BUILDING A NEW AND MORE EFFICIENT COMMERCIAL CLOUD

Building up a hybrid cloud infrastructure across three CSPs

With the expiry of the on-premise cloud (GCloud), the Singapore government wanted to transition their systems from GCloud to the Commercial Cloud.

 

The project was commissioned in April 2019 and all government agencies had to migrate their workloads into GCC before the end of the year. The project involved building up a hybrid cloud infrastructure across all three public CSPs, namely AWS, Azure and GCP.

 

Moving into a hybrid cloud architecture has a host of challenges from security to networking.

MULTI-PRONGED APPROACH

Ensuring Infrastructure, Compliance, Authentication and Security measures are met

The project commenced along four tracks:

  • Identity and Authentication Services - to synchronise the active directory identity from on-premise to the cloud
  • Networking - setting up of network reachability between on-premise and the cloud assets
  • Common Services - hooking up common services i.e. compliance, CASB
  • Cloud Management Portal - setting up customer compartments

 

Identity and Authentication

One of the cornerstones of leveraging Commercial Cloud is in establishing a cloud-based identity. A comprehensive identity and authentication framework was developed with Azure AD, allowing the customers to have secured access to not only the CSP services but also Software as a Service (SaaS) applications.

 

Networking

gcci-network


To overcome one of the key challenges - providing access to the workload from both Intranet and Internet environments - a dedicated network connection from on-premise to the CSPs was established via the use of a VPN hub.

 

Common Services

Cloud workloads were wired into a plethora of common services, i.e.

  • compliance management - ensuring that security policies for internet/intranet compartments were strictly adhered to
  • remote administration - providing admin access to the workloads
  • central logging - ensuring that the logging was centralised

 

Cloud Management Portal

Self-service admin portals were provided for user onboarding to GCC. It incorporated a myriad of functions such as:

  • Cloud Identity Management
  • VPN Access Management
  • Remote Administration Management
  • Onboarding of Accounts/Compartments
  • Billing

A Smooth Migration to the Fastest and most Streamlined Government Commercial Cloud Service in Singapore

With our experience and technical expertise, AWS and Azure cloud were rolled out successfully on 24 April 2019 (Internet) and 15 June 2019 (Intranet), followed by GCP on 2 September 2019.

Most importantly, all government agencies were able to complete their migration out of GCloud on time.

Today, GCC supports over 700 accounts and 1,600 compartments.