Virtual Desktop Infrastructure (VDI) Migration

Client Organization Name: An Agency within the Department of Transportation
Offeror’s Role for the Case Study: Subcontractor, Architecture and Cloud Development

About the Customer:
Our client’s mission is saving lives, preventing injuries and reducing the costs of roadway crashes.
Critical in supporting this mission, they investigate vehicle safety issues and determine their risk
to public safety. The client’s data repository and analysis system of record for all vehicle
complaints, recalls, crash test ratings, crash details, vehicle safety early warning reports,
manufacturer communications, and foreign campaigns is their proprietary system. Their system
is the back-end data store, mission-critical system which facilitates the collection and
dissemination of key safety information (vehicles, equipment, car seats, tires) for federal
investigators, auto manufacturers and the general public. It integrates with and supports the flow
of information to multiple upstream/downstream systems including both public and private
applications. The system is our client’s key portal for all safety and standards for vehicles,
equipment, car seats and tires in the United States.

Customer Challenge:
The system has been, and continues to be, the vital system of record for safety information on
vehicles in the United States. Over the years the data set, and demand to access that data, had
begun to outpace the technical capabilities of the system. It was built as a monolithic
infrastructure hosted on aging on-premises servers running legacy, yet expensive software. Our
client realized that the legacy infrastructure and application software no longer was able to meet
flexibility, maintainability, scalability and performance needs of a mission-critical system. The
system experiences frequent high traffic spikes during recalls which negatively impacted system
performance during crucial times. Our client was unable to scale with demand on the legacy on

premises machines. The ability to provision more servers was expensive, complicated and time

consuming. Instead, our client wished for the infrastructure to scale based on demand.
Additionally, the application’s legacy software was unable to support more modern
upstream/downstream applications. Adding new features and functionality became increasingly
difficult and error prone. Understanding the growing challenges impacting the system, our client
turned to our team to modernize the application software and migrate the legacy workflows to a
cloud-based, modular system to improve performance for both today and tomorrow’s needs.

Partner Solution:
The system badly needed to be modernized from both a software and a hardware perspective.
It was clear that after years of technical debt, a simple ‘Lift and Shift’ migration out of the on-
premises and into the cloud would not improve the strained system’s performance. Instead, our
cloud architects and engineers designed and delivered a full-scale workflow migration to AWS
which included the replacement of legacy middleware and appliances with AWS managed
services. A key component of the modernization and migration strategy was the understanding
that the system was a central component for multiple upstream/downstream systems supporting
multiple different types of companies, agencies, groups and individuals. During the migration it
was essential that access to real time information workflows continued as expected. Leveraging
AWS’s Database Migration Service (DMS) we were able to maintain high availability, minimal
downtown and seamless data replication between the legacy and target infrastructures.

Through our partnership with AWS we worked closely with AWS engineers to ensure that the
migration to the cloud followed AWS’s well architected best practices. Our strategy replaced our
client’s on-premises physical network with Virtual Private Networks (VPCs) and subnets. The
newly provisioned VPC was designed using the best practice of public/private subnet separation
with service endpoints and NAT Gateways. Amazon WAF, ACLs, security groups, and IAM were
used to enforce security policies and manage the security posture for the System. While the
majority of the workloads were targeted for transition to microservices running on Lambda,
autoscaling EC2 clusters were provisioned within the secured VPC for heavier processing
workloads which included zip file processing and threat scanning. The newly written serverless
scripts leveraged Lambda Layers and Lambda versioning to support runtime and rollbacks. Our
team was able to provide the system with four (4) distinct environments Development, Staging,
Q&A, and Production- all built and deployed as Infrastructure as Code (IaC) using CloudFormation
scripts and AWS Serverless Application Model (SAM).

Much of the legacy infrastructure consisted of proprietary middleware, applications, and costly
software licenses. The modernization and migration of the system included the following changes:

▪ The migration of data out of legacy Oracle instances into AWS Aurora PostgreSQL.

▪ Replacing legacy enterprise Java applications and app servers with modern serverless
nodeJS equivalents

▪ Replacing proprietary middleware and appliances with services including SQS (queued
messages), SNS (notification of events), AWS Simple Storage Service (S)3, and API
Gateway. API Gateways were defined using Swagger.

▪ Replacing costly Microsoft Windows server instances with more flexible RedHat
Enterprise Linux (RHEL)

▪ Replaced legacy search tool Lucene with AWS OpenSearch Service

▪ Replace dedicated web servers with S3 and CloudFront

In addition to the provisioning and migration from the legacy on-premises our team leveraged
the AWS Command Line Interface (CLI) and Software Development Kits (SDKs) to perform object
Migration and syncing. Our team configured and deployed a DevOps CI/CD pipeline managed
within Jenkins. The pipeline was then integrated with AWS CodeCommit which managed all
version control of the system’s codebase. AWS CloudWatch was configured to provide metrics for
telemetry and insights and CloudWatch dashboards were created to provide visual metrics and
error reporting. The resulting modernized, modular system is one that will provide our client with
the flexibility, performance and maintainability to continue to support their mission pursuing
public safety.

Results and Benefits:
The result of this work provided ODI with a modernized, modular cloud-native solution that has
the scalability and performance to meet the growing needs of their user base for years to come.
Artemis is now build with the scalability to meet the system’s reliably unreliable traffic. It’s
monolithic infrastructure has been replaced with serverless microservices, providing developers
with the ability to quickly update workflows and add new features as needed. Previously, the
architecture required queued, multi-day batches to ingest and disseminate information. Now, the
system’s integration and design allows for real-time, asynchronous data flow between
upstream/downstream applications. Dozens of expensive, legacy servers have been replaced by
a handful of on-demand cloud computing instances. The migration and modernization of the
Artemis system has provided NHTSA and its customers with the capability for continued
enhancement and growth for years to come.

About the Partner:
For 30 years, CTAC has built a team of people, and a business around them, who know what it
means to put our client’s mission first. We constantly invest in that team to ensure that we stay
at the cutting edge of technology, so our clients are never getting yesterday’s solution today. Our
approach combines deep knowledge of the federal space, application of up-to-date industry best
practices and a constantly evolving commitment to technical excellence to meet our clients where
they are. That means answering the ask and digging deeper. It means showing up and staying
connected. It means getting it done and getting it right.

CTAC is an Advanced AWS Partner and an AWS Public Sector Solutions Provider with the
differentiator of having achieved three AWS competencies: Government, DevOps, and Public
Safety and Disaster Response. As a testament to our commitment as an AWS partner, our staff
currently hold over 50 AWS Accreditations and over 45 Specialty, Professional, Associate, and
Foundational AWS certifications. This ensures our Migration, Platform as a Service (PaaS),
Infrastructure Support, Modernization, Resale, and DevOps teams are up to date in both
education and experience designing, modernizing and deploying cloud-based solutions in AWS.