The Off-Premises Platform is a hosting solution that is developed and maintained from the ground up in Malta for all government entities. It is based upon an off-premises cloud linked with Microsoft’s Milan, Amsterdam & Dublin datacentres. The platform is also connected to the secure and high-speed Malta Government Network (MAGNET), so it can be consumed in a similar manner to MITA’s usual virtual hosting services but with much more enhanced capabilities for the consumer with immediate on-boarding that is independent from any intervention. The following diagram provides a high-level overview of the architecture:

Figure 1 – Off-Prmises Hosting Platform

Figure 2 – Regions

For illustration purposes, Figure 1 and 2 above illustrate the high-level building blocks of the Off-Premises Hosting Platform that will host Information Systems within Government’s datacentres on the Azure Cloud – West Europe and North Europe datacentres. Other services and regions might be available.

The Off-Premises Hosting Platform is composed of a number of regions. Applications requiring fault tolerance across regions must be specifically engineered to cater for this and deployed across regions. A single region supports a degree of high availability by persisting 2 copies of storage across different nodes and supporting the use of availability sets (which ensures resources are executing on different nodes). 

Figure 3 – Hybrid Cloud IaaS PaaS SaaS

The Off-Premises Hosting Platform gives solution providers access to all the IaaS, Pass, and SaaS to be able to build cloud-native solutions for Government. 

Figure 4 – Subscriptions

A subscription is a logical entity that provides the entitlement to deploy and consume Azure resources. We will be providing access to two flavors of subscriptions :

Hybrid Connectivity Subscription 

Network access to Government’s’ Network (MAGNET)  

Owner: MITA 

Access: Internet, MITA users, CIOs, Contractors 

Cloud-only Subscription 

No network access to Government’s’ Network (MAGNET) 

Owner: MITA 

Access: Internet, MITA users, CIOs, Contractors 

Figure 5 –Resource Groups

A client will be given access to a Resource Group within which the Azure Resources (IaaS, PaaS, SaaS) can be deployed. 

MITA retains ownership of the Resource Group, whilst the Client/Supplier has the contributor role that provides the ability to add/delete resources without changing permissions. 

Optimal Workload Placement 

There is no broad answer or cookbook solution. It is not Cloud vs Non-Cloud, it is On-prem vs Off-prem 

Main driving factors: 

• Business
• Technical 
• Strategic 
• Cost

When deciding on the optimal workload placement, MITA needs to carry out an architecture assessment of the proposed solution (together with solution owner) to find the best fit for solution on the Hybrid Cloud. 

Self Service 

Self-Service is one of the major benefits of cloud: 

• MITA will typically provision up to resource group level. 
• CIOs/Contractors can provision and manage their own resources with MITA being more of a consultant. 
• CIOs/Contractors, will be in control and therefore can be more agile. 

Network Connectivity and Routing 

The Hybrid Connectivity subscriptions are connected to the Government’s core network. However, there are several constraints, and subtle differences between Azure and Azure Stack which need to be taken into consideration at design stage. These will be handled during the Architecture Assessment.  

The solution owner will control incoming network access to his solution whilst MITA will control all access from the solution towards the Government’s network. In case of the latter, access will be opened by request and reviewed by the security department. 

Remote Access 

Access to the Azure and Azure Stack Hub portals is available over the internet by using a Corporate Account.

A number of services e.g. VMs are only accessible from Government’s network or via VPN. 

To look further into how to make use of the service and get on-boarded, please click here.