The aim: building solid foundations
The decisive first step of Cloud conversion at GRTGaz was to set up a Cloud Centre of Excellence (CCoE), with the objectives of defining a technological framework and governance suited to the future platform. Maher Bouzekri, Head of the Cloud Centre of Excellence, says: “Our objective was to provide the Applications Managers with a framework for using the cloud while migrating the applications of GRTgaz to the public cloud”.
GRTGaz called on the expertise of Cloudreach to support them in this mission. With all its past experience and unique combination of certified AWS engineers and products developed in-house, Cloudreach provided GRTgaz support with technical decisions on structure (connection of datacentres, separation of AWS accounts, effective use of AWS services, and more).
In only a few months, the CCoE at GRTgaz, supported by Cloudreach Cloud Architects and Cloud System Developers, developed an automated Landing Zone suited to the needs of GRTGaz.
Standardising and automating rollouts to move faster
With a bank of collaborative scripts at its centre, that can be accessed by all and reused, the tools and processes put in place make it possible to create infrastructures in a 100% programmatic way:
- Automated creation of an AWS account by application and environment, to allow different work to be aligned with no risk of interference and give access to a tightly woven range of applications (in-house team or data managers).
- Construction of a common core for all applications with rules on security, alerts, logging rules etc. A modification of the core (a change to a security rule for example) is rolled out automatically over all accounts.
- Instantiation of configuration files to build resources that are specific to the application. To deploy its own infrastructure, the applications teams reuse the scripts available and modify the parameters that are specific to the application.
- Automation of deployment of the infrastructure and applications via pre-configured deployment pipelines.
“Thanks to AWS, we have completely automated infrastructure deployment, which enables us to make new environments available 10 times faster. Support from Cloudreach experts was an asset in making this stage a success.” Maher Bouzekri explains.
Confidence built on strengthened security and traceability
Automation does not stop at deployment. One of the fields where the benefit is felt the most is security!
By default AWS allows precise control of access modes: being able to impose the use of multiple factors to connect to the console, creating roles according to requirements, being able to access resources on a high-security basis via a “transient” bastion, where access self-destructs automatically after a given time.
By incorporating security rules by default in deployment scripts (encryption, logging infra logs, logs for access to the AWS API, detection of vulnerabilities …), Cloudreach expertise has made it possible to take automation and traceability up a notch. And to avoid any discrepancy between code and reality (in cases of modification via the console), Cloudreach has also developed a detection and alert tool.
“Our Security teams are an integral part of the Cloud Centre of Excellence and have worked hand in hand with the Cloudreach teams. For this, systematic security audits prior to commissioning have been put in place. Compliance levels are constantly rising in spite of the increase in requirements” Maher adds.
More robust for easing the load on Operations
After a few months of operation, experience shows that the platform is very stable and that there is a big falloff in Run activities.
Widespread use of managed AWS services cuts down on maintenance action and needs for expertise. This has not only allowed faster migrations (speed of implementation and excellent interoperability of different AWS services) it has also cut down on Run activities. In addition, automation set up by the CCoE makes it possible to greatly reduce manual operation work via automation of recovery mechanisms after incidents.
Final line of operational improvement: the new platform gives control back to the Applications Managers. This makes it possible to move from a regime of monitoring to one of alerts. So, setting up relevant alerts means that mobilisation only happens when it is really necessary (rather than having continuous supervision). The simple fact of eliminating the need to call on and seek guidance from an information manager is a direct and considerable saving.
“The promised robustness is delivered and the systems put in place are resilient. After a tuning stage where necessary (memory and CPU adjustment), there are no more infrastructure incidents. Thanks to this recovered confidence and the tools put in place with the collaboration of Cloudreach, we even see ourselves switching to a NoOps mode in the mid-term!” is the conclusion of Maher Bouzekri.
“Thanks to AWS, we have completely automated infrastructure deployment, which enables us to make new environments available 10 times faster. Support from Cloudreach experts was an asset in making this stage a success.”
Maher Bouzekri, Head of the Cloud Centre of Excellence at GRTgaz
About GRTgaz
GRTGaz brings industry-standard governance to its AWS platform to speed up its Cloud conversion
In France, GRTGaz owns and operates the longest high-pressure natural gas transportation network in Europe. With over 32,000 kilometres of pipeline, GRTGaz carries its clients’ natural gas with the highest levels of security, competitiveness and reliability.
Security, competitiveness and reliability are therefore the logical pillars of the Cloud conversion started in 2017. “To manage our growth and renew our resources, we had to make a massive reinvestment in our datacentres, or turn to the Cloud” is the explanation given by Hervé Constant, the Director of Information Systems at GRTgaz. “We decided to move to AWS for increased agility and for better time-to-market at the same time as ensuring flawless security and a high level of resilience in our applications”.