Line 7: |
Line 7: |
| With the needs of securing protected B data in a Public cloud, the office of GC Chief Technology Officer developed an operationalization framework which was approved by GC Enterprise Architecture Review Board (EARB). | | With the needs of securing protected B data in a Public cloud, the office of GC Chief Technology Officer developed an operationalization framework which was approved by GC Enterprise Architecture Review Board (EARB). |
| | | |
| + | == GC Event Logging Guidance == |
| + | <nowiki>***</nowiki> In construction *** |
| | | |
| + | == GC Accelerator == |
| + | Conscious of the fact that wide adoption in GC will require enabling GC department to effectively and rapidly deploy application, computing etc. in public could environment. TBS in collaboration with SSC and other departments had developed GC accelerator for Microsoft Azure and AWS cloud. |
| | | |
| + | == CG Accelerators - Azure == |
| + | To access the Azure accelerator, consult canada-ca/accelerators_accelerateurs-azure |
| | | |
− | GC Event Logging Guidance
| + | == CG Accelerators – Amazon Web Services == |
| + | To access the AWS accelerator, consult canada-ca/accelerators_accelerateurs-aws |
| | | |
− | GC Accelerator Conscious of the fact that wide adoption in GC will require enabling GC department to effectively and rapidly deploy application, computing etc. in public could environment. TBS in collaboration with SSC and other departments had developed GC accelerator for Microsoft Azure and AWS cloud. CG Accelerators - Azure To access the Azure accelerator, consult canada-ca/accelerators_accelerateurs-azure CG Accelerators – Amazon Web Services To access the AWS accelerator, consult canada-ca/accelerators_accelerateurs-aws Secure Cloud Connectivity The establishment of secure cloud connections to cloud services and trusted interconnection points will: • Improve resiliency of the GC infrastructure with dedicated and private connections to cloud; • thereby ensuring continued access to GC information systems and solutions hosted in the cloud; • Help the GC to mitigate direct attacks from the Internet against cloud-based GC resources; and • Enhance the protection of on-premise networks from compromised GC resources in the cloud. Below are the link to the GC Secure Cloud Connectivity Requirements. • GC Secure Cloud Connectivity Requirements o GC Cloud Access Use Cases o GC Connection Patterns - DRAFT for Consultation GC Guardrails The purpose of the guardrails is to ensure that departments and agencies are implementing a preliminary baseline set of controls within their cloud-based environments. These minimum guardrails are to be implemented within the GC-specified initial period (e.g. 30 days) upon receipt of an enrollment under the GC Cloud Services Framework Agreement. • GC Cloud Guardrails - DRAFT for Consultation o Cloud Guardrails - Initial 30 Days o Standard Operating Procedure for Validating Cloud Guardrails
| + | == Secure Cloud Connectivity == |
− | https://github.com/canada-ca/cloud-guardrails
| + | The establishment of secure cloud connections to cloud services and trusted interconnection points will: |
| + | |
| + | • Improve resiliency of the GC infrastructure with dedicated and private connections to cloud; |
| + | |
| + | • thereby ensuring continued access to GC information systems and solutions hosted in the cloud; |
| + | |
| + | • Help the GC to mitigate direct attacks from the Internet against cloud-based GC resources; and |
| + | |
| + | • Enhance the protection of on-premise networks from compromised GC resources in the cloud. |
| + | |
| + | Below are the link to the GC Secure Cloud Connectivity Requirements. |
| + | |
| + | • GC Secure Cloud Connectivity Requirements |
| + | |
| + | o GC Cloud Access Use Cases |
| + | |
| + | o GC Connection Patterns - DRAFT for Consultation |
| | | |
| + | == GC Guardrails == |
| + | The purpose of the guardrails is to ensure that departments and agencies are implementing a preliminary baseline set of controls within their cloud-based environments. These minimum guardrails are to be implemented within the GC-specified initial period (e.g. 30 days) upon receipt of an enrollment under the GC Cloud Services Framework Agreement. |
| | | |
− | GC Cloud Guardrails – AZURE https://github.com/canada-ca/cloud-guardrails-azure GC Cloud Guardrails – Amazon Web Service https://github.com/canada-ca/cloud-guardrails-aws GC Cloud reference Architecture TBD Naming and Tagging To effectively manage GC cloud Resources, Shared Services Canada had developed a Cloud Resources Naming and Tagging Convention which was approved and ready to be used by GC departments deploying GC IT resources using approved public cloud services. | + | • GC Cloud Guardrails - DRAFT for Consultation |
| | | |
| + | o Cloud Guardrails - Initial 30 Days |
| | | |
| + | o Standard Operating Procedure for Validating Cloud Guardrails |
| | | |
− | GC Guardrails[edit | edit source]
| |
− | GC Cloud Guardrails
| |
| https://github.com/canada-ca/cloud-guardrails | | https://github.com/canada-ca/cloud-guardrails |
− | https://github.com/canada-ca/cloud-guardrails-azure
| |
− | https://github.com/canada-ca/cloud-guardrails-aws The GC AWS Accelerator main page is on GitHub: https://github.com/canada-ca/accelerators_accelerateurs-aws/blob/master/HOWTOs/GC_AWS_LZ_Package/README.md The UTM Firewall VPC Overlay templates and scripts are also on GitHub and can be found here: https://github.com/canada-ca/accelerators_accelerateurs-aws/tree/master/templates The GC AWS Accelerator documentation including build books, etc., is currently stored in GCCode: https://gccode.ssc-spc.gc.ca/GCCloudEnablement/AWS/tree/master/GC%20Accelerator%20-%20AWS%20Landing%20Zone%20Package%20(July%202019) Terraform modules on github: https://github.com/canada-ca-terraform-modules ARM templates on github: https://github.com/canada-ca-azure-templates Azure accelerators on github:
| |
| | | |
− | https://github.com/canada-ca/accelerators_accelerateurs-azure | + | == GC Cloud Guardrails – AZURE == |
| + | https://github.com/canada-ca/cloud-guardrails-azure |
| + | |
| + | == GC Cloud Guardrails – Amazon Web Service == |
| + | https://github.com/canada-ca/cloud-guardrails-aws |
| + | * The GC AWS Accelerator main page is on GitHub: |
| + | * The GC AWS Accelerator main page is on GitHub: https://github.com/canada-ca/accelerators_accelerateurs-aws/blob/master/HOWTOs/GC_AWS_LZ_Package/README.md |
| + | * The UTM Firewall VPC Overlay templates and scripts are also on GitHub and can be found here: [https://github.com/canada-ca/accelerators_accelerateurs-aws/tree/master/templates https://github.com/canada-] |
| + | * The GC AWS Accelerator documentation including build books, etc., is currently stored in GCCode: https://gccode.ssc-spc.gc.ca/GCCloudEnablement/AWS/tree/master/GC%20Accelerator%20-%20AWS%20Landing%20Zone%20Package%20(July%202019) |
| + | * Terraform modules on github: https://github.com/canada-ca-terraform-modules |
| + | * ARM templates on github: https://github.com/canada-ca-azure-templates |
| + | * Azure accelerators on github: https://github.com/canada-ca/accelerators_accelerateurs-azure |
| + | |
| + | == Cloud reference Architecture == |
| + | <nowiki>***</nowiki> In construction *** |
| | | |
− | *** This page is under construction. ***
| + | == Naming and Tagging == |
| + | To effectively manage GC cloud Resources, Shared Services Canada had developed a Cloud Resources Naming and Tagging Convention which was approved and ready to be used by GC departments deploying GC IT resources using approved public cloud services. |