About the Client:

Department of Transportation supports all forms of transportation. The department is soley responsible for planning, building and maintaining a network of state highways and interstate highway systems as well as. The DOT promoting and financially supporting statewide air, rail, and water transportation. In addition, the department shares the costs of building and operating county and local transportation systems including- from highways to public transit and other modes. The DOT promotes and financially supports statewide air, rail, and water transportation.

The DOT oversees a comprehensive transportation system that includes about 12,000 miles of numbered state, federal and Interstate highways, about 14,000 state bridges, 76 public bus and shared-ride taxi systems, 132 public-use airports, 20 commercial ports, and 3,600 miles of railway track.

The department is made up of five executive offices and five divisions organized according to the transportation function.

Executive Offices: General Counsel, Inspector General, Management and Budget, and Public Affairs.

Divisions: Business Management (DBMB), Motor Vehicles (DMV), Transportation Investment Management (DTIM), Transportation System Development (DTSD), State Patrol (DSP).

The Challenge:

Apart from a few vendor applications, DOT had custom-built applications and had their own data center to meet their above needs. Their IT shop creates, maintains, and hosts all their applications. There was a bill passed 10 years back to centralize all data centers to a new data center which is maintained by an agency called the Department of Enterprise Technology. Department of Enterprise Technology now hosts and maintains the application servers, database servers, DNS servers, storage, etc. Since consolidation of all the agencies the workload to DET data center, over the years without automation and fewer staff resources, their data center went into maintenance mode rather than advancing in technology. This started affecting innovation in agencies, especially DOT.

DOT wanted to move away from maintenance mode to start innovating and bringing more value to the above customers. DOT started a DevOps initiative to improve processes, culture, and automation.

While the other divisions are working towards fixing existing processes and culture; the IT department wants to be innovative and rethink processes to take advantage of new tools available in the market, to automatinge their workloads.

Why AWS:

Most of DOT’s applications are written in Java and .Net. With tools like Kubernetes and CI/CD, they want to focus more on delivering new features to the customers. Using With more shift left testing, they are planning to eliminate errors in production by capturing them beforehand.

DOT did a proof of concept to evaluate different cloud vendors and with the above requirements, service offerings and pricing, AWS is mature and fits the need. DOT is currently building a data center in AWS.

Due to a few restrictions on Government policy and bills passed. They are not allowed to leave the data center, hence, DOT is doing a Site-to-Site VPN connection to let all the traffic go through the data center and have the workloads run in AWS Kubernetes environment.

EKS, Route 53, S3, Codedeploy, Cloudformation, EC2 instances, IAM organizations and policies, cloud trail, guard duty, etc. are some of the many services DOT will be using to fulfill their needs.

The Benefits:

One of the main requirements, all their traffic needed to go through the on-prem data center with private access. That means their traffic is allowed only from on-prem and no public access allowed, except for AWS Console.

EKS: By Amazon managing the master node, which can be set to private access, this meets DOT’s requirement of private access between on-prem and AWS was satisfied. The traffic within the VPC is only allowed to talk to the master node, no public access. All the worker nodes will be in Private Subnets and will be communicating to the master node within the VPC. AWS EKS helps DOT with the orchestration of applications including auto-healing, auto-scheduling, automated rollouts and rollbacks, and horizontal scaling and load balancing capabilities for their applications. This allows them to release more features.

S3: With the nNeed for persistent storage for Infrastructure as Code, Continuous Deployment and Logs, S3 is ideal having with options of limiting access with endpoints. This is needed and used as a storage for any services used.

Cloudformation: Immutable infrastructure is achieved wWith Stacks and many available templates, immutable infrastructure is achieved which helps us in updating and replacing old applications and their versions. Thus, saving time and automating infrastructure, helping the DOT to move away from maintenance mode and reducing manual resources allocated for services health.

Ec2: Runs workloads for DOT, with the option to pay for only what they use and auto-scaling. AutoscalingThis was a much needed benefit service for the DOT, helping them lower costs by paying for only time used. time and autoscaling, An additional benefit was along with gaining the ability to quickly recover from production issues.

Security: With Organization Units, helpeding the DOT to stay secure by limiting services, with flow logs, and Cloud trail to see activity across the account. Security is one of the main aspects which was also achieved by AWS services.

Route 53: We use resolver endpoint for DNS queries.

CloudWatch: Monitoring of logs and notification system for Infrastructure Admins.