Skip to Main Content
Skip to Navigation
Accessibility Statement
Home Cloud Private cloud 101

Private cloud hosting 101

Use this guide to learn about private cloud hosting in the B.C. government and determine if it’s the right option for your product or service. If you are not sure about the right hosting platform learn more about the capabilities and features of the application hosting services.

Last updated on

What is the Private Cloud OpenShift Platform

The B.C. Government Private Cloud Platform as a Service (PaaS) is a reliable and secure application hosting platform for deploying and running government services.

Read described transcript

Describer: A woman with blue rimmed glasses, a silver nose ring and hair up in a loose bun is wearing a light pink and white hoodie over a black t-shirt. She is sitting near a window overlooking a street where you can see a brick wall, trees, a lamp post, bus stop and the glass balconies of the buildings on the other side of the road. 

A transparent black bar fades in and out in the lower third. White text is displayed over top that says “Cailey Jones, Senior Platform Administrator.” 

Cailey Jones: My name is Cailey Jones and I am a senior platform administrator for the OpenShift  platform with the Digital Office. 

Describer: A bald man with a short, trimmed beard wearing a black crewneck sweatshirt over a gray t-shirt. He is sitting near a window and a door. The door is covered in blue green quadrilaterals, and the view out the window is a brick wall. 

A transparent black bar fades in and out in the lower third. White text is displayed over top that says “Oamar Kanji, software developer.”

Oamar Kanji: Hey, I’m Oamar Kanji. I’m a software developer here at the ministry of Citizen’s Services. 

Describer: A man with short curly hair, wearing an un-zipped navy-blue fleece jacket over a gray t-shirt is sitting in a beige pilot’s chair. He is sitting in a room with turquoise wall on his right and a while wall with a frosted over window on his left. There is a white light switch on the white wall above his left shoulder.

A transparent black bar fades in and out in the lower third. White text is displayed over top that says “Nick Corcoran, Security Architect.”

Nick Corcoran: Hi, I’m Nick Corcoran, I’m the security architect on the platform services team. 

Describer: A woman with gold, round rimmed glasses, shoulder length hair and a necklace with a wire shaped diamond is wearing a beige sweater. She is standing in front of a light blue wall. 

A transparent black bar fades in and out in the lower third. White text is displayed over top that says “Alex Lloyd User Experience (UX) Researcher.” 

Alex Lloyd: My name is Alex Lloyd, and I’m the UX researcher for the private cloud team. 

Describer: A woman with dark shoulder length hair is wearing a pink ascot scarf and a beige knitted sweater. She is sitting in a beige captain’s chair in front of a white book shelf in a room with a turquoise wall, a brick cover pillar and a window that is covered by dark brown blinds.

A transparent black bar fades in and out in the lower third. White text is displayed over top that says “Olena Mitovska Director of Private and Public Cloud Services.”

Olena Mitovska: My name is Olena Mitovska, I’m the director of private and public cloud services in the Digital Office, in the ministry of Citizen’s Services in the BC Government. 

Describer: A black screen with white text that reads “What is OpenShift?”

Cailey Jones comes on screen in the same setting as before.

Cailey Jones: OpenShift is a development platform that we’re using for modernizing the way software gets developed in government.

Describer: Alex Lloyd comes on screen in the same setting as before.

Alex Lloyd: It allows for teams to build modern cloud-native applications in a very easy and safe environment. 

Describer: A black screen with white text that reads “How does OpenShift benefit software teams?”

Olena Mitovska comes on screen in the same setting as before.

Olena Mitovska: The benefits of the private cloud OpenShift platform go beyond just the technology. 

While working on the platform, you will be a part of the community of more than 150 other product teams that strive to initiate a culture shift within the government that values collaboration, communication and speed. This is a community that takes care of and supports each other and works together to solve the unsolvable.

Describer: Oamar Kanji comes on screen in the same setting as before.

Oamar Kanji: OpenShift makes it easier for teams to provision their server resources and go through that journey.

Describer: Nick Corcoran comes on screen in the same setting as before.

Nick Corcoran: The big value is the speed, right? The speed at which we can produce a viable product that’s going to deliver business value and reduces those barriers that we’ve had traditionally of having to do things through iStore requests. 

The other big thing is that there is a lot of sharing within our community. So, the ability to leverage those images or code that other teams have produced already gives us a great starting place and lets us deliver the value to our businesses even faster.

Describer: Cailey Jones comes on screen in the same setting as before.

Cailey Jones: We use OpenShift because it is based on the Kubernetes technology, which is a technology for running containers that is a very commonly used open-source technology. So it has a lot of support in the community and OpenShift is specifically a type of Kubernetes that is run by Red Hat, so we kinda get the best of both worlds. The benefit of open source, and the benefit of having a vendor supported product.

Describer: Oamar Kanji comes on screen in the same setting as before.

Oamar Kanji: I really enjoy the documentation and some of the guides provided by Red Hat, and for me that’s been the best part. Because I have an idea of what I want to do and I don’t have to look too far to find good documentation that can show me what I need to do and all the commands necessary. So for me, that’s been the best part and that is what makes it easy. 

Describer: A black screen with white text that reads “Which application run on the BC Gov’s OpenShift platform?”

Olena Mitovska comes on screen in the same setting as before.

Olena Mitovska: We have close to 400 applications running in the private cloud OpenShift platform. All of the applications are important and provide essential services to the citizens of British Columbia. Among other services we have court services that judges use in the courtrooms to obtain materials for hearings. RCMP services, family and child support services, natural resources ministries have multiple applications hosted on the platform as well, including wildfire predictive services and mines digitial services. BC Registries and Service BC teams host services on the platform as well.

Describer: Nick Corcoran comes on screen in the same setting as before.

Nick Corcoran: The ability that teams have had to be able to stand things up quickly, especially when we’ve had things come up like our COVID registration have been super valuable to the public and that’s really the one that comes to mind as the big one for me because of the impact it had.

Describer: Alex Lloyd comes on screen in the same setting as before.

Alex Lloyd: I think the application I use the most on the platform is the BC Services Card and during the height of the pandemic I probably used the vaccination app the most, the vaccine card.

Describer: Cailey Jones comes on screen in the same setting as before.

Cailey Jones: I think a really good example of an application running on the OpenShift platform is one of the very first ones that I had the opportunity to work on, or I guess, work with the team that was developing. It was an application that was developed to help BC cattle farmers be able to schedule their access to the public grazing pastures. It basically was just a calendar in which people could schedule access to the pastures. It wasn’t a particularly big project, and one of the problems that the Government was facing previously with the way software was developed was that there was a lot of overhead. It made the development of these really small applications not very financially feasible.  

OpenShift really helped to change that and made that kind of application a lot more financially viable so it was something that was one of the first applications on OpenShift and I think works really as an example of some of the stuff that might never have been done if not for the creation of the OpenShift platform. 

Describer: A black screen with white text that reads “How does OpenShift help with security?”

Nick Corcoran comes on screen in the same setting as before.

Nick Corcoran: One thing that is huge about security is that it’s all about driving down the opportunity for bad things to happen. Part of that can happen as a result of human error. A lot of our tooling is built on automation, which helps reduce that opportunity for human error to happen. So it allows for consistency and reduces that footprint of errors that could become exploitable in the future. We also have tooling on our platform to help teams understand where their weaknesses are within their code, within the images that they deliver so that they can remediate those before they can get exploited. 

Describer: A black screen with white text that reads “What is containerization?”

Alex Lloyd comes on screen in the same setting as before.

Alex Lloyd: I guess the way containerization was explained to me as a non-technical person was if you have different rooms in an apartment, so you have different environments, and if something goes wrong in one environment it’s not going to affect all the different rooms. So if you have a flood in one room, the whole house isn’t flooded, it’s just contained in one room.

Describer: Oamar Kanji comes on screen in the same setting as before.

Oamar Kanji: Containerization… it’s really helpful because it solves the “oh, it worked on my computer” problem… “but for some reason it’s not working on yours.” So once an app is containerized, we can all play with it use it because we’re all using the exact same thing.

Describer: Cailey Jones comes on screen in the same setting as before.

Cailey Jones: Not all applications are suited for containerization, but a lot of applications, especially the sort of applications that are run by government and especially the ones that are citizen-facing really benefit from containerization. 

Containerization allows us to develop software using these sort of modular images. It means that the first time that you say, create a container to run a database, you now have that and can re-use that again later even for slightly different purposes. It’s very efficient when it comes to being able to add more containers of the same software to be able to handle additional load. 

Describer: A black screen with white text that reads “Where is the data stored?”

Alex Lloyd comes on screen in the same setting as before.

Alex Lloyd: So we have two data centres. One is in Kamloops and our fallback data centre is in Calgary, Alberta.

Describer: Nick Corcoran comes on screen in the same setting as before.

Nick Corcoran: We’re also investigating some other clusters within the public cloud space, that will provide some value there, but we’re still in the early days of investigating that. 

Describer: A black screen with white text that reads “How much does this cost?”

Olena Mitovska comes on screen in the same setting as before.

Olena Mitovska: Building and hosting your new service on the private cloud OpenShift platform is free today. It will continue to be free at least until the end of 2023/2024 fiscal year. So we don’t expect there will be any cost recovery model in place, at least until April 1st 2024.

Describer: Nick Corcoran comes on screen in the same setting as before.

Nick Corcoran: Now, free from a financial standpoint in hosting, the ministry teams still have to pay for their developers and any contractors that they may need to develop their applications. 

Describer: A black screen with white text that reads “cloud.gov.bc.ca/private-cloud” on the top line and the bottom line reads “platformservicesteam@gov.bc.ca”

Narrator: If you’d like to find out more about our service, check out the documentation on our website or reach out to us at platformservicesteam@gov.bc.ca.

Understanding Red Hat OpenShift

Red Hat OpenShift is a platform that allows you to build and deploy applications in the cloud. It has 3 key characteristics.

Enterprise-level platform

Enterprise-level platforms provide the technology and tools required to build multiple applications and integrations across an organization. We evaluated OpenShift’s functionality to make sure it met the needs of product teams across the B.C. government. 

Container platform

OpenShift is a container platform. On this type of platform, all the code and components associated with an application are grouped into a container or unit of software. A container will include everything an application needs to run quickly and reliably from one computer system to another or through multiple deployment environments.

Kubernetes system

OpenShift is built on Kubernetes, an open-source container platform. Kubernetes helps developers manage the services and workloads associated with managing containers by automating many of the manual processes. OpenShift builds off of Kubernetes to provide additional features and functionality.

Why we chose OpenShift

When looking for a platform to host B.C. government applications in the private cloud, we wanted a solution that leveraged Agile methodology, explored new team structures, improved digital delivery and focused on enabling developers and their teams. Red Hat OpenShift delivers on these requirements and provides opportunities to expand in the cloud space.

Platform advantages

Self-serve

Provides a controlled but flexible environment that lets you focus on your build. This allows you to have control over your own applications, have more efficient deployments and deliver services sooner.

Secure

Includes a broad set of built-in security features that help protect the platform. It’s also compatible with several vulnerability scanning and monitoring tools to keep the platform secure.  

Independent

Ability to build and deploy applications without worrying about the limitations of sharing a server. Containers can perform their operations without interfering with other containers. This means your application won’t affect other teams and their applications won’t affect yours. 

Scalable

Allows for building your application to dynamically adjust computing resources and capacity as load requirements change. With automated scaling, you can be confident your application is getting the resources it needs, when it needs them.

Overview of our service

We build and maintain the B.C. Government Private Cloud PaaS. PaaS products let you develop, run and manage your cloud-native applications without having to build and maintain the infrastructure or platform.

The B.C. Government Private Cloud PaaS is powered by the Red Hat OpenShift Container Platform and is hosted in the B.C. government’s data centres in Kamloops, B.C. and Calgary, Alberta. This platform can be used by ministries, agencies and Crown corporations working with the Government of B.C.

As part of the platform, we provide platform administration and shared tools.

Platform administration

We take care of administration services that allow you to onboard and work on the platform.

This includes:

  • Approving and setting up your namespaces on the platform
  • Running the Platform Product Registry, which automates project provisioning in OpenShift
  • Maintaining the OpenShift platform
  • Providing OpenShift training for you and your team

Shared tools

We purchase, build and maintain the platform’s shared tools, which can be used in your environments.

These include:

  • Sysdig Monitor for monitoring your application
  • JFrog Artifactory and HashiCorp Vault to improve your application security
  • Rocket.Chat and the platform newsletter for communication and platform updates

Requirements

The B.C. Government Private Cloud PaaS is offered to B.C. government ministries, agencies and Crown corporations who are interested in building open-source software for internal or citizen-facing applications. Teams who join the platform should be willing to adopt modern technology architecture and development approaches, including DevOps, Agile and continuous delivery. 

In order to use the B.C. Government Private Cloud PaaS, your team must be able to meet our requirements.

Product team requirements

Funding

It’s important that your application is monitored and maintained throughout its time on the B.C. Government Private Cloud PaaS. For this reason, only fully-funded teams are currently being accepted to work on the platform. To be considered fully-funded, your team must have a sufficient budget to support your application during development and after the initial development is complete.

Team roles

Your product team must include a product owner, DevOps lead and a technical lead.

Product owner

You must be able to identify a permanent government employee on your team who will act as the product owner of your application. 

The product owner is accountable for keeping your application’s code, libraries and supporting tools functional, current and secure. This includes responding to any changes in the platform service or its related technology or tools that may affect your application’s performance. The product owner is responsible for your application throughout its entire lifetime on the platform, including after it’s deployed.

You’ll be asked to provide the name and contact information for your application’s product owner at your initial onboarding meeting.

DevOps lead

You must have at least one person on your team with DevOps skills when you join the platform, who will act as the DevOps lead. The DevOps lead is responsible for ensuring that your application is designed for resiliency and high availability and has monitoring and alerting functionality.

Technical lead

Your team must have at least one, or up to 2, technical leads, who can be listed as primary technical contacts for your application. If a problem is detected with your application or a change in the application is required as part of the platform service updates, the Platform Operations team will contact your technical lead. Your technical lead must be able to respond to these issues or changes and update your application as required. 

The roles of technical lead and DevOps lead can be fulfilled by the same person, if they meet the knowledge and skill requirements for both roles.

Hiring contractors

Ideally, everyone on your product team should work in a B.C. government ministry, agency or Crown corporation. However, if needed, you can hire senior-level contract staff to fill DevOps and technical roles on your team. Product owners must be permanent government employees.

Product team success factors

Before building any applications on the platform, you are strongly encouraged to have the following additional recommended skills and knowledge. 

The ideal product team for the platform:

  • Follows an Agile methodology
  • Uses open-source code
  • Contributes to the B.C. government’s open-source community

If your team does not have these additional qualifications, you can still join the platform and engage with the platform community. There are many opportunities to learn from others and develop DevOps and Agile skills through community engagement and training. You can also get training on Agile methodology in the Digital Office.

Application requirements

You must be able to show that your proposed application is suitable to run within a containerized environment. Your application is considered suitable if:

  • You plan to build it using cloud-native architecture and technology stacks
  • You have endorsement from your ministry’s IMB or architecture team to host your application on the B.C. Government Private Cloud PaaS

You must also be able to build your application in an open-source environment. Your underlying code will be stored in the public bcgov organization repositories in GitHub and will be visible to everyone on the internet.

Community requirements

We follow a community-based support model that relies on the participation of all platform product teams. If you join the platform, you are expected to engage with the platform community. 

Whenever possible, you should:

  • Use Rocket.Chat to ask and answer questions and provide support to other teams
  • Attend platform community meetups to watch demonstrations from other teams, present progress or express lessons learned from your own application

Costs

To help your team estimate hosting and budgeting costs, review the maintenance costs for digital products on the Private Cloud OpenShift platform.

Also, consider this:

  • Silver and Gold hosting tiers are free in the 2024/2025 fiscal years
  • A cost recovery model may be implemented in the 2025/2026 fiscal year. It hasn’t been determined if there will be a cost for product teams or what that cost would be
  • You’re expected to perform resource tuning for your application, like you would with a paid service

Security and privacy compliance

We prioritize availability, integrity and confidentiality in all aspects of the platform. We work hard to keep the platform secure and privacy compliant with government standards, so you can feel confident deploying your application on the platform. 

Security compliance

The B.C. Government Private Cloud PaaS meets government security standards for cloud services. 

Data hosting

We securely host all B.C. Government Private Cloud PaaS platform and application data in Canada. Data for applications hosted in the Silver hosting tier is stored in our Kamloops, B.C. data centre. Data for applications hosted in the Gold hosting tier is stored in the Kamloops, B.C. data centre, with a geographic failover to our Calgary, Alberta data centre.

Platform updates

We manage the platform’s operating systems and infrastructure components and regularly update the platform. These updates include new features and functions that improve platform capabilities and fix bugs that are discovered in existing features.

In addition to regular updates, we’re continuously monitoring the platform and proactively patching security vulnerabilities to keep applications secure and compliant.

Penetration tests

The platform undergoes a yearly penetration test to evaluate the security of the system and identify any vulnerabilities. 

Using a third party vendor, we run simulated attacks in the B.C. Government Private Cloud PaaS. These penetration tests, also known as pen tests, are simulated cyberattacks meant to help us identify and mitigate security risks before they are exploited.

Security Threat and Risk Assessment (STRA)

We review Red Hat OpenShift releases to ensure that they are compliant with the B.C. government’s information security policies. We complete a Security Threat and Risk Assessments (STRA) to meet the B.C. government’s STRA standard. STRAs are also performed on tools hosted on the platform.

In order to meet and maintain STRA requirements, we:

  • Completed an initial STRA during the planning, development and implementation of the platform
  • Maintain a review schedule to ensure STRA updates are conducted periodically

STRAs help us identify the platform’s criticality (confidentiality, integrity and availability needs), its information security classification and any gaps or weaknesses that should be addressed. We complete STRA analysis using a combination of tools, including:

Once a STRA is complete, a Statement of Acceptable Risk (SoAR) is completed to capture all identified security risks and recommendations. The SoAR is reviewed and signed off by the business owner, the Ministry Information Security Officer (MISO) and the Ministry Chief Information Officer (MCIO).

Privacy compliance

Information security classification

The B.C. Government Private Cloud PaaS offers application and information hosting that is suitable for most government services. The platform meets the requirements for hosting information up-to and including Protected B classification

Open-source development

As a product team on the B.C. Government Private Cloud PaaS, you’ll use GitHub to build your application in an open-source, public environment. Security and privacy assessments were completed for GitHub, as part of the OpenShift STRA and PIA evaluations.

Private projects

If you’d prefer to start working on your project privately, you also have the option to request a private repository for your OpenShift project in GitHub. However, this arrangement can only be temporary. You must have a plan to eventually move your project to a public repository.

Learn more about working in the open with GitHub.

Privacy Impact Assessment (PIA)

Privacy Impact Assessment (PIA) was completed for Red Hat OpenShift. In order to meet and maintain PIA requirements, we:

  • Completed an initial PIA during the planning, development and implementation of the platform
  • Conduct additional privacy assessments as needed when changes to the platform impact the use, disclosure or collection of information

Critical Systems Standard

We’re very close to obtaining Critical Systems Standard compliance. The documentation required to meet the Critical Systems Standard is in the final stages of review for submission.

Meeting the Critical Systems Standard certifies that the B.C. Government Private Cloud PaaS meets higher levels of security and reliability, to deliver critical services to citizens. 

The Critical Systems Standard:

  • Defines what systems are critical
  • Identifies the roles and responsibilities of system providers
  • Outlines the requirements for systems that provide a critical service
  • Provides guidelines on how to minimize the impact of a disruption to a critical system or service

Once the platform is compliant with the standard, it’ll undergo an annual review to ensure that it continues to meet critical service hosting requirements.

Security and privacy tools

You are responsible for ensuring that your application meets security and privacy standards. There are several tools available in OpenShift that you can use to identify vulnerabilities and keep your applications secure.

We also provide a large collection of design patterns on the platform that follow security best practices. You can use these patterns to build secure integrations between your OpenShift applications and external systems. To learn more about design patterns, post a question in the #devops-how-to Rocket.Chat channel.