<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=58103&amp;fmt=gif">
Skip to content
Let's Talk
Search icon
Let's Talk
All posts

Federal Contractor Cuts IT Spend with 9-Week Migration from Legacy App to Containerized ISV Solution on AWS GovCloud

  Shadow-Soft Team  ·  4 minute read

Summary: A federal business unit inside a major government contractor needed to deploy a new containerized release of a critical ISV platform while moving away from their managed service and avoiding strain on internal IT. Shadow-Soft guided the full AWS GovCloud rollout in just 9 weeks (before their license was renewed).

The Challenge

A federal business unit responsible for internal automation faced a critical decision: stay on an older version of a managed ISV platform, or bring the new, containerized release in-house.

Their team wanted more visibility, more flexibility, and a way to control long-term costs. But taking ownership meant deploying in AWS GovCloud, passing an internal architecture review, and managing Kubernetes infrastructure they had never run before.

Sticking with the existing setup would have locked them into rising costs and limited flexibility, without solving their long-term scaling needs.

With a contract renewal deadline approaching and limited capacity from central IT, they brought in Shadow-Soft to map the options, prepare board-ready documentation, and guide the deployment in under 9 weeks.

Our Solution

Before deploying the infrastructure, the client had to evaluate trade-offs, secure approval from an internal architecture board, and show they could manage the platform independently.

We started with a focused advisory phase, mapping architecture scenarios, modeling cost and resiliency trade-offs, and preparing board-ready documentation. Every recommendation had to withstand scrutiny from cloud, security, and business stakeholders.

Once approved, we led the deployment of the new version of a containerized ISV platform on AWS GovCloud using a high-availability Kubernetes setup and a fully open-source toolset. The stack avoided licensing costs while still meeting the client's compliance and availability standards, keeping long-term spend in check.

From day one, our role was to enable (not replace) the client’s team, giving them a platform they could understand and own.

Our Process

The move to AWS GovCloud wasn’t a copy-paste deployment. 

The client needed to validate architecture, document risk and cost trade-offs, and prepare their internal team to manage a Kubernetes environment for the first time. 

Our process balanced speed with hands-on enablement under a strict deadline and in a sensitive, compliance-driven environment:

  1. Ran detailed architecture and cost modeling exercises, comparing storage, DR, and deployment trade-offs
  2. Created board-ready documentation to secure internal architecture approval under a tight deadline
  3. Rebuilt platform architecture diagrams to explain Kubernetes infrastructure to a non-K8s internal team
  4. Recommended a fully open-source stack to meet compliance and cost constraints without adding license overhead
  5. Deployed infrastructure in AWS GovCloud using Terraform and Ansible for repeatability and auditability
  6. Rolled out test and production environments, adjusting the deployment playbook as new constraints surfaced
  7. Used live deployment sessions as hands-on coaching to build internal confidence and operational knowledge
  8. Coordinated across internal cloud, security, and PM stakeholders to keep progress unblocked and aligned

The Roadblocks

Despite a tightly scoped plan, the deployment hit two major infrastructure issues that couldn't have been surfaced in planning. Each introduced real delivery risk under a hard deadline.

Backups broke under the platform’s file volume. The application generated hundreds of thousands of small files. When our team tested restore using Velero’s default file-level backup, it stalled for hours. A full restore would have taken over 24. 

To fix it, the team pivoted to CSI-based snapshots. It was a faster approach, but one that required validating compatibility across the stack and staying within the client's open-source tooling constraints.

The cluster also ran out of storage mid-project. Frequent redeployments triggered full-volume snapshot deltas. Instead of incremental changes, the system was writing 250GB of data per snapshot, overwhelming the persistent volume configuration. 

We reworked storage sizing on the fly, using the opportunity to coach the client’s team on how to manage storage in Kubernetes, a system they were still learning to operate.

The Toolstack

 

  • Longhorn
  • Velero
  • NGINX Ingress Controller
  • Prometheus
  • Grafana
  • Red Hat Ansible Mark RGB White
  • 500px Terraform-vertical
  • AWS

To meet the client’s cost and compliance requirements, we deployed a fully open-source stack designed for high availability and operational control in AWS GovCloud.

Longhorn: Enabled cross-zone volume replication and failover. Critical for high availability in GovCloud’s multi-AZ setup

Velero (CSI-based backup): Delivered fast, reliable snapshots after file-level restores proved too slow

NGINX Ingress Controller: Provided stable load balancing with minimal overhead and full Kubernetes integration

Prometheus + Grafana: Enabled observability and metrics without licensing constraints

Ansible + Terraform: Powered the infrastructure-as-code foundation for consistent provisioning and resets

AWS GovCloud (EKS): Chosen for compliance, control, and proximity to existing federal systems

The Results

Shadow-Soft delivered a production-ready deployment of the latest containerized release of a third-party ISV platform in AWS GovCloud, replacing a vendor-managed environment that did not support the upgrade.

The client passed internal architecture review, launched a high-availability Kubernetes setup, and gained full operational control, despite having no prior experience running the platform themselves.

The project was completed in just 9 weeks, inside a compliance-sensitive GovCloud environment, using a fully open-source stack to control costs and meet internal security standards.

Shadow-Softs hands-on approach gave the internal team real experience troubleshooting infrastructure failures, scaling Kubernetes storage, and supporting live workloads, setting them up to own future updates without external support.

Key Results:

  • Delivered production deployment in AWS GovCloud within 9 weeks
  • Enabled upgrade to ISV platform version previously unsupported by vendor
  • Avoided licensing fees by using a fully open-source toolstack
  • Passed internal architecture and compliance review under deadline
  • Resolved 250GB+ snapshot delta issue during deployment
  • Built high-availability Kubernetes environment with test and prod parity
  • Gave internal team hands-on experience managing backups, scaling storage, and deploying via GitOps
  • Delivered without adding operational load to central IT, enabling the business unit to own the platform independently

What’s Next?

With the new environment live, the client is preparing for future containerized releases from the ISV and expects additional business units to adopt the platform now that it’s centrally deployed and supported in-house.

Shadow-Soft remains on call to support future scaling, upgrade testing, and environment optimization as usage expands.

Client Overview:

An enterprise government contractor serving defense, intelligence, and civilian agencies. The firm operates in highly regulated environments with strict data and compliance requirements.

  • Industry: Government 
  • Size: Enterprise
  • Location: United States