News & Media
Cloud Migration Best Practices: DITPR/DADMS and AWS GovCloud
According to IDC, cloud-based spending was predicted to represent 60% – 70% of all software, services, and technology spending by the end of last year. It probably would not be an exaggeration to say that every organization uses cloud services in one manner or another.
Cloud computing offers several advantages over traditional/on-premise computing, including cost efficiency, flexibility, scalability, security, and resiliency. As a result, an increasing number of our government and commercial customers have asked for help migrating to the cloud.
One such project was the Department of Defense (DoD) Information Technology Portfolio Repository (DITPR)/Database Management System (DADMS) migration. This DoD-wide system and application repository support capital planning and investment processes. Its 10,000 users require 24/7 operations worldwide. We were asked to help move the system from an on-premise DoD data center to Amazon Web Services (AWS) GovCloud.
This aggressive 5-month cloud migration project had several challenges, including API integration with dozens of other systems, a high level of security required by the government, a mandatory use-case timeline within the Risk Management Framework, and more.
Rite-Solutions evaluated different migration strategies, such as “lift and shift”, full rewrite, and a hybrid approach. Ultimately, we selected a hybrid migration strategy because it allowed us to securely move a viable system to the cloud in the least amount of time.
A hybrid cloud migration strategy
The DITPR/DADMS project used a hybrid migration strategy that allowed for gradual adoption of cloud-native features (specifically managed database service and cloud storage, for example) once the system was operating in the cloud. This offered several important advantages:
- Low risk: The critical features had a very low probability of introducing system errors.
- Simplified migration: The cloud-native features were faster and easier to set up than their non-cloud native equivalents.
- Performance: Provided large performance and scalability benefits over non-cloud native equivalents
The alternative approach is a full rewrite (big bang strategy). This carries a much higher risk as it requires large application architecture changes, in addition to the infrastructure changes. In contrast, the “lift and shift” and hybrid approaches isolate the large changes to the infrastructure while keeping the application largely unchanged.
Leverage infrastructure as code service
DITPR/DADMS established its cloud infrastructure using AWS’ infrastructure as code solution called CloudFormation. DITPR/DADMS operates in several different AWS environments for different purposes: development, testing, and production. We needed to create a matching infrastructure in each of these environments. Manually creating and updating infrastructures takes a lot of time and carries the risk of unintentionally introducing configuration differences. CloudFormation eliminated these problems by:
- Providing standardization across environments
- Managed with version control systems to track revisions
- Prevented undocumented “drift” from baseline configuration seen in manual management
- Rollback on deployment errors
Government project nuances
As with most large projects, it’s prudent to plan a limited release pilot before migrating all users. It is a much more manageable scenario to detect and resolve issues on a limited roll-out of first users than for all users on day one. Taking it a step further, it’s also prudent to have pilot users geographically dispersed across key operating networks. This was critical on the DITPR/DADMS project as DoD networks vary tremendously and often require fine-tuning of the infrastructure.
It’s also important to note that government cloud platforms offered by cloud providers generally lag behind commercial cloud platforms in terms of features and functionality. It takes a bit longer for the government to approve cloud platform services because of stricter information assurance and security standards. So, be prepared to use different approaches if features you intended to use are not yet available.
In the end, the DITPR/DADMS migration was a success. Working closely with the PMW 250 team, a successful change of environments was made without disruption to the user base.
DITPR/DADMS now has improved system performance and fault tolerance. The cloud also offers better system monitoring and visibility into infrastructure performance compared to the previous on-premise system.