Last year, the UK’s Government Digital Services team (GDS) announced their intention to decommission their popular AWS Platform as a Service (PaaS), available to all Government departments.
This leaves those using the GDS service with a limited window to find an alternative. If they can’t migrate to a new service before the deadline, they risk public service downtime. However, if they rush the transition, they might create increased security risks or suffer from performance degradation.
GOV.UK PaaS was established in 2015, it is an AWS platform designed to help public sector teams quickly and securely deploy applications to the cloud. By using GOV.UK PaaS, teams didn’t need to build, operate and maintain their own AWS infrastructure, instead focusing on application development.
In a July 2022 blog Tom Read, CEO of GDS stated “GOV.UK PaaS has not seen the rapid and continued growth that we’ve seen with some of our other platform products and is now at a point where we either invest heavily in some significant technical architecture changes, or we make the difficult decision to sunset the product. We have decided to do the latter, and GOV.UK PaaS will be decommissioned over the next 18 months.”.
What does this mean for GOV.UK PaaS users?
Well, it’s simple in theory – within the next 12 months, departments need to migrate their services from GOV.UK PaaS onto an alternative cloud platform. In reality that is no simple undertaking, building a new secure platform could take months and, if the workloads are live services the transition process must be seamless.
GDS states that by 23 December 2023 all services hosted on GOV.UK PaaS will need to be migrated to an alternate hosting platform as access to the service will be terminated. All data will then be permanently deleted on 28 February 2024.
Successfully migrating from GOV.UK PaaS
Migration complexity will vary dramatically from one project to the next, however, the methodology stays somewhat consistent. How you best follow that process will depend on your in-house skills and available resources. When planning for life after GOV.UK PaaS, Cloudscaler recommends the following:
1. Preparation and planning (which includes design)
- Understand the existing GOV PaaS infrastructure and services – what bar do you need to reach?
- Document the services and environments you have deployed onto GDS PaaS.
- Research AWS landing zone best practices, AWS services have evolved since the GDS platform was created and it’s likely you can benefit from this progress.
- Research options for landing zone products that can help you accelerate the build of your own solution.
- Capture any additional requirements for your new platform – from assets and services to tooling – also consider the controls needed to ensure you create a robust platform (not just for security but also controls for data, IT operations, and financial optimisation).
- Document your target architecture and, if necessary, re-confirm the cloud provider you want to use.
- Choose how you will resource your cloud team. It’s important to recognise your cloud platform will require ongoing maintenance to benefit from the evolution of cloud services and to prevent the accumulation of technical debt.
2. Build a secure landing zone
- Secure a team to build and operate your cloud platform then agree ways of working and delivery tooling.
- Implement the landing zone. Consider taking an iterative approach which prioritises critical elements to enable low-risk workloads to start the migration, before implementing additional landing zone features.
3. Proof of Concept(PoC) / testing
- Testing is crucial – once your landing zone is available, migrate a simple workload to test performance and compliance with IT, security, and cost controls.
4. Plan for and migrate remaining workloads
- Leverage your PoC learning and execute the migration of all remaining services and workloads. This process can take months so a successful PoC must be conducted quickly and effectively. You’ll then need to plan other migrations carefully.
Creating a new cloud landing zone – build or buy?
Crucial to the success of migrating from GOV.UK PaaS will be the robustness and security of your target platform. Landing zone products from the major public cloud providers go some way to helping build a new platform however out-of-the-box options often lack key features and controls needed to run sensitive workloads in the cloud.
It is possible to build on top of a landing zone to improve security, IT, and cost controls, as well as the associated guardrails, but this approach isn’t without pitfalls and could delay your cloud migration. Building is a high-risk option that is likely to take more than a year. Even with an abundance of time, building a platform is only an option if you have access to the skills and expertise required.
The alternative is to work with an experienced cloud specialist with their own landing zone product, likely, this will ultimately reduce costs. With less than 11 months until GOV.UK PaaS is decommissioned this may be the best option for most tenants.
Critical success factors
In addition to the time constraints, when migrating from GOV.UK PaaS there are other considerations which require careful thought and planning for your migration to be successful:
- Introducing new cloud infrastructure impacts your technology strategy. How will your existing technology organisation need to adapt to the introduction of a new infrastructure stack? Will the operating model need to be updated? Will your support services and SLAs be impacted? Will your existing governance and approval processes require changes? Can you make further improvements by harnessing the benefits of the cloud?
- Building and managing cloud platforms requires resources with specialist skills. Do you have people with the necessary skills or do you need to hire new? Do existing areas of your organisation require cloud enablement training? Given the competitive nature of the cloud market, will your existing recruitment processes support the transition? Will you need to reconsider new career paths and bandings?
- Communication will be critical. The success of any change depends not just on technology and processes but also on people. Stakeholders inside and outside of your organisation will be impacted by this transition. Training teams less directly involved with the platform is often overlooked. This can include but is not limited to finance, IT operations and developers.
Cloudscaler can help
Cloudscaler specialises in helping organisations scale their use of AWS by building, designing, and operating business-critical AWS platforms. With 10+ years of experience of delivering for enterprise organisations in highly regulated markets, we can help you to successfully migrate off GOV.UK PaaS to a platform fit for your needs.
Cloudscaler’s Enterprise Cloud Platform (ECP) can dramatically simplify and accelerate your migration. ECP provides a preconfigured AWS landing zone which delivers platinum-level AWS architecture, controls, services, and tooling out of the box – allowing you to benefit from our experience. ECP is deployable in less than 24 hours and is available as a product or a managed service, helping you to overcome the time and resource challenges presented by the decommissioning of GOV.UK PaaS.
ECP can also be implemented as a multi-tenant solution for situations where government departments wish to continue sharing a platform to further reduce overhead and complexity – similar to GOV.UK PaaS.
Cloudscaler offers a no-obligation workshop to help you work through your migration options and plan your approach.
To book a workshop, find out more about how we can support your journey or request a demo of Cloudscaler ECP, get in touch now: contact@cloudscaler.co.uk.
