ADDRESSING 3 CORE CHALLENGES IN THE MIGRATION TO GCC

ACRA was one of the agencies that had to migrate both their internet and intranet websites and services over to Government Commercial Cloud (GCC).

The migration had to:

  • Comply with government compliance and security standards
  • Provide a common infrastructure services that its applications can leverage on
  • Provide project level segregation for billing and access management

STREAMLINING THE NETWORK SYSTEM FOR EFFICIENCY

A new infrastructure that provided a centralised system to manage and access the network.

Government Compliance and Security Standards

modern data


This leverages AWS accounts and compartments (VPC) to ensure that internet and intranet traffic is properly managed based on the AIAS standards.

Common Infrastructure

Six different compartments were created for the common infrastructure to centralise network and workload management:

  • Intranet DMZ - Ingress, Egress and GUT components for Intranet zone
  • Internet DMZ - The only compartment associated with Internet Gateway, it comprises Ingress, Egress and GUT components for Internet zone
  • Internet Common Service (Integration Tier) - API Gateway and Relay infra for Internet zone
  • Intranet Common Service (Integration Tier) - API Gateway and Relay infra for Intranet zone
  • Management - common AD servers and management related services
  • DevOps - common test servers and DevOps facilities, with future plans to integrate with SHIP and HATS

The integration tier tapped on the use of Amazon API gateway to perform authentication, authorisation and payload inspection. Centralisation of the API gateway of all applications allows for easy onboarding of additional applications.

Project Level Segregation - Billing and Access Management

AWS accounts were used to provide billing and access segregation to the appropriate project teams.

Each application has its own AWS account with at least two compartments (UAT and Production) in Internet, Intranet zone, or both.

A special test account, i.e. ITPG Lab was also created for pilot project and trial usage.

SUCCESSFUL MIGRATION TO GCC IN LINE WITH THE GOALS OF COMPLIANCE, SECURITY AND SUPPORT

Seven ACRA applications and systems have been onboarded to GCC, namely:

  • Variable Capital Companies (VCC) Portal
  • ACRA API Mall
  • BizFinx Portal
  • SRMS
  • eRegistry
  • iKnow
  • RITES

More applications will be onboarded in time, as well as DevOps integration with SHIP and HATS in the pipeline.