Highlights:

• Drastic reduction in development environment setup time: Previously, Kingland developers spent thousands of hours annually troubleshooting and setting up development environments, a process that could take up to two days per incident.

• Enhanced supply chain security with ephemeral development environments: Gitpod’s ephemeral workspaces minimize the risk of malware and code exfiltration. This setup ensures each session starts with a clean slate, maintaining a high security posture for any company within a regulated industry.

• Cost efficiency and scalability: Kingland saw a lower total cost of ownership with Gitpod compared to their previous development environment setup and VDI solutions.

An introduction to Kingland

Kingland develops enterprise data management software, helping customers to solve complex data problems while ensuring compliance with regulatory requirements. Kingland’s software is designed for regulated industries like banking, insurance and accounting, and as such goes through extensive third-party audits each year including SOC2, ISO 27001 and NIST.

Patrick is an Enterprise Architect at Kingland, leading engineering and research and development. In his role he is responsible for developer productivity and has had a recent focus on improving developer onboarding. This is his story with Gitpod.

Challenges with HashiCorp Vagrant, VMware and laptop performance

“The amount of time our developers spent fixing their development environments last year measured in the thousands of hours. They would spend upwards of two days setting up their environment when something went wrong, which then became an instant one to two days loss of productivity.”

Kingland’s developer environment journey started 15 years with development on Windows machines, then shifted to virtualized Linux environments to match their production systems use of VMware, where they were passing around virtual images manually.

Kingland moved to HashiCorp Vagrant to centralize how they build and distribute their development environment images. It was mandatory for security and compliance to be conducted due to how Vagrant VMs interact with the host device of developers.

Despite the benefits of a centralized image, Kingland’s Vagrant-based virtualized environments weren’t performing adequately, even on high-spec laptops. Patrick mentioned, “We had engineers who were complaining that even with a 32-gigabyte memory laptop, their environments were running slowly.”

Beyond performance issues, the setup struggled with maintenance as Kingland’s technology stack diversified. Developers using different versions of Java, Python, Node and Go from their centralized image faced significant productivity losses–often losing one or two days adjusting their environments. Regularly managing and updating separate images for each team became impractical and costly, especially since VMware requires expensive bare-metal instances.

Kingland measured that developers were spending thousands of hours per year fixing development environments.

Onboarding challenges with development environments

Kingland were also having developer onboarding challenges, particularly in the case of short-term workers, such as their interns. Kingland uses internship programs as a way to nurture future talent to join their company, and the impact of a negative onboarding experience was preventing Kingland from getting full value from the program.

“Interns join for three months of the year. The more time that they spend onboarding, the less time that they are actually getting any decent experience. It’s not a great experience to say ‘spend your first week trying to get your development environment running’, oh, and by the way, all of the full-time employees hate doing this. It’s really not a good way to get productivity out of interns and doesn’t create a great first impression of your company for people who you potentially might want to hire.”

Why did Kingland choose to go with Gitpod over GitLab, GitHub Codespaces, JetBrain Spaces and AWS Cloud9?

Gitpod went through Kingland’s extensive Decision Analysis and Resolution (DAR) process, where they compared Gitpod to GitLab, GitHub Codespaces, JetBrain Spaces, and AWS Cloud 9. Gitpod came out on top for the following reasons:

Strong industry standardization and integrations, specifically with GitLab

An important dimension for Kingland was industry standardization and integrations. Kingland is integrated deeply into the GitLab platform, so the GitLab integration was a crucial criteria that none of the competition were able to fulfill.

A developer-experience focused product leads to a lower price point

With other CDE product offerings, Kingland found that they can be packaged with software that Kingland didn’t need. For instance,

“Some of these products are an amalgamation of tools. It’s not only CDEs, it’s also CI/CD, security scanning etc. all rolled into one. So we’d be paying for a bunch of tooling that we didn’t use.”

Additionally, other product offerings they evaluated have received far fewer feature updates compared to Gitpod, making Kingland feel like those solutions weren’t receiving the same product investment in their CDE offering.

A lower total cost of ownership for managing Gitpod

“With GitLab’s development environments, you have to spin up a Kubernetes cluster and then connect that cluster to individual projects in GitLab. So, we would have to manage that Kubernetes cluster. I love Kubernetes for what it is, but I’m not a huge fan of the care and feeding that goes through keeping Kubernetes clusters up-to-date if it’s not needed. Instead, I rely on your team to handle scaling for the environments.”

Gitpod has two product offerings today, Gitpod Pay-As-You-Go, and Gitpod Enterprise. Both are managed by Gitpod, giving customers all the benefits of a CDE, with none of the management overhead.

Kingland’s development environments with Gitpod

With Gitpod, Kingland is able to streamline platform processes, improve developer experience, and increase security posture all at once. They have migrated their previous local Vagrant development environment scripts into Gitpod, converting their VM-based local setup to lightweight containers.

Improved DevOps processes

Eliminating local VMs also removed the bottlenecks on the DevOps team that maintained the virtual images, as they were reviewing changes to VM images every single week. With Gitpod, the process of updating their development environment configurations is now driven in a fully automated fashion using renovate bot, and development teams are now empowered to manage their own gitpod configurations.

When we asked Patrick how many hours they’ve saved from the previously thousand hours lost in productivity, he said, “We haven’t actually measured it again for the Gitpod teams because to my knowledge, the number is zero. There’s nothing there to measure.”

Additionally with their Vagrant setup, Kingland were seeing development environments take up to 22 hours to start. Developers had to re-run scripts at every development environment start, downloading 300 GB of data over a slow VPN connection. With Gitpod, the process is now streamlined: the data is packaged within a Docker container. Instead of repeatedly cloning and loading data, developers simply build the required data into a docker image that they can now stand up whenever needed.

Improved supply chain security through ephemeral workspaces

As a company that works with banks, insurance companies, and accounting firms, meeting security and compliance requirements is priority number 1.

A significant benefit for Kingland in moving to Gitpod is the ephemeral nature of Gitpod workspaces. Without Gitpod, when environments run on developers’ machines, any insecure source code that lands on a device poses a risk to an organization’s entire network, including the access of the developer. With Gitpod, the risk is significantly mitigated because workspaces are temporary and isolated, ensuring any potential security threats are contained and easily managed.

“One of the things that keeps security up at night is ‘what happens if your host machine or virtual machine gets compromised’? If you get malware or a keylogger? The reality these days is that everything’s going to get compromised if it’s been around for long enough. The best way to handle that security posture is to not have environments that are alive for long enough to get compromised. If it’s ephemeral,you can just destroy it and start over from scratch. Nobody actually did that with our initial VM setup because of how long it would take to recreate an environment.”

With Gitpod, developer workspaces are short-lived. Kingland developers open a new workspace for each task. Patrick is now able to say, “We guarantee every engineer starts with a fresh environment that is safe and free of malware.”

Gitpod also mitigates risk of code exfiltration and IP theft through physical hardware theft,“I like knowing that if somebody is taking a laptop into a risky area, they are not carrying code with them. And if somebody compromises their physical laptop, it doesn’t matter because no code is stored on their device.”

Improved security posture also extends to Kinglands offboarding process.Gitpod ensures that when someone is offboarded, Kingland has control over whether that person has a copy of their entire codebase locally. “We have a ton of controls around managing hosts like making sure that developers can’t exfiltrate code using USB drives. With Gitpod, if you revoke access to the CDE, you revoke access to the code as well.”

Why Kingland chose CDEs over VDIs like Amazon Workspaces

For Kingland, the decision to adopt CDEs over VDIs hinges on several key factors:

Cost efficiency

CDEs proved to be more efficient for Kingland as they don’t have to pay the overhead of running a full operating system for applications like email, Teams or Slack. As developers do not need the full operating system from a VDI.“Our VDIs actually would cost more per hour than the Gitpod environments.”.

Performance and flexibility

Gitpod allows for dynamic scaling up and down of workspaces based on developers needs. It’s not unusual for Kingland developers to have two or three Gitpod workspaces open at once. This would be more difficult with a VDI as each employee is allocated one VDI instance.  Additionally, “starting up a VDI from scratch with Amazon Workspaces can take upwards of five minutes, compared to the seconds that we see from Gitpod.”

Security

Ephemeral workspaces reduce the blast radius from breaches

With a VDI “you don’t get the benefit of having a completely fresh computer environment.” Using the example of the recent XZ backdoor, Patrick explains how with Gitpod, an attacker wouldn’t be able to get access to their internal network, unlike if they were running in a VDI solution, “any sort of malicious libraries or code that wind up on the development environment are limited in their blast radius to the CDE itself because code isn’t store on laptops and the environments are ephemeral.”

What would Kingland recommend for companies looking into CDEs?

Finally, we asked Patrick if he had any advice for other companies who were looking into CDEs as a solution. Here’s what Patrick had to say,

“The benefits of CDEs far outweigh the costs.”

Patrick explained that there are two costs that people commonly mention when he talks about the value of CDEs: cost and performance. Patrick explains why both of these are not concerns for Kingland. Firstly, on cost:

“When you actually tally up the benefits that you get, the faster onboarding time, the lower maintenance cost for development environments, the added security benefits—the benefits of running a CDE far outweigh the costs.”

And secondly, on performance:

“In most cases with security controls, you’re not going to use your laptop if you don’t have a solid network connection because your security tools are not going to work. And in most cases, you’ll get better performance on a CDE because you’re not using a shared pipeline to download your dependencies.”