Summary: A federal business unit inside a major government contractor needed to deploy a new containerized release of a critical ISV platform while moving away from their managed service and avoiding strain on internal IT. Shadow-Soft guided the full AWS GovCloud rollout in just 9 weeks (before their license was renewed).
A federal business unit responsible for internal automation faced a critical decision: stay on an older version of a managed ISV platform, or bring the new, containerized release in-house.
Their team wanted more visibility, more flexibility, and a way to control long-term costs. But taking ownership meant deploying in AWS GovCloud, passing an internal architecture review, and managing Kubernetes infrastructure they had never run before.
Sticking with the existing setup would have locked them into rising costs and limited flexibility, without solving their long-term scaling needs.
With a contract renewal deadline approaching and limited capacity from central IT, they brought in Shadow-Soft to map the options, prepare board-ready documentation, and guide the deployment in under 9 weeks.
Before deploying the infrastructure, the client had to evaluate trade-offs, secure approval from an internal architecture board, and show they could manage the platform independently.
We started with a focused advisory phase, mapping architecture scenarios, modeling cost and resiliency trade-offs, and preparing board-ready documentation. Every recommendation had to withstand scrutiny from cloud, security, and business stakeholders.
Once approved, we led the deployment of the new version of a containerized ISV platform on AWS GovCloud using a high-availability Kubernetes setup and a fully open-source toolset. The stack avoided licensing costs while still meeting the client's compliance and availability standards, keeping long-term spend in check.
From day one, our role was to enable (not replace) the client’s team, giving them a platform they could understand and own.
The move to AWS GovCloud wasn’t a copy-paste deployment.
The client needed to validate architecture, document risk and cost trade-offs, and prepare their internal team to manage a Kubernetes environment for the first time.
Our process balanced speed with hands-on enablement under a strict deadline and in a sensitive, compliance-driven environment:
Despite a tightly scoped plan, the deployment hit two major infrastructure issues that couldn't have been surfaced in planning. Each introduced real delivery risk under a hard deadline.
Backups broke under the platform’s file volume. The application generated hundreds of thousands of small files. When our team tested restore using Velero’s default file-level backup, it stalled for hours. A full restore would have taken over 24.
To fix it, the team pivoted to CSI-based snapshots. It was a faster approach, but one that required validating compatibility across the stack and staying within the client's open-source tooling constraints.
The cluster also ran out of storage mid-project. Frequent redeployments triggered full-volume snapshot deltas. Instead of incremental changes, the system was writing 250GB of data per snapshot, overwhelming the persistent volume configuration.
We reworked storage sizing on the fly, using the opportunity to coach the client’s team on how to manage storage in Kubernetes, a system they were still learning to operate.
To meet the client’s cost and compliance requirements, we deployed a fully open-source stack designed for high availability and operational control in AWS GovCloud.
Longhorn: Enabled cross-zone volume replication and failover. Critical for high availability in GovCloud’s multi-AZ setup
Velero (CSI-based backup): Delivered fast, reliable snapshots after file-level restores proved too slow
NGINX Ingress Controller: Provided stable load balancing with minimal overhead and full Kubernetes integration
Prometheus + Grafana: Enabled observability and metrics without licensing constraints
Ansible + Terraform: Powered the infrastructure-as-code foundation for consistent provisioning and resets
AWS GovCloud (EKS): Chosen for compliance, control, and proximity to existing federal systems
Shadow-Soft delivered a production-ready deployment of the latest containerized release of a third-party ISV platform in AWS GovCloud, replacing a vendor-managed environment that did not support the upgrade.
The client passed internal architecture review, launched a high-availability Kubernetes setup, and gained full operational control, despite having no prior experience running the platform themselves.
The project was completed in just 9 weeks, inside a compliance-sensitive GovCloud environment, using a fully open-source stack to control costs and meet internal security standards.
Shadow-Softs hands-on approach gave the internal team real experience troubleshooting infrastructure failures, scaling Kubernetes storage, and supporting live workloads, setting them up to own future updates without external support.
With the new environment live, the client is preparing for future containerized releases from the ISV and expects additional business units to adopt the platform now that it’s centrally deployed and supported in-house.
Shadow-Soft remains on call to support future scaling, upgrade testing, and environment optimization as usage expands.
An enterprise government contractor serving defense, intelligence, and civilian agencies. The firm operates in highly regulated environments with strict data and compliance requirements.