The data center powering California’s water management
Connecting state and local government leaders
The California Department of Water Resources’ software-defined data center reduces complexity, increases security and speeds the deployment of business systems.
In California, water management is a big deal, and the IT infrastructure at the California Department of Water Resources needed a major refresh.
Managing the state's entire water delivery system requires CDWR to coordinate data across federal, state and local government organizations, run environmental impact studies and provide customer service. CDWR, however, had limited data sharing and recovery abilities, which affected security and operational and decision making processes.
CDWR opted for a software-defined data center to support the 33 departments of its parent agency, the California Natural Resources Agency, which was looking to speed the deployment of business systems and automate processes and security measures.
CDWR began its transition from a traditional physical data center to a cloud-based, software-defined data center in March of last year, according to CTO Tony Morshed.
The agency defined three phases for its cloud infrastructure project and has already completed the first two phases: the virtualization and deploying a multitenant hybrid cloud.
Morshed and his team adopted the VMware ESX hypervisor and NSX network virtualization platform to reduce workload deployment time and automate service delivery. By simplifying the provisioning process and bringing in automation, “we can let [internal groups] self-provision a single workload or a whole application at once,” he told GCN.
To ensure security during the migration, the agency adopted Palo Alto Networks Next-Generation Security Platform to protect moving workloads and block malware. The platform uses Wildfire malware analysis and Panorama firewall management to prevent spearfishing attacks and data breaches, and is deployed at the hypervisor level.
The upgrade process took some time, but Morshed said the team kept the other departments informed while building out the hybrid cloud. Once it was finished, the agency started by migrating smaller departments. Before long, he said, all departments saw the financial benefits of moving to CDWR’s data center and began migrating their workloads.
For its third phase of the infrastructure build -- the software-defined architecture -- the agency used Arkin Security and Operations Platform to reduce the complexity resulting from connecting the many software-defined layers and previously siloed systems.
“Our infrastructure did get somewhat more complex,” CDWR Senior Engineer Joel Rich said. “Using software-defined networking as part of our software-defined data center in particular…we [lost] some visibility that we had before with physical devices.”
The Arkin platform models the entire data center and provides visibility across the domains of compute, network and security for physical, virtual and cloud. This visibility across the management, control and data planes increases security and automation compatibility.
Arkin’s platform gave the CDWR team visibility into the VMware and Palo Alto Networks firewalls within the new cloud environment, enabling them to follow, analyze and internally control network traffic and activity, define security groups and firewall rules and manage end-to-end data center operations.
Morshed said one of the first benefits he noticed with Arkin was the ability to visually follow the life of a workload, application or packet and to easily see where and when any problems occur.
The platform’s visibility also contributed to stronger security as the system became more complex because it monitors the traffic traveling within the data center to reduce the risk of more sophisticated threats and attacks, according to Arkin CEO and cofounder Shiv Agarwal.
“The focus is now … securing within the data center,” or what Agarwal called east-west visibility to monitor machine-to-machine data movement. “In that process, visibility has become key,” he said, because of the importance of tracking backend traffic and activities to ensure the overall security posture of the data center environment.
What the Arkin platform also gives CDWR is a vendor-neutral window -- a joint virtual and physical approach to data center and cloud management -- that enables the department to work with competing infrastructure vendors, Agarwal told VMblog.
“Now we have a tool that basically everybody can access from the infrastructure group, and they get eyes into what’s happening to the various pieces, whether it be network, storage or compute,” Rich added.
Morshed said CDWR is expecting to migrate all production workloads within a month. “When that happens, all our new workloads will go in the new data center and we’ll collapse our existing data center into that data center,” he said.
And according to Agarwal, the new data center could be a model for other agencies looking for a similar solution. The CDWR project, he said, will “be meaningful to them and other state departments for a long time to come.”