Skip to main content

INDUSTRY

State Government

SERVICES

Migration to GitHub Enterprise Cloud EMU (Enterprise Managed Users)
Expert training
Change management
Configuration as code

Key Takeaways

1

Creation of a centrally managed identity and access on GitHub from their Azure AD identity provider.

2

Security posture enhancement, including enabling the use of single sign-on with multi-factor authentication.

3

Expert training was provided to the client by Mantel Group’s GitHub Accredited Engineers.

Company Overview

The organisation is a Government-funded emergency service, employing over 1,000 staff, including a development team of around 80 people. Their mission includes protecting the community and minimising the impact of emergencies by providing training, community education, prevention and operational capability. They have attended over 22,000 incidents across their jurisdiction in 2020/21. As a Government department, they have been given a strategic direction to move their IT operations to the cloud.

The problem

The client’s business driver was to reduce the expense and operational overhead of maintaining their own on-premises GitHub Enterprise Server. The lack of multi- factor authentication (MFA) was also compromising the organisation’s security posture.

A disconnect between their Azure AD Identification Provider (IdP) and their GitHub Enterprise Server resulted in double-handling of administration, with onboarding/offboarding friction due to security (VPN) requirements, access permissions and licence provisioning.

Mantel Group was engaged as a trusted GitHub partner. Our close relationship with Microsoft and GitHub enabled us to engage on this project directly with members of the US GitHub team, under the Microsoft FastTrack Program.

The solution

Rather than simply delivering a solution in isolation, the Mantel Group team fully integrated with the organisation’s IT Ops team to ensure a collaborative approach. Our team also guided the client during the solution design process. GitHub Enterprise Cloud EMU (Enterprise Managed Users) was chosen to meet their stringent security requirements.

Integrating IdP Azure Active Directory with GitHub Enterprise Managed Users removed the toil of manually handling the onboarding and offboarding of developers. We also consolidated redundant security groups and streamlined Role Based Access Control (RBAC) to GitHub.

A lightweight configuration as code solution (Probot Settings) was implemented to enable pull-request based configuration and repository templating. Branch protections and codeowners policies were also put in place to ensure code quality and security.

Our proven change management strategy mitigated the risk of disruption to development teams, ensuring zero down-time throughout the whole migration process. Integrations with existing CI/CD (TeamCity), Telemetry (Splunk), and planning (Jira) systems were maintained to ensure business continuity.

Key products/services we used

  • Rapid prototyping, demonstrating GitHub’s capabilities and increasing the confidence of key stakeholders that GitHub Enterprise Cloud EMU was the best choice.
  • The team followed an Agile methodology. Mantel Group and the team performed daily standups and provided weekly status updates to ensure key stakeholders had visibility of any risks or issues.
  • We facilitated a series of knowledge sharing brown bags to upskill engineering and leadership teams on a range of topics, including GitHub Administration, GitHub Actions, and GitHub Advanced Security.

The results

  • The project commenced in late November 2021 and ran for a duration of six weeks, resulting in a cost reduction by migrating to a fully managed service. IdP integration also increased efficiency in onboarding/offboarding, with GitHub access, licensing, SSO and MFA all managed centrally through Azure AD.
  • Configuration as code has also enhanced the consistency, traceability and security of GitHub configuration.
  • Key personnel have received expert training from Mantel Group, and the client was able to achieve significant steps towards meeting their ‘Cloud-First’ mandate.