“Scaleway’s infrastructure was made available to us in just a few hours” - how Région Guadeloupe moved to the cloud in 10 days

Following an attack on its on-premise infrastructures at the end of 2022, the Region of Guadeloupe decided to migrate to the cloud... but as a matter of urgency! Henri Ferreira, General Management Project Lead in charge of Cyber Defense and Territorial Intelligence, explains how he was able to get his first services back up and running within ten days, thanks to the proximity and innovation of Scaleway's teams.

_FYI: Albeit a Caribbean archipelago, Guadeloupe is a "département d'outre mer", which means it's essentially considered part of France. _

What led you to migrate to Scaleway?

Initially, we were 100% on premise. We had already been working with Scaleway for six to eight months, but on a small scale, on lab projects and R&D aspects. Then on November 21, 2022, we were cyber-attacked. The next day, we decided within hours that we would switch to the cloud. Otherwise, we would have made the transition (to the cloud) much more slowly.

We didn't know the full extent of the attack. So we decided to start with something completely new, and to move the infrastructure up to the cloud as quickly as possible. Our contacts at Scaleway immediately reassured us, and provided us with assistance from the outset to support our migration.

Region Guadeloupe has two main activities: designing and managing infrastructure - high schools, roads, etc.; and managing subsidies and grants (for businesses, the arts, associations, etc.). Our IT system helps us manage all this, as well as all support functions (payroll, vacations, etc.). And let's not forget the administrative and political aspects: our system also enables elected representatives to vote for a given project, and to post their decisions (by-laws, articles of law...) for the benefit of citizens.

Our platform welcomes 25,000 high school students and vocational trainees every day. Without IT, the students don't eat at the canteen, access badges don't work...

After the attack, we needed to recreate everything: set up the infrastructure, with Scaleway - rent Elastic Metal servers, Instances, very quickly - so that then the publishers of the fifteen or so software applications we use could reinstall them.

All the private cloud infrastructure was available from Scaleway within a few hours; and within ten days, we were able to put our financial system back together, i.e. we were able to pay our suppliers, salaries, subsidies etc., in a very short time. Then the last service was set up three months later, in February 2023: the grants service, where future baccalaureate holders apply to study in Quebec, for example.

Today, all our infrastructure goes through Scaleway: we no longer have anything on premise. We use 83 Bare Metal servers, 90 Instances - including GPUs for AI - load balancers, Redis... it's easier to say what we don't use at Scaleway!

How do Scaleway solutions help you overcome your key challenges?

We're with Scaleway for the long haul. We had to urgently rebuild the services - the plan was called "Resurrection" - but also make them better and more resilient. So now we’re hosted in two AZs (availability zones) - par-1 and par-2 - with high availability. We couldn’t have done this sort of thing without the cloud.

We have 150 services deployed today, and we're continuing to deploy more. Scaleway brings us something phenomenal: we don't have to worry about 'silly' [physical] things like air conditioning, floods, cyclones, electrical instability, server obsolescence... It relieves us of all the lower layers of management, and in the end it's a win-win situation, because it costs less than before.

We benefit from phenomenal flexibility. I've just received a request for additional servers from the IT director. In the former ‘legacy’ mode, we would have had to issue a call for tenders, starting a long cycle that could last two months. Whereas with the cloud, we can have the servers ready within one hour. And maybe that director will only need those servers for an hour, which is also fine.

This allows us to respond flexibly to the demands of Guadeloupe's citizens, simplifying their lives and those of our regional council staff. In particular, by relieving the latter of rather tedious tasks, they can spend more time with citizens.

Likewise, we don't use AI to reduce our workforce! Today, because it's so easy to ask a question on a website, that's generated a lot more grant applications than before. AI helps us to verify these requests, by automating, allowing us to validate the veracity of official documents, making sure we only keep personal documents for 2 years (RGPD) and so on.

Finally, we're fortunate that Scaleway has a number of AI customers, and this allows us to benefit from technological advantages that we wouldn't have had as quickly under the old system.

Why did you not choose other cloud providers?

We submitted our request to all the French cloud providers (CSPs), and Scaleway came out on top, both on the legacy side (bare metal) and on advanced features (Instances, Kubernetes, load balancers, etc.).

When you migrate, many publishers say, for example, "no, I only support ESXI, I don't support Kubernetes." So we had to take this into account with regard to our legacy system.

Scaleway offers us the widest range of technological responses, from the simplest to the most complex, enabling us to adapt to all our publishers' needs.

What's more, the way the Scaleway system is made is the easiest for us to support. It took three of us to set up the infrastructure. Guadeloupe is the smallest region in France, with a low number of IT specialists in relation to its population. There are 400,000 of us, but like the others, we need an HR system, a financial system...

We need flexibility, and Scaleway was able to put itself at our level of understanding to be able to move forward very quickly. We needed this proximity, which we wouldn't have had with another hyperscaler.

So Elastic Metal replaced your on premise servers. Why did you also need Instances et Compute products?

We had to conform with NIS V2, a cybersecurity directive with which all local authorities will have to comply by July 2024. It's very much inspired by ISO 27001. Our security partner was already with us. We designed our infrastructure to be secure from the outset ('security by design').

The compute functions were therefore initially involved in security management. Today, we have several types of firewall, running on bare metal or Instances, depending on the vendor. Previously, our approach was one of perimeter security, i.e. "protect the building": I have one firewall per building, and I consider that everything inside is secure.

But remote working has changed everything. Today, 30% of the workforce at any given time is not at the office. So we've switched to a defense system located directly on the workstation, with local firewalls and application VPNs. All these information flows enter the Scaleway platform, where they are filtered, analyzed and inspected, before being given access to the application. So, today, each of our thousand laptops are like little fortresses.

But we're not indestructible. With Scaleway, we've set up several levels of backup for our infrastructure. Because rather than defending ourselves, what we lacked was the ability to react quickly. Let's imagine the worst: if one of your data centers goes down, it now takes us 2 hours and 40 minutes to get everything back up and running in the other datacenter. Our goal is to reach one hour by the end of January, and five minutes by the end of 2024.

We're hosted across two AZ (availability zones): par-1 & par-2. We had two floods this year; there was zero impact. People got on their laptops and shared connections with their phones, and were able to access our platform.

We had to adapt to the Scaleway ecosystem. Not all hyperscalers have the same functionalities. We wanted something very open, and Scaleway is one of the most open CSPs. You have 100% of what others do, but they don't have 10% of what you do! If we wanted to move from Scaleway, we could. The question arises more with US hyperscalers. AWS doesn't offer all the services that Scaleway does, and (above all) isn't as flexible. And we're not immune to [potential future] legislation prohibiting us from using non-French CSPs.

What's more, Scaleway was already on the ISO 21007 path (Scaleway has since obtained this certification). The French aspect was also very important. Scaleway and OVH are the only hyperscalers with a certain size and level of experience. And with your parent company (Groupe iliad), you're not a small enterprise. We also have the advantage of being with an agile company, with a high rate of evolution. We feel that Scaleway is close to start-up companies, while offering very simple and legacy products. This allows us to test cutting-edge functionalities, while continuing to have a business that works and is guaranteed. So it's this innovative side that appealed to us too.

French state IT buyers are encouraged to go through a dedicated platform, UGAP. How did your UGAP membership speed up your migration process?

Subscribing to a cloud offering is complex enough from a legal point of view. In our case, securing a sufficient number of servers took 24 hours. In the UGAP cloud offer, all CSPs are constantly put out to tender. So if we're with you and we stay with you, it's because you're the best match for our needs.

UGAP saved us three to four months. When you put out a call for tenders, there's a minimum time during which we can respond. Not to mention the time it takes to write the invitation to tender. So we're looking at a three-month process. Following the cyber attack, we also carried out traditional tenders, without going through UGAP; they took us two months. And we didn't even have an active IT network at that time!

It was a real race to pay our civil servants - the first challenge we had to face after the cyber-attack - but we managed it thanks to sleepless nights, and to Scaleway's abnegation. They really knew how to get us out of a lot of difficult situations, from start to finish. This closeness, attentiveness and flexibility was key for us. We could never have done this with another CSP.

Can you share a concrete example of this flexibility?

Yes, we were able to take advantage of 20 Private Networks (PN) per server; that total is normally limited to eight. This enabled us to compartmentalize the flows of each application, thus preventing one infected application from contaminating another.

But above all, it allowed us to have only 20 firewalls, with 123 PNs (roughly 20 per Bare Metal server). Without this exception, we would have needed 80 firewalls... and each firewall costs 7-8000 euros. It doesn't take long to do the math!

What are your upcoming projects?

We have quite a few on our 2024 roadmap:

  • The RPA program, which will take us towards greater automation, notably through Terraform and Ansible
  • We're going to work on resilience, or reducing the unavailability of our services, for example when making backups
  • We're also going to improve peak traffic management: at certain times of the year, 7-8,000 users can connect to our platform at the same time, so we need to be sure we can handle three to four times more simultaneous connections at any time. This elasticity, or horizontal scalability, will be key in the near future
  • Last but not least, our video protection system - with around a thousand cameras all over the island - will be hosted by Scaleway. Images will be uploaded to Object Storage, then automatically deleted after a month.

Recommended articles