The decision to outsource all or part of a CI/CD toolchain presents several benefits. It makes sense as part of a DevOps pilot, complements a cloud-first initiative and promotes consistency across large DevOps teams.
There are, however, some technical and organizational hurdles that come with this DevOps as a service (DaaS) approach.
What is DaaS?
In a DevOps-as-a-service delivery model, an enterprise outsources the operation and maintenance of its DevOps tools to a third party, such as a hosting or cloud provider. This means all or part of a CI/CD toolchain is separated from developers and the enterprise as a whole. DaaS can also, however, coexist with internal DevOps processes, as organizations can choose to outsource specific elements of a project to enable better collaboration and improve delivery velocity.
Hosting providers use the insights they gain from serving a wide range of customers to optimize their DevOps tools operation. In addition, some DaaS providers -- particularly systems integrators -- offer staff, such as developers and project managers, by an hourly rate.
Weigh DaaS pros and cons
Before DaaS adoption, carefully weigh its unique benefits and challenges.
A DaaS provider offers access to more mature reporting tools out of the box that inform developers, as well as product and technical stakeholders, about ongoing project health and security.
Additionally, cloud-based DevOps tools support collaboration between on-site and remote team members and facilitate data-driven processes, since staff can more easily work with the same data sets. DaaS also facilitates faster testing and deployment because it enables developers to scale compute and data storage on demand based on project requirements.
But outsourcing to a DevOps-as-a-service provider isn't without its challenges. First, in-house development and operations teams still must manage the complexities of integration and workflow orchestration. While DevOps as a service takes many forms, these are skills a company can't fully relinquish to a third-party provider. It's also complex to clone a production environment in the cloud for test purposes; even experienced cloud engineers will face unforeseen compatibility problems.
Security challenges will always be present, especially in a compliance-regulated industry. Risks include man-in-the-middle attacks and other spoofs at the transport layer between the enterprise and its DaaS provider.
The commercial DaaS market continues to work toward alignment with industry compliance programs and DevSecOps. In contrast, DaaS providers in the United States public sector must meet Federal Risk and Authorization Management Program compliance before they enter production.
DevOps as a service in the public sector
The United States public sector, with its focus on outsourcing software development tools, processes and staffing, serves as an example for the DaaS commercial world. As a market, the public sector continues to test the waters around DevOps, but generally lacks the internal expertise to build out and maintain DevOps toolchains. Instead, it contracts all the work out -- including DevOps staffing and coaching -- to commercial systems integrators. A professional services contract and service-level agreement govern the software delivery.
Prepare the team
Outsourcing isn't a term to lightly toss around inside development and operations shops. These discussions feed the natural fear of change and job loss.
Present DaaS as a means to renew the focus on DevOps people and processes. It shifts developers' focus from the development hassles that surround perfecting a DevOps toolchain to product development and delivery. Still, always involve developers in outlining DaaS requirements and selecting a provider.
The delineation between a DevOps team and the DaaS provider's team is that the latter handles the application infrastructure. DaaS providers mitigate server and network operations worries, which enables the client's DevOps team to focus on application feature sets, go-to market strategies and the user experience.
DaaS from the major CSPs
Cloud service providers (CSPs) are a common option for DaaS, as many offer a range of hosted DevOps tools.
DevOps-as-a-service offerings from AWS, for example, include AWS CodeBuild, AWS CodePipeline, AWS CodeDeploy and a mix of third-party tools, such as Chef, Puppet and Jenkins. Alternatively, Google Cloud Platform offers Stackdriver development tools, Jenkins on Google Kubernetes Engine, Google Cloud Deployment Manager and Google Cloud Console, while Microsoft Azure provides Azure App Service, Azure DevTest Labs and Azure Stack.
Also, DevOps tools vendors offer cloud-based options. For example, both GitLab and GitHub provide Git in the cloud and commercially.