A small startup that develops farming LiDAR systems sought start producing military grade LiDAR systems for the DoD. However, there were several requirements that the company had to fulfill before they can bid for the DoD contracts. The company’s ambitions were frustrated when they learned that ITAR compliance was a necessity due to the sensitive nature of the technology. All the research, designs, test and prototyping data, and technical specifications had to be stored in ITAR compliant cloud platforms. Thus, the company had to migrate its EC2 instances and almost 15TB of data from AWS commercial cloud to platforms that met ITAR’s data residency requirements. After considering the pros and cons of AWS GovCloud or Microsoft Office 365 GCC High, they decided to migrate to AWS GovCloud Tenants. Because the company lacked the technical expertise, they contracted Cleared Systems to help with the migration.
Objectives
- To help the company achieve ITAR compliance by migrating to AWS GovCloud.
- To ensure the security and integrity of the company’s sensitive data during and after the migration.
- To minimize the downtime and disruption of the company’s operations during the migration.
- To optimize the performance and cost-efficiency of the company’s cloud infrastructure in AWS GovCloud.
Challenges
- The company faced challenges migrating a substantial 15TB data volume securely and efficiently from AWS commercial cloud to AWS GovCloud. Achieving this demanded a high-bandwidth, low-latency connection with encrypted data transit and at-rest verification. This complex transfer consumed time and resources, exacerbated by frequent network interruptions. Careful planning was crucial to avoid disrupting normal operations.
- Moreover, migrating several EC2 instances housing intricate applications and services to AWS GovCloud posed a challenge. Preserving functionality and data integrity required extensive dependency assessment and compatibility mapping between environments. Testing and validation of migrated instances demanded significant resources and time investment.
- Compliance with ITAR regulations added complexity, necessitating a stringent IAM system. Enforcing ITAR requirements—restricting access to U.S. persons, auditing activities, and reporting incidents—faced resistance from some employees, requiring adaptation time and training.
- The migration needed meticulous execution to maintain application and service availability and performance. Careful planning, scheduling, and continuous monitoring were vital to anticipate and resolve migration-related issues promptly.
Solutions
The migration process was executed and completed in two phases— the actual migration and ongoing support.
Migration
- Cleared Systems tackled data transfer by utilizing AWS DataSync, an automated data movement service that expedites transfers between AWS environments while ensuring encryption and data integrity verification. This approach facilitated a timely and secure transfer from the company’s AWS Commercial tenant to AWS GovCloud.
- For replicating and migrating EC2 instances, our team deployed AWS Server Migration Service (SMS), automating the process across AWS regions. SMS captured instance configurations, data, and states, creating customizable AMIs in the destination region. This service also provided a comprehensive console and API for efficient migration management and monitoring.
- To enforce ITAR compliance, we leveraged AWS Identity and Access Management (IAM). IAM enabled precise control over user access, restricting it to U.S. persons. Policies were tailored for access restrictions, auditing, and logging activities, complemented by enhanced visibility through CloudTrail and AWS Config.
- Utilizing AWS CloudFormation, Cleared Systems systematically managed infrastructure migration to AWS GovCloud. This service streamlined resource management via templates, facilitating dependency definition, resource configuration, and template testing before deployment. CloudFormation’s stack set feature further eased template deployment across various AWS tenants and accounts.
Ongoing support
In phase two of the project, we offered the company continued support and maintenance with our Managed Services. By leveraging our robust Managed Services, the client gained greater visibility over the cloud environment to promptly identify vulnerabilities and remediate security threats. These Managed Services capabilities included:
- Weekly Check Point Calls
- Using AWS Security Hub
- Managing traffic and monitoring for any anomalies and vulnerabilities
- Recording and reporting of traffic trends to the company through Executive Business Reviews (EBR)
- 24X7 NOC Support
Our Managed Services teams continue to take proactive measures to ensure the health and security of the company’s AWS GovCloud environment.
Results
- Cleared Systems successfully migrated the company’s data and EC2 instances to AWS GovCloud, ensuring secure and efficient processes. The data transfer met the company’s timeframe, with replicated EC2 instances experiencing no data loss or functionality issues. This achievement ensured heightened data security and integrity, facilitating faster and more reliable data access and processing within AWS GovCloud.
- The transition enabled the client’s AWS GovCloud infrastructure to comply with ITAR requirements, restricting sensitive data access to U.S. persons. Auditing and logging activities provided visibility and compliance reporting, significantly enhancing incident response capabilities.
- Moreover, optimization efforts in AWS GovCloud led to improved cost-efficiency and performance. By aligning resource choices, including capacity scaling and adherence to best practices, the company reduced AWS spending while enhancing performance and security leveraging AWS features.