State Government Advances Multi-Cloud Strategy with Statewide Cloud Gateway Network Implementation
A state government technology services organization engaged CONVX to design, lab test, and implement the next generation of their statewide cloud gateway network, expanding multi-cloud capabilities across AWS and Azure.
A state government technology services organization · client anonymized · Project · Flagship engagement · 2 min read
Client Overview
A state government technology services organization engaged CONVX to design, lab test, and implement the next generation of their statewide cloud gateway network, expanding multi-cloud capabilities across AWS and Azure. This flagship engagement extends the state's cloud ecosystem with advanced use cases for internet egress, internet ingress, and cloud-to-cloud communication, all aligned with NIST 800-53 Rev 5 compliance requirements.
Business Challenge
Expanding Multi-Cloud Requirements: The state's growing adoption of both AWS and Azure cloud services required advanced network architecture to securely route traffic between cloud environments, to the internet, and from external users to cloud-hosted state services.
Internet Egress and Ingress at Scale: State agencies needed secure, governed internet access from cloud workloads (egress) as well as controlled ingress paths for citizens and external users to access state government applications hosted in the cloud.
Cloud-to-Cloud Communication: Workloads distributed across AWS and Azure required secure, high-performance inter-cloud connectivity to support integrated state government applications and data sharing.
Regulatory Compliance: All network architecture must comply with NIST controls and state-specific security policies.
CONVX Solution Approach
CONVX is delivering a comprehensive multi-cloud network implementation spanning design, lab validation, and production deployment.
Use Case Implementation
Internet Egress (Use Case IV): Designing and implementing secure internet egress paths for AWS and Azure workloads, ensuring all outbound traffic from state cloud environments passes through governed security inspection and logging.
Internet Ingress (Use Case V): Implementing controlled ingress architecture enabling external users to securely access state government applications hosted in AWS and Azure cloud environments.
Cloud-to-Cloud Communication (Use Case VI): Establishing secure inter-cloud connectivity between AWS and Azure, enabling state workloads to communicate across cloud providers with appropriate network segmentation and security controls.
Architecture and Implementation
Multi-Cloud Network Design: Architecture leverages AWS Transit Gateway, AWS VPC, Azure VNET, and Azure VWAN to create a cohesive multi-cloud network fabric.
Security Infrastructure: Fortinet NVA firewalls provide security inspection and policy enforcement, while Cisco SD-WAN and Netskope SSE deliver secure access and connectivity.
Monitoring and Compliance: Azure Sentinel and Azure Log Analytics provide security monitoring and compliance reporting aligned with NIST 800-53 Rev 5 requirements.
Infrastructure as Code: Terraform is used for infrastructure deployment, ensuring repeatable, auditable, and version-controlled network configurations.
Lab Validation: All use cases are validated in a lab environment before production deployment, reducing risk and ensuring architectural designs perform as expected.
Technology Implementation
- AWS Transit Gateway and VPC networking
- Azure VNET and VWAN architecture
- Fortinet NVA firewall security inspection
- Cisco SD-WAN connectivity
- Netskope Security Service Edge (SSE)
- Azure Sentinel and Log Analytics monitoring
- Terraform infrastructure as code
- NIST 800-53 Rev 5 compliance controls
Business Outcomes
Advanced Multi-Cloud Capabilities: The statewide cloud gateway network extends the state's cloud network with secure internet egress, ingress, and cloud-to-cloud communication, enabling broader state agency cloud adoption.
Regulatory Compliance: Architecture designed to NIST 800-53 Rev 5 and applicable state security policies ensures the state meets federal and state security requirements for cloud-hosted government services.
Scalable Cloud Foundation: The multi-cloud network architecture provides a scalable foundation that accommodates continued growth of AWS and Azure workloads across state agencies.
Reduced Deployment Risk: Lab validation of all use cases before production deployment ensures architectural integrity and minimizes risk to state government operations.
CONVX Expertise Demonstrated
This engagement demonstrates CONVX's position as a trusted multi-cloud architecture partner for state government organizations. Our ability to design and implement complex AWS and Azure networking with Fortinet security, Cisco SD-WAN, Terraform automation, and NIST compliance reflects the deep technical expertise required for government-scale cloud transformation initiatives. The statewide cloud gateway network represents the continuation of a multi-year strategic partnership advancing the state's cloud-first vision.