Our client’s aging infrastructure and legacy integration methodologies have led to issues preventing the agency from being compliant with federal audit standards and enabling modernization, innovation and governance across the enterprise. The client previously relied on over 60 financial, supply, and distributed transactional systems. Over 30 million transactions were executed per year which were hosted in the cloud and on-premises in order to track, execute, and report on an entire division’s financial activities.
In order to accommodate the complexity of the systems, along with the speed and scalability needed for data reporting, Ironclad designed, architected and rolled out our Central Data Exchange Platform (CDX) to address the NextGen needs for our client. The CDX is the embodiment of next generation technology and DevSecOps practices shown below that promote best in breed cloud ready services with low touch to no touch delivery.
- An API led architecture approach following a Cloud First method built on an IL4 AWS Govcloud platform and incorporates a DevSecOps Kubernetes exemplar technology stack that also fuses the functional needs of our client without sacrificing the utilization of leading technology.
- CDX uses the MuleSoft’s AnyPoint platform hosted in a FedRAMP-compliant AWS GovCloud. The API gateway uses a Redis database, backed by an Oracle DBMS, as a back-end data repository for Kibana, ElasticSearch Integration, and Analytics—all secured by OAuth.
- The CDX brings the first nextGen Enterprise Integration Platform (EIP) to address needs for our client that applies not just DevSecOps but GITOPS and Robotic Process Automation (RPA) capabilities through UiPath. This ensures faster delivery of APIs and integrations to support the mission regardless of the age of the system.
- The CDX comes with next generation Security with a robust OIDC and JWT based capabilities that not only improves the security of the systems and data but also increases the speed at which they communicate.
The platform is built on top of the Kubernetes container management platform to promote cloud ready solutions. And the CDX leverages a combination of the HELM Operator and FLUX to drive the configuration management and repeatability of all environments and applications. This approach alleviates traditional issues of engineers making changes to the system that do not get replicated back into the application or configuration.
The platform leverages Istio as its ingress controller and also as a side car pattern for service mesh. This service mesh is providing Zero-Trust mTLS connectivity between the services maximizing the security of the deployed applications. The CDX has also created a custom Operator Controller following the standard Operator Pattern within Kubernetes. This operator is designed to manage token exchanges for external identity providers to ensure proper RBAC or ABAC controls to services and data is properly managed. This provides a single point of control and observation for auditability for data transfer and data delivery. Atlassian Jira and Confluence facilitate user story tracking and system documentation. Ironclad provides REST API development and automated unit testing for API stability. With data standards such as OpenTracing we have visibility into every system that the data is transmitted to. This is the first best practices observability implementation within the client division and is already breaking ground for successful auditing. Our combination of NextGen practices and technologies delivered through the CDX deployment ensures that the CDX receives secure, fast, and efficient development and sustainment support—all of which ensures that our customer receives the solution they need to integrate data from hundreds of thousands of financial transactions daily.
Today the CDX houses over 40 APIs with plans to integrate data from all FM&C systems from their 50,000-user base community, including Supply Chain, Grants, Workforce Management, Procurement, and Financial systems. In fact, the reusable nature of the APIs has saved our client over $1M in projected labor costs—savings that will continue to accumulate as more systems are added. The CDX implementation has also led to the following key benefits:
• NIST 800-53-compliant IT controls, such as error logging, to address all Notices of Finding and Recommendation (NFRs) related to FM&C’s finance-related systems.
• Best-in-breed API security protocols, such as OAuth 2.0 and Client_ID, to ensure proper authentication and traceability of all access to data within the CDX. By utilizing the AWS GovCloud FedRAMP environment, CDX maintains its IL4 and Authority to Operate (ATO).
• A single pane view to allow enterprise governance and monitoring of API calls to ensure the infrastructure is running smoothly.
• An API Library consisting of reusable templates, coding standards, naming conventions, and APIs to help standardize and accelerate the API development lifecycle.
• Data consolidation processes from subordinate systems accelerated from weeks to days. • Agnostic metric and data analytic tools to monitor transactions across 20,000+ users providing enhanced dashboard reporting for key stakeholders and project management.