Rather than running our own room full of servers, or worrying too much about physical computers, we have chosen to run GOV.UK on an Infrastructure as a Service (IaaS) platform. What does that mean and why did we make that decision?
What is an Infrastructure as a Service?
There are lots of highly technical or unfriendly descriptions of what an Infrastructure as a Service is, but for GDS it's quite simple:
- A supplier runs and supports the physical hardware, underlying network and the hypervisors that power the virtual machines
- GDS developers and our web operations team can summon virtual servers at will, often using code we've written to talk to APIs from the IaaS provider
- We pay for what we use, so we can bring up more machines for testing purposes or to meet extra demand. When demands drops again we can decommission those extra virtual servers and only pay for the time we've used them for
Servers are livestock, not pets
One common result of using an Infrastructure as a Service is you scale out with many small identical 'virtual servers', rather than scaling up with bigger and bigger physical servers. The term 'virtual servers' essentially means that each physical server has several operating systems running in parallel, each of which looks like a distinct physical server to the software running on it.
This approach requires automation to manage, as we want to bring up a fully configured web or database server quickly, and stop using it just as rapidly. This leads to a strong desire to avoid single points of failure, which is a good way of preventing dreaded downtime.
Infrastructure as code
The APIs generally made available by the IaaS providers allow for another advantage - namely that we can describe all our server configurations, and even the network topology, in code. That makes it easier to manage, review and reuse and we avoid time consuming and error prone manual processes too.
Don't do everything yourself (you can't)
Another reasons for having a third party operate our physical servers, and the data centres they run from, are based on simple economics. The costs of running even a small data centre are huge, and we'd need very specialist skills within GDS to accomplish an acceptable level of service. Specialist private companies offer great services in this area already, so it makes sense to take advantage of the market.
Why not PaaS?
We're very interested in the concept of a Platform as a Service too, but it's very early days in this market - especially when we take into account the interesting security challenges we face in Government. We'll definitely keep an eye out in the future though.
12 comments
Comment by hcg recall posted on
I needed to thank you for this good read!! I certainly enjoyed every bit of it.
I have you book marked to look at new stuff you post
Comment by Damon Austin posted on
It's good to see a success for the adoption of a cloud offering out there in the government sector.
Something I'd like to know more about is how the change has impacted your IT people resources? i.e. employee numbers, roles, skills etc. Have they increased, decreased, stayed the same?
These must have shifted somewhat to support a more development and / or scripted orientated IT skill set, right?
How did you migrate your existing internal infrastructure and services on to the external hosted IaaS offering?
What impact did this large service change have on your application and infrastructure architecture?
So many other questions, but I'll keep to the few above for now so as not to overload you.
Comment by アディダス スニーカー posted on
Hiya! Quick question that's entirely off topic. Do you know how to make your site mobile friendly? My weblog looks weird when browsing from my iphone4. I'm trying to find a theme or plugin that might
be able to correct this issue. If you have any suggestions,
please share. With thanks!
Comment by Chris Jackson posted on
Did you considered running the hypervisors yourselves, on hardware owned/managed by others? We think this is a good middle ground between IaaS and the pain of managing physical hosts.
Our analysis suggests this approach saves ~65% of cost vs. IaaS (as least for our moderately high resilience and infosec requirements), doesn't add massively to the sysadmin workload/range of skills, and gives more fine-grained control over VM characteristics.
We've not made the leap off IaaS yet, so really interested to hear other experiences.
Comment by Rahul Bajpai posted on
Quite an interesting and informative post on how government is outsourcing infrastructure needs and bringing the cost down. It would be interesting to know that how this new strategy plans to meet the challenges posed to govt. digital infrastructure by state and no-state actors.
I wonder is this post ruling out the dreaded downtime after the switch over?
Comment by Gareth Rushgrove posted on
We've approached the security challenges in a number of different ways, in particular making use of the existing CESG assurance and accreditation processes. The hosting and infrastructure services we're working with have been procured through the G-Cloud framework which works with the Pan-Government Accreditors to ensure they meet the stringent needs of Government.
Comment by Scopulus Business posted on
If goverment are not going to run their own servers and go on a cloud then the goverment should have a cloud only for gov websites. Each paying a contribution.
If the private sector is better than goverment in terms of security then maybe we should vote for them rather than a political party.
We don't want to hear excuses in the future that it's there fault not yours.
Comment by Gareth Rushgrove posted on
It's not a matter of Government not running any servers, but rather that we have taken this approach for GOV.UK. In fact for both DirectGov and BusinessLink the hosting and technical operations were outsourced. The suppliers we are working with are actually doing exactly what you describe too, running a community cloud aimed at meeting the needs of the UK Government.
Comment by Scopulus Business posted on
Thank you for the clarification. I am still not sure whether you have jumped the gun. The road you are going down now will mean that soon, many very important operations (official operations, applying for driving licences, passports, voting, immigration, taxes, etc.) will in effect be done by the private sector (or at least they have access to ALL the information), then my argument still stands.
They will surely in the end have more power then you.
I may be naive but I fear I am not in thinking that the government is supposed to have security beyond the private sector; yes, I know the knowledge may be sourced from the private sector, but then it is managed.
Cost should not be the most important factor in the government going digital program. It's far to important.
Comment by Steve Cliff posted on
Can I ask if you are using an accredited service (IL2 or IL3) or not ? This is a confusing area and often seems like 'wading in treacle'. I'm interested to know how you approached this challenge.
Comment by TonyHeritage posted on
Beta was running on Amazon at the start of the year. Not sure if moved to new GCloud service. All data on beta was IL0 and no real worries on integrity/availability so no problem there! No quite the same when the site is the real front door to UK Gov.
Comment by Gareth Rushgrove posted on
GOV.UK is composed of many small parts, with a range of Impact Levels up to IL3. For those not familiar with the concept these represent the risk associated with the confidentiality, integrity and availability of the system in question. We've learnt a huge amount about this area over the past year and I'd personally love to get some time to document that in a clear and understandable way in the future.