3 Core Challenges to Ensure a Smooth Migration

Migration to GCC in-line with compliance, security and providing support

ACRA was one of the agencies that needed to migrate over to Government Commercial Cloud (GCC) and host both their internet and intranet websites and services.


A core challenge of the ACRA project is that it has to:

  • Comply with government compliance and security standards
  • Provide a common infrastructure services which its applications can leverage on
  • Provide project level segregation for billing and access management


Streamlining the Network System for Efficiency

New Infrastructure Providing a Centralized System to Manage and Access the Network

The project be best explained by the following sections:


Government Compliance and Security Standards

The leverages on the use of AWS accounts and compartments (VPC) to ensure that internet and intranet traffic is properly managed based on the AIAS standards.



Common Infrastructure

Common infrastructure provides a centralised way of managing ACRA’s network and workloads.


We have 6 different compartments created for common infra, they are:

  • Intranet DMZ - Consists of Ingress, Egress and GUT components for Intranet zone.
  • Internet DMZ - Consists of Ingress, Egress and GUT components for Internet zone. This is the only compartment that is associated with Internet Gateway.
  • Internet Common Service (Integration Tier) - Consists of API Gateway and Relay infra for Internet zone.
  • Intranet Common Service (Integration Tier) - Consists of API Gateway and Relay infra for Intranet zone.
  • Management - Consists of common AD servers and management related services
  • DevOps - consists of common test servers and DevOps facilities. (With future plan to integrate with SHIP and HATS)


The integration tier leverages on the use of the Amazon API gateway to perform authentication, authorisation and payload inspection. Centralisation of the API gateway of all applications allows for easy onboarding of additional applications.


Project Level Segregation - Billing and Access Management

AWS accounts are used to provide billing and access segregation to the appropriate project teams.


Each application has its own AWS account and they have minimally 2 compartments (UAT and Production) in Internet or Intranet zone or both. For now, we have 7 ACRA applications and systems onboarded to GCC, namely:

  • Variable Capital Companies (VCC) Portal
  • ACRA API Mall
  • BizFinx Portal
  • SRMS
  • eRegistry
  • iKnow


A special test account, i.e. ITPG Lab has also been created for pilot project and trial usage.


Successfully Rolled Out 3 Applications

More enhancement is to come into the pipeline

ACRA has successfully rolled out 3 applications, and 4 others are being planned to go live soon. Further developments are also in the pipeline which include integration with SHIP and HATS for DevOps, more applications to be onboarded and potentially taking over the website/system maintenance contract.