Onboard your team to public cloud hosting
Start hosting your data and applications in the public cloud. Learn how to onboard your team and provision your first project.
Last updated on
Before you start
Before you start the onboarding process, review and get prepared:
- Confirm that your team has the recommended knowledge and skills to use the platform
- Review our service overview and key considerations for working in the public cloud with the B.C. government
- Identify a Ministry Information Security Officer (MISO) and a Ministry Privacy Officer (MPO). These individuals review and approve your project’s privacy and security assessments (PIA and STRA) and support additional PIAs and STRAs as needed. You must identify security and privacy contacts before onboarding
Step 1: Architectural review and onboarding meeting
If your team is new in the public cloud, the first step is to schedule an onboarding meeting with your team. Be prepared to discuss:
- Your team’s purpose and goals for using the public cloud
- Your chosen public cloud service provider
- Your team’s experience with cloud environments
- Architecture design
- Security and privacy assessments
- Your designated Ministry Information Security Officer (MISO) and a Ministry Privacy Officer (MPO)
- Estimated costs in the public cloud
This meeting introduces you to the public cloud environment, walks you through a practice application deployment and provides an opportunity to ask questions.
The onboarding meeting covers:
- The cloud service environment and B.C. government landing zones
- How to work within the B.C. government’s security and privacy guardrails
- Shared responsibilities between your team, our team and service providers
- Available cloud service providers in the public cloud
- How to log in and manage access to your accounts
- An overview of sample applications with reusable code
If your team isn’t ready for the public cloud use, we’ll:
- Help you assess your readiness
- Outline the missing prerequisites and suggest ways to meet them
- Recommend alternative hosting services if your use case isn’t suitable for the public cloud
Step 2: Sign a Memorandum of Understanding (MoU)
Before setting up your project set, your Expense Authority (EA) must sign a Memorandum of Understanding (MoU).
The MoU outlines:
- Your commitment to pay for your use of public cloud services, as well as Enterprise Support and any additional fees associated with using these services. The MoU details these fees and how they should be paid
- Your agreement to a shared responsibility model between your team, our team and any of the available public cloud service providers
Product team responsibilities
We do not provide support for activities such as building, deploying or monitoring your applications.
You’re responsible for:
- Building, deploying and maintaining your applications
- Managing your code and backup
- Managing and monitoring application data
- Monitoring your resources, service use and costs
- Communicating with your public cloud service provider to address issues with the service
- Handling Identity and Access management for your applications to ensure appropriate permissions
- Ensuring your applications meet security and privacy standards through completion of STRAs and PIAs, coordinated through your MISO and MPO
- Maintaining your application specific network configuration to maintain security in your applications
- Building and maintaining a Disaster Recovery Plan (DPR) for your applications
- Integrating your applications with platform tools
- Integrating your applications with other B.C. government services and common components like Pathfinder Single Sign-On, if needed
- Paying for your use of public cloud services
- Removing unused applications
- Managing records and data in line with OCIO policy for all data
OCIO Public cloud team responsibilities
We’re responsible for:
- Acquiring and managing public cloud service contracts for the B.C. government
- Managing billing for all product teams
- Supporting onboarding and off-boarding processes
- Communicating service updates
- Developing security and privacy guardrails for B.C. government landing zones to ensure security and compliance
- Developing automation for self-serve user access management in the landing zones
- Preparing and maintaining STRA/PIA for the B.C. government landing zones in the public cloud
- Preparing and maintaining the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) for the B.C. government landing zones in the public cloud
- Provisioning new accounts and projects
- Managing communication channels in Rocket.Chat
- Developing technical documentation and resources
Public cloud service provider responsibilities
Service providers are not responsible for the availability and security of your applications and data.
They provide:
- Service availability and support
- Tools to monitor and report on the resources you use
- Data centre operations and infrastructure
- Cost monitoring and invoicing
- Computer, storage and network availability of their service
- Security and privacy of the infrastructure, platforms and software they manage
- Guided by The Canadian Centre for Cyber Security (CCCS) Protected B Medium Integrity Medium Availability (PBMM) standards provided by Microsoft
To understand service provider responsibilities that may vary for your specific use case, refer to your service provider’s shared responsibilities documentation:
Step 3: Provision a project set
After completing the onboarding session and receiving approval from a Public Cloud Platform Administrator, submit a product provisioning request through the Platform Product Registry self-service tool. Your project set includes up to 4 accounts for development, testing, production and tools.
Your request must include your EA’s name and account coding for your project. Once received, your Expense Authority will be notified and asked to sign the MoU electronically through the Platform Product Registry.
Discover more information about the Platform Product Registry in the public cloud.
Step 4: Access your project in the public cloud
Once the MoU is co-signed by the Director of Private and Public cloud and your provisioning request is approved by the Product Owner (PO) of Public Cloud, the PO and Technical Leads (TLs) listed on the request will receive a confirmation email. It will include a link to the cloud service provider’s portal to access your project set.
Step 5: Additional accounts and tools
We do not require specific tools to support your work in the public cloud, but we do use GitHub and Rocket.Chat for collaboration and communication.
Learn more about available support options.