How Defence Construction Canada thrived during the pandemic related shutdown
YEARS OF EXPERIENCE
DAILY REMOTE WORKERS
Defence Construction Canada (DCC) is a Crown corporation, accountable to Parliament through the Minister of Public Services and Procurement. Created in 1951, it is a construction company that project manages third parties to build, support and manage our defense capabilities. This involves building nuclear substations, overseeing operations of shipyards, as well as managing airports for the Air Force. DCC employs approximately 1,000 staff in its Ottawa headquarters and across the country in all Canadian Forces Bases (CFBs).
Prior to this project, DCC was an organization at a crossroads. Since its inception, it had been fully responsible for building and maintaining its IT infrastructure. However the technology was evolving so rapidly in their industry, DCC found it difficult to keep up with all the changes and security updates required to ensure a secure and up-to-date IT environment. The IT Landscape became more complex and the security threats became more sophisticated, and DCC wanted to focus solely on its core business, delegating this aspect to a third party who had more expertise in this field.
Outsourcing its data centre would enable the business to thrive in ways it could not before. By taking a more proactive approach, DCC can better anticipate and adjust to the evolving requirements of their business, including Contract Services, Contract Management Services, Environmental Services, Project and Program Management Services, and Real Property Management Services.
DCC’s IT Director, Navpreet Uppal summed up the challenges that were driving this massive undertaking: “DCC partnered with Compugen on this cloud migration journey to keep up to speed with industry, our client partners, and mitigate the risks of network downtime and cyber threats. This would prove to be the biggest infrastructure change in the organization’s history.”
The team opted for a hybrid solution where the majority of applications would move to Azure, while the main ERP would remain on IBM proprietary hardware in a private cloud. Because the ERP was large and contained critically important functions such as payroll, re-platforming it for a public cloud would have been too time-consuming. Therefore its underlying IBM AS/400 system was moved to a private cloud system at the ThinkOn Datacentre. The two clouds were connected via a Microsoft Express Route connection. The scope consisted of moving all other applications, Databases, Services, and Networking from on-premises to an Azure cloud. Compugen engaged CommVault, ThinkOn, Security Resource Group (SRG), and Fortinet as partners in the move and added security of the services once moved. Throughout this process, Microsoft Professional Services was engaged to evaluate the designs.
Using the Cloud Migration Decision framework process, Compugen strategically aligned each application within each service definition provided by DCC to one of the three “R” cloud migration options: Rehost (IaaS), Rebuild (PaaS) or Replace (SaaS).
Once this was accomplished, the team then systematically:
• Identified the migration goals
• Gathered DCC’s requirements and constraints
• Filtered out alternatives based on evaluation criteria
• Prioritized the migration goals and matched them with remaining alternatives
• Assessed the provider QoS and interaction cost implications
Project Delivery and Final Outcome
The DCC cloud migration project was kicked off in fall 2018, with a series of planning and design workshops, leading to a final architecture and implementation in early spring 2019.
By moving the services to Microsoft’s Azure Secure Cloud and Compugen’s Managed Services, DCC has achieved these primary objectives:
- Migrate the in-house computing infrastructure to facilities hosted and managed by a third-party Cloud Provider to deliver a more secure, adaptable service.
- Achieve high elasticity and scalability of computing resources.
- Reduce Total Cost of Ownership (TCO) in managing computing services.
- Speed up deployment of new technologies, upgrades and patching.
- Improve reliability and ‘up-time’ of computing resources.
- Provide visibility to real-time and historical utilization and performance statistics of computing resources
By achieving these objectives, DCC has realized the following benefits:
- A robust cyber security model built on best practices, able to handle current and future issues such as ransomware Network services protected from distributed denial of service attacks (DDoS).
- Free up DCC Information Technology (IT) staff to run the business of IT instead of the systems.
- Hardware, firmware, and software are always up to date, patched and supported.
- Audit reports provided to DCC regularly.
- Key performance indicators established and reported upon.
- Backup and restores are taken and tested regularly.
- Rapid provisioning of unfamiliar environments
- Disk space and memory utilization managed dynamically by the vendor.
- Redundancy and resiliency built into the service for disaster recovery.
- Elimination of requirement to refresh the environment every 5 years.
As a result of this work and the upgraded security protocols, DCC emerged from the project better able to withstand the effects of the global pandemic. Under their old system, they could have 100 people maximum who could connect remotely to the VPN, a requirement to work offsite. The new architecture allows over 500 people to remotely connect to the VPN, amid the stay-at-home orders. Upgrading the firewalls to adjust to the new capacity was done remotely overnight and DCC is reporting no latency, with users connecting without incident.
This cloud-based data migration project, in partnership with Compugen, DCC is more agile, leaner, more secure, and better suited to adapt to the demands of the modern workspace. By outsourcing their IT support and management, DCC is now able to focus solely on what it does best - the construction and management of defence-related facilities. The new solution proves that their entire organization is more secure than ever before, with enhanced security protocols and firewall capabilities enabling a smooth transition for staff to secure remote work.