ADDRESSING 3 CORE CHALLENGES IN THE MIGRATION TO GCC
ACRA was one of the agencies that had to migrate both their internet and intranet websites and services over to Government Commercial Cloud (GCC).
The migration had to:
Comply with government compliance and security standards
Provide a common infrastructure services that its applications can leverage on
Provide project level segregation for billing and access management
STREAMLINING THE NETWORK SYSTEM FOR EFFICIENCY
A new infrastructure that provided a centralised system to manage and access the network.
Government Compliance and Security Standards
This leverages AWS accounts and compartments (VPC) to ensure that internet and intranet traffic is properly managed based on the AIAS standards.
Six different compartments were created for the common infrastructure to centralise network and workload management:
Intranet DMZ - Ingress, Egress and GUT components for Intranet zone
Internet DMZ - The only compartment associated with Internet Gateway, it comprises Ingress, Egress and GUT components for Internet zone
Internet Common Service (Integration Tier) - API Gateway and Relay infra for Internet zone
Intranet Common Service (Integration Tier) - API Gateway and Relay infra for Intranet zone
Management - common AD servers and management related services
DevOps - common test servers and DevOps facilities, with future plans to integrate with SHIP and HATS
The integration tier tapped on the use of Amazon API gateway to perform authentication, authorisation and payload inspection. Centralisation of the API gateway of all applications allows for easy onboarding of additional applications.
Project Level Segregation - Billing and Access Management
AWS accounts were used to provide billing and access segregation to the appropriate project teams.
Each application has its own AWS account with at least two compartments (UAT and Production) in Internet, Intranet zone, or both.
A special test account, i.e. ITPG Lab was also created for pilot project and trial usage.
SUCCESSFUL MIGRATION TO GCC IN LINE WITH THE GOALS OF COMPLIANCE, SECURITY AND SUPPORT
Seven ACRA applications and systems have been onboarded to GCC, namely:
Variable Capital Companies (VCC) Portal
ACRA API Mall
More applications will be onboarded in time, as well as DevOps integration with SHIP and HATS in the pipeline.