Amazon Federal Government Cloud

Image representing Amazon Web Services as depi...

Image via CrunchBase

Federal CIO Vivek Kundra instituted a “Cloud First” policy. Policy states that agencies “must migrate three applications to the cloud within the next 18 months”Amazon Web Services created Amazon Federal Government service to help agencies comply with this and similar initiatives.

What is AWS GovCloud?

AWS GovCloud is an ”Amazon Web Services Region designed to allow US government agencies and contractors to move more sensitive workloads into the cloud by addressing their specific regulatory and compliance requirements.

AWS GovCloud is physically and logically accessible by US persons only, government agencies can now manage more heavily regulated data in AWS while remainingcompliant with strict federal requirements.

AWS has received Federal Information Security Management Act (FISMA) Moderate Authorization and Accreditation from the U.S. General Services Administration.

With the addition of FISMA Moderate, the AWS security and compliance framework now covers FISMA Low and Moderate, PCI DSS Level 1, FIPS 140-2, ISO 27001, and SAS-70 type II. AWS also provides an environment that enables businesses to comply with HIPAA regulations.

Many AWS services are now available in AWS GovCloud:
Amazon Elastic Compute Cloud (Amazon EC2)  delivers scalable, pay-as-you-go compute capacity in the cloud; this is where your virtual machines and instances will be hosted.

Amazon Simple Storage Service (Amazon S3) – provides a fully redundant data storage infrastructure for storing and retrieving any amount of data, at any time, from anywhere on the Web; you can think of S3 as unlimited cheap disk based storage, an ideal replacement for tape.

Amazon Elastic Block Store (EBS) – provides block level storage volumes for use with Amazon EC2 instances. Amazon EBS volumes are off-instance storage that persists independently from the life of an instance; EBS volumes will be hosting your file systems and data.

Amazon Virtual Private Cloud (Amazon VPC) – provision a private, isolated section of the Amazon Web Services (AWS) Cloud where you can launch AWS resources in a virtual network that you define.

AWS Identity and Access Management (IAM) – enables you to securely control access to AWS services and resources for your users.

Amazon CloudWatch – provides monitoring for AWS cloud

Amazon is offering variety of instance types ( including dedicated instances ) and charging models to help you pick and choose i.e. tailor services that will best fit your particular needs.

What to migrate first ?

It is relatively easy and painless to migrate your applications to AWS. It typically takes around two weeks for medium complexity application to have it up and running in AWS.

You will need to come up with the list of applications best suited for cloud migration. Our experiences show that you can safely start with less mission critical, relatively self-contained applications and then progress towards more complex deployments. Systems we recommend to be migrated first are:

– software build/deployment system

– time & attendance

– monitoring systems

– asset tracking & verification

– vendor payment system

– recruiting systems

– ldap sync system

– internal blogging system

Other uses

Virtual Private Cloud is an ideal destination for tape replacement disk based backups. Some vendors ( Oracle, for example ), already created products which enable simple RMAN redirections to AWS S3 storage for backup purposes.

Building your DR site in VPC cloud is another type of AWS use that is a natural fit for the public cloud. AWS is inherently remote destination and certified to host a wide variety of software.

Databases on DR side are in Data Guard configuration with a primary site and actively apply archive log files shipped from there. Pay per use, scalable Amazon Cloud model makes it an attractive alternative to creating and maintaining your own DR site. During normal usage you will use only as many resources  CPU, memory) as is required to keep Oracle Data Guard active. Once disaster strikes you can switch over to DR site, add CPU and memory to your database and make it able to withstand regular load until primary site becomes functional again. As soon as primary site is repaired then new switchover can be initiated to fall back to the original configuration i.e. Amazon AWS again becomes your DR site.

AWS is also offering Multi A-Z zones – a Relational Database Service feature . A simple click will suffice to create an Oracle or MySQL physical standby database – an exercise which easily takes a day or two if done manually, even by an experienced DBA. Your primary database will thus be instantly protected by a robust standby database. When database is created or modified to run as a Multi-AZ deployment, Amazon RDS will automatically provision and manage physical standby database in a different Availability Zone. Availability Zone is independent infrastructure in a physically separate location.

Read Replica is an AWS feature that addresses one of notoriously difficult problems in RDBMS world – horizontal scaling. Single click will create read-only replica of your relational database that can be used for query purposes, thus offloading main database server for OLTP activities.

Oracle RMAN  (Recovery Manager) catalog database contains backup metadata for all enterprise wide Oracle databases. Each database backed up through RMAN needs connection to a central backup repository database. RMAN catalog  is purged and maintained by removing obsolete backup records, crosschecking with existing media etc. If central repository grows too big then backup performance will suffer since it will take too long for RMAN to locate metadata.

Amazon Web Services gives us the ability to quickly and easily create either brand new RMAN catalog database or move an existing catalog to it.


There is a wide variety of applications that can make immediate use of great AWS GovCloud. Amazon practically defined cloud computing. Big shift towards Cloud environment has started. It is now clear that this change is similar in magnitude to the shift from mainframe to client-server computing two decades ago.

Amazon Web Services is the pioneer and market leader in Cloud computing space. Other vendors are playing catch up and do not come close to the breadth and scale of AWS offerings. Services and features Amazon provides are quite extensive and cover many of the enterprise-class computing needs. APIs and command line interfaces are available for each service, which makes scripting and automation achievable. Documentation is publicly available and there is large ecosystem of organizations and individuals proficient in use of AWS.  Amazon Web Services unsurpassed global presence and size makes it an easy choice for government Cloud IaaS provider.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: