Troops modernized their infrastructure and environment to accelerate product innovation

Solution

Caylent’s initial work with Troops began with a simple pilot task to containerize a few services and develop Helm charts to manage the deployment and management of those processes that weren’t already running on Kubernetes. Caylent also began to migrate self-hosted Kubernetes deployed on EC2 instances using kops to Amazon Elastic Kubernetes Service (Amazon EKS) based on Caylent’s recommendation. Moving to EKS helped Troops leverage the benefits of Amazon EKS’ fully managed Kubernetes service without having to manage⁠ the control plane. The transition also liberated the company’s internal staff to concentrate on product development while Caylent managed all the heavy lifting in its cloud environments. 

Following the success of the pilot task, Troops and Caylent engaged on a long-term two-phase DevOps approach that deputized our team to oversee infrastructure governance and architect and implement a DevOps roadmap. The engagement began with a discovery process to get a clear picture of Troops’ baseline infrastructure, application, and database layers. Caylent’s discovery process examines and analyzes how such environments can be supported, audited, and improved over time.

As an enterprise B2B software company, SOC 2 compliance is integral to a security-conscious business like Troops. Recognizing this, Caylent conducted a highly compliant, collaborative onboarding process to provide technical support as soon as possible. This effectively established our team as an extension of the company’s entire IT department—Caylent engineers signed Troops’ Code of Conduct and Employee Handbook. Troops’ saved themselves the arduous task of hiring in-house and expedited DevOps support to make immediate advances in performance and operations. 

Given Troops’ SOC 2 Type II status, yearly audits are an important component in staying compliant, implementing successful vendor management programs, and outlining internal governance and risk management plans. Since engaging with Caylent, Troops has been successful in passing its full annual audit and disaster recovery exercises. As part of the company’s SOC 2 compliance process, Caylent assisted Troops in federating access to and encrypting it’s personally identifiable information (PII) data using StrongDM to ensure all the company’s sensitive information is handled according to information security risk procedures. Lack of federated identity access can pose significant challenges for IT organizations, especially those working with PII and PHI.

On top of compliance tasks, Caylent also supported the Troops team with the integrations between the company’s in-house CI/CD tool (written in Scala with controls baked in) and its new environments. The tool is instrumental to the code releases in all of Troops’ environments so the Caylent team helped make enhancement tweaks to provide the development team a greater degree of release autonomy.

As part of the engagement, the team at Caylent also managed all Troops’ Kubernetes environment upgrades starting in QA and Development before advancing on to all the Production environments more recently. We ensured all nodes were drained and carefully coordinated the work so that Troops’ clients experienced zero downtime during upgrades. We also helped the Troops team in designing and implementing a new application secrets management strategy, which was successfully implemented by leveraging Kubernetes ConfigMap objects and AWS KMS.

In addition, the team ported all the company’s legacy CloudFormation templates into Terraform. Terraform provides a way to view changes before they go live, the syntax (HCL, HashiCorp Configuration Language) is easier to read, and it allows code to be split into multiple files making future configuration management a lot easier. 

With these infrastructure improvements, Caylent helped Troops to ensure a smooth experience running production-grade environments in Amazon EKS. Ongoing tasks that Caylent covered from the company’s technical backlog included monitoring/logging/alerting improvements, applying patches, addressing service interruptions, and conducting other preventative maintenance via a proactive approach.

Within Amazon EKS, Caylent also assisted Troops in implementing a fine-grained IAM role for its service accounts solution (also known as IRSA), so each application component gets access to the AWS resources it needs according to the principle of least privilege. These unique IAM roles for service accounts can be used by individual pods running on a Kubernetes cluster to improve fine-grained control over the permission sets per pod. The different environments were isolated in AWS using one account for each.