Bangladesh NDC's AWS Cloud Migration: A DevOps Success Story Driving International Collaboration

Navigating Cloud Migration and DevOps Excellence: A Case Study in AWS, Bangladesh NDC, and International Collaboration

In the rapidly evolving landscape of cloud computing and DevOps, organizations are increasingly turning to hybrid and public cloud solutions to enhance scalability, security, and efficiency. This blog post dives into a real-world project involving the Bangladesh National Datacenter (NDC), AWS Public Cloud, and advanced DevOps practices. We'll explore the collaborative efforts behind key applications like FortifyMIS and DFQT Plus, highlighting the role of global players such as Hewlett Packard Enterprise (HPE), a German development vendor, and local innovators like Business Automation Ltd.'s Webcrafter team. As part of this journey, I'll share insights from our DevOps team's contributions, which not only ensured seamless migrations and deployments but also opened doors to international opportunities.

Background: The Ecosystem of GAIN and Key Stakeholders

The Global Alliance for Improved Nutrition (GAIN) is an international organization focused on tackling malnutrition through innovative programs and partnerships. In Bangladesh, GAIN's initiatives often intersect with national infrastructure, such as the Bangladesh National Datacenter (NDC), a government-backed facility designed to host critical data and applications for public services. The NDC provides a secure, on-premises environment, but as demands for scalability grow, integrating public clouds like AWS becomes essential.

The development of core applications for GAIN's projects in Bangladesh involved multiple vendors:

• Hewlett Packard Enterprise (HPE): Handled initial development phases, leveraging their expertise in enterprise hardware and software solutions.
• German Development Vendor: Contributed to foundational architecture, bringing European standards of precision and compliance.
• Business Automation Ltd.'s Webcrafter Team: Took over the development of FortifyMIS, a Management Information System (MIS) likely aimed at fortifying data management for nutrition and health programs. This handover ensured localized customization and ongoing enhancements.

Two flagship projects stood out:

• FortifyMIS: An application for streamlined data collection, analysis, and reporting in nutrition initiatives.
• DFQT Plus: A newly deployed tool, possibly focused on Digital Food Quality Tracking (DFQT), enhancing supply chain monitoring for food safety and quality.

These projects required a blend of on-premises stability from NDC and the elasticity of AWS Public Cloud, setting the stage for sophisticated DevOps interventions.

Our Role: Cloud Migration and Deployment Mastery

Our team's involvement centered on two critical tasks: migrating FortifyMIS to the AWS Public Cloud and deploying DFQT Plus from scratch. This was executed by our DevOps specialists in collaboration with the Cyber Incident Response Team (CIRT) and Infrastructure (Infra) units. The goal? To modernize these applications while maintaining high availability, security, and compliance with international standards.

Why AWS and NDC Integration?

• Bangladesh NDC: Served as the foundational datacenter for hosting sensitive government-related data, offering low-latency access and regulatory adherence.
• AWS Public Cloud: Provided global scalability, cost-efficiency, and advanced services like EC2 for compute, S3 for storage, and RDS for databases. Migrating to AWS allowed for burstable workloads, auto-scaling, and disaster recovery features, which are crucial for GAIN's international operations.

The migration process involved:

1. Assessment and Planning: Evaluating existing NDC setups for compatibility with AWS, identifying data transfer needs, and mapping dependencies.
2. Data Migration: Using AWS Database Migration Service (DMS) and Snowball for secure, efficient transfer of datasets from NDC to AWS.
3. Application Refactoring: Containerizing apps with Docker to ensure portability between NDC's on-premises environment and AWS's cloud-native services.
4. Testing and Go-Live: Rigorous load testing in AWS staging environments, followed by blue-green deployments to minimize downtime.

For DFQT Plus, we focused on greenfield deployment:

• Leveraging AWS Elastic Kubernetes Service (EKS) for orchestration.
• Integrating with NDC for hybrid data syncing via AWS Direct Connect.

This work caught the eye of GAIN and HPE executives, who praised the seamless execution. It not only demonstrated our capability in handling complex migrations but also positioned us for broader international collaborations, enriching our team's expertise in working alongside HPE on global-scale projects.

DevOps in Action: Tools and Best Practices

At the heart of these successes was our robust DevOps pipeline, built around Kubernetes ecosystems and GitOps principles. We utilized lightweight and full-fledged Kubernetes distributions to cater to different project needs:

• k0s and k8s (Kubernetes): For both FortifyMIS migration and DFQT Plus deployment, we deployed k0s—a minimalistic, CNCF-certified Kubernetes distribution—for lightweight clusters in development and staging. In production, we scaled to full k8s via AWS EKS, ensuring high availability with multi-AZ setups. This dual approach allowed for rapid prototyping while maintaining enterprise-grade reliability.

• GitLab Runner with ArgoCD: Our CI/CD pipeline was powered by GitLab Runners for automated builds and tests. Deployments were managed through ArgoCD, a declarative GitOps tool that synchronizes desired states from Git repositories to Kubernetes clusters. This setup enabled:

  • Version-controlled infrastructure as code (IaC).
  • Rollouts with canary releases to reduce risks during migrations.
  • Integration with AWS services like CodePipeline for hybrid workflows.

• Sealed Secrets for Enhanced Security: Kubernetes ConfigMaps and Secrets are vital for managing configurations, but they pose security risks if exposed. We implemented Sealed Secrets (from Bitnami) to encrypt sensitive data at rest. This adds an extra layer of protection:

  • Secrets are encrypted using asymmetric cryptography and stored in Git.
  • Upon deployment via ArgoCD, the controller decrypts them only within the cluster.
  • This was particularly crucial for handling API keys, database credentials, and compliance data in GAIN's projects, ensuring alignment with GDPR and local Bangladeshi data protection laws.

Here's a high-level overview of our DevOps stack in a table for clarity:

| Component | Tool/Technology | Purpose in Projects | |-----------------|-----------------------|--------------------------------------| | Orchestration | k0s & k8s (EKS) | Container management and scaling | | CI/CD Pipeline | GitLab Runner | Automated builds, tests, and deployments | | GitOps | ArgoCD | Declarative, version-controlled rollouts | | Security | Sealed Secrets | Encrypted ConfigMaps for sensitive data | | Cloud Platform | AWS Public Cloud | Scalability, storage, and compute | | On-Prem Integration | Bangladesh NDC | Hybrid data hosting and compliance |

This toolchain not only accelerated deployments but also reduced manual errors, achieving deployment times under 5 minutes for updates.

The Ripple Effect: Opportunities and Knowledge Gains

The successful migration and deployment didn't just end with project delivery—they sparked significant opportunities. GAIN's recognition led to invitations for further collaborations on international nutrition tech initiatives. Partnering closely with HPE exposed our team to cutting-edge practices in enterprise cloud architecture, from HPE GreenLake integrations to advanced AI-driven monitoring.

Key takeaways:

• Experience Enrichment: Hands-on work with AWS migrations honed skills in cost optimization (e.g., using AWS Savings Plans) and security (e.g., IAM roles and VPC peering).
• International Exposure: Working with global vendors like HPE and the German team fostered cross-cultural DevOps best practices.
• Future-Proofing: Adopting tools like ArgoCD and Sealed Secrets positions us for emerging trends in zero-trust security and multi-cloud strategies.

Conclusion: Embracing DevOps for Global Impact

In summary, our journey with GAIN's projects in Bangladesh exemplifies how DevOps, combined with AWS and NDC, can drive transformative outcomes. From migrating FortifyMIS to deploying DFQT Plus, the blend of innovative tools and collaborative spirit not only met technical challenges but also unlocked doors to international arenas. For teams eyeing similar migrations, start with a solid assessment, embrace GitOps, and prioritize security— the results can be game-changing.

If you're involved in cloud DevOps or public sector tech, I'd love to hear your experiences in the comments. Stay tuned for more deep dives into Kubernetes security and AWS hybrids!

Author's Note: This post is based on real project experiences at Business Automation Ltd. All tools and practices mentioned are open-source or AWS-native where applicable.

#CIRTandInfra #DevOps