AWS Cloud9

AWS Cloud9 is a cloud-based integrated development environment (IDE) that lets you write, run, and debug your code with just a browser. DoIT Cloud9 is an AWS account configured to allow developers to take full advantage of AWS Cloud9 while meeting DoIT's endpoint management requirements.

Service status: DoIT Cloud9 is now in a pilot phase. We're seeking people interested in trying it out, raising questions, and pointing out what doesn't work.

Next steps:

  • Proof-of-concept administrative processes and delegated administration: tagging (for billing and management), security scanning, auditing, backup/restore, resizing, emergency patching, recovery, static IP addresses, etc.
  • Flesh out the cost model.
  • Seek funding and project intake.
  • Collaborate with Cybersecurity to ensure risks are mitigated and policies are being met.
  • Plan and implement administrative processes, delegated administration, and automation tooling.
  • Develop an operational support model

Strategic vision for DoIT Cloud9

DoIT developer machines are have a high rate of not being actively managed by Departmental Support (DS). Cybersecurity requirements and manageability efficiencies are not being fulfilled. What if, rather than mandating developers use machines they [presumably] don't want, why not make some attempts at offering new paradigms that meet in the middle.

What if...

  • DS can offer a service based on AWS Cloud9 which meets the cybersecurity and manageability needs while also giving developers what they need (and possibly even more) to get their work done.
  • A reduction in the need for complex workstations could lead people to realize they only need a "thin client" device. Laptops that don't need to be configured with workhorse capabilities are compelling because they can be more easily secured and managed, plus they can be lighter and have premium hardware without breaking the bank.
  • Developer environments can be purpose-built on-demand for each project, scale based on need, paid only by time used, backed-up, encrypted, etc...

AWS Cloud9 may offer this opportunity.

It may not be the only service. Cloud9 is tailored to developers (or system administrators) who use Linux. Other solutions - e.g. Windows-based - may need to be explored for people who have different needs.

Your computer, vs ...

  • Needs extra performance and RAM. You might need to wait for upgrades.
  • You need a workstation-capable laptop, or two computers.
  • Limited in the number of development VMs you can install and maintain.
  • Remotely accessing the machine under your desk introduces security risks.
  • Cumbersome to backup and restore your VMs on your machine.
  • Difficult to enable code collaboration functionality.
  • You may need to over-provision hardware and pay more than what's needed.

DoIT Cloud9

  • Self service; select and scale to the performance you need.
  • You only need one computer, based solely on your mobility needs.
  • You can have as many Cloud9 instances that you need for your projects.
  • Cloud9 is protected with multi-factor authentication.
  • Backups are handled in AWS EC2. DS can assist, if needed.
  • Cloud9 supports native code collaboration.
  • You're only charged for the Cloud9 instances that you actively use.

Will this actually work for me?

The notion of moving developer environments to the cloud might seem sketchy at first glance, but it's really not. We'll use this section of the doc to address specific concerns as they come up.

  1. Cybersecurity
    • Data: AWS accounts that are part of the UW contract are approved for storing internal data. Restricted and internal data should never be stored on code repositories or development environments. Workflow optimizations should be discussed for people who need local access to restricted and sensitive data.
  2. Network
    • Latency and bandwidth: The campus network(s), and the typical ISP in Dane county, offer sufficient performance to use Cloud9.
    • Location-based access restrictions: We could, potentially, register a range of static IP addresses so that Cloud9 environments can be allowed to connect back to campus.
  3. Integration
    • Gitlab: You can sync your git repositories easily using HTTPS and personal account tokens. The campus firewall does not currently allow non-campus IP addresses to connect over SSH. (See location-based access restrictions, above)
    • Artifactory: There are no issues with pushing and pullin artifacts to Artifactory from Cloud9
  4. Scope.
    • Is the intent to ultimately consider this as a larger service beyond DoIT? It depends, and it's too early to tell. There are likely no technical blockers to extending this service campus-wide.
  5. Cloud strategy
    • DoIT Cloud9 is an embodiment of a "cloud first" strategy, it will likely be an acceleration agent for campus cloud adoption, and we are working closely with the cloud team to ensure alignment with UW-Madison's cloud strategy.

Please contact cloud9@office365.wisc.edu [TBD] to raise any questions that aren't addressed in this section.

Learn more about AWS Cloud9