We’ve seen a fair amount of growth in the government sector recently and as result thought it would be a good idea to help describe how our clients are leveraging the first Public Cloud that was founded in Canada by Canadians. We’ve seen some great steps recently from the Canadian Government to facilitate Shared Services standards that envision inclusion and usage of public Cloud providers like Cloud A in Government infrastructure. Recent Canadian Government documents like the “IT Shared Services Security Domain & Zones Architecture” specify the standards & best practice guidelines so that in the future shared ITC services can be transposable for the use of similar shared services offered through a public cloud provider under contract to the GC.
Here are the main points:
- A security domain is an environment or context that includes a set of resources and a set of entities that have the right to access the resources as defined by a common security policy and administered by a single authority.
- A network security zone is a networking environment with a well-defined boundary, a Network Security Zone Authority, and a standard level of susceptibility to network threats. The concept of network security zones is generally applied during the implementation of a security domain as a way to satisfy some of the domain policy requirements.
- Shared Services adoption of Cloud solutions with Canadian government IT departmental groups is at various levels of engagement today (from providing email service to a complete set of data center services, for example: network, storage, application, & database). In the future Shared Services endeavours to provide guidance on best practices for IaaS, PaaS and SaaS cloud services for its clients.
This picture illustrates the various layers of the cloud and how different IT groups typically procure & manage the different components of cloud technology. On the left hand side you have the typical non-cloud enabled organization using departmental IT. Next you have Hosting providers that offer basic web hosting & VMWare products. Next you have Public IaaS Like CloudA where Network, Storage, & Compute are aggregated and delivered as a utility. Then PaaS options such as Cloud 66 that further automate infrastructure for advanced cloud solitons including Hybrid cloud architecture. Finally there are SaaS solutions that often leverage IaaS & PaaS of other cloud providers.
CloudA’s Virtual Private Cloud (VPC) fits into that vision extremely well as we facilitate the provisioning of private, isolated sections of CloudA’s Cloud where you can launch resources in one or more virtual networks that you define. With CloudA’s VPC, you can define a virtual network topology that closely resembles a traditional network that you might operate in your own datacenter. You have complete control over your networking environment, including selection of your own IP address ranges, creation of subnets, and configuration of route tables and network gateways.
Our clients often require the ability to have some degree of control over the configuration of perimeters between the tiers of the application architecture (e.g. between their application restricted zone and their database zone).
CloudA’s Multi-Tier Security Architecture is configurable to limit access between tiers. You can easily customize the network configuration for your VPC. For example, you can create a public-facing subnet for your webservers that has access to the Internet, and place your backend systems such as databases or worker instances in a private subnet with no Internet access. You can leverage multiple layers of security, including security groups, to help control access to your resources.
Often our clients will install and configure a Hardware Virtual Private Network (VPN) connection in their local corporate environment and leverage CloudA as an extension of their corporate datacenter so that it can be easily used in a secure way.