Driving Cloudnative Operations

Executive Summary

Gilead has taken large strides to reduce its on-premises hardware footprint. The operations and engineering teams are tasked with providing the necessary resources to their scientists to run experiments in the domain of bioinformatics and biopharmaceuticals. With a significant investment in CloudFormation, the infrastructure team found the concepts of declarative languages and Infrastructure as Code (IaC) critical to the future of their Cloud strategy. Due to limitations of CloudFormation, such as the tool being vendorspecific, Gilead decided to pivot to Terraform, requiring a refactoring effort and a new outlook at the modern tool landscape. The Hashicorp Suite of tools showed value to the Gilead team in the domains of provisioning, securing, and connecting their cloud-native applications.

Why Nebulaworks?

Nebulaworks is a system integrator that specializes in building bespoke software systems. Through years of helping organizations build high performing engineering teams, we have seen real success in refining development processes and leveraging skillful engineers that follow standardized workflows. With a variety of tasks related to enhancing the cloud experience, having Subject Matter Experts assist in refactoring efforts with CloudFormation to Terraform, enhancing cloud security posture, to defining a standard deployment strategy when building infrastructure for new services like Vault and Terraform Enterprise, provided value back to internal customers and a justification for the cost of leveraging new technology. With highly skilled engineering resources helping drive cloud native operations, the journey of standardizing on the approach to build products in the cloud began. Applying software engineering practices, using open source technologies, and gaining an intimate understanding of Gilead’s vision for their IT/Development department and teams, Gilead moved the needle on projects that could not wait.

The Challenge

Gilead’s main priority was to provide a standardized process and tools for provisioning infrastructure and secrets management. Vault and Terraform Enterprise were chosen to provide this foundational functionality.

Deployment of these tools would take place using IaC, leveraging Terraform open source to deploy both Vault and Terraform Enterprise.

An additional project put into motion was refactoring existing CloudFormation used to provision cloud accounts to Terraform HCL. Once the refactor was complete, Gilead now had the ability to streamline the onboarding of new accounts for development teams with Cloud Native initiatives.

The Solution

Nebulaworks facilitated an Infrastructure as Code (IaC) strategy workshop addressing desired outcomes delivered through an advisory and consulting engagement. Leveraging a distraction-free, focused meeting at the NWI headquarters allowed the combined team to think critically and facilitate high degrees of collaboration to define issues and develop outcomes. These were then placed into a Kanban style tracking board, and scheduled the recurring engineering standup calls.

Upon completion, the sprints were started and the tasks were burned down. With releases of stable code at the end of every sprint, standup calls with the Gilead team, and continuous knowledge transfer, the teams began to make the application and infrastructure deployments to the cloud a reality.

One of the initial use cases that Gilead was focusing on was to use Terraform Enterprise to deploy AWS accounts and required resources for onboarding new application teams into the cloud. With team governance capabilities in TFE, Gilead was able to streamline the process of onboarding applications into AWS. At the conclusion of the engagement with Terraform Enterprise and Vault Enterprise as IaC deployments, Gilead was equipped with stable and tested modules that facilitated stable reuse of code developed. In addition to the tooling deployed, learning from Nebulaworks best practices, Gilead adopted methods in code structure, and team collaboration that are still in practice today.

Choosing the Right Platform

The agnostic nature of Terraform played a critical role in the IaC provisioning tool that Gilead was leveraging. The leadership of the infrastructure team has a vision of a multi-cloud approach, favoring different aspects of each cloud, and anticipating the need to pivot based on business demand. Leveraging Vault as a secrets engine has helped the team standardize how secrets are distributed and consumed in the organization.

Outcome

With a significant step towards the goal of cloud-native operations, Gilead is now leveraging modern tools and software development practices to iterate on their IaC initiatives related to cloud-based application onboarding. With Vault and Terraform Enterprise in place, a flexible project management technique, and standardization around branching, Gilead has gained the capabilities required to quickly onboard engineers and enable rapid contribution to infrastructure development and directly driving business value through fast-paced support of scientific teams.