Project Overview

Over the past two and a half years, AIS has had the opportunity to support a large client with a cloud-based platform providing a centralized identity management solution for its customers. As the platform has matured, AIS has been an integral part of providing support to the cloud infrastructure that comprises the solution. The following is an overview of our experience on this project.

Delivery

AIS joined the project shortly after the initial rollout of the cloud infrastructure and began the task of identifying areas of improvement for long-term sustainability of the environment. This began by performing an initial audit of the environment to establish a baseline from which a backlog of activities was created for the team to deliver. By creating a baseline, a pattern was established for incremental capability development. Following these activities, our team was able to identify and deliver several solutions, including:

  • Workload inventory – Including resource discovery, tagging, and the creation of Azure workbooks that identify and categorize resources across the cloud enclaves.
  • Monitoring – implementation of resource monitoring and alerting to increase visibility within the environment.
  • Security and Compliance – Identification and implementation of Azure resource logging and analysis with Azure Sentinel. Development of custom Entra ID groups and Access Packages to grant access to resources based on functional roles within the project.
  • CI/CD Pipelines – Creation of automation to build and deploy containerized applications into Azure Kubernetes Services (AKS).
  • Documentation – Development of SOPs and technical diagrams that confer knowledge of the environment to stakeholders.

Capabilities

Through the implementation of these solutions within the cloud environment, new capabilities were delivered, most notably a movement towards operational readiness: the environment was ready for long-term sustainment.

  • Operational Readiness – Heightened insight into cloud workloads, their scoping, and associated costs.
  • Responsiveness – The implementation of monitoring and alerting solutions improved incident response time and general service availability.
  • Repeatable Deployments – Containerized workloads that comprise the environment are built and deployed through CI/CD pipelines within a centralized source control management platform providing consistency and reliably.
  • Enhanced Security – The security posture of the environment was heightened through SIEM tooling and access control mechanisms.

Looking Ahead

As with any project, each environment poses unique challenges and requirements, demanding solutions tailored to meet these constraints. As solutions were delivered, AIS engineers gained valuable experience that can be leveraged in the future for support or new projects. Some examples that stand out are implementing logging between Azure Commercial and Azure Government, integration of Azure Key Vault secrets into AKS containers and developing a configuration-as-code approach to containers.

Delivering these solutions has helped AIS position itself as a key resource in the ongoing support of the project, and we hope to continue to provide a high-level of value to them in the coming years.