The U.S. Environmental Protection Agency’s mission is to protect human health and the environment. To support the mission, EPA regulates emissions to maintain clean air, land, and water, and to control the use of pesticides and other chemicals. Companies ranging from large multinational corporations to your local dry cleaners submit data to the EPA as part of their obligations to comply with environmental regulations. EPA’s Central Data Exchange (CDX) enables the electronic collection of data to support the activities of both EPA and its co-regulators, including state, local, tribe and other federal agencies. CDX provides a wide range of capabilities for data collection, aggregation, and publication to support this work.
To improve the scalability, reliability and availability of CDX services, EPA and its CDX contractor, CGI, analyzed dozens of CDX services and applications, then moved the future state portfolio to the Microsoft Azure cloud. Employing platform-as-a-service and cloud-native capabilities, the new CDX architecture provides a modern foundation for continued collection and publication of critical environmental regulatory data.
Optimizing cloud-native services
Facing the need to replace aging hardware, EPA sought to optimize the architecture that supports CDX’s diverse and mission-critical workflows. CGI, as EPA’s prime contractor for CDX services since 2009, helped develop the target architecture based on Microsoft Azure cloud-native services, aligned with EPA’s digital strategy.
Each layer of the CDX architecture has been enhanced to enable the greatest use of cloud-native platform services, delivering increased CDX architecture scalability and availability. First CDX adopted PostgreSQL for platform-native open-source data services, moving off proprietary databases. Use of PostgreSQL in Azure reduces costs and minimizes database management effort, enabling the CDX team to focus on delivering application innovation. Azure Kubernetes Service (AKS) and infrastructure as code (IaC) provide an improved deployment architecture, giving the CDX team the ability to deploy 300+ percent faster and scale more flexibly. Azure Application Gateway delivers platform-native load balancing, while Azure Blob Storage provides a tiered storage approach that controls costs. Cloud-native security management facilitates security compliance while providing real-time access to insights into CDX's security posture.
Moving purposefully to the cloud
Recognizing the criticality of CDX systems and data, EPA needed to thoroughly test out the cloud-native target architecture before investing the time and resources to migrate CDX applications and services to the cloud. The first opportunity to apply cloud-based services to new capabilities came with the creation of the National Pollutant Discharge Elimination System e-Reporting Tool (NeT). Developed to meet the requirements of 2015’s NPDES Electronic Reporting Rule, EPA and CGI architected NeT to leverage cloud-native architectures, platform-as-a-service capabilities and extensive use of CDX shared services.
Having proven the ability of cloud services to effectively support CDX requirements for NeT, EPA looked to its broader CDX portfolio – over 180 applications, services, and workflows – to determine the best way to migrate to the cloud. Working with CGI, EPA conducted a detailed application portfolio rationalization exercise, retiring some systems while creating the plan for re-platforming significant components of CDX services to cloud-native capabilities.
Starting in April 2021, the EPA CDX program worked with each mission office across EPA to plan, communicate, and execute on the cloud migration plan, retiring some systems while moving over 160 applications, services and workflows to Azure during a 12-month period.
Establishing the foundation for future transformation
With the success of the CDX cloud migration, EPA can apply lessons learned to future cloud transformation and modernization initiatives as it seeks to move additional workloads to the cloud. By using security features such as Microsoft Defender for Cloud, SecDevOps practices and IaC, EPA is well-positioned to meet zero trust requirements as outlined in Executive Order 14028, “Executive Order on Improving the Nation’s Cybersecurity”.
As EPA continues to focus on reducing risks associated with pollution, responding to the challenges of climate change, and advancing environmental justice as part of the Biden Administration’s Justice40 initiative, the investment in a cloud based CDX architecture enables the agency to respond with greater agility to mission requirements.