Skip Navigation

Case Studies:U.S. Military Branch Seeks and Finds Expert Enterprise Guidance

The Challenge

A U.S. military branch was looking for enterprise IT as a service. They needed a partner with deep Azure expertise to design a secure and flexible system that could support not only the branch as a whole, but also its hundreds of bases with differing needs.

The Solution

AIS worked with a prime systems integrator to design, deliver, and support a highly secure polycloud Compute & Store infrastructure. Deeply experienced AIS engineers set up the system’s source code, servers, terraform, ansible, automation, pipelines, and security guardrails.

The Results

The branch and its bases are now better equipped to “lift and shift” mission workloads and applications, which helps them migrate to the cloud faster. The new system also helps them reach their branch-wide and base-level risk-reduction goals.

Kicking things off

The team needed a cloud-savvy partner who could assist with the finer points of the full design and help them bring it all to life. AIS was a natural fit, given our history of pioneering the implementation of enterprise services in Azure and AWS, our deep experience with large provider maps, and our previous successes in working with this branch of the military. We came onboard during the team’s conversations about architecture, and delivery got underway in the fall of 2019.

First things first

When the team received the green light to start on the work, we leveraged our extensive DoD experience building landing zones and embedded best practices as the foundation of the program. Rather than getting other teams started or diving into manual builds, we spent our first two-week sprint creating basic templates, establishing a source-code repository, and setting up the DevOps automation for quick, repeatable deployments.

Taking the time to lay this foundation helped us avoid snowballing technical debt that would be difficult to fix later. It smoothed our path for future sprints, and we were able to get everything done and support the productivity of other teams without creating any blockers. Plus, building automation into the system has empowered the team to redeploy quickly in the event of a crash and allows our engineers to provide even more value. The success of this approach unfolded in real-time, which sold the team on the value of establishing agile business practices and automation from the start.

Design and delivery

Once we’d laid the foundation for our work, we got started on the design and delivery of a polycloud system that would work across organizations—including eight bases—by integrating with existing directories of authentication, integrating with NIPRNet connectivity to other WAN sites, and providing the capability for bases to be split within the network. We designed and built the hub area for a massive hub-and-spoke network and determined what was required for it to pass rigorous security controls. We also interfaced with the on-premises side of the military through NIPRNet.

The benefits of a polycloud program

We helped the team determine the best Compute & Store cloud program to use. Based on the branch’s needs, we recommended and delivered a polycloud program. In a polycloud program, different parts of the branch’s workloads run on different platforms depending on what works best for that function.

This polycloud program offers several benefits, bringing the best of breed from the commercial cloud providers and evolving innovation to the end-user. Our polycloud approach uses cloud-access point (CAP) connections into NIPRNet, which effectively allows it to be an extension of NIPRNet, allowing the team to enable and safe-list more flexible connections.

It also provides the wireless area network (WAN) connection possibilities that make the polycloud model work. The polycloud model allows us to extend the type of interconnection and expand the program’s supporting area, unlocking options for data migration and line-of-business (LOB) connectivity that were previously out of reach.

The base-focused nature of the polycloud Compute & Store model also helps the branch achieve their risk-reduction goals all-up and at the individual base level. They were looking to move base-level workloads and applications to a cloud environment, and the polycloud model opens the door for different kinds of workloads to migrate to the cloud, including smaller infrastructure pieces such as print servers or building-specific workloads.

The design of the polycloud Compute & Store model also includes, at least in the near term, a third leg: VMware-based private cloud options. The branch can accomplish this by reserving actual private-cloud rack space or by layering VMware on top of AWS or Azure. Layering VMware over the cloud platform provides practical opportunities to “lift and shift” on-premises workloads wholesale with minimal code. Because the workloads are staying on the same VMware-style platform where they originated, with a consistent underlying hypervisor platform, the team can more easily move systems in bulk using scripts. When the branch needs to decommission an old data center, they can simply replicate the entire design to a different node rather than rebuilding it by hand.

Our customer-centered approach

AIS prioritizes our customer’s success in every engagement, and this was no different.

We provided high-end engineers who helped the team think through difficult engineering problems, and they quickly became critical to the overall program success. Throughout the delivery phase, these engineers provided hands-on-keyboard implementation, supporting multiple disciplines. And as design decisions came up, AIS provided engineering guidance to help the team understand the wider impact of those decisions and empowered the branch to accomplish its mission goals.

As we got further into delivery, our scope expanded to cover anything that was needed to ensure successful delivery. We set up an infrastructure automation pipeline; designed, constructed, and automated security guardrails. We provided the team with critical guidance that helped implement appliance-driven security stacks within the boundary of each provider that could handle packet inspection of traffic. We provided important Azure cloud platform experience to implement network routing and security. And when we introduced automation infrastructure as code (IaC) on the Azure side of the network, the team adopted our approach on the AWS side as well. The whole program is now running automation, which will save the branch time and money and empower them to deploy much faster in future scenarios.

The value of early partnership

The earlier AIS is brought in, the more helpful we can be and the more time we can help the team save. We’ve built a solid reputation as trusted advisers who can provide complete and secure solutions end to end, and we have a long history of experimenting with new technologies to gain experience and then scaling up and out as our experience becomes our expertise. We’re here to serve as caretakers and change-makers, helping you achieve your goals with a lean but powerful team of deeply experienced engineers who carry a pioneering spirit. When we join a project early on, we can lean into our extensive delivery experience and help the whole team anticipate needs and avoid risk to ensure the project’s success.

Seeking similar outcomes?

Learn how AIS can help you implement technology solutions that deliver real business results.

Contact Us to Get Started