We are creating some awesome events for you. Kindly bear with us.

An in-depth look at GovTech’s new common hosting platform for Singapore Government websites

An in-depth look at GovTech’s new common hosting platform for Singapore Government websites

Above photo: Mr. Tan Eng Pheng, Senior Director, Clusters Group at GovTech speaking at the AWS Public Sector Summit

Websites are often the first point of contact between citizens and government. They deliver information and provide a convenient platform for transactions. The Singapore Government has over 500 of them.

Earlier this year, PM Lee Hsien Loong said, “There are big things which we need to do and many small things which we ought to do better. Every time I go on to a Government website, if for some reason I have to transact a service and I cannot find the link, I tell them, please put this link in.”

To support the government agencies in improving the digital shopfront and the user experience, the Government Technology Agency of Singapore (GovTech) introduced a common hosting platform for government websites, called the Content Websites Platform (CWP), in  October2016.

The CWP is a common secured environment based on a resilient, robust and controlled platform which provides a suite of standardised software for hosting content-based websites. It enables unclassified government websites to be centrally managed and operated on public cloud, bringing the benefits of convenience, greater security, optimisation of resources, faster deployment speed and cost savings through economies of scale.

The idea behind CWP is to improve the government’s digital shopfront experience and help organisations build websites within significantly reduced timeframes. CWP accomplishes that by leveraging public cloud technology and putting together a stack of services, around not just hosting, but also security and operations management.

On October 4, at the inaugural AWS Public Sector Summit, Mr. Tan Eng Pheng, Senior Director, Clusters Group at GovTech spoke about the CWP, outlining its development, adoption and benefits.

The project started at erstwhile Infocomm Development Authority or IDA and moved on to GovTech (IDA and the Media Development Authority were re-structured to form GovTech and the Infocomm Media Development Authority last year). The procurement and development process took around 15 months.

Traditionally, each agency built everything from the ground up. In the data centre approach, they were responsible for the everything, from storage through servers, virtualisation, operating system (O/S), middleware and runtime to services and the website itself.

In the private cloud approach, parts of the stack are managed for the agency but the agency is still responsible for at least half the stack.

With the CWP, the agencies only have to manage their own websites and they can focus on delivering the best possible user experience. Everything else is handled for them by GovTech.

Hosting environment

CWP is hosted in the Public Cloud, Amazon Web Services (AWS), and G-Cloud, IM8[1] Compliant Hosting Environment, for the ‘unclassified’ front-end website and ‘restricted’ form services respectively.

Above image: Public Cloud and IM8 Compliant Hosting Environment Hosting Illustration/ Credit: GovTech 

CWP offers two categories of services, Base Services and Catalogue Buy Services.  Base Services include virtual hosting environment services (AWS) and Form services (G-Cloud or Government Cloud) and bundled security infrastructure services; and security management services.

Agencies can choose from 3 website tiers for the virtual hosting environment services: Small (Website page views of 50,000 per day and website data transfer of 5GB), Medium (Website page views of 200,000 per day and website data transfer of 20GB), and Large (Website page views of 800,000 per day and website data transfer of 5GB).

There are similar categories for Form Services with small, medium and large for form traffic of 200, 400 and 800 per day respectively.

Integrated, centrally-managed security

Mr. Tan said, “In this heightened cyber risk landscape, security probably takes more effort than the website itself.” CWP centrally manages the security protection of all hosted websites, through a range of integrated security infrastructure and management services.

At the perimeter, measures comprise: 1) CyberWatch Centre, which captures and processes security alerts; 2) Content Delivery Network (CDN) for caching and distributing load; 3) Web application firewall to filter malicious web traffic; and 4) Defacement monitoring, which monitors webpages against unauthorised changes.

There is another layer of security which includes Virtual Private Cloud to protect cloud resources; End Point Protection against viruses and malware; Network Intrusion Protection System to examine network traffic flows and block exploits; Patch Management for monitoring and administering timely software patches, fixes and updates; and Cert Management for managing SSL/ TSL[2] certificates.

In addition, vulnerability assessment is conducted annually for application software/ customer website and on a quarterly basis for the Operating system, Database management system and the Network infrastructure. Both automatic and manual Penetration Testing is done once a year.

All of this is integrated as part of the basic services package.  The agencies don’t have to go around shopping to find security solutions. In addition, CWP leverages multiple availability zones[3] of AWS in Singapore, adding another layer of resiliency.

Content Publishing Services

This falls under the ‘Catalogue Buy Services’. (Catalogue Buy also includes a range of miscellaneous services, such as additional website traffic, form traffic, data storage; invoice options; urgent service requests; and performance test tools.)

CWP provides improved manageability and operational efficiency with five Content Management Systems (CMS) standardised software. Customer may bring their own CMS licenses over to CWP provided the licensing scheme is supported in CWP. Alternatively, customer may procure the CMS licenses in CWP. They can choose to deploy HTML websites where CMSes are not required.

The five supported CMSes are WordPress which is Open Source (with commercial support for plug-ins) and four proprietary CMSes, namely SharePoint, SiteCore, Swiit and Sitefinity.

Mr. Tan explained the selection process for the CMS software, saying, “Unfortunately, we are unable to service all CMSes. As the suite of offerings expands, the management complexity escalates. So, we decided to do the top 5 CMSes, which have the highest utilisation rate in government.”

Simple process for agencies

Agencies developing and deploying websites through CWP follow a simple 4-step process. GovTech has developed self-service portals for Service, Deployment, Security, Utilisation, User management, operations and service desk.

The requester goes on to the Service portal and signs up for an account. Once the account is approved, the requester can subscribe for the tier of service they want. After provisioning for the staging and production environment, the developer can start deploying their codes through the Deployment portal and then conduct user testing.

This is followed by booking and running security tests through the Security portal. Once vulnerability and penetration testing is completed, the security findings verified and any loopholes remediated, the agencies can deploy the website and go live.

The result of this process has been a drastic reduction in time taken for developing and deploying websites. It is down from months to weeks or even days. Mr. Tan said that a corporate website for Vital.Org, which provides human resources and finance services to government agencies, went from ‘signup’ on CWP to ‘go live’ in 7 working days.

Two examples of public cloud benefits- auto capacity scaling and security patching

In his presentation, Mr. Tan talked about how CWP leverages a range of useful utilities and services provided by AWS, such as Simple Queue Service, Lambda, CloudWatch and Elastic Load Balancing.

He gave two examples of how public cloud can provide distinct advantages in terms of operations, as well as security. Peak loads for websites can come at inconvenient or unpredictable times. Traditionally, the organisation would buy excess capacity, in case the need arose. But this ‘just in case’ came at a heavy cost. With the cloud infrastructure, the utilisation can be monitored (through CloudWatch) and a threshold set for it. Once the threshold is crossed, a new instance[4] is automatically created. Once connected to the Load Balancer, it goes live immediately. Surges in website traffic are handled with little to no downtime. And this flexibility enables rapid scale-up without having to go through hardware and set-up.

Another issue is security patching.  Each time a vulnerability is revealed, it has to be patched to make sure that it is not exploited. Here, public cloud provides the ability to do the patching offline. A similar instance can be patched, connected to the load balancer and once it is connected, the old unpatched can be discarded.

Previously, for patching, website administrators announced maintenance periods, taking the website offline for x hours and patching it before bringing it back online. There’s almost no downtime now. The patching can be done in minutes instead of hours.

In January 2017, WordPress had a vulnerability that was exploited worldwide. 1.5 million websites were affected. GovTech was able to complete the patching in a total elapsed time of 23 hours. The staging environment was patched in 4 hours, while the production environment was patched in 5 hours. There was no defacement and no downtime.

“The ability to patch very quickly is what separates the vulnerable and the ready. More than 90% of exploits will continue to be these known ones. Everyone knows about it. It’s a matter of who can get to the finishing line faster, the hacker or you,” Mr. Tan said.

Future plans

The CWP is already proving to be a transformative platform. It is allowing agencies to achieve cost and time savings and transparency. They no longer need to deal with multiple vendors. Moreover, Mr. Tan mentioned in post-presentation panel, that many government agencies are taking the opportunity of the migration to re-design the website and rewrite the content.

Around 70% of government websites, around 380, have migrated to the CWP. The number is expected to increase to 400 by the end of the year.

Going forward, GovTech wants to provide services to mobile platform through APIs. For instance, GovTech is working with the Ministry of Education (MoE) for native mobile apps which will consume content hosted on CWP through APIs (Application Programming Interfaces).

GovTech has also developed an Outlook and mobile calendar synchronisation solution for public servants using CWP.

The other part of the plan is exploring the possibility of pay-as-you-use Software-as-a-Service (SaaS) solutions, in areas like learning management and mass communication (marketing emails) on subscription basis in the future.

[1]The Instruction Manual for ICT or IM8 aims to enhance the overall effectiveness of ICT in the public sector, and establish minimum standards leading to a networked government.

[2] Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are cryptographic protocols that provide encryption and authentication between applications where data travels over an insecure network such as the Internet.

[3]AWS locations are composed of regions and Availability Zones. Each region is a separate geographic area. Each region has multiple, isolated locations known as Availability Zones. Availability Zones in a region are connected through low-latency links. If instances are distributed across multiple Availability Zones and one instance fails, an instance in another Availability Zone can handle requests.

[4] An instance refers to a virtual server for running applications.

PARTNER

Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.

PARTNER

CTC Global Singapore, a premier end-to-end IT solutions provider, is a fully owned subsidiary of ITOCHU Techno-Solutions Corporation (CTC) and ITOCHU Corporation.

Since 1972, CTC has established itself as one of the country’s top IT solutions providers. With 50 years of experience, headed by an experienced management team and staffed by over 200 qualified IT professionals, we support organizations with integrated IT solutions expertise in Autonomous IT, Cyber Security, Digital Transformation, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Well-known for our strengths in system integration and consultation, CTC Global proves to be the preferred IT outsourcing destination for organizations all over Singapore today.

PARTNER

Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit www.planview.com.

SUPPORTING ORGANISATION

SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.

PARTNER

HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 

PARTNER

IBM is a leading global hybrid cloud and AI, and business services provider. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,000 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity and service.

Send this to a friend