Based in New South Wales, icare is one of the largest insurers in Australia. The public financial corporation administers workers compensation insurance for more than 296,000 businesses and 3.7 million employees. It also insures more than $184 billion worth of state assets, including high-profile locations such as the Sydney Opera House and the Sydney Harbour Bridge.
Cloudten focuses on long-term strategic relationships with enterprises and government agencies throughout Australia. It has been working with icare to help it deliver better coverage, treatment, and care to the people of New South Wales.
From the outset, Cloudten used its comprehensive cloud transformation capabilities to help icare adopt a cloud-centric approach to IT. “We didn’t want to run data centers and deal with refreshing hardware every five years,” says David Johnston, head of infrastructure at icare. “Cloudten’s expertise helped us gain cloud flexibility and agility for our business, including the ability to innovate, try things out, and shut them down as needed without incurring long-term costs.” Cloudten continued working with icare in subsequent years, overseeing several architectural redesigns of the insurer’s IT environment.
With no data centers, icare’s employees use the Internet to access collaboration, communication, and productivity services such as email, voice, and file sharing. The company’s on-premises proxy server constrained its Internet access. It often ran at 99 percent capacity, resulting in serious bandwidth bottlenecks. “Users experienced slow connectivity and even rolling outages, especially during high-usage times of day and when many remote employees were trying to access the network,” says Johnston. “icare needed a secure, scalable internet gateway to increase performance so its people could work without interruption.”
Cloudten’s knowledge of icare’s applications, systems, and business processes made it the right choice to solve the connectivity challenge. “When we got to the point where we were looking at options for our network, Cloudten was already embedded in our infrastructure practice, so it was a natural part of our team,” says Johnston.
Cloudten recommended AWS as the best platform for a scalable, secure, cost-optimized internet gateway. It collaborated with icare to design and deploy a high-performance solution using two 500MB AWS Direct Connect links to establish a dedicated network connection to the AWS Cloud. There, Sophos Unified Threat Management (Sophos UTM) virtual appliances running on Amazon Elastic Compute Cloud (Amazon EC2) instances serve as category-based web proxies, intrusion prevention systems, virtual private network connections, and firewalls.
Cloudten chose Sophos UTM because it could provide high performance and resilience while being easy to update. A “queen” command-and-control module stores the system configuration in Amazon Simple Storage Service (Amazon S3). When changes are made, the queen publishes them to an Amazon Simple Notification Service (Amazon SNS) topic. “Worker” instances that process traffic are combined in an AWS Auto Scaling group to balance CPU load and are spread across three Availability Zones for redundancy and high availability. The workers subscribe to the Amazon SNS topic, so that when a configuration change is posted by the queen, they are updated in near-real time with the latest rules. Machines connect to Elastic Load Balancing.
Cloudten built AWS CloudFormation templates to deploy the Sophos virtual appliances automatically across multiple Availability Zones. “Using AWS CloudFormation enables the system to automatically scale up when needed during times of heavy internet usage, and then scale back down to match demand,” says Richard Tomkinson, founder and principal infrastructure architect at Cloudten. “That reduces costs, because instances only run when they are needed. Additionally, if any single Sophos UTM instance goes down, the solution automatically rebuilds it in minutes.”
The infrastructure-as-code approach makes it easier to test new configurations. “When we have a new feature coming through, we can test the network configuration in a completely isolated environment, tear it down, and then deploy the proven configuration in production exactly as built,” says Tomkinson.
Rolling out the solution was a smooth process. icare gradually migrated 1,200 staff from the constrained on-premises gateway to the highly scalable AWS Direct Connect solution over the course of about three months with no outages.
Using the AWS gateway, icare was able to meet high standards for data security. “The solution conforms to both the Australian Information Security Manual standard and the Center for Internet Security cloud standard, so icare can be confident that the data traveling across these connections is well protected,” says Tomkinson.
icare employees now have reliable internet performance for maximum productivity. “Using AWS Direct Connect, we helped icare achieve high-performance internet connectivity to realize the full benefits of a cloud-only approach to IT,” says Tomkinson.
Both users and IT administrators have benefited from the change. “We no longer need to put a lot of effort into managing connectivity,” says Johnston. “Most importantly, our workforce can always access the tools they need to deliver the best possible service to the people and businesses of New South Wales.”
Learn about AWS Direct Connect.
Cloudten Industries is an Advanced Consulting Partner in the Amazon Web Services (AWS) Partner Network. Headquartered in Sydney, Australia, Cloudten employs AWS-certified staff who are specialists in all aspects of cloud architecture and DevOps techniques, with emphasis on security, application integration, and related technologies. Working closely with AWS, Cloudten delivers end-to-end competencies to implement secure, compliant workloads within regulatory frameworks across enterprise and government.