Success story



California Department of Technology (CDT) – AWS Cloud Storage

Client Objectives:

The California Department of Technology (CDT) is committed to partnering with state, local government and educational entities to deliver digital services, develop innovative and responsive solutions for business needs, and provide quality assurance for state government Information Technology (IT) projects and services.  Virtually all state government agencies and local government entities are moving some or most of their IT infrastructure to the cloud.  With this in mind, CDT released the Vendor Hosted Subscription Service (VHSS) contracted which selected Infiniti. The agreement allows any California government agency, department or government funded entity to procure directly from the CDT VHSS contract. The contract covers all types of AWS cloud storage solutions and scenarios and will allow California government customers to leverage the AWS cloud for all of their cloud storage needs.

 Solution:

As noted, the contract covers all types of AWS cloud storage solutions and integrated 3rd party scenarios and will allow California government customers to leverage the AWS cloud for all of their cloud storage needs. The partners that can be procured off of this Infiniti agreement include Commvault, Rubrik, NetApp, CloudEndure, CloudBerry and Palo Alto Networks. Infiniti has configured a centralized account utilizing AWS Organizations to allow each Agency deployment to be implemented, modified, tracked and billed under the master account. Infiniti was also asked to implement different cloud storage scenarios for the CDT team to allow them easy access to a working development environment as it hopes to play a role in supporting its variety of VHSS clients. Two implementations included:

Infiniti delivered an AWS solution with the following features:

  • Amazon File Gateway provides a virtual on-premises file server, which enables the State Department to store and retrieve Amazon S3 objects through standard file storage protocols.
  • Users interact with S3 storage via AWS File Gateway. The S3 storage appears as a NFS network drive so users can use Windows Explorer to move files to and from AWS S3 in the same way as they would use a Windows file share.
  • Local disk storage on the gateway is used to temporarily hold changed data that needs to be transferred to AWS and to locally cache data for low-latency access. File gateway manages data in the cache storing the most recently accessed data. To maximize write performance, the gateway uses a writeback mechanism where data is first persisted to disk and asynchronously uploaded to AWS storage. The gateway serves data through the local cache to maximize read performance.
  • All data transferred between the gateway and AWS storage is encrypted using SSL. By default, all data stored in Amazon S3 is encrypted server-side with Amazon S3-Managed Encryption Keys (SSE-S3).
  • AWS Glacier provides extremely low cost storage for archive/backup purposes. Glacier storage is encrypted.
  • Amazon S3 bucket policies for lifecycle management and versioning will be applied for data backup to Amazon Glacier and revisions.

Infiniti assisted CDT with provisioning a 10G Direct Connect circuit at the Equinix SV5 data center and peering with their private MPLS provider. This path facilitated a more secure and faster route for the various state departments to access AWS resources via both a public and private VIF, since many of them are interconnected via their MPLS mesh. Now all access to S3 and Glacier for the services provisioned traverse the Direct Connect circuit.

Outcomes:

As a consequence of Infiniti’s AWS cloud storage knowledge and prowess many California agencies have contracted with Infiniti under the CDT VHSS agreement and centralized account that Infiniti configured. Infiniti then works with each individual agency’s unique requirements to configure and deploy an AWS cloud storage solution. Infiniti tracks all of the sub-accounts and their respective AWS monthly consumptions and provides a detailed invoice to CDT to pay for the AWS services.

AWS Services Utilized:

  • AWS Organizations
  • AWS IAM
  • AWS S3
  • AWS Glacier
  • AWS Storage Gateway
  • AWS Direct Connect

 Third Party Applications or Solutions Used:  Also selected on the VHSS contract are the following list of 3rd party partners.

  • NetApp
  • Palo Alto Networks
  • CloudCheckr
  • Commvault
  • CloudEndure
  • CloudBerry

 

Success Stories

California Department of Technology