Leveraging Cloud Platform to Better Support Texas Oil & Gas Royalty Reporting

Cory Wilburn, Chief Information Officer, General Land OfficeSamuel Chen, Executive Consultant, Red River

About this Presentation

THREE PARTS1. Background Information about the Agency and the

Business2. Information about the Project Goals and Contracting

Process3. Technical Information about the Solution

About this Presentation

TWO PERSPECTIVES1. Thought Process of an IT Leader2. Technical Considerations of a Technology Solution

Architect

Texas General Land Office – A Little History

• In 1836 the Republic of Texas formed the General Land Office to manage the vast land holdings of the nation of Texas.

• The Texas Constitution of 1876 set aside half of Texas’ remaining public lands to help finance public schools.

Making that $$$ for Education

Oil & Gas are the Primary Royalty Drivers

• Currently manage ~13 million acres of land.

• Deposited more than $16.8 B in oil and gas revenue since inception.

• Generated over $1B in 2018.

Big Oil Needs Big IT

- Total of XX reports per month -- Each report must pass over 200 data validations -

Royalty Reporting and Control (RRAC) Application

• RRAC is one of the agency’s most important information resources.• No COTS solution available.• Custom-built web-based software application, launched in

2011. • Runs in the in the GLO’s data center in Austin.• No serious issues with the system.

Being a Trusted Advisor and Strategic Partner

• IT proposed this project.

• The business unit does not think about technical architecture.

• The business unit does not (usually) understand how to leverage technologies like cloud.

• This application helps generate $$, a commercial business would make this move.

Project Objectives• Reduce the risk of service interruption by

transitioning RRAC to a commercial cloud provider.• Improve the system’s resiliency and

performance• Reduce the amount of effort to maintain and

support the underlying IT infrastructure, including hardware and operating systems

Project Approach

• DBITS Contracting Vehicle

• Two Main Phases• Analysis and Design Phase• Implementation Phase

Benefit of this approach is that the vendor confirms the initial assumptions and provides additional options.If the agency is satisfied with the direction, the project continues.

Analysis and Design

• Thorough analysis of current state and performance benchmark• Architectural design of future state based on major cloud

platforms• Cloud options technical evaluation and cost analysis• Agency selection of cloud platform based on a set of

criteria, including cost estimates

Architectural Design

• Analyze the current system architecture and design a new architecture leveraging the cloud native capabilities

• Breakdown the application into multiple components• User Interface• Backend Services Layer• Database and Synchronization

• Two design options were provided for each component, with pros and cons for each option

Phase 2 - Implementation

• Detailed architectural design based on selected cloud platform• Breakdown the implementation scope into multiple tracks /

features• Follow agile software development processes to iteratively

deliver those features

Technical Implementation

• Leverage the cloud platform (PaaS) and managed services as much as possible• File storage -> cloud storage (S3)• Local database -> cloud managed database (RDS)• Local web server -> managed application service (Beanstalk Tomcat)• Database search -> managed elastic search• Use S3 for hosting static content – frontend code (HTML/CSS/JavaScript)• Use Cloud Front for edge content delivery• Use API Gateway to secure the API endpoints(The only infrastructure used in the new architecture is the bastion host)

Technical Implementation – Cont’d

• Strategic implementation of cloud-based infrastructure and services• Okta identity and access management (IAM) service• Elastic search service• Data sync service to support a hybrid infrastructure

• Code changes to leverage cloud services• Cloud storage• Cloud-based IAM service

• Performance benchmark with existing system and performance testing after the migration

Original Architecture

Cloud Architecture

Benefits

• Scalability• Inherent auto-scaling capability from the cloud platform• Auto-scaling configured for bastion hosts and beanstalk Tomcat web service

• Availability• Multi-AZ (two availability zones) for all components, except for the global services

which come with inherent high availability• Moved from disk-based storage on a file server to more durable cloud storage

• Security• Compliant with Texas Cybersecurity Framework• Okta IAM integration for user authentication and authorization• Bastion host access management with Okta

Benefits – Cont’d

• Developer Experience• No need to change the toolset or development languages• The build and deployment processes may be a little different

• IT Operations• Minimal hardware / operating system infrastructure to manage after the

migration. Only the bastion host requires full stack management• Cloud native toolset for backup, monitoring and cost management

• End-User Experience• No change to end-user experience with the application• The login process has changed due to the Okta integration

Training and Documentation

• Provided training on the architectural design early in the project so that the agency staff are comfortable to provide feedback on the cloud hosting model and the architectural design

• Before User Acceptance Testing, provided documentation and training sessions for both developers and system administrators• Fully documented each component in the architectural design• Provided installation and configuration guides• Provided training materials in various formats, including videos and

PowerPoint presentations

Observations and Recommendations

• The architecture has evolved based on availability of new services• The web application firewall (WAF) could only be associated with

CloudFront. Later it can be associated with the API Gateway directly• Discovered cloud instances of better configurations, but for same cost• Okta IAM is leveraged to manage the access to the bastion hosts

• Recommendations• Keep the architecture evergreen. Periodically review (e.g. every six

months) the new services and apply them to enhance your applications when there is a fit

• Implement on-going cost monitoring• Periodically review available features and configurations. Upgrade/adjust

for performance/cost purposes

Takeaways

• Perform cloud platform assessment based on agency needs• Love the fact that we have analysis and assessment prior to

implementation• The depth of assessment depends on when the agency is comfortable with

an educated choice

• There are a lot of choices available to host your applications. The architectural options can help the agency to understand the pros and cons of those choices

• Expect to have a hybrid hosting infrastructure with data sync configuration

Takeaways – Cont’d

• Implement cloud infrastructure services that can be shared by other applications to be migrated later

• Close collaboration is required between the vendor project team and the agency staff, including the development team, the infrastructure team and the security team

• Take into considerations the learning curve for the agency staff in your project plan

• Make training as part of the project requirements to ensure the agency staff are comfortable to maintain and support the cloud applications