Why Platform-as-a-Service matters for the Singapore government
Governments around the world are recognising the importance of embracing digital services. Many have taken the lead, with notable ones being the US Digital Service, UK Government Digital Services and the Government Digital Services at GovTech.
Even though there has been a lot of success in the adoption of agile development and digital services, deployment and operations have still been a challenge for public sector applications and services. Infrastructure and deployment are heavily regulated in the public sector, which slows down the delivery cycle to days or even months.
Cloud services have been the key fuel for the delivery of digital services but the adoption of such services has been quite limited across governments around the world. Cloud offers several benefits over maintaining data centers and infrastructure teams but the issues around data security, compliance, ownership, control and sovereignty have prevented governments from adopting it for classified and sensitive systems.
Attempts have been made to build cloud-like services on-premise with limited success. On-premise solutions for digital services typically get developed in isolation and have monolithic design. Security compliance is complex and the cost of developing such an infrastructure for every digital service is very high.
Infrastructure based on Virtual machines (VMs) are slow and inefficient for microservices-based applications. VMs are slow to start up and shut down, and come with a substantial overhead when deploying microservices on them.
Digital services and cloud native apps
Applications that are specifically designed for the cloud model are often referred to as cloud native applications. They are built and deployed in a more frequent pace by dedicated agile teams enabling the organisation to be more resilient and portable across disparate cloud services out there.
Cloud native applications that are designed as 12 factor apps remove the direct dependency of applications on the underlying platform. Container technology and APIs have revolutionised this space for private clouds, especially with the evolution of standards like docker for containers and REST/json for APIs.
Containers are lightweight and can spin up and down rapidly, making it easy to manage services. Consequently, applications can be scaled up or down rapidly so they can respond quickly to increased demand and load.
For government agencies to get the benefits of cloud hosting, the on-premise virtualisation solutions needed to evolve to the next level of platform — Platform-as-a-Service (PaaS), which supports cloud-native application design. Containers and APIs became an obvious choice in developing such a platform.
The birth of Nectar
The GDS team at GovTech undertook the development of an on-premise Platform-as-a-service (codenamed Nectar) to bring some of the benefits of Cloud to its users across government agencies.
Nectar stands for Next-Generation Container Architecture and is the name given to the Platform-as-a-Service built for Singapore government. It simplifies and speeds up the deployment of digital services for government agencies.
Here are some of the key driving motivations for the platform.
Agility
The platform must have the flexibility required by modern applications in terms of speed and frequency of deployments. It needs to support continuous delivery and automation.
Robustness and security
The platform should improve the security of our applications by automating the processes and integrating security tools while providing dynamic scalability and high performance.
Openness and portability
At the onset, we were looking to adopt open-source technologies to prevent lock-in to proprietary software and achieve flexibility of portability to new platforms.
How Nectar works
The Nectar platform was designed to integrate the complete delivery pipeline pulling the code from source-code repositories, performing the builds, running security scans, deploying the application, scaling on demand and monitoring.
Containerised application delivery
Docker container packaging provided a clean yet powerful way of delivering application packages to the platform. The container packages contain everything the application requires to run.
For orchestration of containers, we use openshift which is based on Kubernetes and commercially supported by redhat.
Self-service provisioning and deployment
The Nectar portal provides a simple user interface with all the information needed for designing cloud-native apps, so that users can self-serve. Self-service capabilities reduce operational needs and manual errors. It also improved turn-around times for setting up new deployments significantly.
Once logged in, users can provision new services dynamically and allocate CPU and memory to their container services as required.
Built-in security scanning tools
Securing apps in the modern internet era is a challenging feat. A huge number of vulnerabilities are discovered regularly and it is challenging for all government applications to adhere to regular scanning and patching, as it is largely a reactive process and done manually. While such methods work to some extent, the cost is huge and the process is error prone. With built-in security scanning tools, the process becomes continuous and seamless.
The figure below shows the flow of the source code, build, scan and deployment which an application has to go through before getting deployed.
Why government agencies should adopt Nectar
There are significant benefits in having a central platform for the hosting of applications for government agencies.
Speed to market
Users can deliver and deploy apps much faster. They don’t have to waste valuable time in setting up the base infrastructure and the delivery pipeline.
Cost reduction
Users benefit from a substantial reduction in cost of developing and maintaining apps with the Nectar platform. There is significant reduction in duplicate work across all government agencies.
Easier compliance
Compliance is made much easier with the users having to only worry about the application security and audits. They don’t have to duplicate the efforts in auditing and complying to policies for the infrastructure.
Dynamic scalability
With the use of containers and 12 factor app design, the applications can be scaled up or down dynamically in a matter of seconds. This optimises the resource utilisation and gives flexibility to the users.
Continuous delivery
With a built-in delivery pipeline, users don’t have to manually do deployment and are able to push bug-fixes and new features quickly.
Other benefits are reduced maintenance efforts, portability through open standards and better application security.
The Nectar platform is being built in stages and already has a few digital services going live on it.
About Nectar Team
Awesome solutions need awesome teams to deliver them.
The Nectar team is a multi-talented team with expertise in different aspects of development of digital infrastructure and services.
Thanks to Johnson Koh and Nina Ee for helping me write this article.
