CLIENT SUCCESS |
About the Company
The Vision and Challenge
InterVision delivered an AWS solution using our proprietary Cloud Migration Lifecycle Assurance (CMLA) program with the following features:
- Amazon File Gateway provides a virtual on-premises file server, which enables the State Department to store and retrieve Amazon S3 objects through standard file storage protocols.
- Users interact with S3 storage via AWS File Gateway. The S3 storage appears as an NFS network drive so users can use Windows Explorer to move files to and from AWS S3 in the same way as they would use a Windows file share.
- Local disk storage on the gateway is used to temporarily hold changed data that needs to be transferred to AWS and to locally cache data for low-latency access. File gateway manages data in the cache, storing the most recently accessed data. To maximize write performance, the gateway uses a writeback mechanism where data is first persisted to disk and asynchronously uploaded to AWS storage. The gateway serves data through the local cache to maximize read performance.
- All data transferred between the gateway and AWS storage is encrypted using SSL. By default, all data stored in Amazon S3 is encrypted server-side with Amazon S3-Managed Encryption Keys (SSE-S3).
- AWS Glacier provides extremely low-cost storage for archive/backup purposes. Glacier storage is encrypted.
- Amazon S3 bucket policies for lifecycle management and versioning will be applied for data backup to Amazon Glacier and revisions.
InterVision also assisted CDT with provisioning a 10G Direct Connect circuit at an Equinix SV5 datacenter and peering with their private MPLS provider. This path facilitated a more secure and faster route for the various state departments to access AWS resources via both a public and private VIF, since many of them are interconnected via their MPLS mesh. Now all access to S3 and Glacier for the services provisioned traverse the Direct Connect circuit.
As a consequence of InterVision’s AWS cloud storage expertise, many California agencies have contracted with us under the CDT VHSS agreement and centralized account that InterVision configured. InterVision then works with each individual agency’s unique requirements to configure and deploy an AWS cloud storage solution. InterVision tracks all of the sub-accounts and their respective AWS monthly consumptions and provides a detailed invoice to CDT to pay for the AWS services.
AWS Services Utilized:
- AWS Organizations
- AWS IAM
- AWS S3
- AWS Glacier
- AWS Storage Gateway
- AWS Direct Connect
Third-Party Applications or Solutions Used (also on the VHSS contract):
- Palo Alto Networks