The General Services Administration is considering having an outside vendor partner take over the management of cloud.gov.
Cloud.gov is a Platform as a Service offering that allows users to build applications in the cloud without having to create their own cloud environments. In a request for information filed Nov. 9, the GSA indicated it is accepting responses from professional services firms that could help maintain and enhance the platform.
Built in 2015 by the GSA’s 18F digital services team, cloud.gov is a government-customized hosting platform that takes care of technical infrastructure and security compliance requirements for agencies. Cloud.gov customers are responsible for their own application code, while the cloud.gov platform handles the security and maintenance of everything underneath, according to the GSA, and is built to keep applications online even with large numbers of users and sharp increases in usage.
18F says that the PaaS gives agencies “a fast and easy way to host and update websites (and other web applications, such as APIs), so their employees and contractors can focus on their missions instead of wrangling the infrastructure and compliance requirements common to federal systems.”
The GSA’s Technology Transformation Service indicates in the RFI that it wants manpower to help manage the security and maintenance aspects of cloud.gov. The GSA notes that the RFI is not a request for proposals, or a commitment to award a contract.
How the GSA Envisions Cloud.gov Being Managed
In the RFI, the GSA states that it intends to purchase professional services so that the vendor can perform operations and maintenance for the cloud.gov technical system, specifically the Cloud Foundry-based platform and supporting services and web applications.
Cloud.gov uses DevOps practices and Infrastructure as Code principles for operations and maintenance, GSA notes in the RFI, work which combines system administration and code development.
“Team members commit all changes to source control (git) and test and deploy them using continuous integration and continuous deployment tools,” the GSA notes. “We work in a collaborative, remote-first environment, including chat and videocall discussions of changes before, during, and after development, with frequent use of pairing between employees and contractors.”
Any professional services firm that helps the GSA manage cloud.gov would need to be able to operate, maintain, monitor and update a Cloud Foundry deployment and the supporting services underlying cloud.gov.
In terms of security, such a firm would need to be able to improve automated monitoring and alerting for any possible operational failures, possible security issues and anomalous behavior and possible intrusion detection.
They would also provide consultation for the cloud.gov development team to support Cloud Foundry best practices and develop, test and deploy code rapidly using a lean and agile approach.
Other requirements include the ability to:
- Identify and fix issues using GitHub pull requests.
- Use Python, Go and other languages as needed to automate and integrate operation processes.
- Manage infrastructure as code using Terraform.
- Manage continuous deployment using Concourse.
- Package and deploy software using BOSH.
- Write code, including test harnesses and metric emitters.
- Manage and analyze capacity on demand.
- Ensure security and protect privacy, and be capable of defining a virtual private cloud, access control lists bound to security groups, multifactor authentication and Secure Shell access.