How DHS moved its network to the cloud
For agencies looking at migrating their network operations, Damon Bragg has some advice.
“Don’t boil the ocean, don’t try to do it all,” said the service operations manager of the Homeland Security Information Network. “Unless you have very deep pockets and there’s no real timeline, have at it. I don’t know that project.”
A year after migrating the Department of Homeland Security’s information network and its services to a secure cloud environment, Bragg told an audience at the Amazon Web Services Public Sector Summit Wednesday that the key was to always keep the project moving forward.
HSIN, which has more than 95,000 users both across DHS’s agencies — as well as state, local and tribal first responders — was designated for a cloud migration pilot first in January 2016.
The move was made more complex by the requirement that the cloud service have a High certification from the Federal Risk and Authorization Management Program, or FedRAMP, because of the network’s sensitive information about agency operations such as cyber-intelligence and counternarcotics.
Bragg said that the certification requirement led DHS to contract with AWS and begin a process to migrate the data of its enterprisewide network to the cloud without losing service.
“Our system can’t be down,” Bragg said. “So how do I migrate? There was not a backup system for HSIN when we were in a data center. So we had to communicate with our stakeholders, ‘What do you need? What’s the minimum service I can provide you to help us get to this point where we can provide you with amazing service?’”
Figuring that required the HSIN to hammer out the potential risks posed to the network as a result of the migration, including potential connectivity outages, maintaining operational responsibilities upon leaving the data center, adjusting to infrastructure as code and a host of other things. Bragg said his team had to adjust to keep moving.
“We spent almost a year trying to automate everything. And at some point, it was just too much,” he said. “For me, I’m an old-school IT guy. I need movement. I need to see activity. I prefer to see a box with blinking lights. I’m starting to accept this cloud stuff.”
So the HSIN decided to focus on the critical applications it needed to maintain the network and the project’s momentum. Even then, Bragg said the security considerations required even more consideration, causing a five-week shift in the migration’s timeline.
“If you are going to the cloud and you have to accredit your system, get out in front of security immediately,” he said. “Lock arms with your [Information Systems Security Officer] and your [Information Systems Security Manager] and buy them lots of dinners.”
But when his team began the migration in 2017, Bragg said that he was surprised what was budgeted to take days was completed in seven hours. While DHS had to align data on the cloud system, the improved performance of the cloud network was apparent.
“Before we had truly optimized anything, we saw tremendous performance improvement with our instructor in GovCloud,” he said. “I’ve managed quite a few IT projects, this was by far the most successful I think I’ve been involved with.”
The move didn’t happen without some hiccups, including what Bragg described as a brief “self-inflicted” system outage following the migration, but overall all has been pleased the move and is now sharing best practices with other agencies.
“Everyone’s now curious, ‘How did you guys do that? What did you guys do,’” he said. “Truthfully, we didn’t do anything other than stick to good IT practices, good project management and don’t boil the ocean.
“Once we started to do that and we got into a really good rhythm, we were able to achieve our objective.”