Business Need
The client aimed to transition its IT infrastructure to the cloud to ensure a stable, secure, and flexible system available 24/7. This cloud-based infrastructure would support the implementation of intelligent automation solutions, handling high-volume requests to improve service level consistency and optimize workforce alignment.
Business Challenge
- Lack of flexibility to support a growing economy.
- Scalability and availability issues with applications.
- Performance bottlenecks.
- Limited agility to adapt to market changes.
- Inadequate data security measures, risking potential breaches.
- Requirement for cloud-native databases like Amazon Aurora instead of costly licensed databases.
- Need for faster data retrieval.
- Interest in a pay-as-you-go model for cost optimization.
- Requirement for logical network segregation.
To overcome these challenges, the client turned to NuSummit to leverage our AWS Advanced Consulting Partner expertise in deploying and managing on-premises infrastructure on the AWS Cloud.
Business Solution
NuSummit’s deep domain expertise and AWS Advanced Consulting Partner status positioned us as the ideal partner to deploy the client’s infrastructure on AWS Cloud, bringing them the benefits of cloud scalability, flexibility, and security.
The following AWS services were shortlisted for deployment:
- Identity and Access Management (IAM)
- Simple Storage Service (S3)
- Amazon EC2
- Amazon VPN
- Relational Database Service (RDS)
- AWS Trusted Advisor
- CloudWatch
- AWS Key Management Service (KMS)
- CloudTrail
- Flow Logs
- Amazon GuardDuty
- AWS Config
- AWS Inspector
- CloudFormation
- Elastic Kubernetes Service (EKS)
- AWS Lambda
- AWS Glacier
Solution Approach
Our approach began with a detailed assessment of the client’s current challenges and the development of a roadmap to achieve their desired outcomes. The infrastructure was upgraded with the following well-architected standards:
- Environment Segmentation: Separate production and non-production environments to establish a single source of truth.
- Next-Generation Firewall (NGFW): Protection against Gen-5 attacks.
- Traffic Management: App and DB traffic routed through NGFW.
- Identity and Access Management: Least privilege access, multi-factor authentication (MFA) for user credentials.
- High Availability (HA): SQL log shipping for HA and near-disaster recovery (DR), with redundant direct connections via different ISPs.
- Application Load Balancing: HA applications placed behind an internal load balancer.
- Private Access with VPC Endpoints: Access AWS services privately from the AWS LAN network (e.g., EKS cluster, S3).
- Snapshot Policy: Configured for all servers alongside Commvault backup on a virtual machine.
- Distributed Application Servers: Configured across multiple availability zones with load balancing via AWS Application Load Balancer.
- CloudTrail Logs: Enabled user activity logging, with logs stored in S3 for audit and long-term retention.
- Kubernetes Cluster Deployment: Set up for containerized workloads.
- Cost Optimization: Configured auto start/stop mode for servers to reduce costs.
- Access Control: Restricted production server access through bastion hosts for added security.
- Custom DNS Query Resolution: Achieved with Lambda for on-premises to Application Load Balancer.
- AWS Inspector: Identified architecture components non-compliant with CIS benchmarks.
- CMDB Management: Configured with AWS Config.
- GuardDuty: Configured for analysis of DNS, VPC, and CloudTrail logs.
- Snapshot Lifecycle Policy: Applied for server snapshots in AWS.
- VPC Flow Logs: Monitored incoming and outgoing server traffic at the network interface level.
Tech Stack
- Monitoring: Site 24×7
- Incident Management: FreshService
- Backup: Commvault with native snapshots
- Access Management: ARCOS
- Next-Gen Firewall: Palo Alto
- Firewall and Log Management: Minefield
- SaaS Services: Cloudflare
- WAF Application Monitoring: New Relic
Platform
Operating System
- Windows 2008 R2 Datacenter Edition (Custom Hardened Image)
- Windows 2012 R2 Datacenter Edition (Custom Hardened Image)
- Amazon EKS Images
- Windows 2016 Datacenter Edition (Custom Hardened Image)
- CentOS 7
Database
- MSSQL Standard Edition 2012
- MSSQL Standard Edition 2014
- PostgreSQL RDS 11.5
- Oracle RDS Standard 12.0.0
Incident management
- Service desk web portal for incident management and alert notifications.
- 24×7 help desk support via phone, email, and web-based service.
- User-friendly ticket-raising options via email, portal, phone, or in person, aligned with ITIL standards.
Security
- Multi-layered data security with password and data encryption.
- Enterprise-grade next-generation firewall implementation (Palo Alto).
- Advanced Threat Prevention and enhanced cybersecurity measures.
Reliability
- Durable data storage provided by Amazon S3.
Cost Optimization
- Flexible server operation based on need, reducing capital expenditures on hardware and software.
Server Monitoring
- Weekly performance summaries for server status.
Reporting
- Comprehensive availability, busy hour, health trend, and performance reports.
- Historical log of customer-help desk interactions.
Productivity
- Increased efficiency by freeing up IT and financial staff resources for high-value tasks.
Disaster Recovery (DR)
- Cloud-based data restoration for applications, ensuring continuity during outages.