Text

NRC CLOUD INFRASTRUCTURE PUSHPA JAYAPAL AND STEVE SCHRADER

CLOUD STRATEGY The Agencys objectives are:

Improve security, cost effectiveness, efficiency, agility, and scalability in delivering IT services; Align with the OMBs Cloud Smart policy and the Federal Cloud Computing Strategy; Accomplish appropriate system and application migrations to cloud services as part of compliance with Federal DCOI mandates; Establish consistent cloud solution planning and migration practices; and Reduce risks to IT delivery, availability, and performance through a more distributed and consistent infrastructure and platform environment.

To maximize cloud services benefits, the NRC will use the following strategies:

Leverage Software-as-a-Service (SaaS) first to support a low-code deployment approach and optimize functional requirements to take full advantages of SaaS benefits.

Leverage Platform-as-a-Service (PaaS) to drive technology standardization for modernized systems and applications that require customization.

Plan to acquire and support standardized PaaS platforms.

Increase application refactoring activities to rearchitect applications from monolithic and tightly integrated applications to loosely-coupled, cloud-based microservices focused on activities and workflows.

Adopt Infrastructure-as-a-Service (IaaS) only by exception.

MAJOR COMPONENTS Azure Commercial (IaaS and PaaS)

AWS, NRC RES-Managed Other SaaS

AZURE INFRASTRUCTURE ExpressRoute connected stub network No direct Internet AccessAll access through the NRC TIC connection 2-Gbps Connection through Equinix Equinix will be the TIC 3.0 connection for NRC Supports Cloud EDTE, Production, and DMZ zones Currently supporting several systems using the following PaaS (not exhaustive):

Azure Web Apps Azure SQL Database Azure Functions Azure Bot and QnA Maker Azure Search Azure Cognitive Speech Service

CLOUD SECURITY When possible, all cloud systems use Private IP Space In Azure, SaaS and PaaS Services use PrivateLink to provide for Private IP usage In Azure and AWS IaaS, no public IP addresses are assigned to VMs Cloud Access Security Broker (CASB)

Provides policy enforcement regardless of what sort of device is attempting to access cloud services Azure Defender Currently monitors Azure SaaS and PaaS Configurations Can be configured to remediate identified issues Standard Network Security approaches, e.g. Splunk, Firewalls, IDS, AV

CURRENT AND FUTURE PROJECTS Application Migration Efforts - EIE, ILDC, NITA, Data Warehouse, ADAMS, TTC ColdFusion, RPS, ALM, Azure VDI New Capabilities - ActiveNav PaaS Implementations - Containers, Azure Security Center, Site Recovery, Mobile Apps, Logic Apps 3WFN Data Center Consolidation Evaluating and Scheduling all NRC FISMA Systems Cloud Migrations Goal is to migrate all systems which can be migrated to the cloud by Dec 2026

THANK YOU JAYAPAL, PUSHPA PUSHPARANI.JAYAPAL@NRC.GOV STEVE SCHRADER STEVEN.SCHRADER@NRC.GOV