Cloud Engineering leader Pulumi today announced that SANS Institute, the global leader in cybersecurity training and certification, is using the Pulumi Cloud Engineering Platform to streamline the delivery of applications and infrastructure, increasing the speed of delivery by 3X. Pulumi enabled SANS to adopt cloud engineering best practices so that it could reduce deployment times, simplify its cloud architectures and ultimately create a better experience for end customers. For example, SANS now delivers cloud infrastructure using TypeScript and GitOps workflows, allowing it to use the power of modern languages and software engineering to deploy and configure infrastructure through a single platform.
SANS required a better and more efficient way to build, deploy, and manage its cloud applications and infrastructure after the COVID-19 pandemic hit. With a weakened economy looming, SANS leadership asked its engineering teams to behave more like a startup — moving faster while using fewer resources. With an “automate everything” attitude, the SANS DevOps team needed a platform that would enable it to adopt cloud engineering practices such as building infrastructure as code in popular languages, deploying infrastructure and applications through continuous integration/continuous deployment (CI/CD) pipelines using GitFlow, and ensuring that SANS developers use consistent processes from development to production.
Founded in 1989, SANS Institute is the global leader in cybersecurity training. Its mission is to empower cybersecurity professionals with the practical skills and knowledge they need to make the world a safer place. To that end, SANS offers foundational training, degree programs, GIAC (Global Information Assurance Certification) certifications, and cyber ranges—platforms that provide hands-on cybersecurity practice.
Building a Self-Service Cloud Platform with Pulumi
SANS IT management wanted to simplify its deployment process by eliminating manual steps and the need to glue together multiple provisioning and scripting tools, which were not keeping up with the demands of the business. To do this, they used Pulumi to build a self-service platform (called the “game server service”) that enables instructors to quickly provision virtual learning environments using a fast and automated process. The game server service can automatically deploy, configure and destroy approved infrastructure with best practices baked-in from SANS security and operations teams, eliminating the need for a manual ticketing process.
To enable this automation, they used Pulumi’s Automation API, which exposes the full power of infrastructure as code through a programmatic interface, instead of through CLI commands. Using the Automation API, they deployed TypeScript code that runs Pulumi in a Node.js container and built a REST API around it. The container can create, update, configure, and destroy infrastructure dynamically through API calls.
“The Pulumi Automation API made deploying our applications and their infrastructure a much cleaner process,” said Tyler Mulligan, Senior DevOps Engineer at SANS. “With a standard programming language, we can take advantage of other products in the ecosystem, such as Prettier and ESLint. Pulumi has greatly simplified the SANS Labs architecture and created a better user experience for SANS Labs instructors and students. Now, instructors can more easily and quickly provision virtual environments.”
Enforcing security and best practices with Pulumi
To ensure that their infrastructure is secure, SANS IT management uses a variety of methods. One is Pulumi’s Policy as Code framework, which allows them to enforce compliance for cloud resources. Additionally, they took advantage of Pulumi’s collection of libraries that model AWS infrastructure patterns using well-architected best practices. These libraries allow them to use default configurations for resources such as Amazon CloudWatch Alarms, CloudWatch Metrics, and CloudWatch Dashboards.
SANS has also begun developing its own SANS policy pack to verify that resources are spun up according to SANS standards, such as ensuring that Amazon S3 buckets are always encrypted and closed to public access. In addition, IT leaders are currently working to create a new service which monitors the resources being spun up and sends default CloudWatch alarms, metrics, dashboards and log metric filters.
Benefits of adopting Pulumi included:
- Reducing deployment times for servers by up to 70%
- Streamlining cloud application delivery by replacing its legacy Infrastructure as Code workflow with the cloud engineering practices of using Git and CI/CD-driven workflows
- Enabling developers to use familiar programming languages and tools for infrastructure, which also helped make their code cleaner and more uniform, resulting in streamlined pipelines
- Automating the deployment of approved cloud infrastructure through a simple API interface that reduces complexity and eliminates the need for a manual ticketing process
“Innovative organizations like SANS Institute are constantly raising the bar on engineering excellence by adopting cloud engineering practices like building cloud infrastructure with programming languages and delivering it through the same deployment pipelines as the application code,” said Aaron Kao, vice president of marketing at Pulumi. “For many organizations that want to harness the modern cloud, cloud engineering is becoming an important part of increasing innovation velocity and organizational agility in order to gain competitive advantage and better serve customers.”
The full SANS Institute case study can be found here: https://pulumi.com/case-studies/sans-institute.