Simple Technology Solutions

Designing an AWS Enterprise Cloud Network Architecture

Description

Simple Technology Solutions (STS) designed and implemented the Enterprise Cloud Network Architecture for a large government agency in AWS Cloud Hosting Environment (CHE).

Categories

Cloud Networking
Cloud Enterprise Architecture

PDF

BACKGROUND

A large government agency was using two geographically separated on-premise data centers and needed to implement a target Cloud Hosting Environment (CHE) to migrate all their mission critical applications. The agency did not have any AWS accounts or an existing footprint in the Cloud. 

ANALYSIS

STS conducted an agency application and infrastructure assessment on the virtualized VMware environments, Load balancers, and the Network Operations Center (NOC) managed Classless inter-domain routing (CIDR) Internet protocol (IP) ranges at the two data centers.  

SOLUTION

AWS initially launched GovCloud for secure usage of the AWS environment for Federal agencies. There was only one region available as us-gov-west-1 without the availability of a mirroring site needed for robust disaster recovery. About eighteen months later, a second region for GovCloud opened as us-gov-east-1 and the networking architecture was implemented in two phases. 

The customer’s defined Internet Protocol (IP) range was allocated across both GovCloud regions. To ensure separation of concerns and environments, STS engineers implemented a hub and spoke model. A central management Virtual Private Cloud (VPC) Network was connected to both non-production and production networks via a combination of peering and virtual network appliances. Cloud Service Routers (CSRs) were used to establish secure connectivity to other DHS components and third party stakeholders. 

The Solution Architecture diagram shows the separation of concerns using VPCs, and internal and external connectivity, via network peering connections and CSRs.

BENEFIT

STS created a clearly defined division of network traffic and a designated area for shared tools by separating AWS accounts by environment and utilizing a hub and spoke approach.

The customer was able to easily manage access control, restricting access to production systems, while allowing increased speedup in development. To keep the AWS account footprint small, fewer CSR’s and vSRX’s (virtual security appliances) were needed to ensure connectivity back to external resources. The STS solution enabled stable networking and account separation, resulting in fewer network outages and a reduced security risk posture.

PRODUCTION ACCOUNT DIAGRAM

STS Engineers determined that a programmatic approach to the project would provide the most streamlined access to GCP resources and services. 

Receive Updates

Receive Updates

Join our mailing list to receive the latest news and updates.

You have Successfully Subscribed!

COVID-19 Message

As we all adapt to a “new normal” in light of the COVID-19 pandemic, Simple Technology Solutions (STS) is here as your trusted federal information technology (IT) partner. STS leadership has more than 50 years of combined experience and have served various law enforcement agencies that protect our safety and well-being. Now, as we navigate uncharted water together, we want to bring that same peace of mind to you. While we adapt to new challenges like working from home, STS is here to help as we keep your safety and that of our team top of mind. Our company platform was designed with telework in mind and enables a 100% remote workforce. In the coming weeks (and maybe months) we must all rely on a foundation of understanding and flexibility. Communication is key and in these uncertain times let’s work closely and collaboratively to overcome the challenges ahead.