogeneous DevSecOps platforms; Red Hat OpenShift added Tekton support in 2019, and VMware Tanzu has also emerged with a multi-cloud, multi-tool DevSecOps strategy. Previously specialized vendors such as JFrog have also expanded to encompass the full DevSecOps workflow.

CloudBees' differentiation strategy will be threefold against this competitive backdrop, Ahmed said. It will claim the best platform support for Jenkins extensibility and custom plugins. It will centralize and tokenize secrets data outside delivery pipelines for added security. And it will offer user-based pricing, rather than feature- or resource-based licenses. Specific pricing information won't be available until the platform launches, he said.

Jim Mercer, analyst, IDCJim Mercer

"It is true that they are a little late to make a claim as a DevSecOps platform given past acquisitions. But they do have some unique capabilities that you will not get from [some] competitors, such as value stream management, feature flags and compliance," said Jim Mercer, an analyst at IDC. "The compliance capabilities are something they should promote more aggressively since our survey data shows this as a top challenge for DevOps teams."

Unlike some competitors, the CloudBees platform doesn't yet advertise its own static application security testing, dynamic application security testing or software composition analysis -- though it will be able to orchestrate such tools from third parties, Mercer said.

In the meantime, "introducing yet another DSL does not feel like a strong move unless it can be driven via a UI or an API or, hopefully, is declarative in nature," he said. "Other capabilities should [include] the assurance of digital provenance, perhaps using Sigstore to achieve higher levels of Google [Supply-chain Levels for Software Artifacts compliance]."

Beth Pariseau, senior news writer at TechTarget, is an award-winning veteran of IT journalism. She can be reached at [email protected] or on Twitter @PariseauTT.

Dig Deeper on DevOps