Skip to main content

Industry
Community Services \ Not For Profit

Service
Cloud Managed Service

Project Outcomes

  • Scalability – capacity not constrained by capital purchases – grow and shrink dynamically
  • Reliability – automatically recover from failures
  • Security – secure by default foundations
  • Innovation – Experiments are quick to set up and cheap to run
  • No upfront commitment – pay only for what you need, when you need it

The Client

CareSouth is a not-for-profit organisation based across regional NSW, passionate about and committed to building strong communities and enhance the lives of children, young people and families. CareSouth provides a range of services to our communities such as foster care, aunties and uncles, NDIS programs , clinical services, youth support services, family connections, supervised contact, mentoring and family preservation.

Overview

CareSouth was looking for a solution to host their IT infrastructure services and be able try new cloud services, giving them a modern agile approach to be able test servers and run production workloads. Mantel Group performed a 7 r’s assessment and in a migration assessment to run their Microsoft workloads in AWS. CareSouth was looking for Highly Available and robust environment while reducing existing Disaster Recovery Times.

The Challenges

CareSouth had limited on-premise hosting facilities, with aged x86 hardware and infrastructure that required upgrading. CareSouth was looking for a quicker solution to host their services without managing physical hardware and the challenges of additional maintenance that comes with a data centre. As a fast growing business, CareSouth often needs the ability to quickly open new office premises with minimal technological effort.
On-going financial forecasts and budget reviews were becoming increasingly difficult when planning to refresh infrastructure hardware.

Requirements

  • Initial requirements given by the business and discovered during the engagement:
  • Establish AWS Landing Zone
  • Migrate and re-host systems
  • Provide direct connect and VPN services
  • Perform cost optimisation
  • Decommission on-prem data centres
  • Manage environment via automation and CI/CD from the current manual changes

The Solution

Network Patterns

  • Shared VPC using RAM to share out Services VPC to PROD and TEST accounts.
  • Load balancers to applications
  • AWS Client VPN with Azure Entra ID Auth
  • Direct Connect – Exetel for communication to distributed sites via AWS VPN.

DNS and URL Structures

  • Mix of AWS Route 53 and Managed External DNS

Security and Monitoring

  • O365 (Entra ID) and Microsoft Active Directory are the auth system
  • Guard Duty
  • Patching via WSUS

Metrics Reporting

  • Cloud Watch is used along with Cloud Watch Agent to retrieve metrics within EC2 instances.
  • Lansweeper is used for IT discovery, asset management.

Availability

  • Instances needing higher availability are multi-az using ALB or their own mechanisms (Windows Domain Controllers).

Application Migration Strategy

  • Migrated Client on premise infra to IaaS due to licenses client held
  • Number of systems migrated to PaaS solutions (Office 365)

How AWS was used as part of the solution

Client originally had in house assets with issues with uptime and reliability. Client was lifted and shifted into AWS on EC2 instances which quickly resolved uptime and reliability from aged hardware.

  • Amazon Virtual Private Cloud (VPC) segregated into network tiers for hosting component services within subnets – DMZ, Application, and Data.
  • AWS Direct Connect – Virtual Interface for VPN to Head Office
  • AWS Directory Service
  • AWS Client VPN to 10 remote sites
  • Amazon Elastic Compute Cloud (EC2) for non-containerised compute
  • AWS Lambda primarily for event-driven, asynchronous, server-less compute.
  • Amazon S3 for hosting and caching static web content.
  • Amazon GuardDuty, AWS WAF, AWS Config, and AWS Shield for providing security in depth.
  • AWS Systems Manager – Parameter Store, Patching and Reporting
  • AWS Key Management Service (KMS) for controlled key management through customer managed keys.
  • AWS Certificate Manager for provisioning and managing SSL/TLS certificates used by AWS services.
  • AWS CloudTrail, Amazon CloudWatch for monitoring, logging.
  • AWS Control Tower for providing account management capabilities and guardrails to provide governance assistance.

Third party applications or solutions used

Caresouth use a number of Microsoft products including:

  • Windows Server
  • MS SQL Server
  • Microsoft Dynamics NAV
  • Lexmark Printer management software
  • RDP Gateway services
  • Lansweeper
  • Netwrix Auditor
  • Veeam Backup
  • WSUS
  • Active Directory and AD Federation Services
  • Web Servers