Migration to GitHub Enterprise Cloud EMU (Enterprise Managed Users). Expert training. Change management. Configuration as code.
The organisation is a Government-funded emergency service, employing over 1,000 staff, including a development team of around 80 people. Their mission includes protecting the community and minimising the impact of emergencies by providing training, community education, prevention and operational capability. They have attended over 22,000 incidents across their jurisdiction in 2020/21. As a Government department, they have been given a strategic direction to move their IT operations to the cloud.
The client’s business driver was to reduce the expense and operational overhead of maintaining their own on-premises GitHub Enterprise Server. The lack of multi- factor authentication (MFA) was also compromising the organisation’s security posture.
A disconnect between their Azure AD Identification Provider (IdP) and their GitHub Enterprise Server resulted in double-handling of administration, with onboarding/offboarding friction due to security (VPN) requirements, access permissions and licence provisioning.
Azenix was engaged as a trusted GitHub partner. Our close relationship with Microsoft and GitHub enabled us to engage on this project directly with members of the US GitHub team, under the Microsoft FastTrack Program.
Rather than simply delivering a solution in isolation, the Azenix team fully integrated with the organisation’s IT Ops team to ensure a collaborative approach. Our team also guided the client during the solution design process. GitHub Enterprise Cloud EMU (Enterprise Managed Users) was chosen to meet their stringent security requirements.
Integrating IdP Azure Active Directory with GitHub Enterprise Managed Users removed the toil of manually handling the onboarding and offboarding of developers. We also consolidated redundant security groups and streamlined Role Based Access Control (RBAC) to GitHub.
A lightweight configuration as code solution (Probot Settings) was implemented to enable pull-request based configuration and repository templating. Branch protections and codeowners policies were also put in place to ensure code quality and security.
Our proven change management strategy mitigated the risk of disruption to development teams, ensuring zero down-time throughout the whole migration process. Integrations with existing CI/CD (TeamCity), Telemetry (Splunk), and planning (Jira) systems were maintained to ensure business continuity.
The project commenced in late November 2021 and ran for a duration of six weeks, resulting in a cost reduction by migrating to a fully managed service. IdP integration also increased efficiency in onboarding/offboarding, with GitHub access, licensing, SSO and MFA all managed centrally through Azure AD.
Configuration as code has also enhanced the consistency, traceability and security of GitHub configuration.
Key personnel have received expert training from Azenix, and the client was able to achieve significant steps towards meeting their 'Cloud-First' mandate.