AWS Cloud: CDT Furthers Their Mission with InterVision's Expertise

The California Department of Technology (CDT) partners with state, local government and educational entities to deliver digital services, develop innovative and responsive solutions for business needs, and provide quality assurance for state government Information Technology (IT) projects and services. CDT is the guardian of public data, a leader in IT services and solutions, and has broad responsibility and authority over all aspects of technology in California state government, including policy formation, inter-agency coordination, IT project oversight, information security, technology service delivery, and advocacy.

The California Department of Technology (CDT), committed to partnering with state, local government and educational organizations, needed to move assets to a cloud environment to better accommodate their service to these entities. With virtually all state government agencies and local government entities moving some or most of their IT infrastructure to the cloud, CDT released a Vendor Hosted Subscription Service (VHSS) contract, which selected InterVision. The agreement has allowed any California government agency, department or government funded entity to procure directly from the CDT VHSS contract. The contract has covered all types of AWS cloud storage solutions and scenarios and allows California government clients to leverage the AWS cloud for all of their cloud storage needs.

From this agreement, InterVision can procure a variety of partners that include Commvault, Rubrik, NetApp, CloudEndure, CloudBerry and Palo Alto Networks. Since engaging with CDT, InterVision has configured a centralized account utilizing AWS Organizations to allow each Agency deployment to be implemented, modified, tracked and billed under the master account. InterVision was also asked to implement different cloud storage scenarios for the CDT team to allow them easy access to a working development environment as it hopes to play a role in supporting its variety of VHSS clients.

InterVision delivered an AWS solution using our proprietary Cloud Migration Lifecycle Assurance (CMLA) program with the following features:

• Amazon File Gateway provides a virtual on-premises file server, which enables the State Department to store and retrieve Amazon S3 objects through standard file storage protocols.
• Users interact with S3 storage via AWS File Gateway. The S3 storage appears as an NFS network drive so users can use Windows Explorer to move files to and from AWS S3 in the same way as they would use a Windows file share.
• Local disk storage on the gateway is used to temporarily hold changed data that needs to be transferred to AWS and to locally cache data for low-latency access. File gateway manages data in the cache, storing the most recently accessed data. To maximize write performance, the gateway uses a writeback mechanism where data is first persisted to disk and asynchronously uploaded to AWS storage. The gateway serves data through the local cache to maximize read performance.
• All data transferred between the gateway and AWS storage is encrypted using SSL. By default, all data stored in Amazon S3 is encrypted server-side with Amazon S3-Managed Encryption Keys (SSE-S3).
• AWS Glacier provides extremely low-cost storage for archive/backup purposes. Glacier storage is encrypted.
• Amazon S3 bucket policies for lifecycle management and versioning will be applied for data backup to Amazon Glacier and revisions.

InterVision also assisted CDT with provisioning a 10G Direct Connect circuit at an Equinix SV5 datacenter and peering with their private MPLS provider. This path facilitated a more secure and faster route for the various state departments to access AWS resources via both a public and private VIF, since many of them are interconnected via their MPLS mesh. Now all access to S3 and Glacier for the services provisioned traverse the Direct Connect circuit.

As a consequence of InterVision’s AWS cloud storage expertise, many California agencies have contracted with us under the CDT VHSS agreement and centralized account that InterVision configured. InterVision then works with each individual agency’s unique requirements to configure and deploy an AWS cloud storage solution. InterVision tracks all of the sub-accounts and their respective AWS monthly consumptions and provides a detailed invoice to CDT to pay for the AWS services.

AWS Services Utilized:

• AWS Organizations
• AWS IAM
• AWS S3
• AWS Glacier
• AWS Storage Gateway
• AWS Direct Connect

Third-Party Applications or Solutions Used (also on the VHSS contract):

• NetApp
• Palo Alto Networks
• CloudCheckr
• Commvault
• CloudEndure
• CloudBerry