Many agencies have or are in the process of migrating, with many embracing the trend wholesale, such as the ATF, who are going “all in”.
“We knew we wanted to move to the cloud from day one. There is no government datacenter that can compete with the security, scalability, and the efficiency of the cloud.”
In this presentation they provide a detailed overview of the GovCloud services, highlighting that these are fundamentally exactly the same services as their standard AWS products, but with distinguishing features such as:
- Physically and logically isolated from other regions, operated on USA soil by USA citizens.
- Separate authentication methods.
- A dedicated GovCloud management console.
AWS has established two GovCloud regions in the USA, AWS GovCloud US-West in August 2011 and US-East in November 2018.
This AWS case study for HSIN (Homeland Security Information Network) provides a walk through of the migration process and challenges.
HSIN is the ‘front door’ to information sharing for Homeland Security, a web-based Sensitive But Unclassified information sharing platform that connects with multiple other agencies, providing them a suite of applications such as secure messaging among many others.
Services are mission critical, with agencies using them on a daily basis, a key motivation for moving to the Cloud.
Security is naturally of paramount importance, and thus the need for a FedRAMP High level of service, essentially narrowing the supplier choice down to one as only AWS had achieved this at the time of decision.
This didn’t mean entirely smooth sailing, the types of challenges the agency faced included the fact there was no DHS-approved network connection and there was limited DHS contracting models.
Prior to the move HSIN conducted an extensive analysis of their current systems, including code reviews, software licencing and staffing requirements, with the migration revealing a huge factor was the increased operational responsibility. Where they had had a full service from the federal data centre service, the move to AWS required them to take on more infrastructure management than before.
In essence this forced them to take on more of a DevOps team approach, and they initially set out to embrace this philosophy, automating as much as possible, however they soon found out this proved to be a ‘boil the ocean’ ambition and scaled back to an MVP of getting production live.
Other challenges included finding that security assessors had little experience of Cloud implementations, and a situation of having both legacy and Cloud systems, each needing production-level management.
The backbone of the challenge was the process of migrating data from on-premise to the Cloud, their systems operated terabytes of data. This was achieved via an initial transfer using the AWS Snowball and then the use of synchronizing tools.
Despite the scale of this exercise they found that it went surprisingly smoothly and quickly, taking only seven hours when they had been prepared for it to take up to a week. Similarly they were very pleased to find that performance was also very good.