Difference between revisions of "Transport Canada (TC) Infrastructure Modernization - Cloud / DR / Workload Migration"

From wiki
Jump to navigation Jump to search
Line 13: Line 13:
 
The goal of this project is to deliver a complete modern infrastructure environment for TC applications in the Cloud or modern data centers. This requires building a foundational Cloud environment, planning and executing a workload migration plan, as well as creating and implementing a Disaster Recovery Management Program. In conjunction with SSC, a secure network to Cloud and authentication services will be established.
 
The goal of this project is to deliver a complete modern infrastructure environment for TC applications in the Cloud or modern data centers. This requires building a foundational Cloud environment, planning and executing a workload migration plan, as well as creating and implementing a Disaster Recovery Management Program. In conjunction with SSC, a secure network to Cloud and authentication services will be established.
  
This work is being done with the Cloud Smart strategy that indicated that a modern secure TC infrastructure includes moving some applications to the cloud and other to leverage SSC EDs in situations where an EDC makes more sense such as Apps that are behind decomisioned, only need to be sustained or where the cloud offers no business value.  
+
This work is being done within the framework of the Cloud Smart strategy that indicated that a modern secure TC infrastructure includes moving some applications to the cloud and other to leverage SSC EDCs in situations where an EDC makes more sense such as Apps that are being decomisioned, only need to be sustained or where the cloud offers no business value.  
  
 
The Cloud will provide TC with a modern, scalable, and resilient infrastructure which offers disaster recovery and rapid time to market to support a safe, secure, efficient, and environmentally responsible transportation system in Canada.  
 
The Cloud will provide TC with a modern, scalable, and resilient infrastructure which offers disaster recovery and rapid time to market to support a safe, secure, efficient, and environmentally responsible transportation system in Canada.  

Revision as of 23:08, 17 February 2022

Transport Canada (TC) Infrastructure Modernization - Cloud / DR / Workload Migration[edit | edit source]


Transport Canada (TC) IT Infrastructure Modernization[edit | edit source]

The goal of this project is to deliver a complete modern infrastructure environment for TC applications in the Cloud or modern data centers. This requires building a foundational Cloud environment, planning and executing a workload migration plan, as well as creating and implementing a Disaster Recovery Management Program. In conjunction with SSC, a secure network to Cloud and authentication services will be established.

This work is being done within the framework of the Cloud Smart strategy that indicated that a modern secure TC infrastructure includes moving some applications to the cloud and other to leverage SSC EDCs in situations where an EDC makes more sense such as Apps that are being decomisioned, only need to be sustained or where the cloud offers no business value.

The Cloud will provide TC with a modern, scalable, and resilient infrastructure which offers disaster recovery and rapid time to market to support a safe, secure, efficient, and environmentally responsible transportation system in Canada.

This project is meant to address the business needs and opportunities of:

  • Providing IT recovery services in the event of a disaster to ensure the delivery of critical services affecting the safety, security, and economic viability of Canadian citizens continues to operate normally.
  • Responding to the Cloud First principle and direction from TBS for delivery of Digital Services.
  • Responding to demands for increased IT capabilities and increased IT capacity to support TC’s programs.
  • Adopting DevSecOps and modern development methodologies that are enhanced by Cloud services, such as working in Agile, Open, Collaboration.
  • Implementing a Disaster Recovery Management program in response to the TBS Policy on Government Security to provide IT service continuity in a timely and efficient manner.

The key deliverables are:

  • Modernized TC IT environment using Cloud solutions.
  • Migration of all applications/systems within the Workload Migration (WLM) initiative to the Cloud.
  • Application development and support model modernization to enable Cloud solutions providing efficiencies in delivery time and cost.
  • Validated and maintained Disaster Recovery Management framework in place.

Secure Cloud Enablement and Defence (SCED)[edit | edit source]

As workloads are migrated to the Cloud, the GC perimeter shifts outside of the on-premise environment, and measures must be put in place to monitor and protect these Cloud-based environments, and respond to cyber threats quickly. The establishment of private, dedicated connections to GC approved Cloud Service Providers (CSP) will enable a hybrid IT environment, and ensure that the GC can continue to have secure access to information systems and solutions hosted in the Cloud.

Secure Cloud Enablement and Defence (SCED) is secure connectivity from Cloud to Ground that is being implemented for applications and platforms that handle Protected B data. Working with SSC, TC has implemented SCED as a pilot project for two applications: Enterprise BI and Data Analytics (eBIDA) and Policy on Government Security (PGS). eBIDA is expected to go live with SCED by February 15, 2021. The go live date for PGS is pending. SCED General Availability (GA) for all applications is expected in fall 2021.

Cloud Service Operation Model (CSOM)[edit | edit source]

The Cloud Service Operation Model (CSOM) is a framework used to assess current levels of organizational maturity in the operation, management, and governance of Cloud services. The CSOM framework and methodology is iterative and can be used for existing and new Cloud services. Microsoft performed a CSOM evaluation for TC and delivered a final report. Next steps are under review with the TC leadership team.

Project Status[edit | edit source]

This project is using Agile methodology and is in Phase 3, Launch/Execution & Control, of the TC Project Management Framework 4 Gate Model. TC's Azure Cloud Foundational Environment has been granted Authority to Operate (ATO) up to Protected-B for applications not requiring secure network connectivity.

Overall, the project was impacted by the delayed SSC delivery of SCED (Secure Cloud Enablement & Defence), required for applications that need secure connectivity, but is now moving forward with a SCED pilot for two COVID-19 related applications: PGS and eBIDA. Applications related to the COVID-19 response have been given top priority for migration, so more resources will be put on these, and other activities may be impacted. For PGS and eBIDA, resources from Solutions Centre and Microsoft have been secured for Cloud migration work. TC is working with SSC to pilot SSC's Cloud Operating Model, using DevSecOps.

Disaster Recovery (DR) plans are implemented for each application that moves to the Cloud, if required. The full DR program is expected to be set up and operational by the end of the calendar year 2022. All applications are expected to be in the Cloud, with DR plans if required, by March 2023.

Milestones Initial Target Completion Date Forecast Completion Date Actual Completion Date Comments
Project Kickoff 2017-10-26 2017-10-26 2017-10-26 Complete: Project started on 2017-10-26.
Discovery & Analysis for Disaster Recovery (DR) 2018-10-05 2018-10-05 2018-10-05 Complete: Initial research for establishing a Disaster Recovery Program for TC.
Gate 0 Phase 1: Discovery and Initial Cloud Foundation 2019-04-29 2019-04-01 2019-04-01 Complete: Task awarded to Microsoft to collect information and create Cloud environment for TC applications.
Gate 1 Phase 2: Application Target State Assessment 2019-09-20 2019-09-20 2019-09-20 Complete: All business systems assessed and assigned a Cloud target state.
Cloud Foundation Build 2019-04-01 2019-10-18 2019-10-18 Complete: Cloud working environment for TC applications and platforms.
Gate 2 Project Execution Approval (under the PMF 4 Gate Model) 2020-03-01 2020-03-01 2020-01-30 Complete: Approval received for project execution.
Secure Cloud Enablement Defence (SCED) Pilot Implementation 2018-07-16 2021-02-08 2021-02-08 SCED implemented in pilot project. General Availability (GA) is expected in November 2021.
Scrum Phase 5 Sprints 2021-03-02 2021-03-02 2021-03-02
Scrum Phase 6 Sprints 2021-07-09 2021-07-09
Secure Cloud Enablement Defence (SCED) General Availability (GA) 2021-11-30 2021-11-30
Migration Complete for All Applications/Platforms 2022-12-09 2022-12-09
Full DR Implementation, Test, Analysis and Recommended Action Plan 2023-03-31 2023-03-31
DR Policy, Master Plan, and Framework Development and Approval 2023-03-31 2023-03-31
Gate 3 - Project Completion Date - Approval for Project Close 2023-03-31 2023-03-31
Gate 4 - Project Close 2023-04-15 2023-04-15

Key Accomplishments[edit | edit source]

  • Completed Oracle OCI Proof of Concept and procured Oracle OCI credits to be used for migration.
  • Aligned TC's AWS solution to GC standards (GC PBMM Accelerator) to better position TC for enabling SCED in AWS.
  • Fortinet and FortiAnalyzer Cloud firewalls were deployed for the project, enabling foundational security measures for SCED.
  • TC-SSC ADM Cloud Steering Committee created to address issues and risks associated with this project.
  • SCED pilot in progress for PGS and eBIDA. Planning complete and implementation phase in progress, including SSC infrastructure work.
  • Applications related to COVID-19 response were prioritized and work is underway.
  • Upgraded the Microsoft Multi-Factor Authentication (MFA) and Self-Service Password Reset (SSPR) features to use a centralized portal.
  • Created a Cloud Migration Checklist for teams to use for migrating their apps to the Cloud.
  • Created a Cloud Workload Prioritization framework to establish a priority order for applications moving to the Cloud.
  • Created an Application Gateway script that dramatically reduces the amount of time required to create and configure subdomains on the network. As a manual process, creating and configuring subdomains takes about 30 minutes for each one, but with the new script it takes only 2 minutes. The script contains all the accurate settings for the subdomains, which removes any chance of configuration errors, and therefore saves the team potential troubleshooting time. The script is shared in the GCAccelerators github.
  • Launched an Education Initiative as a way to create and distribute content to educate other teams in TC about Cloud migration and operations. As one of the first steps in this initiative, an onboarding checklist was created to help teams understand the steps involved in their journey to the Cloud.
  • Created an Assessment Scorecard as a way to assess the criticality of moving applications to the Cloud and create a priority order. This scorecard will assist ARB with a technical understanding of the applications in the migration pipeline so they can make a decision about the migration priority order.
  • All active TC employees (7,079) have been on-boarded to MS Teams.
  • Active Directory Federation Services (ADFS) is now available for Cloud-based applications at TC. ADFS provides users with single sign-on capabilities by establishing a link between TC’s Azure Active Directory and the on-premise Active Directory. This reduces the amount of usernames and passwords required to log on to Cloud-based applications.
  • TC and TBS have signed a Memorandum of Understanding (MoU) to fund Cloud Migration activities.
  • Completed implementation of security controls required for Protected-B Cloud environment.
  • Completed assessment of TC's applications for readiness to be migrated to the Cloud.
  • Contracted industry Cloud expertise to assist to create, configure, and train TC FTE staff.
  • Established the foundational Cloud environment, Hybrid Cloud Management (HCM), to start accepting workloads.
  • As part of Culture change to adopt Cloud, 37 (formal and informal) Training sessions, 11 Technical Talks, 33 Awareness building roadshows, and four TC-wide Cloud engagement sessions have been completed.
  • TC is sharing with other GC Agencies and Departments the Azure Network Template Generator via the GitHub repository.
  • Began implementing DevSecOps methodology for this project.
  • Dedicated TC Cloud Centre of Excellence (#TC3OE) has been established.          

Overview of Transport Canada’s Cloud Centre of Excellence (#TC3OE)[edit | edit source]

TC3OE is Transport Canada’s Cloud Centre of Excellence. The TC3oE team is enabling the delivery of modern digital solutions by leveraging the Agility, Flexibility, Elasticity, and Disaster Recovery features of Cloud technologies. The team supports and maintains the Cloud foundational infrastructure, and aids designers in the planning, procurement, configuration and integration of Cloud services, so that TC clients can quickly address their rapidly changing business needs.

#TC3OE can be contacted via email at: TC.Cloud-Infonuagique.TC@tc.gc.ca

Here is a photo of our outstanding team!

TC3OE team 18dec2019.jpg

Challenges: Risks and Issues[edit | edit source]

RISK If the project isn't able to sufficiently resource the Disaster Recovery (DR) role, then a DR program will not be implemented, negatively impacting the recovery of critical IT applications.
Impact High
Probability Medium
Mitigation Find resources to create and implement a DR program for the project.
RISK If the project team doesn't create and implement a change management process, then they won't be able to effectively navigate project impacts, which will put the overall project at risk.
Impact High
Probability Medium
Mitigation Find resources to create and implement a change management process for the project.
RISK If there is not enough Cloud expertise and capacity on application/platform teams, then workload migration to the Cloud stalls, delaying the project schedule.
Impact High
Probability Medium
Mitigation Engage each application/platform team early in the process, secure temporary Cloud expertise - in part by gaining resourcing through TBS, and escalate accordingly if there is not enough capacity.
ISSUE The TC3oE team is in re-build mode, hiring, onboarding, and training new resources, which will impact their ability to deliver on the planned schedule.
Impact High
Resolution Plan Adjust schedule to accommodate onboarding of new resources.
ISSUE With the delay in SCED General Availability (GA) until November 2021, the migration of 370+ applications/platforms by March 2023 will be delayed.
Impact High
Resolution Plan Initiate change request process to adjust project end date to align with MCDC shutdown in 2025.
ISSUE Ongoing application assessments show that teams with applications/systems dependent on SCED/Oracle DBs are choosing not to prepare for migration at this time, causing significant delays to the migration schedule.
Impact High
Resolution Plan Acquire OCI to provide Oracle solutions in the Cloud, and continue to use the Application Prioritization Framework to assess readiness for migration.

Guidance and Documentation[edit | edit source]

Workload Migration Categorizations (Business Applications in Scope)[edit | edit source]

Data was sourced from the previous Microsoft Assessment.

Security Classification No Active Directory Dependency No Connectivity Requires Active Directory Requires Connectivity with EDC SQL Database Total
Unclassified 84 21 40 103 7 124
Protected A 87 9 60 138 5 147
Protected B 46 8 9 47 4 55
Total 217 38 109 288 16 326

Application Workload Migration via Agile Sprints[edit | edit source]

This project is following an iterative Agile process to migrate applications to the Cloud.

App/Platform State Description
Not Started Work has not yet started on migrating the app/platform to Cloud.
Planning Initial planning underway to determine timeframe for migrating app/platform to Cloud.
DEV Development work in progress.
UAT User Acceptance Testing. App/platform is undergoing testing to prepare for moving to PROD.
PROD/DR Production and Disaster Recovery testing. App/platform is in the PROD environment and ready for review, testing, and cutover to Cloud.
Up Next App/platform is next in line for migration.
Deferred App/platform is on hold until a future date.
Apps/Platforms In Production Current State Notes
Alexa Recalls PROD
ASD PROD
eBIDA PROD Related to COVID-19 response. Part of SCED pilot.
CARS Exemption PROD Migrated to Cloud February 19, 2021. SSC COM pilot project successfully completed.
EGIS PROD
iServer PROD
MEDV PROD
Navigable Waters Act Registry PROD
NWAR-ESS PROD
Open Data PROD
PGS PROD Related to COVID-19 response. Part of SCED pilot.
SRF PROD
TCLR PROD
TC Search PROD
TC WWW PROD
TMSA PROD
Apps/Platforms In Progress Current State Notes
CVS Dev
GCDOCS UAT
LDPS Planning
LoV API Dev
MISS XIM Planning
MMERS UAT Waiting on ATOs to go to PROD.
myTC Planning
PRET DEV Development work in progress.
SAC Planning
SSCIMS Planning
Tachyon Planning
TEAMMATE UAT Performance testing in progress.
ZAMMAD DEV Development work in progress.
Apps/Platforms Up Next Current State Notes
DB Farm Up Next
Document Services Up Next
Seafarer Up Next
Vessel Registry Up Next
Web Farm Up Next
Workload Management Services Up Next
Apps/Platforms Deferred Current State Notes
CARTES Deferred Lack of capacity on database team.
CCM Deferred Waiting on funding and OCI.
CUMULUS Deferred Looking for a replacement, plan to use CUMULUS until this is found. Decision needed on effort and value to complete Cloud migration.
DB SQL Server Deferred Lack of capacity on database team.
ECATS Deferred Deferred to SCED GA. Will be absorbed by EGIS. Related to COVID-19 response.
LDPS Deferred Deferred to SCED GA.
MMEL Deferred
PRET Deferred Lack of capacity on database team.
PWS (BC) Deferred Lack of capacity on database team.
RPA CoE Blue Prism Deferred Deferred to Phase 6. Related to COVID-19 response. Dependent on SCED.
RPA CoE UI Path Deferred Deferred to Phase 6. Related to COVID-19 response. Dependent on SCED.
SAP BI Deferred Deferred to SCED GA.
TCOMS Deferred Deferred to Phase 6. Related to COVID-19 response.
TO_LAND Deferred Lack of capacity on database team.
TSCM Deferred Related to COVID-19 response. Investigating the possibility of not migrating the current application and instead, building a new one in the Cloud.
Web Infrastructure Deferred Lack of capacity on team.
Apps/Platforms in Pipeline Current State Notes
BALLAST INTERVENTIONS Not Started
BASE NAVIRES Not Started
CVSA Not Started
Digital Signatures N/A Related to COVID-19 response. No need for migration. This is a SaaS application so it's already using Cloud.
FORMATION Not Started
FORMATION_WEB Not Started
INC_POLL 2014 Not Started
MTCO-SMTC Not Started
PROFIL-FORMNAX Not Started
PROJETCERTI Not Started
QAIMS Not Started
SIVP-VISP Not Started
TRAVERSES Not Started


Business Drivers and Timeline for TC's Journey to the Cloud[edit | edit source]

Journey-to-Cloud-June2020-v2.jpg

BusinessDriversForModernization-June2020.jpg