SEED Portal Environment Modernisation
The Sharing and Enabling Environmental Data (SEED) portal, is a publicly accessible resource used by academics, researchers, public servants and the public alike, to search, manipulate and visualise critical environmental data on topics such as the bush fires.
SEED sits within the NSW Department of Planning, Industry & Environment, which is a government entity with 10,000 plus employees responsible for effective and sustainable planning to support growth in NSW.
After migrating their portal for Sharing and Enabling Environmental Data (SEED) application to the Cloud, SEED recognised the potential opportunities for improvements in their AWS environment. They engaged their managed service provider – PolarSeven – to review, propose and implement a program of modernisation and automation.
They now benefit from an environment that is optimised and robust. Users have a simpler, more secure sign on, administrators spend less time on mundane administrative tasks and more time adding value, and developers, liberated from the chore of release management, spend more time developing new features.
As with many organisations, the first migration to the Cloud is often a ‘Lift & Shift’ approach. With time, it becomes clear that a number of manual activities remain, and there is enormous scope for automation and modernisation.
The lack of automation makes administration, releasing new features, troubleshooting, and performing simple day-to-day tasks cumbersome. These manual processes, particularly new feature releases, are time-consuming, lack auditability and are error prone, potentially causing instability.
It also becomes apparent that many limitations of the first migration can be addressed, and there is scope for improvements. For example:
Scaling can be improved to cope with on-demand situations or peak loads such as during catastrophes like bushfires and flooding.
End-to-end data encryption can be introduced.
Best practice around remote access can be implemented to avoid users sharing credentials with unauthorised users.
Monitoring can be improved to give a real-time picture of the health of the components and the service.
Resiliency, system backups and Patching can be implemented to avoid the risk of downtime for internal and external users.
The PolarSeven solution comprised a number of automation and modernisation measures:
Implemented Infrastructure as Code (IaC) with AWS CloudFormation to provision the AWS infrastructure in an automated and replicable way.
Implemented Sceptre to standardise and streamline source management and control.
Automated deployment pipelines for the key application stacks, AMI creation, and application rollout.
Deployed remote access solution with a new fresh approach implementing Single Sign On.
Implemented autoscaling based on the right metric for the scaling of applications to meet demand.
Automated the application image creation and backup to ensure no data loss.
Automated the logging to CloudWatch providing better environment visibility for proactive service level management.
Results and Benefits
Automated provisioning through CloudFormation drastically reduces the manual effort associated with release management and makes the process replicable and auditable.
Security is vastly improved with Single Sign On for users, developers and administrators alike. Group policies implement the Principle of Least Privilege to ensure that only authorised users have access to only those areas of the system they need access to according to their role.
Rigorous monitoring with alerts fed straight through to the p7-ServiceDesk ensures that issues can be identified and remedied before they become incidents.
A patching regime for Windows and Linux servers ensures systems are running as efficiently as possible with no security vulnerabilities.
In short, the environment is optimised and robust. SEED users have a simpler, more secure sign on, administrators spend less time on mundane administrative tasks and more time adding value to the system, and developers spend more time developing features, as release management is automated.
SEED project is covered under p7-Managed service which means the entire infrastructure is managed by PolarSeven, and SEED benefits from ProactivePlan monthly meetings, regular Cost Management and Security discussions with a focus on Operational excellence.