06
fev
App Modernisation
06
fev
Galax Pay: Migração para nuvem garante mega investimento para a empresa
Sobre a Galax Pay
Galax Pay é uma plataforma automatizada de gerenciamento de cobranças de cartão de crédito, boletos e pix. Como uma fintech brasileira, a Galax Pay é integrada às operadoras de cartão de crédito para facilitar o processo de cobranças recorrentes. A plataforma ainda oferece acesso a relatórios completos de dados de vendas, gateway de pagamentos para faturas únicas, relatórios customizáveis, gerenciamento automatizado e outras ferramentas que facilitam a gestão de faturamento.
A empresa entendeu que um dos maiores desafios enfrentados pelos empresários brasileiros é a dificuldade de previsibilidade financeira, o que impede investimentos e melhorias em seus negócios. Assim, o sistema de pagamento financeiro Galax Pay foi criado com o objetivo de acabar com esse problema, oferecendo às empresas segurança no recebimento de seus pagamentos mensais.
Em 2015, a inadimplência crescia a uma taxa alarmante em decorrência de uma crise econômica que atingiu o país. Foi então que Márcio Vinícius, atual CEO da Galax Pay, entendeu que era fundamental aprimorar os processos de cobrança e recebimento das empresas. A Galaxy Pay surgiu em um momento em que nenhuma companhia oferecia serviço de pagamento automático de cartão de crédito a um custo acessível para os clientes.
Sobre o sistema
O principal objetivo do Galax Pay é simplificar o gerenciamento de pagamentos através da automação e facilitar os processos de recebimento de pagamentos únicos e recorrentes. Atuando como um intermediário entre bancos, empresas e clientes, a plataforma Galax Pay possibilita que pagamentos sejam efetuados e recebidos por intermédio de vários métodos – incluindo débito direto autorizado e Pix, plataforma gratuita de pagamentos eletrônicos instantâneos administrada pelo Banco Central do Brasil.
A Galax Pay facilita a comunicação das companhias com seus clientes finais, além de oferecer controle total sobre todos os pagamentos por meio de relatórios. Atualmente, a Galax Pay processa mais de R$45 milhões mensais e atende mais de 2.700 clientes.
O Desafio da Empresa
O crescimento inicial da Galax Pay foi lento em decorrência de restrições em sua infraestrutura que estava hospedada on-premise. Problemas diários que a infraestrutura apresentava demandavam quase todo o foco da equipe, reduzindo o tempo disponibilizado para desenvolver a solução.
O time da Galaxy Pay tinha 27 pessoas, e pelo menos 10 delas tinham envolvimento direto com o lançamento dos processos, monitoramento de ambiente e criação de ambiente de teste e validação. Além disso, outros departamentos da empresa operavam com uma equipe muito enxuta, o que resultou na dificuldade de crescimento – pois quando se tem uma estrutura on-premise, quanto mais desenvolvedores são contratados, mais a estrutura tem que crescer para acomodá-los.
A ausência de implantações automatizadas (CI/CD pipelines) e de estratégias de implantação fizeram com que novas versões da aplicação se tornassem amplamente indisponíveis. O repositório estava sendo utilizado indevidamente – os conceitos dos branches de desenvolvimento do GitLab estavam sendo aplicados incorretamente. Na ausência de containers era necessária uma configuração na máquina do desenvolvedor (por aplicação), o que gerou problemas relacionados à disponibilidade no ambiente final. Isso acabou por envolver diretamente os ambientes criados em uma relação de ambiente de desenvolvimento versus ambiente de teste, levando a uma grande necessidade de ambientes de testes e uma grande quantidade de fusões até que uma versão pudesse ser produzida.
Um pacote gerado manualmente foi disponibilizado no servidor, sem nenhum tapete de integração (CI) ou de disponibilidade (CD) e sem nenhuma estratégia de implantação definida – como por exemplo, uma estratégia de implantação verde azul. Ao mesmo tempo, foi liberada uma versão distribuída a todos os clientes.
A maior parte dos lançamentos causou interrupção no serviço para o cliente final, o que pode custar muito caro para a reputação de uma fintech – há uma diminuição da percepção de eficiência e confiabilidade da empresa. Além disso, o próprio uso de repositórios no GitLab e a estratégia de ambientes non-prod também precisavam ser revistos para que a empresa pudesse gerenciar o controle de qualidade por meio do uso de ambientes de teste e aumentar a velocidade dos lançamentos por meio da automação.
A fintech também precisava estar em conformidade com as normas de PCI DSS no setor de pagamentos para atestar o seu comprometimento com o Padrão de Segurança de Dados da Indústria de Pagamento com Cartão. Embora ter um ambiente seguro seja o primeiro passo para obedecer aos padrões de segurança da indústria, o que realmente conta é a capacidade de se manter continuamente em cumprimento dessas regras.
Foi nesse contexto que a Galax Pay procurou a DNX para assessorar na migração de sua estrutura on-prem para a nuvem, algo que possibilitaria o crescimento que a empresa almejava. Através dessa transformação, a DNX influenciou diretamente na habilidade da Galax Pay de atrair investidores e escalar o seu crescimento comercial agregado ao aumento do investimento – resultando em um investimento da CelCoin.
O Processo
- Fase de Avaliação
Através de briefings executivos, a DNX entendeu e catalogou a infraestrutura existente na Galax Pay. Essa etapa exige muita habilidade e é uma parte crítica na jornada de migração. Contudo, ela permitiu que a equipe da DNX não apenas entendesse as dependências e problemas comuns no ambiente, como também estimasse um Custo Total de Propriedade (TCO), aumentando a visão da Galax Pay sobre o seu próprio negócio. Terminada essa fase, a DNX identificou os recursos e aplicações necessárias para realizar a migração.
A DNX também identificou redundâncias e recursos subutilizados, incluindo base de dados que foram replicadas em vários servidores e máquinas compradas para atender demandas de datas específicas – como por exemplo a Black Friday – e que acabavam sem uso pelo restante do ano. A identificação desses custos adicionais ajudou a Galax Pay a tomar decisões que aumentaram as oportunidades de redução de custos e escala.
O principal resultado dessa fase de avaliação foi a criação de um business case de alto nível que desenhou diversas estratégias para que o time atingisse os objetivos do projeto. A análise do negócio possibilitou que a Galax Pay avaliasse todas as opções disponíveis usando suas prioridades e necessidades como parâmetros, o que, em última instância, contribuiu para decisões mais sólidas para o projeto em questão.
Baseada na avaliação dos processos de interação com os clientes, a melhor solução encontrada foi a migração de as aplicações. Os containers disponibilizam uma forma padrão para o armazenamento de configurações, códigos e dependências das aplicações em um único objeto, compartilhando apenas um sistema operacional instalado no servidor. O uso de containers permite que a equipe faça implantações de forma rápida, confiável e consistente, independentemente do ambiente.
Com a evolução do processo de virtualização, os containers são capazes de redimensionar a aplicação rapidamente por precisarem de pouco tempo de inicialização. Esse método simplifica a automatização do processo de implantação – já que a aplicação fica empacotado e pode ser disponibilizado em diferentes ambientes, como o desenvolvimento, homologação e produção.
A DNX concluiu que esse era o melhor método para acompanhar o desenvolvimento da aplicação, já que uma vez feita a conteinerização, há a garantia de que tudo o que a aplicação necessita para operar está intrinsecamente ligada a ela. A estratégia maior era garantir a máxima disponibilidade para o usuário final.
- Fase de Mobilização
Após a avaliação, iniciou-se o processo de planejamento – o momento em que a DNX começou a desenhar a nova arquitetura e o plano de migração de acordo com as necessidades da Galax Pay. A DNX avaliou as lacunas de tempo de resposta da nuvem e interdependência entre aplicações, descobertas na fase anterior. Além disso, foram avaliadas todas as possíveis estratégias de migração para garantir que a mais adequada fosse selecionada e atualizada no business case. Durante a etapa de Mobilização, a equipe da DNX implantou a Citadel, uma infraestrutura na nuvem arquitetada nos padrões de Well-Architected da AWS, pronta para entrar em conformidade com as normas de órgãos reguladores internacionais como PCI DSS, HIPAA, ISO 27001, CDR. E em seguida trabalhou com o cliente para projetar a plataforma da aplicação.
A solução apresentada à Galax Pay foi a de performar a migração através da modernização da aplicação e da utilização de containers utilizando o Amazon ECS, que é executado utilizando o Fargate. O ECS permite a configuração de métricas como CPU, memória e número de conexões, que auxiliam no escalonamento automático. O Fargate foi escolhido para alcançar a elasticidade e agilidade necessárias para a aplicação Galax Pay, pois permite que dois containers sejam executados ao mesmo tempo sem a necessidade de gerenciar servidores ou clusters de instância EC2.
O Fargate simplifica o processo da Galax Pay ao eliminar a necessidade da escolha de um tipo de servidor e o tempo de dimensionamento e de empacotamento de clusters. Outro motivo pelo qual o Fargate foi a escolha perfeita nesse caso foi o atendimento aos critérios de conformidade de PCI exigidos pelo ambiente. O uso do Fargate significa que a Galax Pay não precisará atualizar continuamente o sistema operacional ou utilizar sistemas de anti-vírus para a manutenção da segurança das máquinas.
Antes de iniciar a terceira e última fase do projeto, a DNX concluiu a configuração da zona de aterrissagem utilizando a fundação segura da Citadel e preparando o terreno para a migração de várias aplicações-piloto.
- Fase de Migração
Após a comprovação do sucesso dos aplicações-piloto, começou a migração do restante dos dados da Galax Pay para o ambiente seguro criado na AWS. Para que a Galax Pay se beneficiasse totalmente de tudo que a AWS tem a oferecer, durante o processo de migração o time da DNX realizou uma modernização. Ao modernizar dados e aplicações com conceitos nativos da nuvem, a Galax Pay se preparou para um futuro de sucesso – em que a eficiência de suas operações é otimizada.
Ao replicar o banco de dados, a DNX garantiu a sincronização ativa de dados – o que possibilita que os mesmos sejam replicados no ambiente operacional, reduzindo o downtime para cutover. Ou seja, ir além de uma simples estratégia de levantamento e deslocamento permitiu que a Galax Pay evitasse trazer os problemas do passado para o futuro da empresa.
A Galax Pay entrou em contato com a DNX Solutions do Brasil à procura de uma migração de on-prem para a nuvem, mas a entrega final superou as expectativas. O cliente buscava uma migração lift-and-shift para a AWS, mas entregamos uma modernização completa de acordo com os padrões de qualidade da AWS. A Galax Pay estava ciente dessa solução, mas imaginava que seria algo para o futuro. No entanto, implementamos essa solução nesse momento, evitando que a Galax Pay tivesse que se envolver em um novo projeto mais adiante.
Com o resultado alcançado, a Galax Pay:
- Aumentou a percepção de disponibilidade e performance da aplicação
- Diminuiu o tempo de resposta para melhorias e correção de bugs (bug fixes) e sua efetiva disponibilização. Isso foi refletido no aumento de sua nota na plataforma de avaliação online Reclame Aqui
- Maior segurança para o cliente ao atender os padrões PCI DSS
A modernização da aplicação foi entregue como parte do projeto de migração, aumentando a agilidade e segurança e permitindo que a Galax Pay atingisse metas projetadas para anos no futuro.
Aumento do Investimento e Crescimento
De 2020 a 2022, A Galax Pay cresceu 420% em receita do ano fiscal. Enquanto isso, o número de clientes aumentou aproximadamente em 150%, indo de 1.116 para 2.784 clientes.
Com os desafios operacionais causados por uma estrutura datada resolvidos pela migração efetuada pela DNX, as estratégias de negócio e promoção ganharam destaque. O resultado atraiu o investimento da CelCoin, que atuou como um catalisador financeiro impulsionando os negócios. A fundação segura e dimensionável entregue pela DNX Brasil garantiu que a Galax Pay estivesse preparada para lidar com aumentos de fluxo repentinos.
Estima-se que o aumento de clientes que a Galax Pay alcançou seria atingido em cinco anos, caso eles tivessem mantido sua infraestrutura on-prem.
Aumento de Entregas
Como uma fintech com uma solução digital sendo alimentada por um canal digital de aplicações, tecnologia é o cerne do negócio. O time da DNX implementou a automação de implantação e compartilhou conhecimento com a Galax Pay em relação ao GitLab e ambientes não produtivos. Isso permite a constante entrega de novas versões da aplicação diariamente.
Tranquilidade
Galax Pay agora opera a partir de uma estrutura segura de nuvem, a Citadel, que oferece tranquilidade operacional e de conformidade por meio de maior resiliência, confiabilidade e segurança.
Maior Desenvolvimento
A substituição da atualização manual pela automação otimizou o uso do tempo da equipe. Com as preocupações com a infraestrutura resolvidas, a equipe de desenvolvimento da Galax Pay agora tem tempo disponível para se concentrar nos objetivos principais da empresa e criar novos recursos para a solução.
A automação também permitiu que a Galax Pay implementasse novos recursos em um ritmo que atendesse aos desejos de seus clientes. O controle de qualidade também foi aprimorado por meio da criação de ambientes de teste e produção, permitindo que novos recursos sejam testados antes de serem liberados para o usuário final.
Antes do envolvimento da DNX, a Galax Pay estava restrita a liberar novas funcionalidades manualmente apenas aos finais de semana. Agora, o time tem a flexibilidade de liberar novas funcionalidades de três a quatro vezes por dia.
Conformidade PCI
O ambiente desenvolvido com a solução Citadel permite que a plataforma Galax Pay atinja a conformidade com PCI rapidamente, por esse ambiente ser compatível com PCI em sua construção. A Galax Pay também utilizou o DNX Managed Services, serviço oferecido pela DNX, para coletar evidências para uma empresa externa de auditoria, que confirmou sua conformidade. Isso garantiu a certificação PCI da empresa.
Uso Contínuo de Serviços Gerenciados
Reconhecendo a eficiência do trabalho da DNX ao longo do projeto, a Galax Pay optou por fazer uso contínuo do DNX Managed Services, que vem agregando valor à empresa há mais de um ano.
Atualmente, a DNX fornece um serviço de extensão SRE para a Galax Pay, onde a DNX é a parceira expert da AWS e DevOps da Galax Pay. Ao estabelercer uma parceria de confiança, a Galax Pay não precisa se lançar no mercado de trabalho em busca de mão-de-obra especializada. Isso garante benefícios ao cliente final da Galax Pay, já que o time pode manter o foco no que faz a aplicação rodar melhor – solucionar bugs, implementar melhorias e adicionar novos recursos que facilitam a vida dos das pessoas e empresas que contam com o serviço da Galax Pay.
Confira nossos projetos de open-source em github.com/DNXLabs e siga-nos no LinkedIn, Twitter e Youtube.
06
jun
Bringing cloud native concepts through DevAx to accelerate cloud journey for Big Red Group
DNX Solutions delivered the AWS Developer Acceleration (DevAx) enablement program to Big Red Group (BRG). The program is aimed at increasing the customers’ developer skills for cloud adoption and building developer cloud native fluency across their organisation. A major focus of AWS DevAx is the developer patterns and practices of modernisation and distributed system design, to break down and rearchitect monolithic application architectures.
The DNX team delivered the AWS DevAx enablement as a structured program by running a structured enablement program, working directly with BRG’s development teams for six weeks. A comprehensive curriculum taught through workshops and co-development sessions resulted in the upskilling of BRG’s internal development community.
What is the “Monoliths To Microservices” Program?
The migration from a monolithic architecture to microservices requires both a willingness on the part of the developer and the business as a whole, as well as a thorough understanding of the way in which architectures such as microservices design patterns can be used and the tools that can be utilised in order to deploy them.
The AWS DevAx “Monoliths to Microservices” program aims to increase developers’ knowledge and experience in distributed system design patterns, or to assist developers in gaining more experience in developing on AWS in general. The program takes a theory and patterns-first approach, then introduces the AWS developer tools. It, therefore, targets experienced developers looking to increase their skills, which perfectly reflects the BRG team that undertook the program with DNX Solutions.
Over the 6 weeks that DNX delivered the program, BRG developers started with a Java Springboot Monolith with a large RDBMS backend and methodically broke the monolith into a series of decoupled microservices. The DNX team rehosted the application in AWS, and then refactored the application architecture to utilise application release automation, bounded context based microservices, refactor and rearchitect the databases, implement an event driven system, implement authentication and authorisation systems, and create AI driven services.
Topics like microservices security best practices are covered as a cross-cutting topic across all modules.
- Module 1: Lift & Shift – Migrating The Monolith
- Module 2: Application Release Automation
- Module 3: Create a Microservice
- Module 4: Refactor Your Database
- Module 5: Microservices Decoupled Eventing & Messaging Architectures
- Module 6: Creating an Authenticated Single Page App
- Module 7: Creating Immersive AI Experiences
What is the value of the AWS DevAx program to BRG?
The DevAx enablement contributed to a mindset shift in the BRG Java developers, where they received the knowledge and tools required to alter their way of working from monolithic applications to a microservices-based architecture. This gave them the chance to understand the new technology, the different opportunities it provides and why it is worth adopting. For a company that is dealing with multiple brands all with unique infrastructures and functionalities, merging the data was a mammoth task that required an open-minded and educated developer team. As stated by the BRG Head of Engineering, this complexity is the reason “Devax Academy was extremely important in changing our team’s mindset, encouraging them to get involved with the project”. In addition, the deep understanding and insight into the patterns BRG’s teams need to break the monolithic across different types of architectures at speed will allow developers to reuse those same patterns in the future.
To move from monolith to microservices was a breakthrough for BRG. By moving away from long-running environments and drastically altering the development life cycle, teams can begin doing development with whatever the code repository is, allowing developers to spin up the environments. In addition, the cost of non-production is massively decreased by maintaining production and changing non-production as development is undertaken. In BRG’s case, the new confidence in breaking up and re-architecting monolithic applications that cannot be easily rehosted in the cloud has opened up many more doors, such as making it possible for them to build a secure Infrastructure as a Service (IaaS) that is simple to use and maintain. An additional benefit of microservices is the ability to implement Straight-Through Processing (STP). STP uses automation to increase the speed of financial transactions, which not only simplifies financial processes but its implementation at BRG has also saved them a huge amount in operational expenditure.
Upon completion of the program, the BRG team had gained a thorough foundation of knowledge and insight, meaning they are not only willing but also able, to strive for continual improvement. These benefits are just some of those gained by BRG due to the move from monolith to microservice technology, all of which can be achieved by any business willing to commit to the change.
DNX Solutions values sharing knowledge and is proud to be able to deliver comprehensive programs through the AWS DevAx enablement. For businesses that want to take control of their assets without having to rely on external resources, completing enablement through DevAx is a straightforward and valuable way to increase in-house skills. To see how your business can benefit from this program, contact DNX today.
01
jun
Big Red Group’s challenge to create a new infrastructure for multiple unique brands
Big Red Group (BRG) is the leading experience partner in Australia and New Zealand.
BRG is the parent company of major experience brands, such as RedBalloon, Adrenaline, Lime&Tonic, and Experience OZ. Each one of them have their unique value proposition to attract and engage diverse audiences, with exclusive distribution channels, B2C and B2B offerings, and unlock access to more than 10,000 experiences across Australia and New Zealand.
The Challenge
After acquiring new brands and inheriting their technology and infrastructure, BRG had to maintain multiple infrastructure sets resulting in the challenge of creating and maintaining new functionalities for each brand. In addition, they had the challenge of providing meaningful reports for the business due to their different data models.
BRG were seeking a cloud consultant partner that could assist them in building a secure infrastructure as a service that was simple to use and maintain from day one. They also sought increasingly leveraging microservices to ensure continuous, agile delivery and flexible deployment of complex, service-oriented applications.
DNX Solutions determined BRG’s business and technical capabilities, such as the interdependencies, storage constraints, release process, and level of security. With the required information at hand and BRG’s required technology, DNX developed a roadmap to meet BRG’s Technical and Business objectives, using AWS best practices “The 7R’s” (retire, retain, relocate, rehost, repurchase, replatform, and refactor).
The Solution
BRG’s project was implemented in two phases where an AWS Foundation, Application Platform (Containers), and Application BluePrints (Static frontEnd and Containers with full CI/CD PIpeline) were delivered.
DNX Well-Architected Foundation entails
- AWS Landing Zones
- 100% infra-as-code
- CI/CD for infrastructure
- CDK in Typescript
- Knowledge transfer
- Cost Report and optimization
- AWS ClientVPN Auditing Strategy
AWS Application Platform
- AWS ECS
- CloudFront + S3 (Static Application)
- Application CI/CD Strategy
- Monitoring strategy
- Auto-scaling strategy
- Logging strategy and retention
- Secrets management
- Application BluePrints
The Outcome
The DNX team designed and implemented a safe infrastructure as a code for AWS Cloud Development Kit (CDK) in typescript to run inside the AWS cloud Formation for their entire foundation as per BRG’s prerequisites.
The typescript was chosen by BRG’s team to provide them with an easier way to write and maintain not just the applications codebase but also infrastructure. TypeScript is a superset of JavaScript which primarily provides optional static typing, classes, and interfaces. One of the big benefits is to enable IDEs to provide a richer environment for spotting common errors as you type the code which BRG’s team was already very familiar with.
It offers all the features of JavaScript, plus an additional layer on top of these – the TypeScript type system. This can help companies to build more robust code, reduce runtime type errors, take advantage of modern features before they are available in JavaScript, and work better with development teams.
DNX also deployed Application Blueprints (Static frontEnd and Containers with full CI/CD Pipeline) so BRG’s team could deploy, migrate, manage and monitor their own applications in the AWS cloud in the future.
As with all of our projects, DNX delivered extensive documentation and sessions on transferring knowledge covering how DNX Foundations works, how to deploy applications, how to run CI/CD pipelines, and more.
Moreover, DNX delivered the AWS Devax Academy training program Monoliths to Microservices for Java developers for six weeks.
Conclusion
No matter your needs or requirements, DNX is able to deliver the right solution for your business.
Everybody in the DNX team has been very pleasant to work
with from end to end. The walkthrough was very
informative and the DNX team was helpful in accommodating
different requests. Thanks, DNX and AWS
04
ago
Scalamed: Building a HIPAA compliance environment while migrating from Heroku to AWS
About Scalamed
Scalamed is an Aussie startup that allows patients to receive prescriptions directly from their clinician to their mobile phones.
Taking a patient-centred approach, Scalamed believes the company must empower patients with the right information at their fingerprints to make health personalised for them.
Combining the experience of patients, care-givers, doctors, pharmacists, and geeks in a single solution, Scalamed aims to provide a friendly, personal, intuitive, secure, and caring healthcare solution.
For Dr Tal Rapske, Scalamed Founder, the journey to helping patients manage their health simply, conveniently, and on-the-go starts with medication management. As Rapske explained it, ScalaMed is in-effect a ‘digital prescription inbox’, secured by blockchain technology, which patients can access from their smartphone and share with their treating doctors and pharmacists.
“We identified a gap where a next-generation technology could improve the experience of medication management and increase adherence. By allowing patients to securely store their prescriptions digitally, doing away with paper, we can reduce medication errors, allergy mix-ups, and unnecessary hospitalisations, while giving patients their prescription history and information, and improving the convenience and ease of managing and purchasing one’s prescriptions,” Rapske explained.
The Business Challenge
While uncovering the market’s needs, Scalamed identified that the main concerns and questions about the solution are around security, ease of use, administration burden, and how difficult the system is to use. In response to the security topic, Scalamed has decided to prepare the application to be compliant with HIPAA standards for sensitive patient data protection.
Another challenge is that Scalamed was scaling up the business globally, was looking to improve the resource-usage, looking to grow more dynamically, remaining light on infrastructure operations, and wanting more control in the long-run. However, as Heroku was the current cloud platform, Scalamed was not able to achieve this due to some Heroku platform limits.
So, Scalamed needed to find a partner that solves both challenges; building a HIPAA compliant environment and preparing the business for future growth. DNX Solutions was engaged to support these challenges using AWS as a cloud solutions provider.
The 5-step Solution
Step 1: Identifying issues, risks, and opportunities
DNX started by assessing the current state of the application infrastructure, delivering a Well-Architected Review Framework where DNX identified risks and opportunities against operational excellence, security, reliability, performance efficiency, and cost optimisation pillars. Also, a HIPAA Best Practices was considered while assessing the workloads.
About 39 items were classified as high risk. Security and reliability were the main focuses for the business, followed by solving performance efficiency. Some of those are identities and permissions management, network resources, networking configuration, security events, design workload service architecture to adapt to and perform better, and data protection.
With a clear understanding of both business and technical needs in-hand, DNX and Scalamed determined that an Application Transformation would be the best path to solve those challenges.
A Transformation journey was defined as a deliverable scope, with security as a main topic to be covered in order to achieve the desired outcome.
Step 2: Enhancing security through DNX.One Well-Architected Foundation
The project started by deploying DNX.One Well-Architected Foundation (aka DNX.One) – an automated platform built with simplicity in-mind, Infrastructure as Code (IaC), open source technologies, and designed for AWS with well-architected principles. It enables the application to thrive while the business can remain focused on customer solutions.
DNX.One is a ready-to-go solution that aims to solve the most common business needs regarding cloud infrastructure as it fits different application architectures (including containers), has flexibility and automation for distinct platforms, and enhances security and management to keep business under control.
Some high-level security best practices that were leveraged while building Scalamed’s infrastructure were:
- Networking using security best practices for VPC
- Multiple Availability Zone
- Security groups and network Access Control List as an optional layer of security for VPC
- IAM policies to control access
- AWS tools to monitor VPC components and VPC connections such as CloudWatch
- A secure dedicated and isolated subnet for the database which is not accessible to the public internet
- A Centralised CloudTrail to monitor events history
- GuardDuty to provide continuous monitoring of AWS accounts
- AWS Key Management Service (KMS) to create and manage cryptographic keys and control their use across AWS services
While building a HIPAA compliant environment for Scalamed, DNX provided substantial changes on DNX.One which is default for any new customer such as having account-level separation to isolate distinct environments, granular access control for each workload, and list-grants-permission.
Having a separate audit only account was another crucial topic to be covered, enabling the HIPAA audit team to access everything with integrity.
Figure 1- IAM – single sign-on
Figure 2 – Networking
Figure 3: account management and separation
Step 3: Application Transformation Strategy
With minimum infrastructure operations in mind, DNX started the application transformation strategy. A migration from Heroku to AWS while using Elastic Container Service cluster in EC2 instances was proposed as it enhances performance and resource usage. It is important to note that DNX used spot instances for the ECS cluster, focusing on availability while reducing AWS costs.
Upon deployment of DNX.One, we migrated Scalamed deployment to Docker containers using Elastic Container Service (ECS) bringing together both the existing automated tests and database migration scripts to its CI/CD pipeline.
An internal Application Load Balancer was used to control internal access through Network Access Control List (NACLs) and/or Security Groups.
As a security best practice, environment variables were used while passing secret or sensitive data securely to containers. SSM Parameter was used to store secret keys and variables (values in plaintext), enabling only authorised services to access this and change it when convenient.
An AWS Key Manage Service (AWS KMS) customer master keys (CMKs) was used to encrypt the data at rest.
To enhance security in this phase, the environments were separated into accounts (non-prod and prod), allowing better access control for the Scalamed team to the environments through roles and policies. VPNs were also implemented in each environment (non-prod and prod), so that access to resources such as databases were only carried out through VPN, allowing authenticity, confidentiality, and integrity of data in transit.
Step 4: Build a secure CI/CD Pipelines
We used AWS EC2 instances to run complex CI/CD pipelines using spot instances, optimising steps such as database migration and automated tests running in parallel steps via Gitlab. Hundreds of pipelines are triggered daily at minimal operational cost. Moreover, this reduced the number of production incidents, increased their current test capacity, and enhanced security while running the pipeline in a private instance, avoiding public or shared instances.
DNX uses its own runners to execute the pipelines. In summary, instances are created in AWS to execute the pipelines without the need to configure SECRETS within the CICD SaaS platforms. Our instances that are created for this purpose already have the specific policies and roles to execute the pipelines only with the necessary permissions, without the need to expose the execution of pipelines inside third-party runners.
AWS stack:
- AWS Identity and Access Management (IAM)
- AWS Key Management Service (AWS KMS)
- Network ACLs + Security Groups
- AWS Systems Manager
- AWS CloudTrail
- AWS Organisations Service Control Policy
- AWS Secrets Manager
- Amazon CloudWatch
- AWS CloudWatch Events
- Amazon GuardDuty
- AWS Certificate Manager (ACM)
- AWS Single Sign-On
- AWS Consolidate Billing
Step 5: Knowledge Transfer
DNX works closely with companies to spread the AWS Well-Architected Framework pillars, bring teams together, and focus on delivery. As part of DNX Transformation Journey, a showcase was delivered at the end of the project in order to upskill the Scalamed’ team regarding what was delivered.
Conclusion
From conception to conclusion, the migration project of Heroku to AWS was completed in approximately one month. Now they have a HIPAA compliant environment as well as Well-Architected. In order to address the first challenge, the critical issues identified on the previous assessment were fixed (under security and reliability pillars) while delivering a resilient, secure, and reliable foundation.
The new Docker+AWS environment implementation allowed Scalamed to improve performance and efficacy as compared to their previous Heroku environment. Their production quality and their ability to release more products frequently have increased. Furthermore, developer and QA productivity has improved significantly.
Building a HIPAA compliance environment, improving the security of application components, automating security components and CI/CD, and applying AWS cloud-based products have enhanced the environment to seat the customer data. It enables the Scalamed team to focus on delivering Dr Tal Rapske’s passion; to reorient healthcare towards the patient and empower patients with their data seamlessly, while addressing the quadruple aim of health – improved health outcomes, reduced cost, improved patient experience, and reduced paperwork for providers.
Na DNX Brasil, rabalhamos para trazer uma melhor experiência em nuvem e aplicações para empresas nativas digitais. Trabalhamos com foco em AWS, Well-Architected Solutions, Containers, ECS, Kubernetes, Integração Contínua/Entrega Contínua e Malha de Serviços. Estamos sempre em busca de profissionais experiêntes em cloud computing para nosso time, focando em conceitos cloud-native. Confira nossos projetos open-souce em https://github.com/DNXLabs e siga-nos no Twitter, Linkedin or YouTube.
11
jun
Brighte Capital restructures its AWS organisations, improves security, and achieves a 50-60% cost reduction.
About Brighte
Brighte Capital is a rapidly growing Australian FinTech founded in 2015, making solar, battery, and home improvements affordable for Aussies all over the country.
Its mission is to make every home sustainable, offering Aussie families affordable access to sustainable energy solutions through an easy payment platform.
The company offers financing and zero-interest payment solutions for the installation of solar panels, batteries, air conditioning, and lighting equipment.
The process is simple and fast, all managed via Brighte’s website or smartphone app. Once your application is approved, you get access to highly vetted vendors offering interest-free products. Brighte recently received the Finder Green Awards 2021 in the category of Green Lender of the Year, an incredible achievement that recognises and solidifies its position in the Australian market.
As a company operating in both the Energy Industry and Financial Services Industry, Brighte must comply with numerous standards, rules, and regulations highlighting operations, security, and data protection as key topics. Australian Privacy Principles, Anti-Money Laundering and Counter-Terrorism Financing Act 2006, and National Consumer Credit Protection Act 2009 are just some examples.
But as a customer-centric company, Brighte goes beyond mere compliance requirements. Transparency and making life easier are two of its most important values, so Brighte is alert to other factors which can bring damage to their clients, well beyond compulsory minimum standards.
The Business Challenge: consolidate and improve the core digital platform architecture while prioritising security
Brighte’s business model is impressive and there has been considerable investment in a robust digital platform to support the different areas of the company. There is substantial technology in-place behind the scenes, with the business headed by a dedicated team of professionals with diverse backgrounds and skills, all contributing to a strong work culture.
As a relatively young company, Brighte has experienced exponential growth. Even with best practices in-place, it was difficult to continually manage or upgrade the various IT solutions the business was using.
Most of Brighte’s applications were developed in-house and based on a range of different programming languages and technologies. While its infrastructure was hosted on AWS, different services were being used to support each application, causing issues around ease of management and knowledge retention and sharing, but on top of that, increased vulnerability and manual interactions should have been fixed, retaining and improving security.
Brighte needed to revamp its landscape and reevaluate the current architecture of its core digital platform. The business reached out to DNX, seeking a solution that would improve its cloud strategy, apply DevOps best practices, reduce infrastructure operational overheads, and achieve overall cost optimisation. However, because of its financial conditions, these challenges need to go hand-in-hand with security. Therefore, DNX understood that the challenge is to provide those improvements while prioritising security.
The DNX Solution: infrastructure, pipelines, AWS Stack, deliverables, project, UI, frontend + backend
Prior to project kick-off, DNX began a discovery phase to maximise the information collected about the challenges faced by Brighte’s team. A Well-Architected Review Framework was delivered to identify risks and opportunities against operational excellence, security, reliability, performance efficiency, and cost optimisation pillars. This enabled DNX to ensure and maintain focus on the most important priorities, such as security and operational excellence, while the team went through the DevOps Transformation guidelines to draft a plan for the required changes, working towards continuous innovation during the course of the project.
Comparing best practices enables the team to identify new opportunities and highlight concerns that may not be apparent at the beginning.
From an infrastructure perspective, DNX recognised that Brighte needed to improve control over its AWS resources using IaC (Infrastructure as Code) and restructure its AWS organisation and accounts strategy.
To achieve this, DNX suggested its DNX.One Well-Architected Foundation (aka DNX.One) to provide the following benefits:
- New structure of AWS organisation following the best practices in the market.
- Ability to manage all infrastructure resources across all of their AWS accounts based on Terraform and CI/CD pipelines.
- Designed for AWS with Well-Architected principles
It is important to mention that DNX.One is a ready-to-go solution that aims to solve the most common business needs regarding cloud infrastructure, fitting different application architectures (including containers), has flexibility and automation for distinct platforms, and enhances management to keep business under control.
An extra layer of high-level security best practices as default for architecture guarantees continuous security at any stage. It ensures that regardless of the challenges that customers need to achieve, they will do it in a secure way.
From the applications point of view, DNX identified Brighte was using different types of AWS services to deploy their applications, including ElasticBeanstalk, ECS with Fargate, and EC2 instances.
Having these different types of application deployments is expensive, as the company needs to utilise multiple operational processes to manage the environment, but is also less secure because no single consistent security module is provided, effectively introducing risk.
With its Application Modernisation strategy, DNX suggested containerisation of the client’s main applications and deployment via ECS with spot instances. This change would substantially reduce Brighte’s costs, create a pattern for new applications that may be necessitated by future business growth, and improve security while having a single security pathway to improve the AWS responsibility under the Shared Responsibility Model, making security simpler by using ECS.
The CI/CD pipeline strategy was also evaluated and Brighte’s team demonstrated a willingness to adopt solutions that would reduce the complexity of managing new deployments and providing faster response times to deploy new applications in their landscape.
Key Project Phases:
Cloud Foundation (aka AWS Foundation)
With our automated solutions based on Terraform (IaC), DNX restructured Brighte’s AWS resources such as AWS organisation, accounts, network, domains, VPN, and all the security controls for account access via SSO using Azure AD as their Identity Provider.
Building a strong and secure foundation for Brighte’s applications was a critical first step prior to modernisation. With a multi-AZ strategy with ECS nodes running on spot instances deployed in their environments, Brighte was able to run a cluster of Docker containers across availability zones and EC2 instances, while optimising costs and simplifying the security operating model.
Security:
Although security is considered and addressed at many stages by now, and several cloud technologies have been put in-place to protect data, systems, and assets in a manner to improve security through best-practice guidance, there are some AWS services that still need to be highlighted.
AWS Cloudwatch
The logs from all systems, applications, and AWS services have been centralised in the highly scalable AWS CloudWatch service. It allows easy visualisation and filtering based on specific fields, or archiving them securely for future analysis. CloudWatch Logs enables you to see all of your logs, regardless of their source, as a single and consistent flow of events ordered by time, and you can query and sort them based on other dimensions, group them by specific fields, create custom computations with a powerful query language, and visualise log data in dashboards.
AWS Cloudtrail
All AWS events are reported to a centralised CloudTrail and exported to an S3 bucket in an Audit account.
AWS Organisations
The setup of new accounts has been automated by service control policies (SCPs) which apply permission guardrails at the organisation.
AWS Guardduty:
DNX implemented a centralised Guardduty to detect unexpected behaviour in API calls. The Amazon GuardDuty alerts when unexpected and potentially unauthorized or malicious activity occurs within the AWS accounts.
DNX has helped Brighte to strengthen its workload security along with a number of other relevant AWS resources, such as Amazon Cloudfront, ECR image scanners, AWS IAM identity provider, VPC endpoints, Amazon WAF, and AWS Systems Manager Parameter Store.
Cost savings:
There were three main cost optimisation drivers used for this project. The combined use of these three strategies brought savings in the order of 60%, compared with the same workloads on the previous environment, while allowing Brighte to use several new resources delivering more value with less cost to its clients.
- Using ECS clusters with EC2 Spot Instances: Spot instances are unused AWS capacity that is available for a fraction of the normal On-Demand prices on a bidding model. Spot instances can be reclaimed by AWS when there is no available capacity, so DNX uses an auto-scaling model with several instance types that ensure availability while saving around 75% compared with On-Demand. For instance, an On-Demand t3.xlarge instance costs $0.2112 per hour while the same Spot instance costs $0.0634.
- Savings plans for Databases: As the databases are stable and their use can be predicted over a long duration, AWS allows us to reserve a DB instance for one, two, or three years, with monthly or upfront payments, charging a discounted hourly rate saving from 30% to 60%, according to the chosen plan.
- Automatic scheduler for turning on and off resources according to a usage calendar: For Development and Testing environments, which are not meant to be used on a 24/7 basis, Brighte can easily schedule when these environments are available for the teams and when it should be turned off (scaling them to zero), saving around 50% compared to a full-time available environment. The scheduler mechanism allows the resources to be used at any desired time, bypassing the default calendar, in an easy to use way.
Application Modernisation:
Brighte had a good set of applications based on different technologies deployed across multiple AWS services. During this phase, the DNX team focused on the refactoring of the main applications to deploy the content via Docker containers and subsequently make use of ECS with spot instances.
They had previously adopted some of the 12-factor principles, but needed to improve their control over sensitive data and credentials. DNX proposed the use of AWS System Manager Parameter Store and adapted all the applications to follow this pattern.
A few serverless applications and UI static pages were deployed as part of this phase, even without demanding a strong code refactoring. We adapted the remaining apps to the 12-factor app methodology and made use of our CI/CD pipeline strategy.
Each environment in AWS was made identical, varying only in EC2 instance types in each environment (dev, uat, production). The same immutable application image was deployed and tested across these environments. By adopting this approach, Brighte has improved its operational resilience, greatly reducing production incidents to zero through its self-healing platform.
Logs:
Due to the high volume of logs, Brighte was using the ELK stack (ElasticSearch, Logstash, and Kibana) in legacy accounts to aggregate all of its application logs and avoid losing data during the process. The solution was working fine, but since it’s not a fully managed solution, the operational overhead was a point of impact.
DNX suggested the replacement of Logstash with Kinesis Firehose and CloudWatch Subscription Logs to send the data directly to ElasticSearch cluster. This way, Brighte was able to avoid the need of having dedicated resources to manage the solution and take advantage of the automatic transfer of logs between the applications, CloudWatch and ElasticSearch.
CI/CD pipeline:
Brighte was using Bitbucket as a provider for its applications pipelines. DNX adjusted the pipeline strategy reducing the complexity of deployments across different environments and included tools to automate the replacement of data used for automated tests using AWS System Manager Parameter Store. In addition, the bitbucket pipelines have been integrated with AWS using OpenID Connect (OIDC). As a result, there is no need for creating AWS IAM users and managing AWS Keys to access AWS resources. This strategy improved security and removed any kind of sensitive data from Brighte’s codebase.
Databases:
The databases were already deployed in RDS prior to this project, but DNX increased security by encrypting all of the database workloads and improving redundancy by activating Multi-AZ strategy during the database migration phase. Also, the databases were created in dedicated and isolated subnets which allow only incoming traffic from private subnets. Therefore, the network ACLS restricts inbound traffic for specific private subnet CIDR ranges and the RDS security groups allow only inbound traffic from ECS instances.
Conclusion
From conception to its conclusion, the project was completed in approximately five months, with the restructure of AWS accounts, infrastructure resources, and a total of 15 applications migrated to the new AWS environments.
The performance of the applications is working consistently based on auto-scaling of the clusters and without any risk of downtime due to the redundancy and self-healing strategies delivered by DNX products. The infrastructure and application deployment operational overhead has reduced significantly and this is reflected directly in Brighte’s ability to release products more frequently.
With the new pattern adopted across all applications and the use of ECS clusters with spot instances, Brighte has achieved a cost reduction of 50-60% – an outstanding result for such a large set of applications and infrastructure resources used by its digital platform.
Finally, having a very secure foundation helped Brighte to provide operational cost reduction through security and best practices, as Brighte fundamentally is saving money on operating it as the complexity was going down, therefore now they are able to run faster and safer.
“DNX are being an absolute enabler for our business with their “can do” attitude and attention to detail. Relentless battling with our neglected ecosystem and transferring knowledge every step of the way.”
Na DNX Brasil, rabalhamos para trazer uma melhor experiência em nuvem e aplicações para empresas nativas digitais. Trabalhamos com foco em AWS, Well-Architected Solutions, Containers, ECS, Kubernetes, Integração Contínua/Entrega Contínua e Malha de Serviços. Estamos sempre em busca de profissionais experiêntes em cloud computing para nosso time, focando em conceitos cloud-native. Confira nossos projetos open-souce em https://github.com/DNXLabs e siga-nos no Twitter, Linkedin or YouTube.
19
fev
Plezzel: Migrating an on-premise application to AWS cloud
About Plezzel
Plezzel is a company that provides unique consumer journeys within the Real Estate sector. The Platform as a Service (PaaS) solution provides marketing automation software. Plezzel’s solution provides the time-saving and marketing tools that agents need to get more listings, grow their rent roll, and build better relationships with their prospects.
The Business Challenge
With the speed of innovation occurring in the Real Estate industry and the pace of change in Digital Marketing, the Plezzel management team decided to upgrade their platform infrastructure to cater for planned growth and uptake.
Running Plezzel’s platform on-premise technologies on the same server was challenging for the Plezzel team. This required lots of computing power and 3rd party supplier labour to manage the platform. The main challenges were their environmental complexity. DNX took up the challenge to build the best solution possible for Plezzel, designing and sharing a simple and efficient architecture on AWS with their team.
The Solution
There’s nothing better than starting your cloud journey with a fresh, Well-Architected account and getting your DNX.One Foundation in-place, leveraging all 5 pillars of the AWS Well-Architected framework, operational excellence, security, reliability, performance efficiency, and cost optimisation (check more about our AWS foundations here).
Moving to the cloud with the DNX.One Foundation established was a decisive step to improve Plezzel operations and made way for a series of DevOps automations, using Infrastructure as Code (IaC) – one of many DNX deliverables.
Then, the DNX team started to modernise Plezzel API workloads and prepare them for their new platform in the cloud. The application platform includes ECS for container orchestration using spot instances that are up to 70% cheaper with on-demand instances. It also has zero-downtime deployments in test and production environments using CodeDeploy and its own custom CI/CD pipeline for the application.
Once API workloads were relieved from the on-premise server, we enabled the team to migrate the on-premise hosting platform to AWS. Initially, it’s a complex ‘lift and shift’ task, designing the new equivalent services on AWS and converting any local application or service to cloud managed services.
As moving to a cloud-hosted solution was a priority for Plezzel, moving the on-premise hosting platform to AWS was critical.
As soon as DNX team got the on-premise hosted server up-and-running in the cloud, we started to convert a few services to AWS resources such as the database, to an AWS managed database service with multi availability zones for a Disaster Recovery Strategy. Email service was converted to SES reducing significant costs with storage and reducing the load in the server along with moving DNS services. These actions were necessary to relieve the load and operations contained in the server that was sharing hardware and network resources with other services.
“The AWS Migration provided by DNX Solutions helped support and scale demand for Plezzel Digital Products/Services.”
Some of the AWS Services provisioned:
Conclusion
We achieved both high availability and disaster recovery in their new AWS cloud, plus a range of features. The Plezzel team can focus on improving their product in a new cloud-native way with modern architectures, now the main challenges have been solved by DNX and Plezzel teams. The new environments have AWS managing a few services like email, storage, DNS, deployments, and database, so Plezzel team can dedicate more time to what they do best – building solutions to connect their users with clients and innovate their features in a production-mirrored environment, eliminating variances from testing to release steps.
Na DNX Brasil, rabalhamos para trazer uma melhor experiência em nuvem e aplicações para empresas nativas digitais. Trabalhamos com foco em AWS, Well-Architected Solutions, Containers, ECS, Kubernetes, Integração Contínua/Entrega Contínua e Malha de Serviços. Estamos sempre em busca de profissionais experiêntes em cloud computing para nosso time, focando em conceitos cloud-native. Confira nossos projetos open-souce em https://github.com/DNXLabs e siga-nos no Twitter, Linkedin or YouTube.
04
fev
Workstar: Modernising a Windows-based application by applying DevOps on AWS
About Workstar
Workstar is an Australian Company based in New South Wales (NSW) dedicated to assisting corporations in developing customised, digital learning solutions based on real-life, practical situations. Operating since 2002, Workstar remains deeply dedicated to a ‘hands-on’ approach, providing options based on first-hand experience.
From scenario-based learning to the gamification of the workplace, Workstar professionally tailors each proposal to their clients’ needs on an ad hoc basis, offering both excellent service and professionalism. Their clients include reputable organisations such as Telstra, Westfield and McDonald’s.
The Business Challenge
Workstar is a Microsoft-based company, and were manually delivering web application releases via RDP protocol, where the likelihood for human error is higher. The requirement for developers to manually use a maintenance window for safe operation extended an already lengthy lead time.
DNX Solutions was consulted and engaged to design and implement a tailor-made approach to achieve an optimal outcome for Workstar. During the discovery phase, the team noticed the absence of Load Balancers and Auto Scaling aspects. Additionally, their application at the time did not benefit from either elasticity or high availability aspects in the cloud; areas of focus that would be directly addressed by the team’s project outcomes.
After actively consulting the client to understand the challenges faced, and the key outcomes they hope to achieve, the team at DNX kickstarted the process to design a salient solution.
The Solution
The team at DNX started the project with a prerequisite DevOps test, measuring multiple factors of Workstar’s DevOps Maturity Levels. Key areas including lead time and the time taken if deployment had failed were duly considered. These leading indicators allowed the team to craft a substantive plan to satisfy both Workstar’s needs and wants.
Involving the client in the process is at the core of DNX Solution’s philosophy. The DNX team, in active collaboration with Workstar, worked together as one team to achieve optimal results in the project’s conclusion.
The solution starts with a solid AWS Foundation. Our team at DNX focused on fashioning a reliably strong platform called DNX.One which implements operational excellence, security, reliability, performance efficiency, and cost optimisation using Infrastructure as Code (IaC), so applications can thrive while the business can remain focused on customer solutions. Once the framework had been implemented, this was quickly followed by the modernisation phase. The process involved migrating Workstar’s workloads to Elastic Beanstalk IIS, which runs on the Windows Platforms on spot instances using IaC.
IaC is one of DevOps’ many important principles, as well as DNX Solution’s core deliverables.
It is crucial that Elastic Beanstalk was set up for zero-downtime deployments with monitoring and health checks for better telemetry and stronger control of environments. With the app platform built, we started to move the currently encrypted RDS database to its new home in a Secure Subnet, built during the AWS Foundation stage, which only the private subnet (where the application will run) has access to. Also, the SQL Server license was reduced from ‘Enterprise’ to ‘Express’, bringing cost-savings to the customer as the features utilised are available in the Express version.
Some of the AWS Services provisioned:
After the environments had been fully established, we started working on the application CI/CD. The CI/CD pipeline automates diagnostic testing, building, and deployment to nullify the risk of manual errors from occuring. Further complemented by Elastic Beanstalk’s blue-green deployments, Workstar now has the ideal environment to flourish financially.
The client can now focus on business endeavours without being preoccupied with background operations, and the maintenance of their web infrastructure. Additionally, unnecessary costs have been significantly reduced to a minimum.
Our CI/CD pipeline solutions are all original and independent of one another, relying on their proprietary stylings. Previously, Workstar’s resource content files had been updated manually during the maintenance phase. With active monitoring and alerts currently in place, releases are now easily deployed for testing, with automated production environments operating in a safe and secure manner. Additionally, resources and environments are now efficiently managed, operating at capacity. An improved developer experience is another crucial achievement for the development team.
Conclusion
The staff at Workstar are now able to experiment and test their deliverables in a safe and collaborative environment, encouraging both creativity and innovation. A production-like environment eliminates the likelihood of bugs and production hurdles. As a result, the final users can now enjoy a more stable solution. The costs associated with AWS and TCO were also substantially reduced, with spot instances being 70% cheaper than regular on-demand instances. The complete automation of the manual operand for deployments, releases or scaling on AWS has reduced lead times considerably.
Overall, the project took 45 days to complete, and the team at DNX has managed to deliver on all fronts, satisfying their client’s needs in a timely and professional manner.
Na DNX Brasil, rabalhamos para trazer uma melhor experiência em nuvem e aplicações para empresas nativas digitais. Trabalhamos com foco em AWS, Well-Architected Solutions, Containers, ECS, Kubernetes, Integração Contínua/Entrega Contínua e Malha de Serviços. Estamos sempre em busca de profissionais experiêntes em cloud computing para nosso time, focando em conceitos cloud-native. Confira nossos projetos open-souce em https://github.com/DNXLabs e siga-nos no Twitter, Linkedin or YouTube.
Sem spam - apenas novidades, atualizações e informações técnicas.
Tenha informações das últimas previsões e atualizações tecnológicas
21
jan
Airboard: Improving time-to-market on AWS, a DNX Startup Case
About Airboard
Airboard is a digital queueing application that removes physical queues to improve the passenger experience at airports and on commercial flights. It currently uses machine learning and its unique patent-pending technology to benefit airports and airlines around the world.
The Business Challenge
As a startup, Airboard had done their homework on the industry, created a great product using agile concepts, and achieved an excellent MVP (Minimum Valuable Product). Airboard was seeking a development team for expedient development (in a two-week timeframe) of a Well-Architected global framework to achieve performance excellence concurrently with high security, reliability, availability, and efficiency for its airline industry customers. A key priority for the digital queuing application is to achieve low latency across multiple, global locations with a highly scalable framework. This requires leveraging the capability of the AWS cloud, anticipating the potential for an exponential increase in the number of simultaneous users as sector adoption grows. Time savings are a significant benefit of the Airboard system, so the accuracy of timing in multiple simultaneous locations remains essential to its success. To achieve these conditions within their desired parameters, Airboard chose to team up with the highly skilled and experienced AWS architects and engineers of DNX to design and build a solution for their first release.
In the initial development phase, the Airboard team were using AWS Lightsail for front-end and back-end PHP applications running on a single EC2 instance, which enabled rapid prototyping in its initial product development phase. However, given the increased sector demand during COVID and as part of a post-COVID recovery solution for the aviation industry, the Airboard team were looking for a way to enable automated deployments that can support global adoption with enough elasticity to allow for spikes in usage during global travel seasons.
Furthermore, an ambitious customer deadline was imminent for the Airboard team and it was under pressure to prepare the application for its first release. DNX was engaged to not just design and apply a solution for these challenges, but requested by the Airboard team to assist in providing comprehensive documentation and further enhancing its DevOps best-practices on AWS. As a certified DevOps competency AWS partner, DNX pushed hard during knowledge transfer sessions and detailed documentation about our solutions.
At first, going for an event-driven architecture using serverless computing was tempting but required lots of refactoring in the current product at that time, so DNX elaborated a container-based solution on AWS. With critical compliance requirements and strict security concerns, especially in US airports, the due date was close and DNX could modernise the Airboard application while building its AWS foundations.
The Solution
DNX allocated more Cloud Engineers for this project due to its critical deadline, so while a team was building Airboard’s AWS Foundations from the ground up, another one started to modernise the application that was written in PHP with front and back-end separated, both using Laravel Framework and classic LAMP stack (Linux, Apache, MySQL, and PHP). Also, the Continuous Delivery strategy with CI/CD pipelines, essential to fulfilling the customer requirements, started to be designed as the team ran the App discovery phase by the DNX Cloud Architect.
Our well-known DNX.One Well-Architected Foundation was applied – leveraging our considerable developer experience, and using Terraform to manage our IaC, we could also accomplish high-standard compliance with Airboard’s clients as AWS IAM policies are version controlled and securely managed. Using our IAM topology, the access to AWS accounts are role-based where users assume one or multiple roles across accounts and environments.
Additionally, each policy role has its version tracked using GIT, where any modification or inclusion to a role is approved using Pull Requests. This is a benefit of using IaC, where any change in a policy is tracked and can be compared using git diff.
Application Modernisation
To achieve a cloud-native solution, the PHP application was enhanced with the modernisation process where our engineers review the code and apply 12-factor principles, preparing it for container orchestration on ECS and making sure that performance would not be compromised.
As a result, we could build the application containers for ECS orchestration, by moving configurations stored in the application to the environments using CI/CD pipelines and ensuring that no state was kept by the application processes. We also automated existing database migrations and deployments that were previously manual processes, providing the team confidence to release new features that can be easily tested in a production-like environment before every deployment.
Continuous Integration and Continuous Delivery
Airboard is a growing business with the foresight to build its foundations on a framework that can scale easily. When DNX were engaged, the team was ready to transition to enhanced pipeline architecture, to support new features and future releases. Prior to engaging us, the Airboard team would connect to the EC2 Instance manually to release new features, as the application was already living in Bitbucket with a pipeline solution. At DNX, we utilised the client’s existing CI/CD tool to provide the best pipeline architecture, focusing on the best approach for the client’s needs. Along with regular feedback, architecture reviews, and Knowledge Transfer sessions, the DNX team designed and delivered a long-term solution to secure Airboard’s scalability in the cloud.
AWS Pipeline
Application pipeline
Some of the AWS Services provisioned:
Customer Benefits
Now Airboard has a future-proofed, scalable solution on AWS with elasticity, global high-availability, CICD, and ongoing automation supporting their application. All infrastructure built in this project uses spot instances that can save up to 70% in costs, maintaining a great Developer Experience. Applying the multi-region strategy created during the AWS Foundation and CI/CD pipelines phase, Airboard can now scale its solution and development team seamlessly around the globe without a significant increase on the current TCO (Total Cost of Ownership), improving passenger experience, supporting the growth of the business, and keeping passengers around the world safe.
Na DNX Brasil, rabalhamos para trazer uma melhor experiência em nuvem e aplicações para empresas nativas digitais. Trabalhamos com foco em AWS, Well-Architected Solutions, Containers, ECS, Kubernetes, Integração Contínua/Entrega Contínua e Malha de Serviços. Estamos sempre em busca de profissionais experiêntes em cloud computing para nosso time, focando em conceitos cloud-native. Confira nossos projetos open-souce em https://github.com/DNXLabs e siga-nos no Twitter, Linkedin or YouTube.
Sem spam - apenas novidades, atualizações e informações técnicas.
Tenha informações das últimas previsões e atualizações tecnológicas
14
jan
Agyle Time: Protecting customer data while reducing TCO and computing costs
About Agyle Time
Agyle Time simplifies Workforce Management, ensuring cost optimisation of your resources and allowing you to better schedule to actual workload, manage costs, and improve customer satisfaction. Agyle Time uses a modern development approach with cloud technologies to engage teams and their customers with a secure and go-anywhere platform that takes just minutes to set up.
The Business Challenge
Agyle Time’s SaaS platform and its connectors are dynamic and fit different customers’ needs. However, tenant isolation along with their individual data was crucial and a mandatory requirement for large customers. In addition, due to the increase of demo requests and new tenants coming on board, building automation that delivers security was vital to keep innovating and delivering the best to Agyle Time’s users while protecting sensitive data.
Security Services on Cloud is critical for customer success in the cloud space. Data protection has become more important than ever before and every company will need high-level encryption capabilities for sensitive data, as the customers expect compliance and need governance, risk management and reporting.
DNX was engaged to elaborate and implement their new cloud operations, taking into consideration the AWS Well-Architected pillars:
- Operational Excellence
- Security
- Reliability
- Performance Efficiency
- Cost Optimisation
The Solution
Multiple perspectives should be considered while architecting automation for an SaaS arrangement like Agyle Time’s. Aspects like cross-tenant prevention, data protection, and tenant isolation are essential.
For a SaaS environment, these benefits extend beyond deployment configurations, including data encryption and security controls. This allows Agyle Time to ensure tenant isolation by encrypting their data during transit between services and in storage via their database and Amazon S3. Using Terraform also allowed Agyle Time to quickly automate their key management infrastructure, allowing employees to set up accounts for the system instantly with no third-party involvement or risk of misconfiguration.
Using Buildkite for CI/CD self-hosted pipelines, DNX has implemented automation on the CI/CD tool improving the security layer in the deployment process. For better pipeline control we decided to use self-hosted runners in our project with a custom hardware configuration which offers us better control on the builds.
It is feasible to check that secure code is deployed using CI/CD by imposing certain regulations during build time and deployment time. We’ve been able to enforce these checks with little effort because we’re utilizing Buildkite. To implement this security check, DNX used a number of plugins together with Buildkite.
The first step to an automated security architecture is to understand the kind of threats you need to protect against. Threat modelling is a technique for identifying and classifying threats that could impact your operations. It’s important to remember that any threat you document in this process is only one possible scenario out of many, but documenting it helps you better prepare yourself for how to handle it. It’s also not essential that you identify every threat, as long as you understand the general types of threats that are possible in your environment.
Going one step further, DNX has implemented a security plugin that takes care of the authentication process in Buildkite. This plugin adds some new functionalities to ensure that only authorized and authenticated users can access the CI/CD pipeline data.
The results were an automated data pipeline that brought the benefits of IaC to Agyle Time’s managed service. Each tenant’s data is isolated from the rest of Agyle Time, making it possible to enforce their multi-tenant architecture and hosting strategy using Terraform. The pipeline also allows each tenant to manage their own key infrastructure, removing any single point of failure in the account creation process.
Images regarding Buildkite demo
DNX.One Foundation
We started assessing the existing Agyle Time infrastructure against the five pillars of AWS Well-Architected Framework. It enables DNX Solutions to understand customers’ environments and identify best practices gaps, then provides a remediation plan and roadmap to resolve issues based on Security, Operational Excellence, Performance Efficiency, Cost Optimisation, and Reliability.
With a thorough awareness of and recognition of infrastructure issues, DNX delivered the DNX.One Well-Architected Foundation (aka DNX.One) – an automated platform built with simplicity in mind, Infrastructure as Code (IaC), open-source technologies, and designed for AWS with well-architected principles. It means that the platform is already built based on reference architectures and continuous assurance testing to regulatory audits and analytics, removing many regulatory and compliance hurdles involved throughout an organisation’s entire lifecycle.
The following illustrates an example of the IAM topology implemented for Agyle Time. As AWS IAM policies are controlled and securely managed, accomplishing high standard compliance was possible. The access to AWS accounts is role-based, where users assume multiple roles across accounts and environments.
Delivery Networking using security best practices for VPC, plus the extra ‘DNX layer’ of protection, is another advantage of DNX.One. Multiple Availability Zone, security groups and network ACLs, IAM policies to control access, and tools to monitor VPC components and VPC connections are the default for DNX.One and were automatically deployed to the infrastructure. In addition, having a dedicated and isolated subnet for the database and file system was considered to enhance the security around the networking infrastructure. Therefore, there are policies, permissions, and flow access to have access to sensitive data.
Another DNX.One best practice implemented for the customer was account management and separation. This practice isolates production workloads from development, test, and shared services workloads and also provides a robust logical boundary between workloads that process data of different sensitivity levels. The granular access control determines who can access each workload and what they can do with that access. In addition, it allows the customer to set guardrails as its workloads grow.
Some of the AWS Services provisioned:
Business Outcome
One of the most important topics around CI/CD pipelines is security. In public runners, provided by the pipeline tool, we cannot have control of or know if our builds are running in an isolated environment, or sharing resources across several other customers. Bringing the runners in-house, we have a stable and secure environment that enables the customer to run all the application build and deployments in isolating workspaces. Everything wrapped around the DNX.One foundation, bringing more control and confidence to the customer. Now, Agyle Time’s team can deploy releases for current and new customers automatically in a secure, elastic, and highly available way on AWS and their customers can take advantage of the workforce management platform with no data concerns.
Na DNX Brasil, rabalhamos para trazer uma melhor experiência em nuvem e aplicações para empresas nativas digitais. Trabalhamos com foco em AWS, Well-Architected Solutions, Containers, ECS, Kubernetes, Integração Contínua/Entrega Contínua e Malha de Serviços. Estamos sempre em busca de profissionais experiêntes em cloud computing para nosso time, focando em conceitos cloud-native. Confira nossos projetos open-souce em https://github.com/DNXLabs e siga-nos no Twitter, Linkedin or YouTube.
Sem spam - apenas novidades, atualizações e informações técnicas.
Tenha informações das últimas previsões e atualizações tecnológicas
12
nov
Law of the Jungle: Applying modern DevOps concepts in AWS
About Law of the Jungle
Law of the Jungle (LOTJ) is a cloud-based solution for risk-proofing marketing and making compliance agile and effortless. Their solution encourages effective compliance by improving productivity and reducing time to market. LOTJ brings agile methodologies to marketing teams and guides them through compliance using artificial intelligence on AWS.
The vision behind LOTJ is to allow its clients to turn marketing compliance into a competitive advantage.
The Business Challenge
Law of the Jungle was already running workloads in AWS, however they experienced challenges with configuration management and complex deployments. So, LOTJ looked to reduce time to market by reducing the environment complexity. Another challenge which was brought to the table was how to improve and make the best use of knowledge and information management.
DNX Solutions was engaged by LOTJ to provide support and implement solutions for these challenges. Together, we decided to push immutability concepts on a new AWS platform which uses an Infrastructure as a Code (IaC) process improving knowledge and information management. Building a demonstration environment for potential LOTJ customers will enable the sales team to expand their reach.
The Solution
Before starting the project, DNX’s team evaluated the organisation’s requirements and utilised DNX’s DevOps approach. This approach guides the team through the DevOps journey while building a perfect foundation, standardising and automating processes, and uses technologies to deliver applications quickly and reliably.
Our solution for this scenario was to modernise the current Java microservices leveraging Docker containers and orchestrate them using AWS Elastic Container Service clusters.
With a focus on reducing configuration management, we modernised the application by applying the 12-factor concepts and we improved the continuous deployment process by using environment variables in SSM Parameter Stores. The ECS Service uses task definitions, a powerful tool to achieve immutability and run multiples containers across the cluster instances sharing the same file system, where EFS have mounted targets across the different availability zones.
AWS Foundation
As with most projects at DNX, we start with deploying our AWS platform as this is the first layer of modernisation. DNX built the AWS Well-Architected Foundation by applying effective infrastructure code patterns, bringing instant value to our clients as it covers the essential aspects for an organisation which has DevOps culture in its DNA.
AWS Well-Architected Framework Pillars
AWS Well-Architect Framework pillars
You can see more details about our AWS Platform solution at this link.
Once we have prepared the foundation, we start the modernisation phase in which the DNX team prepares the microservices for the new cloud environment. We eliminated the need for configuration management by applying immutable concepts into the building stage of the Bitbucket pipelines that deploy the application to production in AWS. There is no need to access production or staging servers once they are up-and-running. If an exceptional need arises, the connection is secured by the SSM Session manager.
DNX uses spot instances for the ECS cluster, generating an estimated 70% cost reduction on average. Our solution implements a well-architected account topology in AWS. Law of the Jungle can have testing and development environments identical to production with reduced or similar computing power. Adding a management account facilitates security and audit aspects, keeping production and non-production environments secure and available, even during an audit process or security tests.
Continuous Delivery:
The container built during the building stage will be deployed across both AWS accounts and environments. This ensures the same application that is tested is deployed to production, providing consistency during bug fixes and new releases.
Steps:
- Application build
- Application Docker Build and Push to ECR
- Application ECS Blue-Green Deployment using AWS Code Deploy
- Automatic deploy to QA / Staging
- Automatic deployment to production with manual approval
During the whole project, DNX executes knowledge transfer sections to Law of the Jungle with our AWS Certified professionals. DNX believes this builds a healthy relationship with customers and partners.
Some of the AWS Services provisioned:
- AWS ECS
- AWS Elastic File System (EFS)
- System Manager
- CloudTrail
- Aurora Cluster
- Cloud Watch
- Code Deploy
- AWS Config
Customer Benefits
DNX Solutions looked to provide a stress-free environment and a safe place for experimentation with faster time to market for new features. DNX provided the conditions and tools in AWS to apply modern and efficient DevOps practices for LOTJ. As a result, LOTJ was able to deploy more features to its users. We also provided a new demo environment where potential customers can trial the solution in a secure and isolated approach on AWS.
To help LOTJ with its knowledge management challenge, the AWS foundation phase and knowledge transfer sections with the DNX team accommodated all knowledge in the code, reducing time on-boarding new team members.
Na DNX Brasil, rabalhamos para trazer uma melhor experiência em nuvem e aplicações para empresas nativas digitais. Trabalhamos com foco em AWS, Well-Architected Solutions, Containers, ECS, Kubernetes, Integração Contínua/Entrega Contínua e Malha de Serviços. Estamos sempre em busca de profissionais experiêntes em cloud computing para nosso time, focando em conceitos cloud-native. Confira nossos projetos open-souce em https://github.com/DNXLabs e siga-nos no Twitter, Linkedin or YouTube.
Sem spam - apenas novidades, atualizações e informações técnicas.
Tenha informações das últimas previsões e atualizações tecnológicas
05
nov
Perx Health: Automated global deployments on AWS with HIPAA Best Practices
About Perx Health
Perx Health is pioneering a motivational health community made for everyone. They are using leading-edge behavioural science, understanding of consumer tactics, and technology to assist and motivate people living with chronic conditions to stick to their treatment plans. Notably, Perx has already helped to increase engagement with thousands of patients, improved their adherence, and achieved better health outcomes. Their goal is a future where managing a chronic condition can really be simple, exciting, and rewarding.
The Business Challenge
Already running healthcare solutions on AWS, Perx Health aimed to leverage an elaborated multi-region automated deployment strategy in a HIPAA compliant way, requiring a move from higher-level AWS services like Elastic Beanstalk to services with more operational control. Achieving this target without adding infrastructure operations overhead was crucial to maintain a collaborative, innovative and flexible environment for the development team. Security of all data was of primary concern to Perx Health and this became a major focus of the solution delivered. Another challenge was to identify opportunities for cost reduction while running the application in the new environment.
To accomplish these challenges, DNX Solutions was heavily involved in the new architecture solution. Together, we evolved the platform to container-based orchestration, pushing stateless applications through CI/CD pipelines along with IaC (Infrastructure as code) using Terraform. We can meet security and compliance standards through management and governance solutions, also take advantage of the AWS shared responsibility model, specially for security and operations topics.
The Solution
We started assessing the existing infrastructure using HIPAA Best Practices and our DevOps Transformation guidelines. The project started by deploying our DNX Well-Architected AWS foundation, also called DNX.One, which implements operational excellence, security, reliability, performance efficiency, and cost optimisation using Infrastructure as Code, so that applications can thrive, while the business can remain focused on customer solutions.
With minimum infrastructure operations in mind, Elastic Container Service on AWS was the service of choice for the application modernisation strategy. It is important to mention that DNX used spot instances for the ECS cluster, focusing on availability while reducing AWS costs.
As security and privacy were of paramount importance to Perx Health we were able to develop systems to ensure production data was well secured from development workloads and that access was only via a secure VPN to a secure subnet in their VPCs which is not accessible to the public internet. Additionally, high levels of security best practices were enabled during the Foundation stage, including; A separate audit only account, centralised cloud trail, AWS Config, AWS Guard Duty, and AWS KMS.
Taking the blue-green deployment approach in a multi-region environment, we automated existing database migrations and deployments that were previously manual processes, providing the team confidence to release new features that can be easily tested in a prod-like environment before every deployment.
Perx Health also required an analytics solution to manage its multi-region environment. Using Terraform to manage Infrastructure as Code (IaC) enabled simple provisioning of a Data Warehouse cluster, which was essential to bring automation, security, and information management and control.
Data Overview
CI/CD Pipelines
Previously, deployments were semi-manual where the team would use a 3rd party deployment tool and required short amounts of downtime. At DNX, we used the current hosts CI/CD tool to provide the best pipeline architecture for deploying to multiple environments and regions with maximum flexibility and confidence while ensuring 0 downtime deployments.
As security is a critical topic, DNX has ensured that security controls were considered around the pipeline build-in on DNX.One Foundation. An IAM role is created specifically for CI/CD and we have been making use of it to deploy Perx’s applications. Discover more accessing our GitHub here.
ECR – Docker image scanning
To avoid releasing a docker image with major vulnerabilities, DNX has implemented an image scanning for Perx’s deployments.
On bitbucket, a step was added prior to deployment. This step will check the ECR report created for that image tag and if it contains critical level vulnerabilities, the deployment of that image will be prevented.
To ensure compliance, each container is scanned for vulnerability using ECR in the pipeline.
Read this article to learn more: AWS ECR — Improving container security by using Docker image scanning
Some of the AWS Services provisioned:
Conclusion
Perx Health’s project was highly collaborative and ultimately delivered beyond expectation. With an engaged and helpful development team working together with DNX, we built a resilient, secure, and reliable AWS platform for Perx Health applications. Now the team is able to focus on what they do best, using leading-edge behavioural science, consumer tactics, and technology to help and motivate people living with chronic conditions to better adhere to their treatment plans on a HIPAA compliant platform and automated deployments. Using spot instances for the Elastic Container Service (ECS) has been generating an average of 50% cost reduction.
With modern and efficient DevOps-oriented practices, Perx Health can test and release new features to the market, faster. Reducing operational constraints on AWS, the new platform is prepared for a global HIPAA compliant strategy.
Na DNX Brasil, rabalhamos para trazer uma melhor experiência em nuvem e aplicações para empresas nativas digitais. Trabalhamos com foco em AWS, Well-Architected Solutions, Containers, ECS, Kubernetes, Integração Contínua/Entrega Contínua e Malha de Serviços. Estamos sempre em busca de profissionais experiêntes em cloud computing para nosso time, focando em conceitos cloud-native. Confira nossos projetos open-souce em https://github.com/DNXLabs e siga-nos no Twitter, Linkedin or YouTube.
Sem spam - apenas novidades, atualizações e informações técnicas.
Tenha informações das últimas previsões e atualizações tecnológicas
22
out
Waterco: Moving from Heroku to AWS without adding infrastructure operations
About Waterco — Poolware
Established in 1981, Waterco is a global brand reputed for designing and manufacturing filtration and sanitisation systems. Waterco’s products are widely used in swimming pools, spas, aquacultures, and the water purification industry. Their products are used for residential, commercial, and industrial applications across over 40 countries.
One of Waterco’s applications is Poolware, a proprietary software which analyses, calculates, and diagnoses both the chemical interactions and current water conditions.
The Business Challenge
After about two decades operating the Poolware in a desktop format, Waterco was ready to improve its user experience offerings, providing users convenient access to Poolware across multiple smart devices. Instead of purchasing or licensing existing cloud-based solutions, Waterco developed its own independently, uploading it into the cloud in 2018.
From the beginning, Heroku was the go-to solution stemming from their developer experience (DX) and for reducing infrastructure operations overheads. Having used Heroku for a few years, Waterco believes it is necessitous to improve the efficacy of resource-usage, without increasing infrastructural operations, being able to grow more dynamically, remaining light on infrastructure operations, and having more control in the long-run. However, Heroku was limiting Waterco’s ability to achieve it.
DNX Solutions was tasked by Waterco to satisfy and achieve their main business objectives. One key decision was to transition from Heroku to AWS. With AWS, Waterco’s primary goals could be easily achieved with an elastic and cost-effective architecture uploaded to the cloud.
The Solution
Prior to starting the project, DNX’s teams ran a thorough evaluation of Waterco’s requirements, and reviewed their incumbent delivery processes through DNX’s DevOps. This approach provided adequate guidance to the team throughout the DevOps process. The journey entailed building a robust foundation and the standardization and automation of certain processes. This combination of technologies enables DNX solutions to produce applications efficiently and reliably.
The project started by deploying our DNX Well-Architected foundation, also called DNX.One. The platform incorporates a robust and extremely secure cloud environment, is fully automated using Terraform, and handles most of the infrastructure operations leveraging a well-architected AWS implementation, including Docker containers.
The plan for “Application Modernisation” proposes the movement of applications to ECS cluster in EC2 instances for better resource usage, vis-à-vis the operational model in Heroku titled “Dynos”.
Upon deployment of DNX.One, we modernised Poolware’s deployment design by moving it to Docker containers, bringing together both the existing automated tests and database migration scripts to its CI/CD pipeline.
AWS Foundations:
Building a strong and solid foundation for Waterco’s applications was a critical first step prior to modernisation. Using a multi-AZ strategy with ECS nodes running on spot instances, Waterco was able to run a Cluster of Docker Containers across availability zones and EC2 instances, while optimising cost.
Costs savings
Here’s a compute price comparison* of more or less similar instances and the cost per month:
-
AWS: t3.micro (1GiB) — $0.004 per hour ($2.88 per month)
-
Heroku (Dyno): standard-2x (1024MB) ($50.00 per month)
94.24% reduction
-
AWS: c5.2xlarge (16GiB) — $0.1382 per hour ($99.5 per month)
-
Dyno: performance-l (14GB) ($500.00 per month)
80.1% reduction
Application Modernisation
Poolware had previously adopted some of the 12-factor principles. So, we applied additional cloud-native concepts to it during the modernisation phase, focused especially on building, releasing, and running.
With better usage of the AWS resources, the developed application was able to benefit from improved operational excellence in AWS, and increased elasticity in the cloud.
Each environment in AWS was made identical to one another, varying only in EC2 instance types in each environment. Differences include development, QA/Staging and finally production. The same immutable application image was deployed and tested across these environments. By adopting this approach, Waterco has improved its operational resilience, greatly reducing production incidents to zero through its self-healing platform.
CI/CD Pipeline
We used AWS EC2 instances to run complex CI/CD pipelines using spot instances, optimising steps such as database migration and automated tests running in parallel steps via Gitlab. Hundreds of pipelines are triggered daily at minimal operational cost. Moreover, this reduced the number of production incidents while increasing their current test capacity.
Some of the AWS Services provisioned:
- AWS ECS
- AWS Elastic File System (EFS)
- System Manager
- CloudTrail
- Aurora Cluster
- Cloud Watch
- Code Deploy
Conclusion
From conception to its conclusion, the migration project of Heroku to AWS was completed in approximately one month. The new Docker+AWS environment implementation allowed Waterco to achieve twice the performance and efficacy as compared to their previous Heroku environment. Their production quality, and their ability to release more products frequently have increased. Furthermore, developer and QA productivity has improved significantly. Now, Waterco only needs to run half the number of servers, cutting the hosting bill by approximately 25%.
*prices comparison performed in 11/06/2020 sources:
Na DNX Brasil, rabalhamos para trazer uma melhor experiência em nuvem e aplicações para empresas nativas digitais. Trabalhamos com foco em AWS, Well-Architected Solutions, Containers, ECS, Kubernetes, Integração Contínua/Entrega Contínua e Malha de Serviços. Estamos sempre em busca de profissionais experiêntes em cloud computing para nosso time, focando em conceitos cloud-native. Confira nossos projetos open-souce em https://github.com/DNXLabs e siga-nos no Twitter, Linkedin or YouTube.
Sem spam - apenas novidades, atualizações e informações técnicas.
Tenha informações das últimas previsões e atualizações tecnológicas
04
maio
tech2: Implementing continuous delivery running .NET core workloads in AWS
DNX is all about helping our customers to leverage effective scalability, security and zero downtime deployments.
About tech2
tech2 is an Australian-owned company that engages in a wide range of technical operations and installation activities across the nation. With over 22 years of experience, tech2 is dedicated to providing efficient and reliable technology solutions spanning telecommunications, on-site technical installation services in homes and business and remote IT Premium Support, (from two Sydney-based centres). tech2 also licenses its very own robust workforce management software.
tech2 has a strong culture focused on excellence, keeping its promises, and doing the right thing by their clients and customers. They are a trusted partner committed to continuously improving their technology solutions.
The Business Challenge
tech2 used to have a traditional Windows stack running on AWS. The IT support team provided application maintenance and worked to develop new features on an ongoing basis. Continuous Integration and Continuous Deployments were critical. Its core product was a client-server VB Application running on AWS using a Windows Server EC2 instances without Autoscaling Groups. This meant that there was a high risk of operational downtime for the business service. Reducing configuration management and enabling automation was mandatory in order to allow for automation to solve the risk of downtime.
DNX was engaged to build a new strategy focused on re-architecting its application and adding automation around the software lifecycle, leveraging a modern and cloud-native stack in order to achieve their expected outcomes. This was identified during the DNX Cloud Assessment phase and would be used to improve operation efficiency.
The Solution
Before commencing the project, DNX’s team evaluated the organisation’s requirements. They plunged into the processes through DNX’s DevOps approach. This drove the team through DevOps journey while building a perfect foundation, standardising and automating processes, as well as using the technology needed to deliver applications quickly and reliably.
DNX proposed to transform the tech2 .NET Core application moving it to Docker containers and use AWS Elastic Container Service to manage the new cluster. Our computing solution used spot instances to run the workloads while providing cost-savings. For the application that could not be containerised, we used Elastic Beanstalk for quickly moving the workloads to proposed implementing a well-designed CI/CD pipeline that applied a zero-downtime deployment architecture. It would enable tech2 to leverage the benefits of having an immutable application running in Docker containers in AWS.
The High-Level Diagram below illustrates the solutions and resources used in AWS:
Network solution
Application Layer
The project
It was a 2 phase project, where DNX Engineers started building the AWS networking layer using Infrastructure as Code, which brings several benefits to tech2 application stack. It is also required for a well-architect ECS Cluster that was built in the first phase along with the Network layer.
In the second phase, DNX designed and created the CI/CD Pipeline covering the application full-stack, both back and front end in the same pipeline – sing S3 Buckets and Cloudfront AWS CDN to distribute the static content.
Deploy Strategy:
CI/CD tool: Azure DevOps Pipelines
Backend
- Application build
-
Application Docker Build and Push to ECR
-
Application ECS Blue-Green Deployment using AWS Code Deploy
-
Automatic deploy to staging
-
Automatic deploy to production with manual approval
Front End
-
Application build
-
Unit Tests
-
Push the static application to S3 and run invalidation on the respective CloudFront
-
Automatic deploy to DEV and QA
-
Automatic deploy to production with manual approval
CI/CD Pipeline Overview:
Containers
Releases
Release stages detail
Deliverables:
- AWS Implementation as per High-Level Design
- Applications migrated to the new platform
- CI/CD Pipeline with zero-downtime deployments
- DevOps Workshop
- AWS Knowledge transfer by DNX’s AWS-Certified professionals
During the whole project, DNX executed transfer knowledge sections with DNX AWS certified professionals to tech2. DNX believes this is the right way to build a healthy relationship with customers and partners.
AWS Security:
-
This project followed well-architected principles, and DNX is always committed to applying high-security standards. The AWS Foundation phase created VPC with separate layers for application and data storage. Encryption was done in transit and at rest is applied across the application.
AWS IAM Roles are used to delimited application permission on the AWS platform, following least privilege concepts.
AWS RDS:
tech2 relies on MS SQL for their enterprise database. The database runs on RDS with Mult-AZ and encryption enabled. In addition, automatic backups are in place as part of their disaster recovery strategy.
The following diagram depicts the hybrid strategy created to keep both architectures running at the same time.
Conclusion
With a DNX solution tech2 could move their .NET Core solution to immutable containers running on ECS and Elastic BeanStalk for workloads that could not run in Docker Containers, drastically reducing the configuration management. Also, from a well-designed deployment pipeline, essentials for Continuous Delivery / Continuous Integration aspects off-shore teams managements are simple, and deployments are more frequently released, while also benefiting zero-downtime deployments with blue-green deployments.
With a better operation efficiency and team management automation around software lifecycle, tech2 has a resilient and lower total cost of ownership infrastructure on AWS. Developer Experience has been improved, therefore the team has been releasing code more often and with better quality.
Na DNX Brasil, rabalhamos para trazer uma melhor experiência em nuvem e aplicações para empresas nativas digitais. Trabalhamos com foco em AWS, Well-Architected Solutions, Containers, ECS, Kubernetes, Integração Contínua/Entrega Contínua e Malha de Serviços. Estamos sempre em busca de profissionais experiêntes em cloud computing para nosso time, focando em conceitos cloud-native. Confira nossos projetos open-souce em https://github.com/DNXLabs e siga-nos no Twitter, Linkedin or YouTube.
Sem spam - apenas novidades, atualizações e informações técnicas.
Tenha informações das últimas previsões e atualizações tecnológicas
16
mar
UORDERIT: AWS Platform, CICD and Application Migration
DNX is all about helping our customers to leverage effective scalability, security and zero downtime deployments.
About Uorderit
UORDERIT is an Australian B2B platform for customers to source, rate and review Technology Companies.
The platform enables customers to browse and choose from a comprehensive list of Australian and Global Technology firms.
The platform is based on two primary users.
Businesses that are looking for a specialist, digital and IT professional which suits clients’ needs. From app and software development to blockchain, SEO, and cybersecurity; UORDERIT has certified and verified professionals for projects of all sizes.
Providers: Its a part of the platform where a professional can register their skills sets and interests. The platform matches this information to the right project.
The Business Challenge
UORDERIT was struggling to achieve a reliable, secure, and future prove cloud platform that supports the MVP launch, keep cloud costs under control, and simultaneously move new features to production quickly. Adopting Serverless in AWS, UORDERIT intended to effectively launch new features to the market and get Continuous Integration across on-shore and off-shore teams.
With the suggested development pipeline UORDERIT expected to release code to production twice a month on the end of each sprint.
The Solution
Before start running the project, DNX’s team evaluated the organisation’s requirements also plunged into the processes through DNX’s DevOps approach which drives the team over the DevOps journey while building a perfect foundation, standardising and automating processes, and use the technologies to deliver applications quickly and reliably.
As lift-and-shift was not the right approach for this scenario, firstly we moved the current application to AWS utilising the DNX open source, infrastructure-as-code software Terraform to provide a solid, secure, and cost-efficient AWS platform to enable UORDERIT to deploy their workloads. After the AWS foundation phase, continuous integration and continuous delivery (CI/CD) platform were introduced to deploy AWS infrastructure and application changes. Lastly, the UORDERIT applications and databases were migrated to the new platform using Containers, CICD and ECS with blue/green deployment concepts relying on DNX best practices.
Application Transformation Phase
DNX was engaged as a trusted advisor to design, implement and deploy UORDERIT’s cloud platform and application stacks.
By using DNX One — our all-in-one AWS platform based on open source Terraform modules — UORDERIT could promptly start planning the deployment phase into the AWS platform. The following features were implemented:
-
AWS Design and Documentation
-
Infrastructure-as-code using Terraform and DNX open source modules
-
CI/CD Pipelines for Terraform Projects
-
Application Container Strategy
-
Application Blue/Green Deployment
-
AWS ECS Cluster Configuration
-
AWS RDS Setup and Configuration
The diagram below illustrates the high-level design used for UORDERIT:
After this first approach, DNX built from ground up the path to serverless where UORDERIT benefits from faster time to market and rapid continuous integration between teams. Leveraging AWS Amplify and API Gateway with Lambdas.
With the serverless approach UORDERIT could move reduced infrastructure operation and use their time to think about the business and new features to the market.
Serverless Approach
AWS service utilized:
- Lambda Functions
- CloudFormation
- API Gateway
- Cognito
- AWS Amplify
Conclusion
The project for UORDERIT was delivered in less than one (1) month, and the velocity was due to automation and CI/CD pipelines — both core DNX principles.
With the project completed, UORDERIT can now deploy workloads in an automated way with on-shore and off-shore teams, promoting continuous integration for both and full control. With the full automation of cloud platforms to enable UORDERIT to approve and release code twice a month as intended originally. As adopting a serverless approach, the bill is under control as you pay per usage, avoiding over-provisioning by using Lambda functions, the infrastructure grows with the company.
As security was a key concern, DNX has built a secure AWS foundation to host the current data-base, enable to scale and grow the application. Adding CICD pipelines, the team could focus on delivering features instead of infrastructure. UORDERIT is set on the path to the success, which can turn its MVP into a product without any rebuild.
“As a Start-Up company, there are many challenges that can potentially derail your project. These usually revolve around the governance of the project, or the lack thereof. Most of our web-development was outsourced overseas, therefore it was vital for us to partner with DNX Solutions, to future proof our development pipeline. DNX Solutions architected our environments in a way where it would scale and more importantly be secure. This solution means we can work with a developer anywhere in the world and be assured that we remain in control of our development.”
Jon Altringer Founder & Managing Director”
Na DNX Brasil, rabalhamos para trazer uma melhor experiência em nuvem e aplicações para empresas nativas digitais. Trabalhamos com foco em AWS, Well-Architected Solutions, Containers, ECS, Kubernetes, Integração Contínua/Entrega Contínua e Malha de Serviços. Estamos sempre em busca de profissionais experiêntes em cloud computing para nosso time, focando em conceitos cloud-native. Confira nossos projetos open-souce em https://github.com/DNXLabs e siga-nos no Twitter, Linkedin or YouTube.
Sem spam - apenas novidades, atualizações e informações técnicas.
Tenha informações das últimas previsões e atualizações tecnológicas
16
fev
ByteIQ: Building an AWS Platform for Digital Health companies
About ByteIQ
ByteIQ is a digital health startup focused on big data, they planned to use AWS to run all products and leverage AWS security and compliance standards. ByteIQ worked with DNX Solutions to design, implement and support an efficient AWS platform which allowed them to achieve 30% cost savings compared to the projected costs.
The Business Challenge
ByteIQ asked DNX to provide a solid design and implementation of a fresh new AWS platform to operate the new product. The new environment was required to be secure by default to follow the high compliance standard for medical applications in Australia. The application consists of 3 different parts:
-
Application Portal
-
Application Data Storage/Processing
-
Application Client Module
This platform must have well-defined requirements to cover security, cost-efficiency, high availability. DNX uses the well-architecture framework to address application migration projects.
The Solution
Following the AWS Well-architected framework DNX proposed to build a AWS foundation and modernize the current applications leveraging Docker containers applying on top of it blue/green deployment strategy. Essentials features to a DevOps oriented culture.
The Project
DNX proposed a two phased project to address the requirements:
Phase 1 — AWS Foundation: Multi-account AWS platform using infrastructure as code and CICD Pipelines using the following AWS services:
-
AWS Organisations/Consolidated billing
-
Single Sign-on (SSO) using GSuite
-
Client VPN to connect to private resources
-
Multi-tier VPC (Public DMZ, Private and Secure subnets)
-
S3 bucket for staging data
-
KMS strategy to apply encryption at rest
-
AWS GuardDuty/CloudTrail/SNS Topics for alerting
-
VPC Peering
Phase 2 — Application migration: All applications were migrated to Docker containers and deployed using AWS ECS with Spot instances:
-
AWS ALB/CloudFront/WAF for the application portal
-
AWS ECS workers for Data processing using CloudWatch Events
-
ASG for Containers using CPU Metric
-
ASG for EC2 using Memory Metrics
-
Zero Deployment Blue/Green using CodeDeploy
-
CICD Pipelines using Gitlab
-
DynamDB to store NoSQL data from medical clinics
-
RDS Aurora MySQL to store portal metadata.
During the first phase, the DNX team worked to deliver the AWS platform to support the project, and in the second phase DNX and ByteIQ team worked together to understand the best patterns to deploy the application stack.
The client application was written in Java and we design an integration to push data to S3 (encryption in transit and at rest) to send daily data consumption from medical clinics.
Once a group of files are saved in S3, a CloudWatch Event triggers the data processing pipeline using ECS, this process parses the unstructured data and saves to DynamoDB.
The application portal was migrated to Docker (PHP) and deployed behind an Application Load Balancer (ALB).
AWS CloudFront and Web Application Firewall (WAF) were added to ensure a better experience for users and at the same time enhance the application security.
The following high-level design diagram summarises the used AWS stack:
Deployments strategy
DNX designed and implemented a CI/CD pipeline with zero-downtime where blue and green deployment architecture was applied as proposed initially. We Gitlab as the DevOps lifecycle tool and its CI/CD pipelines achieving the customer’s goals promoting a value stream to our costumers.
Conclusion
Migrating their workloads to AWS obtained a reliable, robust, secure and cost-effective cloud platform, allowing them to experiment on a breadth of new services for building a more competitive platform for their customers rapidly using continuous delivery concepts.
The main concept that drives data-related projects is how to transform data in insights to impact the business.
By using DNX services, ByteIQ could focus on their core business and leave the cloud platform challenges with us.
Na DNX Brasil, rabalhamos para trazer uma melhor experiência em nuvem e aplicações para empresas nativas digitais. Trabalhamos com foco em AWS, Well-Architected Solutions, Containers, ECS, Kubernetes, Integração Contínua/Entrega Contínua e Malha de Serviços. Estamos sempre em busca de profissionais experiêntes em cloud computing para nosso time, focando em conceitos cloud-native. Confira nossos projetos open-souce em https://github.com/DNXLabs e siga-nos no Twitter, Linkedin or YouTube.
Sem spam - apenas novidades, atualizações e informações técnicas.
Tenha informações das últimas previsões e atualizações tecnológicas
01
fev
Krost: Using Infrastructure as code simplified scalability in AWS
DNX is all about helping our customers to leverage effective scalability, security and zero downtime deployments.
About Krost
Krost is an office furniture store that started selling office furniture back in the ’30s. Their 3 key ideals remain since then: principles of offering the best service, providing the highest quality products and selling at a fair price.
They help to shape the right corporate image through their office furniture selection.
The Business Challenge
Krost used to run their application, including their online store, in AWS using a traditional LAMP web service stack (Linux operating system, the Apache HTTP Server, the MySQL relational database management system and the PHP programming language). That stack was provisioned in a traditional way on AWS and the solution was not using AWS AutoscalingGroups, the application suffered some spikes on Memory and CPU causing manual intervention on the stack.
The Solution
The proposed DNX solution for this scenario is to transform the application and leverage Docker containers in AWS ECS for immutability and build CI/CD Continuous Integration (CI) and Continuous Delivery (CD) applying blue and green deployment strategy. The objective is to deliver continuity and scalability and facilitate the promotion of new features using CI/CD pipelines, the solution was based on AWS Elastic Container Service and scalable using Spot Instances that also saves in computing costs.
The project
The project had 3 phases, in the first phase the DNX engineers build from the ground up a well-architected AWS foundation where the customer could leverage security and elasticity aspects, essentials to achieve zero-downtime deployment and CI/CD strategy.
Once we had the AWS Foundation, using terraform modules built-in, we could start phase 2 that consists of application transformation phase where DNX team understands the application dependencies, build and deployment needs. Using docker containers DNX starts to transform the application applying immutability and scalability concepts deploying it behind an ALB using ECS. We also had application tunning and CSS and JavaScript minifying tasks as along with VPN setup and Database migration to private in order to improve security aspects.
In the third phase, DNX designed and implemented the CI/CD pipeline with the best deployment strategy for the customer with zero-downtime where blue and green deployment architecture was applied. We used the current customer DevOps lifecycle tool — Bitbucket to build the CI/CD pipeline achieving the customer’s goals and preparing the cutover task.
Deploy Strategy:
-
Bitbucket Pipelines
-
Application build
-
Application Docker Build and Push to ECR
-
Application ECS Blue-Green Deployment using AWS Code Deploy
-
Automatic deploy to staging
-
Automatic deploy to production with manual approval
During the whole project, DNX executes transfer knowledge sections with DNX AWS certified professionals to Krost. DNX believes that is the right way to build a healthy relationship with customers and partners.
Deliverables:
-
AWS Implementation as per High-Level Design
-
Applications transformed and migrated to the new platform
-
CI/CD Pipelines
-
AWS Knowledge transfer by DNX’s AWS-Certified professionals
Conclusion
Applying DNX purposed solution, Krost could effectively experience elasticity of AWS cloud and achieve a robust and reliable deployment, eliminating the mentioned memory spikes and need of manual intervention on the stack. Also, with better performance and resilience, Krost application team are much more confident to roll out new features to the business.
DNX Solutions have outstanding knowledge on CICD pipeline, AWS services, Linux bash scripting, Infrastructure as Code and so on. They provided excellent services to Krost Business furniture including sharing knowledge. If anyone one looking for cloud server solution docker orchestration DNX Solutions is an ideal consulting agency.
Md Shofiul Alam — Krost
Na DNX Brasil, rabalhamos para trazer uma melhor experiência em nuvem e aplicações para empresas nativas digitais. Trabalhamos com foco em AWS, Well-Architected Solutions, Containers, ECS, Kubernetes, Integração Contínua/Entrega Contínua e Malha de Serviços. Estamos sempre em busca de profissionais experiêntes em cloud computing para nosso time, focando em conceitos cloud-native. Confira nossos projetos open-souce em https://github.com/DNXLabs e siga-nos no Twitter, Linkedin or YouTube.
Sem spam - apenas novidades, atualizações e informações técnicas.
Tenha informações das últimas previsões e atualizações tecnológicas
16
set
Rescon Builders: Reducing cloud billing migrating from Azure to AWS
About Rescon Builders
RESCON Builders, an established Australian company that designs, builds, and redefines granny flats across NSW, worked with DNX to migrate their Microsoft Azure Cloud Platform to AWS to save an average of 50% in costs, gaining the ability to deliver more features to their applications and speed up the development process.
The Business Challenge
Rescon had their application platform on Microsoft Azure on a highly tailored environment using Windows Servers and MS SQL Server Databases. Rescon’s technical debt was just growing as they were using a non-Cloud-Native stack, being unable to leverage cloud advantages, like high availability, scalability, automation and zero-downtime deploys.
They were facing a raising bill on Azure while they were unable to capture the agility of modern development to deploy new features. The company needed to leverage performance x costs to achieve competitive advantage.
The Solution
DNX proposed a AWS Well-Architected platform leveraging years of DevOps practices using the benefits of high availability, scalability, automation in the cloud.
In oder to achieve this scenario DNX architected a multi account and network segregation platform in AWS, using GitLab CI/CD pipelines with custom runners in AWS as the solution to build a zero-downtime deployments solution.
The Project
To comply with Rescon’s objectives, DNX delivered an infrastructure as code AWS Well-Architected platform based on multiple accounts and network segregation, introduced DevSecOps practices for the development teams through a Continuous Integration/Continuous Delivery Pipeline and migrated Rescon’s applications to Containers, providing a solid, secure, and cost-efficient platform.
DNX deployed to Rescon:
-
Fully automated AWS platform using infrastructure as code through Terraform
-
Docker Container platform, based on AWS Elastic Container Service highly available and scalable, allowing Rescon to use Blue-Green deployment strategy, using Spot Instances to save computing costs
-
CI/CD Pipelines for zero-downtime deployment
-
MS SQL Server migration to a managed SQL Server RDS Database
-
A new set of AWS features enabling Rescon’s new projects (Lambda for Serverless applications, DynamoDB, Elastic Search, Cognito and AWS API Gateway)
AWS Services
List of AWS services that helped the customer to reduce cost and get their business value stream aligned with the business strategy:
-
Cloudfront
-
WAF
-
Route53
-
ALB
-
VPC
-
ECS
-
RDS
Cost Reduction
DNX compared AWS costs for the last three months with Azure utilisation, showing an average saving of 51.4%.
*Source: DNX Solutions based on AWS Cost Explorer x Azure Cost Management for Rescon’s environment ** Resource categorisation based on similar services
For the database, Rescon hasn’t at this time achieved the full potential cost reduction, as they are using some Microsoft SQL Server services not yet supported on RDS, like MS SQL Reporting Services and Information Services.
In this project phase, DNX migrated the core databases to RDS and kept some small instances running the unsupported Services until Rescon can implement an upgrade in their database strategy, migrating MS SQL Server to a mix of AWS Aurora DB and Dinamo DB.
Conclusion
Migrating their workloads from Azure to AWS Rescon obtained a reliable, robust, secure and cost-effective cloud platform, allowing them to experiment on a breadth of new services for building a more competitive platform for their customers for half of the cost of their former platform.
Na DNX Brasil, rabalhamos para trazer uma melhor experiência em nuvem e aplicações para empresas nativas digitais. Trabalhamos com foco em AWS, Well-Architected Solutions, Containers, ECS, Kubernetes, Integração Contínua/Entrega Contínua e Malha de Serviços. Estamos sempre em busca de profissionais experiêntes em cloud computing para nosso time, focando em conceitos cloud-native. Confira nossos projetos open-souce em https://github.com/DNXLabs e siga-nos no Twitter, Linkedin or YouTube.
Sem spam - apenas novidades, atualizações e informações técnicas.
Tenha informações das últimas previsões e atualizações tecnológicas
16
ago
Cribz: AWS Well-Architected Platform
Summary
CRIBZ is a Startup company based in Sydney who offers a big-data solution for real estate companies providing the data sources, insights and actions to reduce acquisition costs and increase long-term client value.
DNX was responsible for migrating CRIBZ environment to AWS Platform to deliver a very scalable and secure platform allowing the client to implement a new business model based on APIs for their customers.
Based on customers requirements, DNX deployed an AWS well-architected Foundation based on multiple accounts and network segregation, introduced DevOps practices for the development teams through a Continuous Integration/Continuous Delivery Pipeline and migrated CRIBZ applications to this new platform.
With this environment in place, CRIBZ could start its journey to create a new API model to help their clients to consume CRIBZ big-data.
The Business Challenge
CRIBZ platform was previously hosted on Heroku platform limiting their ability to create a modern CI/CD pipeline and accelerate their go-to-marketing time. CRIBZ was not able to use the full power of the Cloud facing several challenges when developing and deploying new features and needed a faster way to go to production.
Some challenges CRIBZ was facing were:
-
Difficulties maintaining a scalable infrastructure for API architecture
-
The need for a better way to deploy APIs
-
Their large big-data database was already hosted on AWS, so every query was handled over the Internet, creating performance problems and security concerns
The Solution
DNX was engaged as a trusted advisor to design, implement and deploy CRIBZ’s cloud platform and application stacks.
By using DNX One — our all-in-one AWS platform based on open source Terraform modules — CRIBZ could promptly start deploying into the AWS platform. The following features were implemented:
-
AWS Design and Documentation
-
Infrastructure-as-code using Terraform and DNX open source modules
-
CI/CD Pipelines for Terraform Projects
-
Application Container Strategy
-
Application Blue/Green Deployment
-
AWS ECS Cluster Configuration
-
AWS RDS Setup and Configuration
-
CloudFront and Web Application Firewall Implementation
The diagram below illustrates the ECS design used for CRIBZ:
Lessons Learned
The following are the most important take-aways from this project:
-
Infrastructure-as-code is essential to ensure immutability across AWS environments.
-
Continuous Delivery unlock velocity and improve time-to-market
Next Steps
CRIBZ is now ready to start an architectural change moving new products towards cloud-native concepts and eventually to a serverless environment using Lambdas to further reduce costs and administrative burden.
Na DNX Brasil, rabalhamos para trazer uma melhor experiência em nuvem e aplicações para empresas nativas digitais. Trabalhamos com foco em AWS, Well-Architected Solutions, Containers, ECS, Kubernetes, Integração Contínua/Entrega Contínua e Malha de Serviços. Estamos sempre em busca de profissionais experiêntes em cloud computing para nosso time, focando em conceitos cloud-native. Confira nossos projetos open-souce em https://github.com/DNXLabs e siga-nos no Twitter, Linkedin or YouTube.
Sem spam - apenas novidades, atualizações e informações técnicas.
Tenha informações das últimas previsões e atualizações tecnológicas
16
jul
HAMPR: AWS Platform, CI/CD and Application Migration
Summary
HAMPR is a startup focused on corporate catering, events catering and kitchen supplies in Sydney and Melbourne.
DNX worked with HAMPR to redesign their AWS platform to a new, AWS Well-Architected platform providing a solid, secure, and cost-efficient infrastructure enabling HAMPR to deploy their workloads.
The project was comprised of three phases:
-
AWS Well-Architect Foundations
-
CI/CD Implementation
-
Application Deployment
After the AWS foundations were set in place, DNX introduced a Continuous Integration and Continuous Delivery platform to deploy AWS infrastructure and application changes and then migrated their applications and Database to this new environment using Containers, CI/CD and ECS with blue/green deployment concepts relying on DNX best practices.
The Business Challenge
HAMPR was already an AWS user who needed a more reliable, highly available and secure architecture to support its growing user base and fast-paced value delivery throughout development and deployment of new features.
Even using a Cloud environment, HAMPR was not able to achieve the potential of AWS and DevOps, facing some challenges like:
-
Use of only one AWS account creating an administrative burden for separation of duties roles and permissions.
-
Lack of a real vision of the current state of the environment as changes were made directly through the Management Console with no configuration management.
-
Highly tailored instances hindering auto-scaling and high availability.
-
Manual deployment process creating long release windows on the weekends with large downtime for the users.
The Solution
DNX was engaged as a trusted advisor to design, implement and deploy HAMPR’s cloud platform and application stacks.
By using DNX One — our all-in-one AWS platform based on open source Terraform modules — HAMPR could promptly start planning the deployment phase into the AWS platform. The following features were implemented:
-
AWS Design and Documentation
-
Infrastructure-as-code using Terraform and DNX open source modules
-
CI/CD Pipelines for Terraform Projects
-
Application Container Strategy
-
Application Blue/Green Deployment
-
AWS ECS Cluster Configuration
-
AWS RDS Setup and Configuration
-
CloudFront and Web Application Firewall Implementation
The diagram below illustrates the high-level design used for HAMPR:
HAMPR’s AWS High-Level Design
Project Outcomes & Success Metrics
With the project completed, HAMPR can now deploy workloads in an automated way across 2 main AWS accounts (non-production and production), and with the following benefits:
-
Full automation of cloud platform to avoid configuration drifts across environments
-
AWS Billing under control
-
Zero Downtime deployments
-
Daily deployments to production
-
Improved time-to-market using CI/CD pipelines and immutable servers on AWS
-
A secure and scalable platform to allow the company to grow
New CI/CD Pipeline utilising GitLab
Lessons Learned
The following are the most important take-aways from this project:
-
The AWS Design Phase is integral to understanding the platform and application constraints
-
Including the development team in the design phase helps the engagement and build trust, reducing grey areas during the implementation
-
CI/CD pipelines for infrastructure is essential to avoid mistakes within the Implementation Phase
-
Application containers provide immutability and safety to the roll-out of new deployments with zero downtime in production
-
Infrastructure as Code allows full control of the environment configuration enabling scalability and availability
Next Steps
With an AWS Well-Architected Infrastructure and a CI/DC pipeline implemented, HAMPR is going to transfer their Jenkins jobs scheduled to AWS Batch and Lambda and start an application modernisation using Serverless architecture on Lambda.
Conclusion
HAMPR’s project was delivered in less than one (1) month, and the velocity was due to automation and CI/CD pipelines — both core DNX principles. The result of our work is now live, providing a cost-effective, secure, and reliable AWS experience for the client.
Na DNX Brasil, rabalhamos para trazer uma melhor experiência em nuvem e aplicações para empresas nativas digitais. Trabalhamos com foco em AWS, Well-Architected Solutions, Containers, ECS, Kubernetes, Integração Contínua/Entrega Contínua e Malha de Serviços. Estamos sempre em busca de profissionais experiêntes em cloud computing para nosso time, focando em conceitos cloud-native. Confira nossos projetos open-souce em https://github.com/DNXLabs e siga-nos no Twitter, Linkedin or YouTube.
Sem spam - apenas novidades, atualizações e informações técnicas.
Tenha informações das últimas previsões e atualizações tecnológicas