Ensuring Infrastructure, Compliance, Authentication and Security measures are met
The project commenced on multiple tracks, i.e.
- Identity and Authentication Services Track - To synchronise the active directory identity from on-premise to the cloud
- Networking Track - Involves the setting up of network reachability between on-premise and the cloud assets.
- Common Services Track - Involves the hooking up of common services i.e. compliance, CASB
- Cloud Management Portal Track - Involves the setting up of customer compartments
Identity and Authentication
One of the cornerstones of leveraging on Commercial Cloud is in establishing a cloud based identity. By leveraging Azure AD, the project has developed a comprehensive identity and authentication framework that allows government customers to have secured access to not just the Cloud Service Provider services but also Software as a Service (SaaS) applications.
One of the key challenges of the project is to provide access to the workload from both Intranet and Internet environments. Intranet access to workloads were provided by establishing dedicated network connection from OnPremise to the CSPs. Intranet access to workloads were provided through the use of a VPN hub.
Cloud workloads were wired into a plethora of common services, i.e.
- compliance management - ensures that security policies for internet/intranet compartments are strictly adhered to
- remote administration - provides administration access to the workloads
- central logging - ensures that the logging is centralised
Cloud Management Portal
Self-service administration portals were provided for users to allow users to onboard GCC. It incorporates a myriad of functions from:
- Cloud Identity Management
- VPN Access Management
- Remote Administration Management
- Onboarding of Accounts/Compartments