Questions & answers and audio interview by Outlook Series on Kovair VSMP for DevSecOps
Kovair DevOps Process Flow from Customer Change Input to Deployment
Kovair DevOps Comprehensive Features and Detailed Capabilities
Kovair VSMP/VSDP for DevSecOps – Interview Questions and Responses
1. Welcome Akshay, Akshay, as the CTO for Kovair, what is new with this Kovair VSMP/VSDP for DevSecOps release?
- Thanks Michael, with this new release, in a nutshell, it eliminates the need to switch to 3rd party tools from DevOps CI/CD (continuous integration and continuous delivery), to Cybersecurity tools assessments as it now can get done as the software is developed, all seamlessly integrated, with VSMP and VSDP governance, dashboards, and process automation supported.
- VSMP stands for Value Stream Management Platforms, while VSDP stands for Value Stream Delivery Platforms and both are the hottest topics in software development. In Gartner’s recent Webinar in January 2021, entitled: “The Future of DevOps Toolchains”, Kovair was mentioned in their Market Guide, and a key prediction from Gartner is: “By 2023, 70% of organizations will use value stream management to improve flow in the DevOps pipeline, leading to faster delivery of customer value.” Gartner also stated a Key Finding: “55% of organizations, in a recent survey, of CIOs/CTOs, are looking for combined VSMP and VSDP solutions”, which Kovair uniquely provides for DevSecOps.
- DevSecOps value stream delivery and management platforms provide visibility and traceability into workflows throughout the DevSecOps value stream, because they plug into planning, development and operational tools, from Kovair. The Kovair platform provides visualization tools to analyze customer-focused metrics, such as delivery time, deployment frequency, defect rate, trouble tickets, Hazard and Risk Assessments, PLM Gantt Charts, and time to respond to failures. The visualization of how work flows throughout the phases: from requirements capture, plan, build, test, preproduction, release, configure and operate, bug tracking, and end-to-end Lifecycle Management phases, all constitute a value stream map.
- If you recall, the prior Kovair release allowed for WFH: work from home support with remote management via dashboards showing all the process metrics and statuses to be visualized in real-time, and provided remote control of workflow pipelines via email, with role-based policy controls. it supported multiple databases from SQL Server, Oracle, and MariaDB, across hybrid multi-clouds, and Kovair’s Workflow Process Engine is unique with Task-based models that supports concurrency, which is more representative of real-world teams as teams are likely working on multiple tasks concurrently.
- Now with Kovair’s latest release, we are adding Pipeline as Code, via YAML and SAML (Security Assertion Markup Language) which extends markup languages with OpenAPI scripting languages to allow for scripting of the workflows, and modification of the scripts by external partner tools like AIOps platforms, to allow for CLA: Closed Loop Automation.
2. Akshay, How Does Kovair’s VSMP/VSDP fit in within DevSecOps?
- Kovair with its suite of products offers a complete Value Stream Management and Delivery Platform – VSMP and VSDP for DevOps and now DevSecOps.
- Kovair’s VSMP Toolchain addresses the need for unified visibility, orchestration, integration, governance and management of the ALM and DevOps value stream, and now added Security Vulnerability Assessments are included with operational management dashboards for ISO Security and Risk Management, per ISO 27005 standards. Kovair’s VSMP for DevSecOps solution improves flow and traceability, with process compliance, and end-to-end product lifecycle management, which is especially needed for newer 5G Edge Computing services, as well as legacy applications.
- All This now will allow for the breaking down of silos, of legacy siloed tools. Kovair enables more open, best-of-breed tools, to be seamlessly integrated like Broadcom’s Veracode, HCL’s AppScan and other solutions in the DevSecOps workflows.
- With this new release, and the Concurrent Task-based Workflow Engine, it’s graphically shown where some teams can work on legacy ALM systems concurrently while other teams can work on DevSecOps systems, and how, within the workflow, these systems come together, and with newer YAML: pipeline as code, these are now scripted and automated, with SAML supported as well.
Kovair uniquely provides industry-specific, guided templates empowering teams to instantly begin process compliant workflows, within the Value Stream.
Kovair uniquely provides integrations with multiple security tools providing visibility to security vulnerabilities, in open source software, or other risks such as inventory control problems to cloud-based resiliency problems in the field
Kovair gives complete visibility of Risks threats or opportunities through real-time reports & dashboards, including process compliance dashboards, throughout the Value Stream, including process compliance to ISO Standards like 27005 for Security and Risk Management.
Kovair allows managers to define and maintain instantaneous traceability between Design, Process requirements, Risks and Hazards, to operational metrics from tools like APM (applications performance monitoring), in the field
Kovair supports cross-platform installation, complete CI/CD solutions, with containerization supported for microservices, all from remote role-based, process-compliant email controls
Kovair DevSecOps supports notification on the build status, so every movement is notified to management
These are supported within Kovair’s toolset, including plug-ins for Microservices and Kubernetes support, which can all be managed from the Kovair Process Workflow Engine, with status reporting in dashboards, role-based controls on who can launch the CI/CD deployments, with Work-From-Home controls.
3. How does Kovair’s Omnibus platform play a role in this release?
- Kovair’s Omnibus platform supports all of the new DevSecOps Kubernetes solutions, by having a common software bus platform to over 115 3rd-party solutions, shared data lake offerings, supporting shared analytics, an API platform supporting REST interfaces along with Connectors to businesses own systems as well, leads to more collaboration between legacy ALM development and Agile DevSecOps development, enabling this transition, all done with Encryption supported and DRaaS (Disaster Recovery as a Service) supported.
- Kovair’s Omnibus is also offered either on-prem or cloud-based as an Enterprise Integration Platform as a Service, and was awarded a Gartner Cool Vendor award, putting it in an elite category.
- Kovair uniquely provides synchronization of data between tools over heterogenous and hybrid cloud environment, including 5G Edge Cloud Enablement
- Kovair facilitates connections to existing tools and applications and makes them part of the integrated tools ecosystem by protecting the investment of the organization, and can be offered as a Service, the hybrid multi-cloud
- Kovair uniquely provides Low Code/No Code Drag-and-Drop configurable task-based CI/CD Pipeline, and now Scriptable Pipeline as Code offerings.
- Kovair supports Secure edge computing with deployments over public/private/hybrid cloud, Kubernetes clusters or any on premise and VM environment
- Kovair allows for hybrid multi-cloud solutions, with secure, DRaaS (disaster recovery as a service).
4. How would you advise organizations seeking to arrive at a new DevSecOps mindset?
- First the organizations need to come together with common goals, common business metrics, common training on common platforms. And by breaking down the silos and learning by doing, it all comes together. Kovair’s VSMP and VSDP for DevSecOps solution can be a key enabler for this transition.
- Secondly, Championing from a legacy Lifecycle Process-based world to a newer Real-time Event-Driven world, where newer MicroServices are opened up, and newer services are provided, with Security engineered in holistically, as opposed to being an afterthought.
- Thirdly, Forming teams with an Adaptive and DevSecOps-style Deployment Architecture with re-training of folks as needed on the legacy systems, but also bringing the next-gen folks to become aware of the legacy platforms, tools, and Q/A processes as well, as Security policies, tools, and solutions.
- Fourthly, Establishing next-gen Security Frameworks for Secure Services and Infrastructure using Secure software bus, and API Middleware, Agile DevSecOps developments tools, with Real-time Diagnostics and Analytics, Test and Measurement metrics, that have business outcomes, with common business goals and rewards to drive change. In this new world, with role-based work-from-home development, managers can view dashboards of process status in real-time, and control the development release pipelines using email, and now have automated tools to launch the pipeline-as-code scripts additionally.
- Finally automating feedback loops with Closed Loop Automation, AI/ML or Algorithmic solutions eventually to tune the services as needed, potentially by re-configuring the pipeline-as-code scripts additionally.
With Kovair’s Omnibus integrated solution to APM: Applications Performance Management solutions, with security monitoring, or to Trouble Ticket systems, real-time feedback can occur within the process to improve the systems, such as Kovair’s secure Omnibus connections between partners like ServiceNow, and RPA providers like UI Path, which can help in achieving AIOps, another hot topic in the industry.
5.Would you like to add anything to our discussion before we wrap up for today?
- Yes, these are challenging times now but with newer solutions, and newer thinking, hopefully this will all be alleviated with better solutions from platform providers like Kovair as we discussed. Hopefully the result is better harmony within IT teams, and better business outcomes…and now with better security engineered in holistically.
6. Where can our audience get more information on the new Kovair DevOps solution?
www.kovair.com … would be the best place to start!