BUILDING A NEW AND MORE EFFICIENT COMMERCIAL CLOUD
Building up a hybrid cloud infrastructure across three CSPs
With the expiry of the on-premise cloud (GCloud), the Singapore government wanted to transition their systems from GCloud to the Commercial Cloud.
The project was commissioned in April 2019 and all government agencies had to migrate their workloads into GCC before the end of the year. The project involved building up a hybrid cloud infrastructure across all three public CSPs, namely AWS, Azure and GCP.
Moving into a hybrid cloud architecture has a host of challenges from security to networking.
Ensuring Infrastructure, Compliance, Authentication and Security measures are met
The project commenced along four tracks:
Identity and Authentication Services - to synchronise the active directory identity from on-premise to the cloud
Networking - setting up of network reachability between on-premise and the cloud assets
Common Services - hooking up common services i.e. compliance, CASB
Cloud Management Portal - setting up customer compartments
Identity and Authentication
One of the cornerstones of leveraging Commercial Cloud is in establishing a cloud-based identity. A comprehensive identity and authentication framework was developed with Azure AD, allowing the customers to have secured access to not only the CSP services but also Software as a Service (SaaS) applications.
To overcome one of the key challenges - providing access to the workload from both Intranet and Internet environments - a dedicated network connection from on-premise to the CSPs was established via the use of a VPN hub.
Cloud workloads were wired into a plethora of common services, i.e.
compliance management - ensuring that security policies for internet/intranet compartments were strictly adhered to
remote administration - providing admin access to the workloads
central logging - ensuring that the logging was centralised
Cloud Management Portal
Self-service admin portals were provided for user onboarding to GCC. It incorporated a myriad of functions such as:
Cloud Identity Management
VPN Access Management
Remote Administration Management
Onboarding of Accounts/Compartments
A Smooth Migration to the Fastest and most Streamlined Government Commercial Cloud Service in Singapore
With our experience and technical expertise, AWS and Azure cloud were rolled out successfully on 24 April 2019 (Internet) and 15 June 2019 (Intranet), followed by GCP on 2 September 2019.
Most importantly, all government agencies were able to complete their migration out of GCloud on time.
Today, GCC supports over 700 accounts and 1,600 compartments.