About the Hybrid Cloud Platform

Overview

The Hybrid Cloud Platform (HCP) is a hosting solution that is developed and maintained from the ground up in Malta for all government entities. It is based upon an on-premises stack which is hosted within the MITA Tier3 datacentre for Malta-based operations and an off-premises cloud linked with both Microsoft’s Amsterdam & Dublin datacentres. The HCP is also connected to the secure and high-speed Malta Government Network (MAGNET), so it can be consumed in a similar manner to MITA’s usual virtual hosting services but with much more enhanced capabilities for the consumer with immediate on-boarding that is independent from any intervention. The following diagram provides a high-level overview of the architecture:

 

Figure 1 – Hybrid Cloud Platform

Figure 2 – Regions

 

Figure 1 and 2 above illustrate the high-level building blocks of the Hybrid Cloud Platform that will host Information Systems within Government’s datacentres (Azure Stack Hub) and on the Azure Cloud – West Europe and North Europe datacentres. 

The Hybrid Cloud is composed of a number of regions. Applications requiring fault tolerance across regions must be specifically engineered to cater for this and deployed across regions. A single region supports a degree of high availability by persisting 2 copies of storage across different nodes and supporting the use of availability sets (which ensures resources are executing on different nodes). 

Azure Stack Hub is a Hybrid Cloud Platform component that enables the use of Azure services from within Government’s datacentre. Azure Stack Hub delivers a subset of services and features that are available in Azure. An app built on Azure Stack Hub can be deployed on Azure Stack, Azure, or Governments Azure hybrid cloud.

 

Figure 3 – Hybrid Cloud IaaS PaaS SaaS

 

The Hybrid Cloud Platform gives solution providers access to all the IaaS, Pass, and SaaS to be able to build cloud-native solutions for Government. 

Figure 4 – Subscriptions

 

A subscription is a logical entity that provides the entitlement to deploy and consume Azure resources. We will be providing access to two flavors of subscriptions :

Hybrid Connectivity Subscription 

Network access to Government’s’ Network (MAGNET)  

Owner: MITA 

Access: Internet, MITA users, CIOs, Contractors 

Cloud-only Subscription 

No network access to Government’s’ Network (MAGNET) 

Owner: MITA 

Access: Internet, MITA users, CIOs, Contractors 

 

Figure 5 –Resource Groups

 

A client will be given access to a Resource Group within which the Azure Resources (IaaS, PaaS, SaaS) can be deployed. 

MITA retains ownership of the Resource Group, whilst the Client/Supplier has the contributor role that provides the ability to add/delete resources without changing permissions. 

The MITA Network Operations Centre, and the Security Operations Centre will have read-only access to all resource groups for Governance purposes using: 

  • Azure Monitor 
  • Azure Security Centre 

Optimal Workload Placement 

There is no broad answer or cookbook solution. It is not Cloud vs Non-Cloud, it is On-prem Cloud vs Off-prem Cloud 

Main driving factors: 

  • Business
  • Technical 
  • Strategic 
  • Cost

When deciding on the optimal workload placement, MITA needs to carry out an architecture assessment of the proposed solution (together with solution owner) to find the best fit for solution on the Hybrid Cloud. 

 

Self Service 

Self-Service is one of the major benefits of cloud: 

  • MITA will typically provision up to resource group level. 
  • CIOs/Contractors can provision and manage their own resources with MITA being more of a consultant. 
  • CIOs/Contractors, will be in control and therefore can be more agile. 

Backups 

The Hybrid Cloud provides several options for self-service backups, each system has different backup / consistency / retention / DR requirements. Thus, only the service owner has enough visibility to implement a proper backup regime. Options include: 

  • A trusted 3rd party backup solution with a self-service portal for VMs on-premise 
  • Multiple options on cloud e.g. Azure backup for VMs 
  • Some PaaS services such as Azure SQL offer built-in managed backup 

 

Monitoring  

The Hybrid Cloud provides a range of tools such as Azure Monitor, Application Insights and Security Centre to be able to monitor workloads, these solutions can also be extended with automation to handle/resolve/take action based on defined triggers.  

 

Network Connectivity and Routing 

The Hybrid Connectivity subscriptions are connected to the Government’s core network. However, there are several constraints, and subtle differences between Azure and Azure Stack which need to be taken into consideration at design stage. These will be handled during the Architecture Assessment.  

The solution owner will control incoming network access to his solution whilst MITA will control all access from the solution towards the Government’s network. In case of the latter, access will be opened by request and reviewed by the security department. 

 

Remote Access 

Access to the Azure and Azure Stack Hub portals is available over the internet by using a Corporate Account.

A number of services e.g. VMs are only accessible from Government’s network or via VPN. 

To look further into how to make use of the service and get on-boarded, please click here.

No announcements. For past announcements visit [here](https://cloud.gov.mt/announcements)
No announcements. For past announcements visit [here](https://cloud.gov.mt/announcements)