The cattle rancher relies on a few trusty belongings out on the dusty trail: a good horse, strong coffee and a well-charged iPad with a backup battery. That last pairing of items may seem far astray from the rucksacks of those that herd “dogies,” steer and moo-cows, but in the north western region of Canada, there used to be even stranger things being carried in trail bags by cowherd.
For many years, herds of cattle grazing on provincial government land had to be documented and accounted for by hand. That meant a mountain of paperwork for rangers upon their return to the ranch. Instead of a bag full of beans and rawhide, they were lugging around a phonebooks-worth of paperwork to account for just where their bovines had been.
When Todd Wilson, product director of Enterprise DevOps for the Province of British Columbia, and his team began working with Red Hat OpenShift and Aporeto, they weren’t thinking about the cattle grazing on grasslands 1,000 miles north of them. Instead, they were looking for a way for the software developers inside the government of British Columbian to accelerate their velocity.
“Most of us are concentrated in Victoria, but we do have remote teams in Vancouver, Kamloops and Prince Rupert. Our datacenter is in Kamloops, so we’re fairly distributed across the province,” said Wilson, describing the teams he’s working with.
“We’re about three years into trying to transform how the province of British Columbia develops its applications and solutions,” said Wilson. “Getting into GitHub was one of the first things we did. We also began evangelizing the benefits of open source as a way to level the technical playfield between the government sector and the enterprise sector.”
OpenShift and Aporeto
Wilson said that OpenShift served as a unified platform for application developers across the province, giving all the teams using the system a consistent way to deliver their products. Once that existed, the next step was to bring legacy systems, such as mainframe databases online within reach of the OpenShift cluster. That’s where Aporeto came in. Wilson said the team was asking, “How do we evolve our security story so we can branch out of our OpenShift cluster and address some security needs of legacy systems in legacy zones, while also access cloud services without dying on the ever growing complexity of firewall rules,” said Wilson.
Aporeto provided an encrypted pathway to those older systems, bringing them online and accessible to OpenShift users and developers. This type of full system access via a cloud-like developer experience has unlocked software as a path to solve even the most obscure and non-digital of problems within the province.
Problems such as that phonebook of paper required to document cattle grazing.
Home Page on the Range
“We’re trying to decrease barriers to some remote areas up north with resource management and range apps. Ranchers in remote areas can apply to graze their cattle on provincial land. One of the things these ranchers were challenged with was connectivity. They’d have to print their plans on paper and account for where these cattle are grazing, and who’s cattle is where. Now they have an iPad app. They download it, they can take it offline, on a horse on the range, collect data on their ride, count cows, then upload all that stuff. It eliminates a paper process. This was revolutionary for those ranchers. They’d typically have to spend a whole week doing paperwork after a range ride. Now that’s compressed,” said Wilson.
This success is emblematic of the specific ways British Columbia is now able to solve its problems with software. Wilson said they’re now hosting over 100 applications on OpenShift, and that other provinces in Canada are looking into how they can leverage similar architectures, and share open source projects to cut down on replicated development work.
The ultimate goal, however, is embodied in the British Columbia Developers’ Exchange. This platform allows the government to engage with individual developers and small teams to address software problems in a manner similar to bug bounties: problems are defined, and small teams or individuals can take them on in exchange for pay. The goal is to eliminate the need for these teams to become full fledged, paperwork encumbered government contractors, saving everyone time and work.
But opening the doors of public systems to the actual public requires some intense architectural design and some serious security considerations. Wilson said this is the next big step for the BC teams.
“We’ve got a strategy we’re kicking off now: a zero trust framework project. We kicked off [in June]. Aporeto is forming part of that, but they’re not the entire story. We’re using tools to help secure the supply chain, adding better static source code analysis into the workflow, and building a registry of signed images that we vet and maintain. Now this is done in an ad hoc manner and not regularized. The idea is this project will provide all the kit and a process around that kit to provide confidence in the business area that the apps are kept up to date. One of the biggest challenges we have in the datacenter is pretty much zero visibility into these apps. When you ask what is the footprint of our vulnerabilities, they can’t tell you because they don’t know,” said Wilson.
The full solution to this problem involves many tools across the chain, he said: “OpenShift, Aporeto, Aqua Security, GitHub and Artifactory. All this produces a ton of artifacts around our security posture. We need to knit that together in a regular way. We want to make sure the development teams have a nice easy way to use the right libs, tools and images, and they can get their apps through to production,” said Wilson.