Unique migration to Oracle Cloud Infrastructure: A Secure and Reliable Application Landscape for CAK

In the first quarter of 2023, we were asked to support CAK, together with Oracle, in the project to bring the application to the cloud. Together with Oracle and the infrastructure specialists, we looked for a suitable architecture within the Oracle Cloud taking into account a number of wishes but also important requirements of this independent administrative body. As the CAK is a government body, they have to meet the security requirements set by the CISO of the central government. In addition, OHI is not only a business-critical, but also socially critical application. It was therefore our responsibility to achieve a reliable migration with minimal impact. 

One of CAK's tough requirements was a Single Pane of Glass for their firewall, which is a management console that displays data from multiple sources on a single screen. Despite this complicated requirement, we managed to keep the same functionality by modifying our software so that it can still meet MCX's service standard. One of the central government's requirements is the use of proprietary encryption keys. Oracle offers a solution for this too, and we have the necessary expertise to effectively implement this requirement within the application landscape. In this way, the application meets the requirements without loss of functionality or security. 

The migration of the entire OHI landscape took place in two phases. Phase one was completed in April 2024 and involved building the OCI infrastructure and migrating only the OHI application, including its databases. The application was also provided with the latest version updates so that it meets Oracle's support requirements. The OHI landscape is according to OTAP principle (Develop, Test, Acceptance and Production) with multiple environments in each street for different purposes. Zoning has been applied to each layer so that there is a clear separation between the different OTAP streets at both technical and functional levels. We developed the right tools that are consistent with this zoning and can provide CAK with the necessary support without compromising on security, reliability or scalability. 

Shortly after delivering phase one, phase two was started. This phase consisted of the migration of OSB, the design and implementation of a storage location for message traffic and the correct adaptation of the connection with external parties that deliver messages to CAK. In designing and implementing the messaging storage location, we developed a solution that gives all processes, users and applications the right rights to the right folders and files. Street zoning also applies here. Together with CAK's infrastructure specialists, this server was set up and offered to the application. To ensure that the OHI and OSB applications do not technically interfere with each other, separate virtual machines were set up for both. 

The entire landscape is fully and at all levels encrypted, in accordance with the requirements defined at the beginning of the project by CAK's security team but also in line with the security guidelines set by the central government. CAK has provided virtual machines in the Oracle Cloud on which our tooling and automated processes can run. This enables us to uniformly perform the technical management of applications and databases so that users at CAK can have fast, reliable and secure applications.

Thanks to thorough preparation, devising innovative solutions and intensive cooperation in a multidisciplinary team, the migration of the OHI landscape can be called a great success. In this unique project, the combination of requirements and applications proved to be a unique challenge even for Oracle. This achievement underlines the expertise and motivation of all parties involved.

For questions, feedback or more information please contact Mark Kempers, Infrastructure Specialist at MCX at mkempers@mcx.nl or linkedin.com/in/markkempers.