Background
The Centers for Medicare and Medicaid Services (CMS) was an early leader in using cloud technology in the federal government. Hundreds of application teams at CMS have migrated to and use the cloud. This success in cloud adoption has also created challenges in administering the overall cloud architecture securely, consistently, and at scale.
Automation
Cloud Network Manager automates formerly manual workflows and provides a foundation for rethinking CMS's service model for application teams. CMS has a secure cloud architecture for application teams that includes using AWS Virtual Private Clouds (VPCs) to segregate network traffic. CMS centrally administers these VPCs to ensure security and compliance. Provisioning a single VPC and integrating it into the overall cloud architecture used to take approximately 8 hours of active operations work and 2-3 weeks from start to finish because the total workflow was complex and included multiple manual handoffs between separate teams. Cloud Network Manager automated and reduced this 8 hours of active operations work down to 8 minutes. Instead of application teams having to file tickets with an operations team, they can use a web interface that allows automation-driven self-service for operational tasks.
Integration
We developed custom software to integrate the different systems that manage different components of the overall network architecture. Part of the complexity of network operations tasks is that one high-level task often requires multiple sub-tasks across different systems that don't integrate out of the box. For example, creating a segregated network space for an application team involves allocating private IP space in one system, creating network structure using the allocated IP space in another system, getting user authorization roles from another system, updating VPN access rules for those users in another system, etc. We developed high-level orchestration in Cloud Network Manager that uses component system APIs when available and we even developed APIs for component systems that didn't already have them. This approach allowed us to implement automation while minimizing overall level of effort and disruption to existing system components.
Conclusion
With Cloud Network Manager, we’ve helped CMS increase their speed of cloud onboarding by orders of magnitude, saving time and cost while promoting a more mature and scalable network architecture. We're proud of how Cloud Network Manager supports CMS's cloud adoption success, automating network administration and providing better access to services for application teams.