Insights

Bringing Defence into the Cloud

Sean Hilton — 10 September, 2021

The COVID outbreak has affected the actions and operations of almost every business. The government and defence sectors, of course, were no exemption. The pandemic essentially forced every worker who could, to work remotely and collaborate electronically. In an industry such as defence, rigid security restrictions and requirements naturally made modernising systems and applications more complicated and expensive. What’s more, in the traditional, highly-secure, on-premise world, working remotely required use of cumbersome VPN connections to securely access on-site resources, and audio-visual conferencing abilities, while mature and available onsite, were limited for those working offsite or from home.

When our defence client was looking to implement solutions to meet this need – with restrictions in place – this presented a massive undertaking and the decision was subsequently made to start from scratch with new equipment and separate networks.

A high-level design existed, revolving around an on-premise “out of the box” Azure Stack to deliver these new functionalities. This design included key criteria for requirements, expectations and performance, however, low-level decisions had not been fleshed out and critical challenges regarding how key pieces would communicate and hang together needed to be thought through, planned out and decided upon.

Before the start of the pandemic, Chamonix had already established itself as a leader in digital transformation, designing and building solutions for many customers to enable working from home, teleconferencing abilities, and online collaboration, while keeping corporate assets and company data protected, so we were well positioned to be involved in an upgrade of this scale. I was incredibly excited to be included in the team selected to develop this platform.

So, what’s Azure Stack?

Azure Stack is a portfolio of products that extend Azure services and capabilities to your environment of choice – from the data centre to edge locations and remote offices. This provides the ability to run your own private, autonomous cloud – connected or disconnected with cloud-native apps using consistent Azure services on-premises.

Figure 1: Azure Stack Possible Configuration

Why is Azure Stack Important?

When it comes to data involving national security, a key focus and requirement is Digital Sovereignty, or Data Localization. That is, government and defence secrets must be stored within Australian boundaries, as well as tight controls on that data around where it is stored and how it is used.

Azure Stack enables a business to create their own “cloud environment”, managed entirely within datacentres they control, providing the security of traditional on-premise infrastructure, combined with the flexibility and functionality of modern, cloud infrastructure.

Chamonix, in partnership with key cloud and defence partners, took a lead role in designing and deploying a highly available on-premise environment integrated with an Azure stack instance to deliver highly secure Cloud functionality, including adherence with the Essential Eight Maturity Model and IRAP accreditation to PROTECTED.

The solution we helped to implement provided 365 functionality such as Microsoft Teams and SharePoint, that enabled remote collaboration not just within an agency, but between separate agencies and organisations who needed the ability to share documents and work together on projects which could span multiple departments and require input and expertise of private corporations. This was kept secure through use of a self-managed Azure Stack and through the use of strong security measures which was overseen by a central ‘master tenant’ to manage ultimate control of any sub-tenants ability to access systems, keeping data ultimately in the hands of the defence agency whilst enabling secure collaboration and data sharing between trusted organisations.

As a first major deployment project, this was an incredible opportunity to get hands on with top-end equipment and configuration of such an intricate and complex solution, and I’ve gained a tremendous amount of knowledge from the process and grew incredibly in confidence.