“People outside, the users and the actual application developers, were very unhappy with this setup because it was obviously going to take a long time to get a server done or a database set up,” says Kumar Ramachandran, a technical project manager at Enquizit, a CDW company. Enquizit was able to turn things around for the agency.

The department’s leaders knew in 2022 that they had to embrace transformation. They started by compiling a list of requirements.

Officials wanted a way to make all of their workloads part of a secure landing zone, a starting point from which their organization could quickly launch and deploy workloads and applications. That would help lead to centralized governance and security.

They sought to migrate five applications to a new cloud environment. This transition would show the rest of the agency that the new infrastructure was scalable. It would also allow for best practices, show off modernized features and follow the tenets of DevSecOps, in which security is a primary and shared responsibility.

Finally, they wanted to ensure that the solutions they employed would help train existing teams on cloud operations. This included how to manage workloads and how to create infrastructure in the cloud. In other words, this couldn’t be a temporary fix; it had to be a long-lasting way of working for the future.

The agency selected Enquizit to develop a new way to operate and to create a proof of concept to guide its cloud adoption.

While the final results of an IT modernization might appear transformational while better serving employees and constituents, the details behind an effective transition to the cloud require planning.

In its first six months collaborating with this government agency, the team at Enquizit designed and set up a hierarchical account structure for the agency to work with AWS. That new hierarchy allowed the team to put policies in place at a higher level, then have subservient accounts underneath automatically inherit those policies, says Javaid Aslam, a vice president at Enquizit who helped lead the project: “A multiaccount cloud landing zone provides better security controls, isolation of data and easier cost management.”

In one of its first steps, Enquizit set up an AWS cloud landing zone, where users can log in and then launch and deploy workloads and applications in the AWS cloud. The government agency had been using Microsoft Azure Active Directory as a cloud-based identity and access management solution. The AWS cloud landing zone was integrated with Azure Active Directory for user authentication and authorization using single sign-on. This was an easy way to provide centralized identity and access management. Enquizit also worked with the agency’s network team to implement connectivity between the cloud landing zone and the on-premises environment. This solution provided deep packet inspection, intrusion prevention and firewall rules management to monitor and restrict network traffic. Now, Enquizit could follow the agency’s standards to route external connections and implement a cloud migration process using connectivity to the on-prem infrastructure.

The company then started migration efforts. The agency identified five applications, such as batch processes and overprovisioned systems, to move to the landing zone for conversion to cloud-native solutions. These five tools would serve as an example for the rest of the organization of what was possible with the cloud and help develop a blueprint for future migrations.

One such migration was that of an existing data lake proof of concept from a separate AWS account to the cloud landing zone to allow for further development.

“It’s not easy to build a data lake environment in an on-prem system, but in the cloud, you have this fast speed of innovation,” Aslam says. “You have these platforms available that you can provision resources for very quickly, and then use that for your solutions, so you don’t have to worry about infrastructure capacity and scalability.”

The company relied on Amazon Athena’s Structured Query Language interface for data accessibility and created Extract Transform Load pipelines for data ingestion, cleaning, transformation and optimization.

Enquizit also employed its SkyMap Suite landing zone solutions, which can be customized based on client requirements for faster implementation of cloud landing zones.

The number of government agencies using Amazon Web Services for cloud

Source: amazon.com, “The Trusted Cloud for Government,” Dec. 5, 2024

Once the information was migrated, the data lake was able to ingest data from multiple sources. Tasks that had previously taken days now took hours or minutes.

Today, three workloads are in the process of being migrated.

The first six months of the project laid the groundwork for the transformation. But the transition was not wholly related to infrastructure; it also covered mindset. The Enquizit team wanted to make it simple for the rest of the agency to adopt the cloud, and more important, experiment with cloud tools and artificial intelligence.

“You want a place where you can try things out. Some of those things may become a project down the road, and some of them will get scrapped and become something else,” Aslam says. “You tell an organization, ‘Hey, we have a cloud,” and they hear, ‘Hey, can I get a hand on an account?’ or ‘Can I get a login?’ and they say, ‘No, no, you have to wait for six months.’ It’s crazy.”

Once a project has advanced, developers and engineers can bring it into the landing zone, submit it for a review and eventually launch it into the cloud.

“If they want to experiment with something in the sandbox environment, they can launch a server without talking to any of those central IT teams,” Aslam says. The current centralized IT operations model doesn’t allow that. Changing the mindset, culture and IT processes to transition from centralized to decentralized IT operations is still a work in progress.

Enquizit’s team also wanted the IT staff to use Infrastructure as Code, which allows for managing and provisioning cloud resources through machine-readable definition files rather than manual configuration via a console.

Because many of the system administrators and network engineers weren’t developers, writing some of the scripting for the functions became a challenge.

Many of them have now acquired these skills, and “they’re using these templates on their own to launch infrastructure. Now, you can have a bunch of servers ready, a database server ready, in seconds. Or, if something happens, you just relaunch it from a previous backup,” Aslam says.

To ensure the organization made the most of its new infrastructure, Enquizit established a cloud center of excellence. This approach ensures existing IT teams are trained on cloud operations, how to manage workloads and how to create infrastructure in the cloud. It also brought together a team to make decisions on cloud adoption that included different business units in the organization, representing IT operations, security, HR, legal, finance and contracts.

“It’s not just to help them guide this cloud adoption and educate all of these different business units about cloud,” Aslam says. “Another aspect was more functional, where we have to train them. We have to make sure that they are ready to support their workloads in the cloud.”

This included writing new job descriptions for AWS roles, addressing skills gaps, and ensuring staff readiness for AWS migration and operations.

Enquizit has roughly another year left to work with this federal office.

A top goal is to simplify the process for IT teams throughout the agency to transition to the cloud.  Enquizit held regular demonstrations and training sessions with more than 50 agency staff members to help build confidence in the new setup.

Enquizit leaders are pleased with what they have accomplished. The agency says it can now perform high-quality, secure data analysis with modern tools. By moving from on-prem infrastructure, the agency has more secure and more scalable solutions. But perhaps most important, it allowed the agency to do accurate and reliable work and inform decision-making.