HCL Launch makes securely managing deployments easier for a national retail company

Managing access and approvals

To get the most value out of a self-service approach, you need to balance access with security. For work items to move through the pipeline, you must give multiple teams and individuals access to systems and information. But you also need a way to ensure that only the correct, approved work gets deployed at the right time alongside the proper approvals from ServiceNow.

A national retailer with a large ecommerce presence was struggling to balance these two needs. The Middleware DevOps team leads at this organization had tight control over their continuous delivery platform. Finance and sales teams within their ecommerce department played a large role in their DevOps pipeline, but the continuous delivery managers worried that giving other teams access to their CD platform would lead to unauthorized modification of processes and environments. This siloing of continuous delivery access led to communication breakdowns between teams, delayed cycle times, and an unmanageable workload on the few people who were given permission to access the CD platform.

Another issue the organization faced was integrating the continuous delivery system with existing change approval processes. All teams involved in ecommerce used ServiceNow to submit, assign, and confirm change requests. However, ServiceNow was not integrated into the continuous delivery platform, meaning team leads had to manually check ServiceNow status before going forward with continuous delivery work. The DevOps team tried to automate this process with a homegrown solution that allowed users to verify their change approval requests before running deployments, but this created yet another project the Middleware DevOps team had to continuously manage, maintain, and organize.

The retailer wanted an automated, secure way to manage access to their continuous delivery platform so work and information could be better distributed across team members. They also need a way to integrate ServiceNow so they could have a more seamless DevOps pipeline.

Making life easier with automation

With help from their client advocate, the retailer used HCL Launch, our enterprise-level continuous delivery platform, to implement a tight security model with auditing and traceability. Using “permissions” the DevOps team can define specific actions (like read, write, and delete) as they relate to specific entities (like environments and processes). With “roles” the DevOps team can define categories of individuals and assign those categories permissions. For example, an organization can create a deployment specialist role, which has access to run deployments but cannot edit any processes. The number of roles and permissions is unlimited in HCL Launch and can be organized by team, so it is completely customizable to each organization’s unique needs. HCL Launch’s roles and permissions feature creates a division of labor between those who can edit and modify your processes and those who run your deployments, ensuring solid process control and better security. In addition, all deployments and modifications are tracked through audit logs that can be saved within the tool or exported elsewhere for safe keeping.

To eliminate the need for a homegrown ServiceNow integration, the retailer’s DevOps team implemented HCL Launch’s external approvals feature. This feature automatically checks for an approved change approval ticket (such as ServiceNow or BMC Remedy) matching the request before a deployment can begin. External approvals apply best DevOps practices to the change approval boards’ requirements without sacrificing speed or control.

Saving time and resources

Once the DevOps team set up their roles and permissions in HCL Launch, they migrated several other teams into the HCL Launch server to allow them to interact directly with the UI and run their own deployments. Even though more teams are now involved, the organization’s cost did not increase because giving more users access to HCL Launch does not require additional licenses, resources, or infrastructure. With HCL Launch’s method of managing the who, what, and when of deployment activity, the DevOps team leaders no longer need to worry about users interrupting a process or manipulating a deployment. The organization is able to onboard new teams and users, allowing the DevOps pipeline to flow more smoothly and teams to work more autonomously with the necessary guardrails.

Since HCL Launch’s external approvals solved the ServiceNow integration issue, the retailer was able to reduce workload, costs, and infrastructure by eliminating the need for their homegrown stopgap. Now, the Middleware DevOps team can onboard more users and improve other DevOps services. Plus, external approvals provide another way of ensuring that the change approval board follows the company’s defined security requirements by seamlessly automating deployment validation.

Using HCL Launch, this retailer removed bottlenecks in their DevOps pipeline, reallocated development resources, and provided a more autonomous continuous delivery experience for more employees. With these benefits, the organization can deliver better quality applications faster for their customers.