agsandrew - Fotolia

Jenkins pipeline as code example demonstrates DevOps coordination

Ellucian, which makes software for colleges and universities, offers a pipeline as code example that unifies the release process for multiple generations of apps and brings IT security into the DevOps fold.

One software maker got a whole lot more than rapid app delivery, thanks to Jenkins pipeline as code benefits.

Ellucian Company L.P., a Reston, Va., software company that specializes in ERP systems for colleges and universities, embraced the pipeline-as-code features introduced with Jenkins 2.0 in 2016. These features give IT architects a visual interface to create pipelines using Jenkins' domain-specific language, which could then be kept and version-controlled alongside application code to ensure consistency between them.

Before Jenkins 2.0, the software company struggled to rapidly iterate disparate legacy tech stacks, from Microsoft and Oracle proprietary applications to cloud-native apps developed in-house on Node.js. These applications also undergo different stages of development: Some pass continuous integration tests and are deployed immediately, while others involve a more lengthy continuous delivery process based on Amazon Machine Images.

However, Jenkins pipeline-as-code features, which were added to CloudBees' commercially supported offering Jenkins Enterprise, helped standardize Ellucian's approach to continuous integration and continuous delivery (CI/CD).

Jason Shawn, senior director of DevOps and cloud, EllucianJason Shawn

"Traditionally, to build a pipeline, you'd have to build various stages and transfer parameters from one stage to another. But now, the stages become more standardized, and several of our groups are reusing others' pipeline stages," said Jason Shawn, senior director of DevOps and cloud for Ellucian. "People have also been able to make changes to their pipelines more quickly."

Ellucian chose CloudBees in this Jenkins pipeline-as-code example, although the technology is also available in the open source version of the CI/CD software. CloudBees integrated a diverse array of applications for the team.

"If this company was in a different spot in their journey and much more locked in to one or two tech stacks, CloudBees might not be part of the equation. But, realistically, we need help to integrate pretty much everything under the sun," Shawn said. But because CloudBees' offering is based on the open source platform, Ellucian can also draw on community support and apply lessons others have learned to reap the benefits of pipeline as code.

CloudBees' Jenkins Enterprise platform will soon offer Kubernetes container orchestration support for Jenkins masters, which Ellucian plans to adopt. This will extend the notion of a large, centrally provisioned client master toward distributed masters that can be provisioned by engineering teams on demand. Shawn said he expects this change will improve the performance of Jenkins pipeline-as-code deployments, as well.

"Our vision is to take a product through its whole lifecycle [with] a master, and then it can scale using as many workers as it needs to," he said.

CloudBees Jenkins Enterprise interface for pipeline as code
Interface of CloudBees Jenkins Enterprise, illustrating support for pipeline as code.

Jenkins pipeline as code opens door to DevSecOps

Our vision is to take a product through its whole lifecycle [with] a master, and then it can scale using as many workers as it needs to.
Jason Shawnsenior director of DevOps and cloud, Ellucian

After the upgrade to distributed masters, Ellucian plans to draw security practices into the DevOps process. The company will integrate open source security scanning tools, such as OAuth, OWASP Dependency-Check and Arachni, and will evaluate open source utility Zed Attack Proxy to find vulnerabilities in web applications. Jenkins pipeline as code will help link the results of these tools' security scans into ThreadFix, so developers can evaluate the risks of vulnerabilities for each application.

"The whole [security] ecosystem is riddled with false positives. And, inevitably, you find you're breaking a build for something that's not necessary," Shawn said. "So, how do you take that false positive and build it into your pipeline so you don't hit it again and again? We're exploring ways to build that security model with a more DevSecOps approach."

Jenkins is still among the most widely used CI/CD pipeline tools, but Jenkins alternatives abound. Shawn said he's also looked at Amazon's native CI/CD pipeline services. He said he hopes CloudBees will make the Jenkins EC2 plug-in part of the core Jenkins code in future versions of CloudBees Jenkins Enterprise, which would help the third-party product keep up with Amazon's natively integrated offerings.

"I don't know that Amazon has quite delivered the robustness and versatility that Jenkins offers, but I would never count them out," Shawn said. "If I was in CloudBees' shoes, I'd be looking at competitors like that and ensuring that my ability to accommodate enterprise needs is first and foremost."

Shawn's team also evaluated the Blue Ocean UI, but needs further user acceptance tests with everyone who uses Jenkins pipeline as code at Ellucian before they switch.

"We were in the early beta," Shawn said. "It had a little bit of a jarring effect; it's a much better-looking UI, but most of our users were used to the old and ugly UI."

Beth Pariseau is senior news writer for TechTarget's Cloud and DevOps Media Group. Write to her at [email protected] or follow @PariseauTT on Twitter.

Dig Deeper on Systems automation and orchestration