Product Updates

CloudBees CI: Enhancing Jenkins for Business Mission-Critical Environments

Written by: Kohsuke Kawaguchi

17 min read

Delivering high-quality software quickly, reliably, and securely has become crucial for business success. According to McKinsey research, top-performing companies who release software frequently—daily or weekly—are twice as likely to experience high revenue growth than their slower counterparts. This need for speed has fueled demand for Continuous Integration (CI), a practice that automates essential tasks like code pushes, builds, tests, and feedback loops, ensuring a clean and deployable codebase.

Jenkins is one of the most widely used CI solutions, with some estimates putting it at about 44% of the CI market share. However, as companies grow and their software development needs become more complex, managing and scaling Jenkins can become challenging. This is where CloudBees CI comes in. CloudBees CI is an enterprise extension of Jenkins designed to simplify management and enhance scalability. This enables organizations to accelerate software delivery while maintaining high quality and security standards.

In this article, we’ll explore how CloudBees CI enhances the experience of organizations already using Jenkins to meet the needs of mission-critical environments.

A Brief Overview of Jenkins and CloudBees CI

Jenkins

Jenkins is an open-source automation platform designed for continuous integration and delivery. Launched in 2011 as a fork of the Hudson project, Jenkins offers automation features to build, test, run, and deploy software applications. With over 1,900 plugins, Jenkins can be customized and extended to support a wide range of tools and technologies, making it adaptable to different workflows and environments.

Jenkins is one of the most popular tools in the CI/CD space, with an estimated 44% market share. Its active community provides support and regularly contributes updates. The Continuous Delivery Foundation currently manages Jenkins, and its sponsors include Amazon Web Services (AWS), GitHub, and CloudBees.

CloudBees CI 

CloudBees CI is part of a suite of products offered by CloudBees that enables development teams to build reliable, scalable, and secure software at a higher velocity. Introduced in 2014, CloudBees CI builds on the foundation of Jenkins, offering a comprehensive way to manage Jenkins instances at scale. CloudBees CI is designed specifically for large enterprises—think Salesforce, HSBC Bank, and Autodesk—that leverage Jenkins but require additional functionality in governing, scaling, and using Jenkins.

CloudBees CI extends Jenkins's capabilities with advanced features to enhance scalability, reliability, security, and governance. For example, CloudBees CI provides an Operations Center that allows teams to manage multiple Jenkins controllers and agents from a single interface. This centralized management enables different Jenkins controllers to share a pool of agents, maximizing resource utilization and reducing infrastructure costs.

Additionally, CloudBees CI offers additional features for organizations with complex security requirements, such as granular role-based access control and enterprise-grade SLA support. 

As Bill Garrett, Principal Solutions Architect at CloudBees, puts it, "CloudBees CI takes the best of Jenkins and adds enterprise-grade features, making it more scalable, reliable, and secure."

Key Enhancements CloudBees CI Brings to the Jenkins Experience 

As organizations scale, they often face security, compliance, and operational efficiency challenges that standard Jenkins installations may not adequately address. CloudBees CI enhances the Jenkins experience by providing essential enterprise-grade features such as:

1. Centralized Jenkins Management with Operations Center

Between 2021 and 2023, the usage of Jenkins pipelines jumped by 79%. This growth can be attributed to teams embracing automation in their software development process, which is positive for efficiency and accuracy. However, managing multiple Jenkins controllers across various teams or projects in a typical setup can be overwhelming. 

Each controller operates independently, requiring separate configurations, plugin updates, user management, and regular backups.  Additionally, security settings and roles must be manually configured for each controller, and any downtime requires manual intervention to restart the Jenkins controller and any interrupted jobs. This decentralized approach can quickly become a nightmare for administrators, leading to inconsistencies, increased maintenance efforts, and a disjointed view of the CI pipeline.

CloudBees CI addresses these challenges through its Operations Center, which provides a centralized platform for managing multiple Jenkins instances at scale. With the Operations Center, you can: 

  • Deploy and manage Jenkins controllers across multiple Kubernetes clusters from a single Operations Center interface.

  • Monitor the health and performance of all Jenkins instances from a single dashboard, making it easier to spot and troubleshoot issues.

  • Uniformly apply configurations, security policies, and plugins across all Jenkins instances.

Imagine you’re managing Jenkins for a large organization with multiple development teams. Team A uses Jenkins Instance 1, while Team B uses Jenkins Instance 2. Both teams have their configurations, and you must apply it twice every time there’s a security update. With Operations Center, you can update the security settings once and apply them across all instances. You also get a unified dashboard showing the status of all Jenkins controllers in your operations center cluster, making it easy to monitor your CI environment.

2. Shared Agents for Optimized Resource Utilization

With Jenkins, you can easily spin up build agents to tackle specific tasks in your CI Pipeline. One agent builds the project and another runs tests. However, this can also lead to under- or overutilizing resources. For example, while one team’s agents might be idle, another team’s agents could be overwhelmed with tasks, resulting in inefficient use of computational resources and increased infrastructure costs.

CloudBees CI tackles this inefficiency by enabling shared agents across multiple Jenkins controllers from the Operations Center. This shared agent model allows for a more dynamic allocation of resources, ensuring that agents are utilized to their full potential. When a controller needs an agent, it can dynamically request one from the shared pool, allowing for efficient resource utilization based on current demand.

Consider a scenario where Team A’s Jenkins instance has several idle agents while Team B’s instance is experiencing a high volume of builds. With CloudBees CI shared agents, when Team B experiences a high volume of builds, the shared agent pool, including Team A's previously idle agents, becomes available. Each shared agent is allocated to a single job from Team B's queue. When a job is completed, the agent returns to the shared pool immediately. This enhances efficiency and reduces the cost of maintaining multiple underutilized agents.

Shared agents can be used for various purposes, including scenarios where Kubernetes agents are unsuitable (e.g., when dealing with limited software licenses). For Kubernetes-based setups, CloudBees CI leverages Kubernetes' scaling abilities to schedule build agents in pods, allowing for even more dynamic and efficient resource allocation.

3. Advanced Workflow Visualization with Pipeline Explorer and Pipeline Maps

While Jenkins offers several plugins for CI pipeline visualization, they sometimes fail to provide a unified, streamlined view of pipeline progress. As pipelines become more complex and deployments increase, performance issues can arise, making managing and troubleshooting challenging. For instance, in a large-scale project with multiple microservices, each with its own pipeline, the default Jenkins interface might struggle to present a clear overview of all concurrent builds, potentially causing delays in identifying and resolving bottlenecks.

CloudBees CI addresses these challenges with advanced Pipeline Explorer and Pipeline Maps features. These tools offer a way to visualize and troubleshoot CI pipelines, designed to focus on performance and user experience.

The Pipeline Explorer provides a hierarchical tree view of pipeline stages, allowing users to navigate and filter logs by stages. This streamlined approach simplifies pinpointing issues in specific pipeline parts, whether you’re dealing with small 5MB log files or massive 500MB logs. Users can customize their log viewing experience with options for line numbers, ANSI colors for log output, word wrapping, and custom timestamp time formats, enhancing readability and analysis.

Complementing the Pipeline Explorer, Pipeline Maps offer a visual representation of the entire pipeline landscape. This bird's-eye view is particularly valuable for large organizations with interconnected projects, as it visualizes relationships and dependencies between different pipelines. Users can quickly grasp the big picture and understand how changes in one pipeline might impact others.

4. Streamlined Jenkins Setup with Configuration as Code

The introduction of the Jenkins Configuration as Code (JCasC) plugin improved the process of setting up and maintaining CI servers. JCasC enabled users to configure Jenkins using human-readable declarative YAML files. This improvement enabled version control and reproducibility of configurations, simplifying Jenkins management significantly.

CloudBees CI builds on this foundation with Configuration as Code (CasC), tailored to meet enterprise-level needs. Here’s how CloudBees CI takes configuration management to the next level:

  • Centralized management: CloudBees CasC configuration bundles can be centrally managed through the CloudBees Operations Center. This centralization promotes consistency across all Jenkins controllers in your environment, ensuring that every instance adheres to the same configuration standards.

  • Simplified scaling: As your CI needs grow, CloudBees CasC facilitates horizontal scaling. You can create new Jenkins controllers with predefined configurations stored in CasC bundles, and configure how controllers respond to new bundles with Bundle Update Timing. This ensures that any expansion in capacity maintains consistent configuration with existing resources, making scaling seamless and efficient.

  • More comprehensive feature set: CloudBees CasC adds “as code” control for plugins, folders, jobs, permissions, credentials, and more. This increases the degree to which controller configuration can be managed centrally, securely, and robustly.

  • Export and import configurations: CloudBees CI allows you to export configurations from running instances and import them as CasC bundles. This feature is useful for migrating configurations between environments or setting up new instances based on existing setups.

5. Active-Active High Availability and Disaster Recovery

CI pipelines are often at the heart of modern software development practices. Any downtime or disruption can significantly impact development velocity, release schedules, and business operations. Ensuring high availability and robust disaster recovery mechanisms is crucial for maintaining the reliability and resilience of CI environments.

In a standard Jenkins setup, achieving high availability (HA) can be challenging because Jenkins manages its data in a flat-file format (XML). This architecture allows only one active controller node at a time, making direct HA configurations challenging. This limitation has led to various workarounds, such as active-passive setups or using auto-scaling groups, but these solutions often come with trade-offs in terms of downtime or administrative overhead. 

For example, only one replica works as a controller in high availability (active/passive). This means that at any given time, only one instance (the active one) is performing the Jenkins controller functions. The passive instance is essentially idle, waiting to step in if needed. 

When failover occurs, the previously passive instance becomes active and handles all Jenkins operations. However, during the failover process, there's a period when neither instance is fully operational. This can lead to users experiencing downtime comparable to rebooting a Jenkins controller in a non-HA setup.

CloudBees CI elevates the standard Jenkins experience by providing high availability through active-active HA architecture. Unlike previous active-passive setups where only one replica was active at a time, CloudBees CI's active-active architecture allows all controller replicas to share the workload simultaneously. If a controller fails, pipeline builds running on that controller are automatically continued by another replica. Also, when a controller needs to be restarted, replicas are replaced one by one. This seamless failover mechanism ensures no downtime, and users experience uninterrupted service.

6. Dynamic Scaling to Meet Workload Demand

Workloads in software development environments fluctuate constantly. Periods of high and low deployment activity are common, and the ability to adapt to these fluctuations is crucial. For instance, a finance app might require scaled-up testing CI pipelines during major holidays like Thanksgiving and Christmas to ensure zero downtime during peak usage. Dynamic scaling is, therefore, essential to ensure that CI pipelines can handle varying workloads without compromising speed, security, or reliability.

Managing multiple Jenkins controllers requires significant administrative overhead, including plugin updates and security configurations. Additionally, manually calculating the number of build agents when the workload fluctuates can be difficult.

CloudBees CI simplifies dynamic scaling, ensuring your Jenkins instances adapt seamlessly to changing workload demands through:

  • Automated agent provisioning: From the Operations Center, you can configure your Jenkins controllers to dynamically expand or reduce resources based on real-time demand, ensuring that resource supply matches workload requirements.

  • Horizontal scaling: CloudBees CI supports horizontal scaling, allowing you to add or remove Jenkins controllers as needed. This approach avoids over-provisioned capacity and optimizes resource utilization.

  • Kubernetes integration: For Kubernetes-based setups, CloudBees CI leverages Kubernetes' scaling capabilities to manage build agents. CloudBees CI uses pods to contain build agents, allowing for flexible scaling of CI resources.

  • Predictive and schedule-based scaling: CloudBees CI can implement predictive scaling to anticipate workload changes based on historical data and trends. For example, you can set up schedule-based scaling to set predefined scaling actions according to predictable load changes, such as peak business hours.

“With CloudBees CI, a small team can manage hundreds of Jenkins controllers that support the development efforts of thousands or tens of thousands of programmers.” - Bill Garrett.

By leveraging CloudBees CI's dynamic scaling capabilities, organizations can ensure their Jenkins environment handles varying workloads efficiently.

7. Granular Role-Based Access Control 

Securing your integration environment is paramount in an era where the cost of data breaches is skyrocketing. Effective access control is the foundation of a zero-trust architecture, ensuring that only verified users can access specific Jenkins controllers as your teams and projects expand. 

Managing Role-Based Access Control (RBAC) in a single Jenkins instance is relatively straightforward. However, as the number of instances increases, so does the complexity. Since Jenkins is customizable on a per-instance basis, security settings must be configured individually for each controller. This makes management more challenging as the environment scales.

CloudBees CI enhances RBAC capabilities with several key features:

  1. Granular permission settings: Administrators can set permissions at system-wide, folder-level, and individual job or pipeline levels, allowing for precise and granular access control.

  2. Role-based assignments: Users are assigned roles based on their job functions, each with customizable predefined permissions. This role-based approach ensures that users have the appropriate level of access for their responsibilities, reducing the risk of accidental or malicious changes to the CI environment.

  3. Centralized policy management: RBAC policies can be managed centrally through the Operations Center, ensuring consistency across all Jenkins instances and reducing administrative overhead.

This comprehensive approach makes it suitable for enterprise-grade deployments, ensuring your CI environment remains secure as your organization grows.

8. Verified Plugin Compatibility and Security with CloudBees Assurance Program

Jenkins is an open-source software (OSS), so users benefit from over 1,900 community-contributed plugins. These plugins enable Jenkins to integrate with various tools and services, making it versatile for different development environments. However, while plugins are one of Jenkins' greatest strengths, they can also be a source of instability and security risks if not properly managed. As Bill Garrett puts it, “Plugins are one of Jenkins' greatest strengths but also its Achilles heel.” 

This problem occurs due to the complexity involved in managing a large number of plugins, keeping them updated, and ensuring compatibility. As many plugins are community-contributed, their quality, documentation, and support can be inconsistent. Additionally, some plugins are abandoned over time, leaving users stuck with outdated functionality or unable to upgrade their Jenkins instance.

CloudBees CI addresses this challenge through the CloudBees Assurance Program (CAP). The CAP is a vetting process that tests and verifies plugins to ensure they are enterprise-grade. This program categorizes plugins into three tiers:

  • Tier 1 (Verified/Proprietary): Tier 1 plugins have undergone extensive testing and are certified to meet critical use cases. 

  • Tier 2 (Compatible): While not fully verified, these plugins have a reputation for quality and are on a path to becoming Verified plugins.

  • Tier 3 (Community-Maintained and Unknown): Tier 3 plugins are plugins that haven’t been verified by CloudBees and should be used cautiously.

Jenkins instances managed on CloudBees CI are automatically enrolled in the program. Administrators can enable automatic upgrades or downgrades of plugins to maintain compliance with the CloudBees Assurance Program. This enhances the overall stability and security of the CI environment, allowing teams to focus on delivering high-quality software without worrying about plugin-related issues.

9. Enterprise-Grade Service Level Support 

As your organization grows and your Jenkins instances become more complex, you may require sophisticated solutions for your Jenkins CI environments that go beyond open-source community support. This is where enterprise-grade service-level support becomes crucial. Enterprise-level support is essential for companies looking to scale their Jenkins experience while maintaining high performance and security standards.

CloudBees CI offers enterprise-grade support, guaranteed response times, and proactive monitoring to help you manage Jenkins efficiently and reliably in your CI environment. With access to a team of experts, you receive tailored advice and solutions for unique enterprise use cases.

Customers like TransUnion and Autodesk have reaped significant benefits using CloudBees CI to manage their Jenkins instances. By managing their Jenkins instances on CloudBees CI, TransUnion was able to bring new features to market at an accelerated rate. They onboarded over 3,500 projects in a year and achieved a 3.5-fold increase in feature deployments while enhancing engineers' work-life balance.

Similarly, Autodesk utilized CloudBees CI to improve its Jenkins experience. Autodesk initiated a CI/CD transformation using CloudBees CI to establish secure, automated Jenkins pipelines, ensuring a smoother and more efficient development process.

Transitioning From Jenkins to CloudBees CI

For companies looking to enjoy the benefits of Jenkins but tailored to meet the demands of a growing enterprise, CloudBees CI is a great option. 

"The advantage of CloudBees CI is that it is based on Jenkins, the most widely used open-source tool for process automation. This simplifies transitioning from open-source Jenkins to CloudBees CI as it requires no workflow modifications.", says Bill Garrett.

Here are the essential steps to ensure a smooth and successful migration to CloudBees CI:

  • Backup Jenkins data: Create backups of your Jenkins data, such as job configurations, pipeline scripts, and plugins. This way, you can always revert to your original setup in the event of any problems in the migration process.

  • Perform migration in a test environment: Before migrating your production instance to a live environment, the migration steps should be performed in a test environment to ensure they go according to plan.

  • Do assessment and planning: Ensure the Jenkins instance you want to migrate uses a supported Java Development Kit (JDK). In addition, confirm plugins and other dependencies needed for the migration are available.

  • Configure plugins: Install the necessary plugins for your configurations. Some plugins you use may need to be removed, upgraded, or downgraded. CloudBees recommends using the plugin versions in the CloudBees Assurance Program.

  • Install the Jenkins Health Advisor By CloudBees: Install the Jenkins Health Advisor on Jenkins before you migrate. Review the first report notification to identify existing issues.

  • Migrate Jenkins data: Once the health advisor indicates there are no issues, transfer jobs from Jenkins OSS and import them into CloudBees CI. Then, follow up by migrating all necessary credentials into CloudBees CI.

  • Test and validate: Run sample jobs to ensure they work correctly, then monitor that the system uses resources optimally and efficiently. Validate the security settings to ensure they are functioning as expected.

  • Switch over to CloudBees CI: Plan a fixed time for the final migration to reduce disruptions during the final data synchronization between Jenkins OSS and CloudBees CI. After this, switch to the CloudBees CI by updating the Domain Name Server (DNS) to display the new CloudBees CI instance. The new environment will be monitored as soon as the switch is completed.

Choosing the Right CI Solution For Your Organization

When evaluating your continuous integration needs, the key question is: Is your current Jenkins setup meeting your organization's demands? While Jenkins is one of the most powerful and flexible CI tools available, you might need additional capabilities as your organization scales and software integration demands become more complex.

If your organization needs centralized Jenkins management, advanced RBAC security, dedicated support, and dynamically scalable infrastructure, CloudBees CI offers a comprehensive solution built on Jenkins' strengths.

By leveraging CloudBees CI, you can maintain Jenkins' flexibility while gaining the additional features and support necessary for enterprise-level continuous integration. To experience these benefits firsthand, contact us to talk to an expert and discover how CloudBees CI can optimize your development workflow and accelerate your software development process.

Stay up-to-date with the latest insights

Sign up today for the CloudBees newsletter and get our latest and greatest how-to’s and developer insights, product updates and company news!