The challenge
The United Nations International Computing Centre (UNICC) provides shared ICT services to over 80 UN System organizations — Secretariat entities, Funds and Programmes, Specialized Agencies, and related bodies. Its infrastructure spans multiple data centers, cloud environments, and thousands of endpoints across every continent.
UNICC faced several interconnected challenges that demanded a comprehensive automation approach:
- Legacy infrastructure: an outdated AWX deployment requiring a complete modernization while maintaining operational continuity.
- Scale and complexity: with 20+ UN agencies on shared automation services, any solution had to support multi-tenancy, strict access controls, and organization-specific requirements.
- Integration requirements: the platform needed to integrate seamlessly with ServiceNow for incident management, HashiCorp Vault for secrets, and multiple cloud providers.
- Security mandates: as a UN organization, strict requirements applied — comprehensive audit trails, encrypted communications, and compliance with international standards.
Our approach
We designed a phased modernization strategy that prioritized zero-downtime migration and knowledge transfer to UNICC teams, centered on Infrastructure-as-Code from the ground up.
Phase 1 — Assessment and architecture
We documented the existing automation landscape — playbooks, roles, inventories, and integrations — mapped dependencies between systems, and identified opportunities to standardize across agencies. Key architecture decisions included:
- Kubernetes-native deployment using the AWX Operator for scalability and resilience
- GitOps workflow with Kustomize for environment-specific configurations
- Centralized secrets management through HashiCorp Vault
- Multi-tenant organization structure with role-based access controls
Phase 2 — Platform modernization
The migration to the new AWX platform ran through fully automated GitLab CI/CD pipelines. Every infrastructure component was defined as code, enabling reproducible deployments across development, staging, and production. Custom Execution Environments tailored to UNICC ensured consistent runtime behavior — specific Python versions, Ansible collections, and the security tools required by UN agencies.
Phase 3 — AI-enhanced operations
To manage automation at scale, we built AI-driven microservices with FastAPI that provide intelligent incident analysis — correlating automation failures with infrastructure changes, historical patterns, and known issues. The AI components help operations teams:
- Automatically categorize and prioritize automation failures
- Suggest remediation steps based on historical resolution data
- Identify patterns that signal systemic issues before they become critical
- Generate natural-language summaries of complex issues for stakeholders
Technical implementation
The implementation leveraged modern DevSecOps practices throughout.
Infrastructure as Code
All components defined in Git using Kubernetes manifests, Kustomize overlays, and Helm charts. Changes flow through merge-request reviews before automated deployment.
GitLab CI/CD pipelines
Multi-stage pipelines handle testing, security scanning, image builds, and progressive rollouts — with automatic rollback for service reliability.
Secrets management
HashiCorp Vault provides dynamic credentials for databases, cloud providers, and APIs. No secrets live in code repositories or playbooks.
Observability
Comprehensive monitoring and logging give real-time visibility into execution, platform health, and resource use. ServiceNow integration tracks incidents through established ITSM processes.
Results and impact
The modernized platform delivered significant operational improvements:
- Complete Infrastructure as Code: 100% of the platform is now managed through code — version control, audit trails, and reproducible deployments.
- Improved reliability: the Kubernetes-native architecture provides high availability and automatic failover, significantly reducing downtime.
- Faster onboarding: new UN agencies join quickly via standardized configurations and automated provisioning.
- Reduced incident resolution time: AI-assisted analysis helps teams find root causes faster and apply the right remediation.
- Enhanced security posture: centralized secrets and comprehensive audit logging strengthen compliance with UN requirements.