In stealth mode, startups are under pressure to put in place the foundation for their future success. And, in most cases, they're operating on tight timelines. That was the case for ShiftLeft, an innovative Security-as-a-Service startup, as it was preparing to launch its platform in 2016. Delivered as Software-as-a-Service (SaaS), ShiftLeft delivers a new model for protecting cloud- or datacenter-hosted software by understanding the Security DNA of each new version of any application or micro-service and limiting its attack surface at runtime. This helps businesses increase the speed at which security issues can be identified and automatically triaged.
Weighing options for maintaining and managing containerized services
As ShiftLeft's first DevOps Engineer, Davy Hua was charged with designing and implementing the Continuous Integration and Deployment (CI/CD) pipeline and subsequent cloud infrastructure to support the company's various development and production stacks. Hua was dealing with an incredibly heavy workload while working on an aggressive schedule. Implementing this pipeline would save him countless hours of manual development work, automatically building and testing the software's code every time it was changed.
Once he established and started running ShiftLeft's CI/CD pipeline, Hua needed a way to maintain and manage this complex production stack of containerized services.
Building a Secure, but Flexible Foundation with Mesosphere
Hua considered Kubernetes and one of the large public cloud providers as a possibility but ruled both out. At the time – in 2016 – he wasn't fully sold on Kubernetes. As he says, "I could look at Kubernetes documentation one day and things would be different the next, making it a difficult choice as the foundation of our infrastructure." In addition to concern about vendor lock-in and pricing, Hua needed a way to support customers that use ShiftLeft on premise. "We built our solution to be cloud agnostic and want the ability to make shift as needed," he said, "If we went with one of the large public cloud providers, we would lose that ability to pivot."
Due to his familiarity with the stability of the open source project, Apache Mesos,, Hua chose Mesosphere DC/OS. Moreover, he was swayed by the DC/OS catalog listing services like Kafka, PostgreSQL and Redis, which are all key services in the ShiftLeft infrastructure.
Quickly Getting Core Infrastructure Up and Running with a Team of One
Hua started deploying the open source version of DC/OS and within two weeks he had a working stack online.
"Mesosphere amplified my ability, enabling me to confidently build the entire infrastructure on my own," he says.
With all staging and production running on Mesosphere DC/OS, the solution was core to ShiftLeft launching its initial product offering. According to him, Mesosphere is just as--if not more--effective than Kubernetes. "One of the main advantages of Mesosphere is its portability. If I want to spin up Mesosphere on Azure, Google Cloud or even on prem, I can easily do it. I can even point new members of my team to Mesosphere and they will know what to do without getting lost in the documentation."
Since first using Mesosphere, ShiftLeft upgraded to Enterprise DC/OS for its role-based access controls (RBAC), which Hua plans to implement in the future as they scale. Additionally, Hua took advantage of the ability to merge his staging and production stacks. "This was possible because Mesosphere enabled me to customize various node pools for different instances," Hua continues.
According to Hua, when you immerse yourself in Mesosphere, you understand its sophistication. Yet Mesosphere makes it easy and fast to pick up and use. "I live in the command line API. At the same time, the UI is incredibly user-friendly, making it simple to hand off to my core team for the on-call rotation. If something happens, they don't need to understand the command line tool – they can use the UI and follow the playbook to handle any fixes," he says.
Since implementing Mesosphere and with a bit of optimization of his end, Hua has reduced the cost of running his stack by 50%. "I customized a template within Mesosphere to spin up my Amazon Web Services stack so I have multiple instances types instead of just one set. This makes it possible to choose between compute-intensive and memory-intensive workloads," explains Hua.
"In hindsight, it was quite a feat to implement the entire infrastructure on my own. Mesosphere made it easy to spin up a stack, subsequently manage and administer it, and handle day-to-day operations. Because of Mesosphere, I handled all of this effectively when I was the only one in DevOps during our first year," he concludes.
the full case study for all the details into how ShiftLeft used Mesosphere DC/OS to get its core infrastructure up and running.