Airservices soars into the cloud
Shifting into a secure, sovereign cloud environment is already bringing benefits for Airservices Australia.
About two years ago, the nation’s air traffic services provider, Airservices Australia, began working on a program to refresh its core non-operational business systems — its systems of record, ERP, documentation systems and so on, but not the systems that run air traffic control. At the time, the organisation’s main IT facilities were hosted at its head office in Canberra. Almost seven years old, they comprised an older HP virtual platform (which had 800-odd virtual machines), several hundred physical devices and about a petabyte of storage, all running in two large equipment rooms.
“We had to vacate those rooms and … that resulted in our request to the market for an IaaS, which included core compute and storage and all of the desktop support and services that go with that,” said Chris Seller, Airservices’ CIO.
Following a 12-month process, a contract was awarded to ASG Group, whose solution was “very unique and very attractive”, said Seller, because it involved hosting all of the organisation’s business systems in Vault. “Everything that runs the business of Airservices was to migrate out of our on-premise [facilities] across into Vault’s cloud,” he said.
“That involved a very high level of detail of planning,” he added. “Like every agency, we had lots of old systems, so we were very wary and very cautious about how that was going to work and how well it was going to work.”
But as of October 2018, every one of Airservices systems is now running on Vault’s cloud, from the SAP ERP system right through to email systems, Microsoft-based systems such as SharePoint and document managing systems.
“Something like 21,000 man-hours of effort finally got us there,” Seller said. “So it was a fairly big effort over the last six months, from the time we did the deal with ASG to the time that we got the last machine across.”
Making the move
According to Seller, making a full, whole-of-agency migration to the cloud was not originally on the agenda. “I’d lived through some cloud work; I’d worked for some time at Qantas and at Westpac, and they’ve moved some of their systems on a project basis to the cloud, and that stuff is fairly torturous and difficult to do,” he said. “If you’d asked whether we could move every system that runs the business of Airservices into the cloud, I would have said you were absolutely barking mad.”
However, Seller said that he and his team quickly learned that it might be possible. “The more we learned about it, the more we realised it was going to work,” he said. “Originally what we were planning to do was move whatever we could into Vault, and the really old legacy stuff, like our SAP environment, we probably would have to maintain on dedicated infrastructure in the Canberra data centre. As it turns out, some of those legacy systems went across a lot more smoothly than anybody, including Vault, could have anticipated.”
Vault’s founder and CEO, Rupert Taylor-Price, agrees that changeover went smoothly. “Most organisations would have put years into that kind of transition,” he said, adding that Airservices’ commitment to doing it at that pace was just phenomenal. “Many government agencies are thinking about this stuff, and Chris has just materially gone and delivered it in about the same amount of time that most people think about the concepts of it.”
Seller said it took a couple of years to convince Airservices that the move to IaaS was sensible. “There’s not a huge financial benefit in the move; it’s a modest $1m to $2m per year saving over the base case of us potentially doing it all ourselves,” he said. “But we would never have achieved the level of capability that we’re now realising inside the Vault environment — the whole software-defined infrastructure and the ability to provision environments in hours instead of weeks, the automation, and the security that comes with it, were things that we would never have been able to do ourselves.”
Tight security is a vital requirement for Airservices, which Seller said the combination of ASG and Vault delivers. “It gives us a level of data security that would be difficult for us to build on our own,” he said. “Some of the investment that Vault’s made in how they manage their infrastructure through the OpenStack technologies and their automation technologies… it would be really hard for me to get the skills to actually replicate that in-house.
“And you’ve got to question why you would do that when you can go and buy it for basically a bit less than doing it yourself,” he added.
Vault’s systems operate as a sovereign cloud, keeping the data onshore, and they’re ASD-approved too. According to Seller, not all of the systems they’ve moved to the cloud require that level of security today, but they might in the future, as Airservices is midway through combining its air traffic services system with the system run by the Department of Defence. “So down the track, there will be data in this environment that Defence will require to be at a level of security beyond where we are today,” Seller said. “Starting on a protected level of security was a very good outcome for me, and it came at the price point we were happy to pay.”
Vault’s Taylor-Price said that getting his company’s product ASD approved was an “overwhelming process”.
“It’s incredibly in-depth; it was a six-year process for us,” he said. “For probably three of those six years we were in probably near daily communication with them, whether that would be looking at our architecture or our supply chain, or our staffing or processes or procedures. I think there are nearly 100 companies that have attempted to get through this process now. And obviously very few successfully come out the other side.”
Taylor-Price added that the general comfort level that this can bring for CIOs across government, not just for Airservices, is “massive”.
“I think Airservices is an interesting case because it is probably a slightly higher risk environment than average if you look across government departments,” Taylor-Price said. “It’s not as bad as some of the defence and intelligence agencies and health, but it’s up there.”
“I can’t control the threats, but I can control the position I put the organisation in to have as safe and as secure an environment as possible,” Seller said. “We are, like all organisations, a potential target, but the use of Vault and the way Vault has built security into the fundamentals of their system gives us a protection well beyond where we were in the past, and probably much better than I could have built myself — I wasn’t going to spend six years building a security layer in my on-premises capability.”
“In the field, the average user in Airservices is definitely seeing a performance improvement and we’re certainly getting benefits on the quick turnaround on provisioning and requests for new capability is vastly different than it was before. We’ve generally got very happy users,” Seller said.
“Anecdotally, we’re hearing that there has been around about a twofold improvement in the opening of an Excel file, the processing of a workflow in our SAP system, the search through our document system.”
But Seller adds that they now need to ‘right size’ the environment. “At the moment we’ve moved like for like, a lift and shift into the cloud,” he said. “We’re now about to embark on a process to look at all the systems — are they consuming the Vault environment in the most economical way? Once we’ve done that piece of work, we expect there will be a consolidation of a number of servers and a reduction in the number of cores used by various systems.”
Another benefit is disaster recovery. Before the migration, only about 20% of Airservices’ essential business systems were covered by a disaster recovery plan. “When we do our right-sizing of workloads, we can now look at increasing the number of systems — hopefully to all of them — that are covered by our disaster recovery. And being in that elastic cloud environment gives us the capability of doing that.”
Vault has also been doing a lot of work with partners such as MapR and Cloudera to build an ecosystem of options. “We have about 150 of them that now have plug-and-play solutions” that provide a broader market of specialist services, Taylor-Price said.
“That’s an ecosystem I want to tap into,” Seller said. “As other organisations and services that provide service management, monitoring and event management, like Dynatrace, ServiceNow and others, come onto Vault then I’ve got a ready-made, secure capability that I can use in the same data centre environment. That gives me huge opportunities I wouldn’t have realised if I hadn’t gone down this path.”
The Victorian Government's shared services agency Cenitex and VMware are working to develop...
Google Cloud Platform has secured certification from the Australian Cyber Security Centre (ACSC)...
In our annual Leaders in Technology series, we ask the experts what the year ahead holds. Today...