Dec 04 2018

Where Is Cloud.Gov Headed in 2019?

The GSA wants to explore having a vendor run the Platform as a Service offering.

The General Services Administration is considering having an outside vendor partner take over the management of is a Platform as a Service offering that allows users to build applications in the cloud without having to create their own cloud environments. In a request for information filed Nov. 9, the GSA indicated it is accepting responses from professional services firms that could help maintain and enhance the platform.

Built in 2015 by the GSA’s 18F digital services team, is a government-customized hosting platform that takes care of technical infrastructure and security compliance requirements for agencies. customers are responsible for their own application code, while the platform handles the security and maintenance of everything underneath, according to the GSA, and is built to keep applications online even with large numbers of users and sharp increases in usage.

18F says that the PaaS gives agencies “a fast and easy way to host and update websites (and other web applications, such as APIs), so their employees and contractors can focus on their missions instead of wrangling the infrastructure and compliance requirements common to federal systems.”

The GSA’s Technology Transformation Service indicates in the RFI that it wants manpower to help manage the security and maintenance aspects of The GSA notes that the RFI is not a request for proposals, or a commitment to award a contract.

MORE FROM FEDTECH: Find out how agencies can benefit from cloud access security brokers. 

How the GSA Envisions Being Managed 

In the RFI, the GSA states that it intends to purchase professional services so that the vendor can perform operations and maintenance for the technical system, specifically the Cloud Foundry-based platform and supporting services and web applications. uses DevOps practices and Infrastructure as Code principles for operations and maintenance, GSA notes in the RFI, work which combines system administration and code development. 

“Team members commit all changes to source control (git) and test and deploy them using continuous integration and continuous deployment tools,” the GSA notes. “We work in a collaborative, remote-first environment, including chat and videocall discussions of changes before, during, and after development, with frequent use of pairing between employees and contractors.”

Any professional services firm that helps the GSA manage would need to be able to operate, maintain, monitor and update a Cloud Foundry deployment and the supporting services underlying 

In terms of security, such a firm would need to be able to improve automated monitoring and alerting for any possible operational failures, possible security issues and anomalous behavior and possible intrusion detection.

They would also provide consultation for the development team to support Cloud Foundry best practices and develop, test and deploy code rapidly using a lean and agile approach. 

Other requirements include the ability to: 

  • Identify and fix issues using GitHub pull requests.
  • Use Python, Go and other languages as needed to automate and integrate operation processes.
  • Manage infrastructure as code using Terraform.
  • Manage continuous deployment using Concourse.
  • Package and deploy software using BOSH.
  • Write code, including test harnesses and metric emitters.
  • Manage and analyze capacity on demand.
  • Ensure security and protect privacy, and be capable of defining a virtual private cloud, access control lists bound to security groups, multifactor authentication and Secure Shell access.



HRAUN/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.