casestudies
Federal Emergency Management Agency Logo

Federal Emergency Management Agency Field Assessment Tools Hosting

AWS Services Used on this Effort EC2-Other, EC2-Instances, VPC, Relational Database Service, N2WS Backup & Recovery (CPM) Advanced Edition, Premium Support, EC2-ELB, CloudWatch, Config, S3, Route 53, CIS Red Hat Enterprise Linux 7 Benchmark – Level 1, Storage Gateway, Directory Service, SNS, Systems Manager, CloudTrail, SES, Lambda, DynamoDB, Elastic File System, Key Management Service, Glue, GuardDuty, SQS

NAME OF THE CUSTOMER

Federal Emergency Management Agency (FEMA)

PROBLEM STATEMENT / DEFINITION

FEMA selected Ardent to facilitate the build of migrated capabilities to and maintain a cloud hosting platform for Recovery field assessment tools, with expertise to (1) build a new cloud hosting platform for FEMA Recovery field assessment tools, (2) migrated existing Recovery field assessment tools to the new cloud hosting platform, (3) operate and maintain the new cloud hosting platform to meet operational and cybersecurity requirements, (4) support agile product delivery projects, (5) support disaster operations requirements, and (6) project management.

WHAT ARDENT PROPOSED

We proposed to perform a thorough evaluation of the applications to be migrated to the cloud hosting platform. Our deep familiarity with FEMA’s suite of applications, its previous cloud infrastructure, and our AWS expertise gave our team a head start, allowing us to design and stand up the new, adaptable cloud infrastructure faster than any other organization, mitigating risk for FEMA and DHS.

Ardent proposed to architect the system to create each of the different enclaves with similar architectures, but with segregated functions such as Dev/Test/Training/Core/Production so that each may handle the workloads as they move through the development lifecycle. We ensure that proper, FEMA-specific processes and procedures would be in place to move code sets and application updates through the stages with review and approval by FEMA’s change management (CM) organization. Ardent makes a best practice of leveraging our mature CM process to move code changes and application updates through the various environments.

Ardent utilizes tools such as CloudFormation, Jenkins, Terraform, Docker and Chef, and the methodologies of containerization and infrastructure-as-code to automate the creation of these environments and ensure their consistency. These tools ensure that the deployment of applications is automated and that deployment occurs in a consistent manner. Additionally, we utilize well-defined source control commit processes to ensure robust and reliable source code. Ardent ensures that our code base is modular enough that we are able to run multiple automated tests on different parts of the code simultaneously. Our modular approach to code development helps our personnel avoid issues when code is checked into the main and development branches. As components become integrated, they enter the development branch, initiating automated testing, and providing feedback to our team on whatever issues within the code may need to be addressed.

HOW AWS SERVICES WERE USED AS PART OF THE SOLUTION

Ardent stood up five AWS environments for disaster management. We manage each of these environments and their associated Esri ArcGIS instances, to include all administration activities. We administer user accounts, identity management, infrastructure, monitoring, reporting, overall

On FEMA FATH, Ardent uses AWS CloudFormation and other

tools to adhere to the methodology of infrastructure as code, enabling

automated deployment of AWS services.

Validation Checklist Alignment: Automation and Infrastructure as Code health and performance, patching, and all other aspects of operations and maintenance. The GovCloud environments are for development, testing, staging, and training, and we recently obtained Authority to Operate (ATO) for the live production environment. Ardent managed deployment of ArcGIS 10.6.1 into each of the AWS environments and provides surge operational support during disaster operations. The tools and infrastructure that we manage on FEMA FATH are mission-critical field data collection systems that support survivor assistance workflows. Our work is deeply time-sensitive, highly available, and has zero tolerance for downtime – with uptime of more than 99.99% annually.

THIRD PARTY APPLICATIONS OR SOLUTIONS USED

  • Esri ArcGIS
  • Nessus
  • Splunk
  • WebInspect
  • Fortify
  •  Git

START AND END DATES
Start: 07/27/2018 – End: 07/26/2021

OUTCOME(S)/RESULTS

Ardent recently successfully obtained ATO in alignment with the Risk Management Framework (RMF) for this FISMA Information Security Act (FISMA) HIGH Security. We have leveraged our relationships with AWS and ESRI to benefit FEMA and its mission partners on FATH. We maintain expert-level knowledge of AWS cloud and Esri GIS capabilities, which comprise a significant portion of FEMA’s Field Assessment Collection Tools (FACT) environment. We implemented a virtualized and scalable environment accredited at the FISMA High level, which provides thousands of federal, state, local and tribal partners with access to applications and data services to enhance mobile applications for field data collection and information sharing. Ardent is a leading ESRI small business partner, having won the 2018 Small Business Partner of the Year award.

Department of Homeland Security (DHS) Science and Technology Directorate (S&T) Sensor Framework Architecture Enterprise (SAFE)

AWS Services Used on this Effort EC2-Instances, Relational Database Service, EC2-Other, Support (Business), VPC, EC2-ELB, CloudWatch, S3, Config, Lambda, SQS, API Gateway, EC2 Container Registry (ECR), Route 53, IoT, DynamoDB, Elastic File System, SES, Key Management Service, SNS, Secrets Manager, Glacier, SWF, AppSync, Elemental MediaStore, SimpleDB, CloudTrail, EC2 Container Service, Cognito

NAME OF THE CUSTOMER

Department of Homeland Security (DHS) Science and Technology Directorate (S&T)

PROBLEM STATEMENT/DEFINITION

The DHS First Responders Group (FRG) mission is to advance the safety and effectiveness of first responders. The FRG accomplishes this mission through research, development, testing and evaluation of new and emerging technology. Low-cost wireless devices like in-situ environmental sensors, wearable sensors, and imaging sensors on mobile platforms such as UAV’s and autonomous vehicles are proliferating, and evolving networking technology is making it possible for these sensors to establish basic network connectivity automatically as soon as they are deployed, either as IP devices directly on the Internet or indirectly through low-power local mesh protocols such as ZigBee or Thread.

But basic connectivity is not enough. Actionable observations, analysis, alerts, and predictions need to be easily discoverable and accessible from emergency response information systems and mobile devices alike to provide a dynamic and shared view of changing conditions. Many current sensor platforms need too much pre-planning and infrastructure set-up to work in rapidly evolving situations. Their non-standards-based integration systems may present barriers to information sharing. What S&T required – and selected Ardent to address – was a way of making sensors easily and immediately identifiable, accessible, usable and useful across all teams (on-scene and Operational Command Centers) and information management platforms joining an incident response.

WHAT ARDENT PROPOSED

From the beginning, we knew that the solution would need to be tailored to the public safety community and stakeholders in a way that provides the greatest value – that is, economical, reliable, scalable, and secure technology and services available on demand to effectively support mission critical workloads. With these requirements in mind, we moved the community away from traditional on-premises IT and instead turned to AWS for a cloud-based solution. This solution, known as the Public Safety (PS) Cloud, expanded on traditional commercial cloud solutions by offering:

  • Mission-Oriented services and support
  • Community oriented collaboration and sharing within and outside of each organization
  • CONOPS, processes, and tools to ease adoption of new technology
  • Security standards, controls, processes, and tools above the hypervisor
  • Core services above CSP infrastructure and public safety tailored SaaS offerings.
  • A standardized suite of tools for sharing data in real time

Validation Checklist Alignment: Ephemeral Infrastructure Design Patterns

On the S&T SAFE effort, Ardent has leveraged the scalable, resilient AWS infrastructure to

serve the highly specific and sensitive needs of the first responder community.

We built the SAFE architecture to be able to integrate new hardware and different kinds of data sources as they became prevalent and useful for emergency response missions. Ardent developed the First Responder Extensible Sensor Hub (FRESH) Router capability, which supports message routing and data aggregation. FRESH uses the OASIS Emergency Data Exchange Language (EDXL) Distribution Element (DE) for message routing and information exchange. EDXL-DE can encapsulate any XML-based information, including the other EDXL standards and National Information Exchange Model (NIEM) messages. FRESH enables users to access centralized data quickly from remote locations.

HOW AWS SERVICES WERE USED AS PART OF THE SOLUTION

Ardent designed, built, tested, and continually leveraged a detailed technical solution for the creation and maturation of an AWS-based Public Safety (PS) cloud environment. Ardent’s PS cloud approach contains an additive layer of services critical to the public safety community above those provided by traditional cloud service providers. This includes a governance model for vetting the feasibility of available applications, specific tools for first responders, and a defined paradigm for maintenance.

Ardent uses Amazon RDS for database services, administration, maintenance, and performance tracking on the PostgreSQL database. We have leveraged this service to automate software patching, on-demand and storage size increases, system monitoring, push-button computational increases, automatic backups, and automatic hardware swap-over in the case of hardware failure. The hardware platform used within the RDS service was a db.t2.small instance on AWS. The FRESH router is an aggregation point for the ingestion of data from hundreds or thousands of devices reporting critical, time-sensitive data every second. This makes FRESH a particularly high-transaction system. To meet these complex needs, Ardent developed the database schema and the AWS hosting component to be resilient to the needs of a high-transaction throughput.

  • AWS ECS and ELB: At the core, our solution leverages AWS ECS and AWS ELB to host our web applications. We set this up to be an auto-scaling group, so our applications can scale based on demand.
  • AWS EFS: Utilized so instance that need to share data can stay in sync.
  • AWS Cognito: Since security is always a focus in the public safety sector, we have also hooked up AWS Cognito to our ELB to control access to these applications.
  • AWS Lambda and API Gateway: We have leveraged AWS Lambda functions and API Gateway to expand our web application’s functionality and add steps such as translation between user access and the web application. This functionality is huge for our products because it allows us to customize solutions for individual first responder groups while still having base functionality that allows for collaboration. It also means we can add on features for individual groups without having to muddy the code or deploy multiple different versions of the same web application. It also adds flexibility that makes the solution easier to manage and more cost efficient since we save on unnecessary work and time.
  • IoT Core: We also ended up leveraging a suite of other AWS tools to move functionality from our applications to the AWS environment. By doing so we were able to decrease the complexity of our app and accomplish the same goal in a more efficient way (both in cost and functionality). An example of this would be our use of IOT Core. Previously, we would have to of had a separate service constantly running to receive and then forward MQTT messages. This would have taken of bandwidth that wasn’t needed (which means more costs) and presented a number of challenges with availability and scalability. By leveraging IOT Core we were able to receive
  • MQTT without having to worry about any of those challenges. We pay for what we use, and AWS handles all the scaling and availability concerns for us.
  • AWS SNS and SQS: We have also used AWS SNS and SQS to replace functionality once present in our web app. One of our main applications is a message router known as “FRESH”. The main functionality for FRESH is to ingest message, translate them and do any work needed, store the information in its Aroura database, and then forward that information to where it needs to go. Generally speaking, this information will forward to another “FRESH” router but can also forward to another dispatch system. This allows for the two systems to be connected and they can share data in real time without user interaction. Previously, we had to make a custom add on to handle the federating of information. This had issues with load balancing and the functionality was limited. With AWS SQS and SNS we were able to make a solution that has load balancing built in and had the ability to send messages via http, email, or phone with minimal work. This use case really highlights some of the great things about leveraging the AWS environment, you often find tools and solutions that work better, cost less, and take less effort/time to implement.

THIRD PARTY APPLICATIONS OR SOLUTIONS USED

  • WebEOC
  • E-Team
  • Computer Aided Dispatch systems
  • GoldenEye
  • Panasonic HUD
  • RaspberryPi
  • LinkIT
  • Arduino
  • Grove
  • SensorUp’s SensorThings
  • Sonarqube
  • HP Fortify
  • Veracode
  • Nessus
  • OpenSCAP

START AND END DATES
Start: 07/27/2018 – End: 07/26/2021

OUTCOME(S)/RESULTS
Our success on this contract substantiates our position as DHS leaders in innovation for data sharing, and our subject matter expertise in data interoperability, using EDXL, NIEM, and OGC. We are adept at standardizing, linking, and routing disparate data sources and developing interoperable capabilities so that emergency personnel out in the field and supporting staff at HQ can stay alert of the emergency response initiatives. By leveraging AWS’s tools and cloud environment, we were able to make an infrastructure solution that was secure, cost efficient, and easy to maintain for the first responder community.

Start typing and press Enter to search