National e-Gov Conference

8th August 2019

GI Cloud - MeghRaj

Sanjay Goel

Joint Secretary

Ministry of Electronics and Information Technology

(MeitY)

Structure

2 Use Cases of Cloud Adoption &

Network access based on

applications

4

7

Growth of Data Centres & Cloud

Security Requirements,

Disaster Recovery & its need

9

8 3

Cloud Computing Scenario in

International Domain

Key empanelment requirements &

list of Empaneled CSPs

Govt. Data Centre and Cloud

Infrastructure

1 What is Cloud Computing Legal & Policy Interventions 6

5 Procurement of Cloud Services

Way Forward –

One Government One Cloud

10

Essential Characteristics:

Resource Pooling

Broad Network Access Rapid Elasticity

Measured Service

On Demand Self-Service

Cloud computing is a model for enabling convenient, on-demand network access to

a shared pool of configurable computing resources (e.g., networks, servers, storage,

applications, and services) that can be rapidly provisioned and released with

minimal management effort or service provider interaction.

What is Cloud Computing

Virtualization Geogr. Distribution

Description Traditional IT Cloud

Utilization of IT Resources Low Optimum

Procurement Cycle Long Quick

Capital outlays for

hardware & applications

Yes No

Flexible IT infrastructure No Yes

Built-in scalability No Yes

Maintenance Maintenance is

required

Focused on usage

rather than

maintenance

Pricing model Fixed Variable

Technology Obsolescence Taken care by the

organization itself

Taken care by the

Cloud Service

Provider

How traditional IT differs from cloud computing?

Public Cloud

Virtual Private Cloud

(Logical separation in public cloud)

Government Community Cloud

Cloud Deployment & Service Models

Empaneled Cloud Deployment

Models

SaaS - software is licensed on a subscription basis and is centrally hosted

PaaS – a platform to develop, run, and manage applications without maintaining technology infrastructure

IaaS – for provision processing, storage, networks, and other fundamental computing resources

3 2 1

Platform as a Service

Software as a Service

Infrastructure as a Service

• Virtual Machines • Storage • Backup • Networking

• Database • Application Server • Web Server • DevOps

• Email • Office Suite • ERP • CRM

Cloud Service Models

United States United Kingdom Australia Singapore Canada

Cloud First -

initiative 2011 -

focus on Public

Cloud

Data centre

consolidation

triggered

Public Cloud Service

Providers - certified

by Govt. (FedRAMP *)

Cloud First replaced

with Cloud Smart in

2018

Cloud Smart focuses

on service, security &

cost while giving

dept. multiple

options to procure

Cloud First policy

created in 2013

Cloud First

launched for using

public cloud

Departments are

free to choose an

alternative to

cloud but need to

demonstrate the

value

Launched Digital

Marketplace for

Cloud

procurement

Cloud First policy

promulgated in

2014 and then

revised in 2017

Government

agencies must

adopt cloud where

it is fit for purpose

Principles based

approach for Cloud

adoption, e.g. Use of

public cloud

services as default

No explicit “Cloud

First” policy

Implemented a

private government

cloud called Central

G-Cloud for whole-

of-government use

Also leverages

commercially-

available public

cloud offerings

Moved to “Cloud

First” in 2017

Public cloud

services will be the

priority choice for

departments

Departments will

use private clouds

where needs cannot

be met by public

clouds

Cloud Computing – International Scenario

* FedRAMP : Federal Risk and Authorization Management Program is a government-wide program that provides a standardized approach to security

assessment, authorization, and continuous monitoring for cloud products and services.

2013 2014 2016 2017 2018 2019

10 CSPs Empaneled

• CMO Setup • Onboarding of

Cloud packages on GeM

NIC - First National Cloud

Launched

• 3 Additional CSPs Empaneled

• SLA, MSA & Procurement Guidelines published

• Cloud Service Bouquet • Onboarding on GeM is

under process • Open empanelment

process to be initiated

Cloud First Policy published with implementation roadmap

Indian progress - GI Cloud Journey so far…

Cloud enabled SDCs

Size of SDCs in India

: 1500 sq. ft. to 4000

sq. ft.

4 NDC already Setup

with overall capacity

of 1000 racks

Guwahati & Bhopal

NDC to be set up

13 CSPs empaneled

To accelerate delivery of e-services provided by the Government and

to optimise ICT spending of the Government.

GI Cloud – The Cloud Computing Initiative by Govt. of India

Certification Requirements: ISO 27001, ISO 20000:1, ISO27017, ISO 27018, TIA

942/Uptime Institute

Data Residency : Hosting of government data within the country mandatory.

There shall not be any outside legal framework applicable on CSPs (undertaking provided

by CSPs)

CSPs shall be required to offer their services in two categories (Basic and Advanced) as per

the Cloud Service Bouquet prepared by MeitY

DC and DR to be separated by a distance of 100 Kms

CSPs are required to offer the empaneled Cloud services to government organizations

through GeM platform

CSPs to comply with minimum security requirements specified in the empanelment RFP.

User departments may specify additional security requirements based on their applications

Successful STQC audit is prerequisite for offering Cloud Services to Govt. Dept.

Key Requirements for CSP Empanelment

1. Amazon Internet Services Pvt.

Ltd.

2. Bharat Sanchar Nigam

Limited (BSNL)

3. CtrlS Data Centers Limited

4. Cyfuture India Private Limited

5. ESDS Software Solutions

Private Limited

6. IBM India Private Limited

7. Microsoft Corporation (India)

Private Limited

8. Net Magic IT Services Private

Limited

9. Nxtra Data Ltd.

10. Tata Communications Limited

11. Web Werks India Private

Limited

12. Hewlett Packard Enterprise

India Private Limited

13. Sify Technologies Limited

List of Empaneled Cloud Service Providers

13 CSPs have been empaneled

Procurement of Cloud Services

Government Department

Managed Service Provider (MSP)

System Integrator (SI)

Indirect

End to End

Services

Modes of Procurement

Clo

ud S

erv

ice

Pro

vid

er

(CS

P)

NIC Cloud

Govern

men

t

e-M

ark

etp

lace (G

eM

)

Access to

empaneled

CSP services

Direct

NDC 1 NDC 2 NDC n ……

Cloud Adoption - Use Cases

Applications having

seasonal/cyclic requirements,

e.g. Education Department

Test & Development

environments

Applications requiring

centralized architecture, e.g.

NSP Portal

Low to medium usage of

bandwidth requirements, e.g.

Smart City IoT Data

Applications having varying

data retention requirements,

e.g. insurance data to be kept

for 7 years or more

For applications having Top

Secret/Secret Data

Highly decentralized

architecture

Applications which run on

perpetual basis (may not be

cost effective)

Any regulatory/licensing

requirements that prohibit

Cloud usage

Quick Wins for Cloud adoption Cloud adoption with careful assessment

Network access based on Application Criticality

• Access directly through internet like broadband / wifi networks, mobile devices, etc.

Citizen facing portals

• Access through VPN/trusted networks like P2P connectivity, leased lines, etc.

Secured Applications

• No access through internet

• Access through only closed network groups, e.g. dedicated WLAN by the Govt. Organizations

Air Gap Systems

ISO 27001:2013

ISO/IEC 27017:2015 Certification

ISO/IEC 27018:2014 Certification

ISO 20000:1 Certification Details

Min. Tier III Uptime Certification

Security Requirements for Empaneled CSPs

Data Center Facility must be within India

only

Adherence to IT Act 2000

Adherence to security guidelines specified by CERT-In/MeitY/

GoI

99.5% availability

Audit of CSPs by STQC

Global Compliances Compliances specific to India

Security in Cloud is a Shared Responsibility

Govt. Department* Cloud Service Provider(CSP)

Identity and access management -

Specifying the roles of users for managing

access to application, data and platform

Security of infrastructure components

(compute, storage, network, etc.) including

upgrade, maintenance and patch

deployment

Ensuring the security of endpoints that

are used to access Cloud services

Virtualization & hardening of hypervisor

Configuring operating system, network,

firewall & security settings associated with

the Cloud service being consumed

Physical and Logical network

segmentation

Applying data and server side encryption Perimeter security services

Reviewing and validating security

configurations created by CSP/MSP

Providing tools for backup, migration and

replication

Reviewing the security incident and

monitoring reports submitted by CSPs

Offering Disaster Recovery Services

* For some of the activities, Govt. Department may require help of Managed Service Provider (MSP)

Disaster Recovery

Hot Site /

Near DR Site

Warm Site /

Far DR Site

Cold Site /

Far DR Site

RTO 30 Minutes to 6 -12 Hours or more

Greater than 24 Hours

RPO Min. 15 min Significant data loss

Depending on the criticality DR Site should be planned for every application

It minimizes recovery time & possible delays

It prevents potential legal liability

Improves security

Avoids potentially damaging last-second decision-making during a disaster

Zero /Near Zero

Zero /Near Zero

~600 million

users

New

Technologies 5 G, IoT,

Geo-

Spatial

Avg. person interaction

with connected devices

From 300

times a

day

to 4800

Increasing Business,

Start-ups

4200+

Startups,

&

Business

Govt.

e-Services

Digital

India

Zetta

Bytes* of

Data

Need for growth of Data Centres

Total

Internet

Users

* 1 Zetta Byte = 1021 Bytes = 106 Peta Bytes

Way Forward -

One Government One Cloud: Meghraj

All future applications should be on Cloud

No expenditure should be planned on procuring dedicated hardware

All Data centers should be Cloud Ready

Mini Data Centers of NIC to be merged with NIC Cloud

New Data centers to be set up in Guwahati and Bhopal under NIC

Cloud

Smart city initiatives to use Cloud Computing for both DC and DR

sites

More CSPs to be empaneled

On-boarding of CSPs on GeM portal

Capacity Building of the Government Departments

Thank You