Service NSW is planning to push as many of its on-premises workloads into Amazon Web Services as possible under a multi-year migration project aimed at improving the scalability and resilience of its services.
Speaking at the recent AWS Public Sector Summit in Canberra, cloud platform lead Nasser Abraham said the agency would eventually shift all but its on-prem “security apparatus” under the project.
“I realise that there are some components which you don’t want to be coming from the cloud: our key management, our private keys and things like that,” he said.
“But when it comes to compute power, storage, it’s all going onto AWS. There’s really no reason to have it on-prem.”
Abraham said the decision to migrate to the hyperscale cloud provider was made approximately 18 months ago, just after the agency adopted a multi-vendor hybrid cloud approach to IT infrastructure.
AWS is used alongside a number of other cloud services, including Salesforce, Google Cloud and Microsoft Office 365.
Initially partnering with Melbourne-based AWS partner Versent on the migration project, Abraham said the work had focused on building platform foundations.
“We took the principle of starting small and without having any designs when we started to build,” Abraham said.
This enabled the agency to consider not only the wider migration, but also the “pipeline of products which were due to be released”.
“If you lift the hood from our platform, you realize that there’s really not much that we have reinvented,” he said.
“It really is a mesh of cloud services, primarily AWS services that we have glued together.”
Abraham said the first production workloads to go into AWS were for the government’s Toll Relief Program, which was introduced in July 2018 to reimburse motorists that spend $780 or more on toll roads in a financial year.
The shift happened shortly after the agency’s legacy stack failed to cope with the popularity of another refund scheme for compulsory third party (CTP) insurance.
The failure, which occurred on the first day that four million vehicle owners in NSW could apply to receive a ‘green slip’ refund, ultimately forced Service NSW to upgrade its infrastructure.
“Our legacy stack didn’t really quite handle the load, so when we were thinking about how to deploy the toll relief program on AWS, we had to meet the scalability problem,” he said.
With the platform team largely focused on migration, a solution consisting of a “serverless cloud using lambda and Amazon’s API gateway” was quickly developed.
Abraham said while the platform handled the “spike in traffic”, the confidence the platform gave the team was more rewarding.
“Our team had some wind in [their] sails because we were confident in this platform and the things that we’re doing that we have actually met the scalability challenge and also the resiliency challenge,” he said.
In developing the service pattern for the Toll Relief Program, Abraham and his team realised that the “entry level to the platform was still quite high”, leading Service to adopt Cloud Foundry on AWS and, later, Docker.
“The easiest way to turn developers away from you platform is mandating a framework mandating a particular language or even an operating system,” he said.
“We wanted the platforms to be flexible enough.”
Since the Toll Relief Program, Service NSW has gone on to use AWS and the “foundations built from day one” for a number of other projects, including a voting platform for the My Community Project and, more recently, the digital drivers licence.
The digital driver’s licence, which is currently being trailed with motorists living in Sydney’s Eastern Suburbs, Dubbo and Albury, is available through the Service NSW application.
Abraham said the digital driver’s licence component of the application, which was created by another government agency, was “running on a Kubernetes on-prem kind of environment”.
“Our team was tasked to create a Kubernetes platform on AWS, and we achieved that within a week because we were able to actually reuse a lot of patterns, which we created as public cloud foundations,” he said.
“Some of them included scaffolding, monitoring and security automation, so it really didn’t take much effort to present a Kubernetes platform to this other government agency.
“And although they’re actually reusing our foundations, they’re using their own CI/CD pipelines to actually deploy the application, so they didn't have to use all our foundations, it was consumed in a modular manner.
“Today, the digital driver's licence is live to a subset of postcodes in NSW, and that's running on EKS.
“But there's really not concerned about scalability or resiliency. All this is made possible by the foundations.”
Apart from the end goal of shifting as many of its on-premises workloads to the cloud as possible, Service NSW is looking to use AWS to improve load testing.
“In the past, or even up to today, when a product is due to go live there’s a few days or maybe a few weeks of lead time to actually load test a product,” Abraham said.
“Our team actually found there’s a lot of scope of repeatability there, and also our engineers have dispensable infrastructure at their disposal.
“So we agreed as a team this is something we can take on and also provide that in an API format.”
Abraham is also keen to ensure the platform remains an MVP, with AWS services adopted where it meets “all of our engineering principles”.
“To be honest, our platform is not a gold plated platform, [and] it never will be,” he said.
“We started as an MVP, it will continue to be an MVP and as long as I’m leading the team it’ll always be an MVP.”
A Service NSW spokesperson declined to comment on the migration project, including the timeline, saying only that “cloud is best suited to ensure digital services meet customer’s needs”.
Justin Hendry attended AWS Public Sector Summit in Canberra as a guest of AWS.