Government Contractor Partners with FP Complete to deploy a secure and compliant cluster onto AWS GovCloud
FP Complete architects and deploys a more complex AWS GovCloud configuration to help a government contractor adhere to higher security and compliance standards.
FP Complete establishes a secure, compliant, highly available, and easily maintained cluster within AWS GovCloud.
A government contractor, faced with higher security standards due to their data’s sensitive and confidential nature, was challenged with deploying a secure and compliant cluster onto AWS GovCloud. This required a more complex configuration than many standard region deployments to meet their specific regulatory requirements. So, they called in reinforcements from FP Complete to update their system and:
- Adhere to higher security standards due to their highly sensitive and confidential governmental information
- Handle the challenge of finding tools that would work successfully within that platform
- Understand and maneuver around the differences between GovCloud and standard AWS data centers since commonly used tools often break.
Corporation Type
Government Contractor
Industry
Software & Technology Services
Project Type
DevOps
Business Issues
- Client needed to navigate the AWS GovCloud deployment
- Handle the challenge of finding tools that would work successfully within that platform.
- Understand and maneuver around the differences between GovCloud and standard AWS data centers since commonly used tools often break.
- Client needed a cloud-based solution for their SaaS product but needed to adhere to higher security standards due to their highly sensitive and confidential governmental information.
- Client needed proper protection of Personally Identifiable Information (PII) and high availability to meet Service Level Agreements (SLAs).
- Client needed a development center fully compliant with modern DevOps principles.
Project Outcome
Minimized Risk by Deploying Nomad for AWS GovCloud
To minimize the risk of an unstable environment, we opted to deploy Nomad, as Kubernetes was known to be unreliable within the GovCloud environment. Nomad provided a similar feature set to Kubernetes but utilized fewer cloud services, making it an ideal choice at the time for a dependable GovCloud setup. FP Complete recommended a hybrid approach that leverages Nomad Clusters on AWS GovCloud and bare metal AWS EC2 instances to provide a consistent experience across their AWS GovCloud environment. As their needs change, the Client can quickly shift software license entitlements from on-premise nodes to bare metal AWS EC2 instances.
Project Outcome
It’s All About the Tools when Deploying AWS GovCloud
We used Terraform to build the infrastructure necessary for hosting the Nomad cluster and leveraged AWS Key Management Service (KMS) to contrive the necessary encryptions. For additional security, we deployed Hashicorp Vault for secure credentials management.
TECHNOLOGY USED
AWS, GovCloud, Terraform, Nomad,
Hashicorp Vault
FP Complete’s Solution
- Hosted a web-based Software as a Service (SaaS) product
- Complied with all government regulations for data storage and transit
- Hosted within the AWS GovCloud datacenter
- Isolated environments for development, QA, and production
- Integrated Continuous Integration/Continuous Deployment (CI/CD) pipelines
- Automated deployment
- Autoscaled in response to load to improve performance
- Auto recovery from unhealthy nodes
- Infrastructure-as-code support
NEW CHALLENGES FOR FP COMPLETE
This project revolved around regulated data, GovCloud, and Nomad. While we have worked with all three concepts individually in the past, this was the first project where we got to combine all three. The integration went well and presented fewer obstacles than we expected.
The Conclusion
The selected combination of tools integrated well, fully supported the AWS GovCloud environment, and delivered a stable platform for our client. This project taught us that with proper planning and execution, even complex projects can be accomplished easily. If you are considering deploying a secure and compliant cluster onto AWS GovCloud or any other cloud platform, do not hesitate to ask us for guidance and support.