Thales Group is a French multinational company which designs and builds electrical systems, and provides services for several markets such as the aerospace, transport and security ones. Thales is the world leader in cybersecurity, and operates throughout the global industry. It is one of the most powerful electronic and software equipment manufacturers in the world. This positioning necessarily implies an extreme level of requirement and an ultra-secure working environment.
For their Defense projects, Thales chose Tuleap.
Raphaël HIET, Project Design Authority at Thales
Raphaël Hiet is both a project manager and an architect. He’s in charge of coordinating defense-industry projects with strict confidentiality and traceability requirements. In this short interview, Raphaël explains why he chose Tuleap and how Tuleap brought his teams together.
Empower developers, testers and cybersecurity teams with a tool having high access control and traceability capabilities.
- Tuleap Enterprise Edition Silver
1 tool, many usages
"Tuleap is the best of both worlds: it brings together project teams and technical teams."
Achieving full traceabiliy 5x times quicker
"We have considerably reduced the time spent on our audits. We traded our old 5,000 page Word docs for 600 test sheets."
Better ROI. More value
"It’s so great to finally see a flexible, scalable product with an SLA of this level."
The challenge : coordinating projects with high privacy and traceability requirements
After thinking about or trying other tools Thales teams opted for Tuleap, as it was the only solution to meet all of their requirements. With Tuleap at Thales, projects are launched faster, deliverables are of better quality and teams’ productivity has highly increased… thanks to agility.
In large organizations such as Thales, supporting and providing team members with a large choice of tools is common practice. At Thales, you can choose between the Atlassian suite or IBM Doors for large projects; Gitlab, Redmine, Subversion for smaller projects. Although these are well-known solutions in project management, Raphaël Hiet, Project Designer Authority at Thales, explains why none of them truly met his needs. Regarding Atlassian for instance, he explains that “[…] when you start out wanting to install Jira, it costs money. Then you realize you may need Bitbucket, and it also costs money. Then, we figure out we need the right plugin to manage the requirements, to manage the tests and so on… in the end, it costs you an arm and a leg!”
As defense projects imply high-level requirements, it’s no surprise that Thales teams have been given more freedom when choosing their project management tool. For Raphaël, it was important that his teams benefited from the best software development solutions and also had access to agile frameworks and innovative project management methods.
From Gitlab to Tuleap
When a brand new, but quite small, defense-project started in 2016, gathering a team of only 4 people, the choice was made to go for Gitlab. But as the project was extended up to a total of 25 team members, it was clear that Gitlab wouldn’t do the trick any longer. “Something was missing, the tool no longer met our needs”, explains Raphaël. “At Thales, we’re surrounded by all kinds of rules, implying that at some point we have to build our own infrastructure. For defense projects, we have the freedom to go for what we want and need.” Raphaël used that flexibility to look for other solutions on the market, seeking something that would meet all his requirements.
From Tuleap Community Edition to Tuleap Enterprise Edition
When they encountered Tuleap for the first time, it was through the community version –Tuleap Community Edition. Right away, they knew they found the perfect tool. Unlike Gitlab, Atlassian or other ones, since it’s completely Open Source, Tuleap made it easy to adapt the tool to any of their specific needs. They soon started to add plugins and built-in integrations to their own Tuleap Community Edition instance. But still, they lacked something: mastery, technical skills, assurance of stability, security…
In 2017, Raphaël finally made the decision to take things to the next level and went for a Tuleap Enterprise Edition On Premise. Thanks to the full maintenance provided by Enalean, the support team’s expertise and the continuous development of Tuleap, Thales teams were able to fully focus on their core business. Since then, they have been enjoying a flexible, scalable environment and responsive expert support.
Why did Thales choose Tuleap as its secure and flexible environment
Beyond the technical features, the decision was also motivated by a major aspect: the need for security. That’s right: remember we are talking about defense projects, therefore highly confidential projects, with ultra-high cybersecurity requirements and specific business specificities. All of this implies finding a solution that can be adapted to answer these needs. And for Thales teams, Tuleap does it perfectly.
AN INTEGRATED ENVIRONMENT THAT GATHERS ALL TEAMS
To be effective, Raphaël needed an integrated and agile environment for software developers, testers, DevOps and cybersecurity teams.
“We have to orchestrate all the teams around a tool. If everyone goes their own way, at the end of the project, it’s a big bang. The version is failed, the customer is not happy, and for follow-up… well, it’s complicated.”
With Tuleap, Raphaël succeeded in bringing together all project stakeholders around an all-in-one work environment, ensuring one single source of truth. And that was essential.
A SECURE BUSINESS SOLUTION. HIGH LEVEL OF CONFIDENTIALITY
One of the main challenges for organizations evolving in critical sectors is to be able to host highly confidential information on secure servers: “How do you deliver a service, especially for the group itself, with information you’re not allowed to put on some servers because it does not have the credentials? You’re stuck.”
In Tuleap, user access management is very sharp. Everything is configurable, precisely, by project, by tool. Who has access to what. Who has the right to see what, to modify what. “Assigning rights to each of the trackers and even to each of the tracker fields was essential for me.” Choosing Tuleap made it possible to stick to the infrastructure and the CISO (Chief Information Security Officer) strategy. In other words, it means: the guarantee of security, availability and integrity of the information system and data.
High level of traceability
For critical projects, every move has to be documented: traceability of any small change during the software project cycle is essential. As you will see in the section dedicated to this subject below, Thales teams have noted the power of Tuleap cross-reference system. It keeps track of all work elements of the project, from requirements, to tasks, to bugs, code, tests, documents. Indispensable for audits.
During his cost study, Raphaël noticed how quick the return on investment was. Indeed, he concluded that Tuleap Enterprise subscription not only ensures a surprisingly rapid ROI for a product with as many features as Tuleap, but also offers a high level of SLA (Service Level Agreement): everything he was asking for.
Open Source software
The open source aspect of Tuleap was one more element that played an important role in the decision-making process. Raphäel explains: “With Tuleap, our teams also have direct access to the source code. They can ensure the security level of the software they use. Moreover, they can develop additional plugins.”
“With Tuleap you can do whatever you want. I’m not sure that we would have been able to put in place everything we have done so far with another software. Why? Because very often they have proprietary licenses, meaning that all information is hidden. So you are not given access to the source code. You cannot develop this or that. On the contrary, thanks to Tuleap we can. That’s why it’s the perfect tool”.
French tech excellence
By choosing Tuleap, Thales not only participates in promoting French tech, but it also makes sure to have a team nearby for development, maintenance and support services which are based in France. Plus, data are stored on French servers.
How Thales teams work in agility with Tuleap
The challenge was to find a solution to bring together every team, each of one having their own habits and way of working, to a common ground. But they had to be careful not to restrict them or force them to follow a predefined agile workflow. Tuleap made it possible.
Theoretically, working with agile approaches increases team collaboration. But with heterogeneous teams, it doesn’t take long to realize that not all teams work in agility in the same way. At Thales, out of the 6 ongoing defense projects, there is a team made up of a dozen developers; a team made up of several DevOps integrators and engineers; a team of security engineers, and a team of testers.
Choose your Agile method
While for the developers it was quite easy to make them adopt the agile Scrum method, the challenge was not so easy for other teams. For security teams, for example, Scrum was not the right solution. The Kanban method either, because it was complicated to define user stories. So, instead of setting up a common workflow for all the teams, making them all work in Scrum or Kanban, the final decision was to let each of them work at their own pace and then to bring everyone together at the right time.
You can now find a team of developers who work in Scrum on the one hand, with a rhythm of one release every 2 weeks, and on the other hand a security team that works accordingly to an “in-house agile approach”, with a rhythm of one release every 4 weeks. This specific agile workflow corresponds to a pace of 15 sprints for developers, compared to about half of them for security teams.
Choose your Agile tools
The advantage of Tuleap is that it offers a range of agile and DevOps modules that can be used together or not. Teams are free to pick what they prefer, take the tools they need to deliver their product and fulfill their mission, while operating on an integrated platform that links their information with that of other teams.
In terms of agile tools, at Thales, each team uses the Tuleap modules it needs, without even thinking about using external tools:
- Tuleap Kanban boards for DevOps and validation teams,
- Tuleap Scrum Agile Dashboards for developers,
- Tuleap Tracker for security teams,
- Tuleap Test Management for testers,
- Git in Tuleap, Integrated MediaWiki, Tuleap Document Manager, are tools used by everyone.
The challenge of full traceability
in the Defense sector
If the goal of bringing all the teams together around an integrated tool has been so crucial, it is because beyond the need for collaboration, the defense sector requires strong traceability throughout the projects. Thanks to the power of Tuleap, they achieved this goal.
Reaching full traceability
Thanks to the cross-reference system in Tuleap, you can easily find which user story is linked to which requirement. And the dependency graph is obviously easy to draw.
When it comes to document management though, a little work had to be done to fight against old habits as teams were so used to work with other “in-house” tools, in particular to manage audits. But then, not all teams had access to the “in-house” tool: developers, for example, did not have access to it so, to get information, they had to turn to project managers. A huge waste of time as you could guess.
With Tuleap, the question was settled quickly: everything is centralized, everything is mapped out. Today, Thales teams no longer use the good old Word files with endless variations (Project Version 1, Project version 2, etc.). Thanks to Tuleap, they keep track of each modification on an artefact or document; they are able to quickly tell whether the latest version is approved or not. Considerable time savings, but also better collaboration, and of course, incomparable traceability, which is essential.
Reaching global project overview
Just like any other big organization, Thales teams are usually trapped in their own world; they lack global vision on the project. When a project manager requests a short report of the status of the project with strict indicators, you must be able to give it to them. “Tuleap gathers all information. It allows capitalization. And in the world of DevOps, in which collaboration and sharing are at the heart, Tuleap represents and carries out these values for me, because it answers several pillars of DevOps,” says Raphaël. Indeed, with the trackers, the document manager and the Wiki, teams can bring altogether any given information about their project in the same shared workspace. As a result, project managers have access to all the necessary indicators easily, in a few clicks. They create reports with visual graphics, more or less detailed depending on the level of precision they need.
To extract statistics on several projects, Thales teams use multi-tracker research in Tuleap, not only to centralize everything, but also to cross-reference everything: “With multi-tracker research, we use all the power of Tuleap. We will cross everything. And that is fundamental.”
TULEAP REST API TO REACH TRACEABILITY BEYOND THE TOOL
Another key point of choosing Tuleap was the issue of reaching full traceability even outside the tool. While many organizations are fully digital, it doesn’t mean they ALL are. For instance, it’s the case for certain departments of the French state, which are generally part of Thales’s customers. And they usually request to deliver paper documents, sometimes listing up to 6,000 pages of test sheets, which afterwards must be transcribed into the tool that Thales teams are using. Raphaël had to find a way to efficiently switch from paper format to his web solution Tuleap, while making sure to maintain full traceability and not to lose data on the way.
Tuleap is our gateway. We had to find a way to export everything as CSV or from the REST API. We made several tests. Once with the CSV, once with the REST API. We developed scripts that extract information in Tuleap and directly format it in a Word document. To ensure traceability even when the client edits the document, we kept the bookmarked artifact numbers hidden. Thus, when the client modifies something, we inject the file into Tuleap and we get the modifications directly into Tuleap. Our Tuleap is up to date. The circle is complete.
- Gradual elimination of Excel or Word files: with the automatic charts generated in Tuleap, teams streamline information and everyone is aligned with the level of data usability
- Better monitoring and management of incidents
- Good document management with version history monitoring
- Real-time monitoring of test campaigns
- Automatic generation of project monitoring metrics and indicators such as requirement / test coverage rate
- Better information sharing: teams know the status of the project