Building a New and More Efficient Commercial Cloud

Building up a hybrid cloud infrastructure across all 3 CSPs

The existing OnPremise Government Cloud (GCloud) was expiring and our government wanted to transition systems from GCloud to the Commercial Cloud.


The project was commissioned on 24 April 2019 and agencies had to complete the migration of all their workloads into GCC before the year end. The project involves building up this hybrid cloud infrastructure across all 3 public cloud service providers (CSP), i.e. Amazon Web Services (AWS),  Microsoft Azure and Google Cloud Platform (GCP).


Moving into a hybrid cloud architecture has a hosts of challenges from security to networking.


4 Main Tracks to Focus On

Ensuring Infrastructure, Compliance, Authentication and Security measures are met

The project commenced on multiple tracks, i.e.

  • Identity and Authentication Services Track - To synchronise the active directory identity from on-premise to the cloud
  • Networking Track - Involves the setting up of network reachability between on-premise and the cloud assets.
  • Common Services Track - Involves the hooking up of common services i.e. compliance, CASB
  • Cloud Management Portal Track - Involves the setting up of customer compartments


Identity and Authentication

One of the cornerstones of leveraging on Commercial Cloud is in establishing a cloud based identity. By leveraging Azure AD, the project has developed a comprehensive identity and authentication framework that allows government customers to have secured access to not just the Cloud Service Provider services but also Software as a Service (SaaS) applications.



One of the key challenges of the project is to provide access to the workload from both Intranet and Internet environments. Intranet access to workloads were provided by establishing dedicated network connection from OnPremise to the CSPs. Intranet access to workloads were provided through the use of a VPN hub.



Common Services

Cloud workloads were wired into a plethora of common services, i.e.

  • compliance management - ensures that security policies for internet/intranet compartments are strictly adhered to
  • remote administration - provides administration access to the workloads
  • central logging - ensures that the logging is centralised


Cloud Management Portal

Self-service administration portals were provided for users to allow users to onboard GCC. It incorporates a myriad of functions from:

  • Cloud Identity Management
  • VPN Access Management
  • Remote Administration Management
  • Onboarding of Accounts/Compartments
  • Billing


Fastest and most Streamlined Government Commercial Cloud Service in Singapore

Experienced and professional service to ensure a smooth migration

AWS and Azure cloud were first rolled out on 24 April 2019 (Internet) and 15 June 2019 (Intranet). GCP was rolled out on 2 September 2019. Most importantly, all the agencies were able to complete their migration out of GCloud before 2020.


Today, the Government Commercial runs over 400 accounts and over a 1000 compartments.