At the Ministry of Justice (MOJ), we have thousands of different systems running on many different types of hosting, from modern, hyper-scale cloud providers like AWS and Azure all the way through to physical servers in data centers and server rooms.
We want to move all of these systems to public cloud hosting. This post sets out why and how we’re going to do this, and what we will do once it’s done.
By moving to public cloud hosting we predict we can reduce overall hosting costs by 60% over the long term, presenting the department with a multi-million pound saving opportunity. As well as saving money, moving to the cloud makes us better able to manage, change, improve, and secure our systems and the data they hold, as well as making it easier to make them more resilient to failure.
We need to understand what we have before we can work out how to move it to the cloud
To help us identify the right tools and techniques to apply to the various systems within our estate, we’re grouping our infrastructure under three headings:
- Retirement infrastructure is infrastructure we don’t want to continue running, usually because the systems hosted on it use technologies that are no longer supported, or aren’t able to easily scale or be managed automatically. This is where most of our most expensive contracts and oldest systems are. Some of these systems are built in ways that make them hard to move off of this sort of infrastructure, so we have to identify which systems require that extra care.
- Modernisation infrastructure is infrastructure that’s in the public cloud, but the applications running on it are not cloud native yet. It allows us to take advantage of the cost savings of public cloud hosting, but may not be able to be easily managed at scale (for example, applying security updates to all the underlying systems at once, in a predictable manner).
- Cloud native infrastructure is infrastructure that’s able to be managed all at once, with clear separation between the applications and the infrastructure (using containers), is resilient to failure, and can easily scale. We, like much of the rest of the industry, are using Kubernetes as the basis of our cloud native infrastructure.
We’re saving millions of pounds by closing down and consolidating retirement infrastructure
We’re working to move as many systems as we can out of retirement infrastructure and into modernisation infrastructure, and turning off systems that aren’t needed anymore. As we do this, we’re ending contracts for that infrastructure and identifying ways to better support them.
We’ve achieved a lot already. We’ve moved (or turned off, where appropriate) all of the systems that support Her Majesty’s Prison and Probation Service to modernisation infrastructure. We’re also in the process of moving many of the Legal Aid Agency’s systems.
Where systems can’t be moved directly to modernisation infrastructure in the public cloud, as is the case with some of the Legal Aid Agency’s systems, we’re moving them to new, more cost-effective retirement infrastructure environments that give us more control. From there, we can work out how best to move them to the cloud or eventually turn them off.
We’re making our modernisation infrastructure cloud native
We will keep improving the systems in our modernisation infrastructure until they’re cloud native and, when they are, move them onto our Cloud Platform. We’re trying to reduce the amount of manual administration we do on every system, making them easier to run and update. Doing this makes us able to more respond quickly security threats and bugs and spend more time improving our systems and making them more resilient.
Many of the systems we’ve moved from retirement infrastructure into modernisation infrastructure weren’t built to be cloud native, and we’re working to automate management of their infrastructure and deployments.
Some of our other systems were built in the cloud and have some automation around them, but aren’t what we’d consider cloud-native. We’re gradually making them better, and moving them to the Cloud Platform when we can.
This improves our ability to operate our systems en masse, makes us better able to respond to incidents, control access to data they store, and allows our teams to focus more on delivering the best services they can.
We’re making our cloud native infrastructure evergreen
The modern platform of today is tomorrow’s legacy. We’re working to make our Cloud Platform evergreen, constantly improving it and changing it without impacting our users.
We’re building the Cloud Platform around Kubernetes, because that’s emerged as the industry standard for this kind of work. The Cloud Platform’s first tenant (the LAA fee calculator, part of the the system used to manage claims for criminal legal aid) went live a few weeks ago.
We’re also keeping an eye on other architectures (like serverless computing) to make sure we’re always ready for what’s coming next, and can keep moving our systems into the best hosting infrastructure the future has to offer.
We’ve made great progress, but there’s more to do
Like any government department, we have lots of old systems that are in need of attention. We’re working hard to make sure we can look after them more effectively alongside building new things.
We want our teams to be able to deliver the best services they can, and continually improving our hosting estate helps do this while dramatically reducing how much we spend to run all of our services.
We’ve made great progress on this so far. We’re saving tens of millions of pounds moving things out of retirement infrastructure and turning off things we don’t need. We’re also modernising our cloud infrastructure, and building new things with longevity and ease of maintenance in mind from day one.