SearchLanguageMobile menu

Services and Architecture of Next Generation Government Cloud Services

1. Introduction

A proposed Next Generation Government Cloud (GovCloud) will be implemented and launched by 2020. Apart from implementing a reliable “private clouds” services, it will also make use of those “public clouds” services which are more flexible, more elastic, and in compliance with government security requirements. The new platform will provide the following central services with economies of scale:

Central Service Details
(a) Infrastructure as a Service (IaaS): Servers, storage, network resources, cloud management platform and related services for operation, maintenance and support
(b) Platform as a Service (PaaS): On top of IaaS, providing system software, application servers, database management system software and related services for operation, maintenance and support
(c) Services and Tools for Supporting Agile Development, Cloud Native Application Architecture: Agile development technologies, including central application programming interface management, containerisation, continuous integration and continuous delivery technologies, etc.

2. System Architecture of Next Generation GovCloud

An eight-layer system architecture is proposed for developing the next generation GovCloud services:

  • An eight-layer system architecture

  • Layer 1: Data centre resources
    The data centre resources to be adopted include the data centre facilities, the human resources and the processes of operating the data centres. The next generation GovCloud infrastructures may be hosted either in government or commercial data centres, or both. These data centres should also have sufficient availability, information security setup, measures and management, in meeting the requirements of HKSAR Government.

  • Layer 2: Network fabric
    Network fabric across data centre networks will be built to support multitenant network segments across data centre networks. The network fabric layer will apply network virtualisation and software-defined networking technologies to enable virtual networks spanning across different data centres with logical network configurations independent of physical locations. To achieve that, the network fabric layer will deploy according to virtual network technology standards.

  • Layer 3: Cloud infrastructures
    The cloud infrastructures of government cloud will virtualise physical IT resources such as CPU, storage, and network to support resources sharing and optimisation of IT resources utilisation among different systems and applications of the government. The cloud infrastructure layer to be built will comprise of one or more virtualised infrastructures integrated in the cloud environment for enabling cloud services at the upper layers. With the network fabric, the next generation GovCloud will be able to extend to cover different cloud infrastructures independent of physical locations to improve the overall service agility and reliability.

  • Layer 4: Cloud management platform (CMP)
    The CMP layer to be built will provide a unified platform with single sign-on access for users and administrators to access, manage, and monitor cloud resources in different cloud infrastructures. It will orchestrate and automate resource allocations and deallocations according to actual needs of future digital government services and respective IT systems. It will also manage both private and public cloud infrastructures for secure provisioning of both private and public cloud resources and services to application systems.

  • Layer 5: Infrastructure as a Service (IaaS)
    The IaaS layer will provide virtualised IT infrastructure resources as virtual machines for installation of the software stack of the government application systems. It will provide a self-service portal for government users to access the infrastructure resources (e.g. compute, storage, and network resources), and a standardised API interface for applications to automate resource allocation and configuration (through Infrastructure as Code). IaaS may be provisioned in different resource pools, each with different service levels in terms of reliability, agility, and security. In addition, a data analytics resource pool will also be added to support data-centric requirements, such as big data analysis and artificial intelligence. This data analytics resource pool will also provide GPU compute capability and high storage capacity across private and public clouds.

  • Layer 6: API management and gateway
    The next generation GovCloud will implement a central Application Programming Interface (API) gateway for B/D applications to consume shared services / APIs so as to ease application development and operation. The API management and gateway layer publishes, versions, manages, and secures PaaS APIs to facilitate sharing and reuse of common services.

  • Layer 7: Platform as a Service (PaaS)
    The PaaS layer will provide platform services on top of IaaS for application systems of bureaux / departments (B/Ds) to make use of the platform services without implementing, maintaining, or directly administering infrastructure resources by their own. Traditional PaaS, such as Database as a Service, application servers, and etc. (classified as Mode 1) will improve the ease of development, the reliability and the operational efficiency of government applications. Other PaaS (classified as Mode 2) such as Container as a Service, DevOps tools, and etc. will provide new application capabilities, such as auto-scaling, and to significantly reduce the time-to-launch through agile application development. In addition, a data analytics PaaS will be built to support the development and operation of data-centric applications such as big data analytics.

  • Layer 8: Software as a Service (SaaS)
    The SaaS layer will allow B/Ds to share their application systems for use by other B/Ds to save the effort and time to implement and maintain the same by different government B/Ds. The SaaS layer will deliver government applications as cloud services, using the underlying IaaS and PaaS. In the short term, B/Ds may lift-and-shift traditional applications from non-cloud environments to next generation GovCloud. In the long term, to fully leverage the cloud advantages, B/Ds should develop cloud-native applications as SaaS running on next generation GovCloud such that the benefits of cloud (e.g. agility, reliability, etc.) can be fully enjoyed. Individual SaaS of the public cloud services may also be adopted if security requirements of the government are complied with.