Category

Case Study

DR and Migration

By | Case Study, Migration | No Comments

Customer: Matrimony.com

Problem Statement

Until recently, an online matrimony service provider Matrimony.com implemented
traditional disaster recovery through a secondary data center in Mumbai. The
business needed a technology infrastructure that could both keep up with demand
and help drive further growth. Purchasing duplicate storage, compute and
connectivity resources for the secondary location as its business scaled, translated
to additional cost burden — all of which might never actually be used. Given the
“always-on” nature of the business it was of paramount importance that the
application availability remains high. Keeping all the above factors into
consideration, the business decided to leverage the benefits of the public cloud by
migrating their core matrimony applications to AWS.

Proposed Solution

After thorough evaluation, Matrimony.com engaged Powerup and decided to use
AWS to build its business continuity and DR solution.

The approach – A pilot with DR

After thorough evaluation, it was decided to use AWS to build its business continuity
and DR solution with a ‘Pilot-light’ DR strategy was chosen and a minimal
environment of the entire DC setup to be run on AWS. All applications, database
and High Availability (HA) proxy instances were replicated to instances of minimal
size to optimize cost — a classic backup-and-restore scenario. AWS allows
maintenance of a pilot-light model by configuring and running only the most critical
core elements of a system. When required in case of a recovery, one can rapidly
provision a full-scale production environment around the critical core by upgrading
the instances.

Powerup built a replica of all required servers and launched it using AWS
CloudFormation (CF) templates. For Matrimony.com, the legacy applications
required Powerup to use the same IP addresses in the new environment as well.
Powerup used Asymmetric routing mechanism to accommodate multiple IP
addresses and resolve connectivity issues on the secondary IP addresses. Load
balancers were required to have custom static private IPs to accommodate legacy
applications. However, Elastic Load balancer did not support this. To resolve this
issue, Powerup set up highly available HAProxy as an alternative to the internal load
balancer traffic with Keep-Alive. Keep-alive, when enabled, allows the load balancer
to reuse connections to the instance, which reduces the CPU utilization. In this case,
failover support was enabled between two HA Proxy servers by load balancing
between DC and DR for periodic application check. Code commit was used to update
the code to both DC and DR environments simultaneously.

Powerup complied with customer data centre security guidelines and the migration
was successful. Multiple VPCs were created for production, recovery and
management applications. All application servers were migrated using AWS Server
Migration Service(SMS) by replicating server VMs as cloud-hosted Amazon Machine
Images (AMIs) ready for deployment. Lambda was used to trigger the creation of
new AMIs. Database servers were deployed on EC2, replicated using native
replication techniques. The Configuration of the environment is automated by AWS
CF templates.

Cloud platform

AWS.

Technologies used

EC2, CloudFormation, Lambda, S3, AWS SMS-Migration tool, DMS, ELB/ALB, VPC.

Cloud Storage with Horos App

By | Case Study | No Comments

Customer: Amaara Vectors Private Limited

 

Problem Statement

Amaara Vectors Private Limited has its own custom version of the open-source PACS application called Horos. They wanted to integrate it with cloud storage and was looking at AWS S3 for better scalability, flexibility, and security. The cloud storage should be like a drive in the local system where the documents can be downloaded and uploaded. They also want to notify when a new image is ready to view using WhatsApp for business.

 

Proposed Solution

Powerup helped Amaara Vectors design well-architected frameworks and migrate to AWS along with 2 months of initial support for testing and bug fixes.

 

[Architecture diagram]

 

Description:

Various Scan images will come to the Mac systems in each center to be viewed by the Horos Application.

2. Mountain Duck Mac agent will be running on the Mac OS. S3 buckets will be mounted as local volumes to the Mac OS.

3. Mountain Duck will be configured to sync all the data back to S3.

4. A script will be running on the Mac systems to delete any file which is not accessed in 15 days. The Specific time period to be a configurable option.

5. Powerupcloud will develop a small lightweight NodeJS agent which will keep the connection live with the Notification Server running on AWS.

6. An OpenVPN server will be running on AWS to establish a point-site VPN tunnel between the Mac and AWS for secure upload to AWS.

7. All files on S3 will be encrypted using KMS.

8. Once the File is uploaded to S3 two Lambda functions will be triggered. One Lambda calls the WhatsApp for Business API for WhatsApp notifications. Other Lambda function will trigger the NodeJS code to broadcast the notification to all the Mac systems belonging to the same center.

9. Illustration: ABC Diagnostics is an organization that has three Diagnostic Centers, at Rajajinagar, Chamarajapet, and HSR layout. A brain MRI scan is taken at Rajajinagar, and uploads to the Cloud automatically. The organization’s Brain MRI specialist at HSR gets a notification on his workstation (Mac) and on WhatsApp (Business). He then clicks on the “Rajajinagar” tab on his Horos application and diagnoses the image. This textual diagnosis is uploaded onto the cloud. The radiologist in Rajajinagar gets a notification about the uploaded diagnosis and downloads it. It is then verified and provided to the patient.

 

Cloud platform

AWS.

 

Technologies used

S3, Lambda, KMS, IAM.

Netmagic to AWS Migration

By | Case Study | No Comments

Customer: PayU

About Customer

PayU is a fintech company that provides payment technology to online merchants.
The company was founded in 2002 and is headquartered in Hoofddorp,
Netherlands. It allows online businesses to accept and process payments through
payment methods that can be integrated with web and mobile applications.

Problem Statement

PayU needed to migrate 2 of their core applications, PayUbiz and PayUmoney
from their existing Netmagic data center to AWS cloud. The challenge was 400+
VM’s needed to be migrated in just 3 months to support the annual sale days of
two of the largest e-comm players in India. They were required to handle 8000+
transaction per second at database level with improved reliability and automated
scalability, which their existing on-premises setup could not deliver.

Proposed Solution

➢ Powerup Architects worked closely with the PayU team to do a detailed
Application Discovery of the current Netmagic environment.
➢ Based on the data collected a blueprint architecture was designed mapping
the current environment to AWS services following the 6 R’s of Migration. A
detailed TCO analysis was also done so that the customer is clearly aware
about the benefits of moving to AWS cloud.
➢ Proper Load Testing was done to finalize the sizing for the application
servers.
➢ All the application servers were migrated using AWS VM Import/Export.
➢ The MYSQL databases on-premise was migrated to AWS Aurora using
Database Migration Service.
➢ User sessions and database cache was stored in Redis Cache.
➢ Classic Load Balancers were used to distribute traffic between the application
servers.
➢ Direct Connect was setup between on-premise and AWS Mumbai DC. VPN
tunnels were also setup for redundancy.
➢ Kafka will be used to stream all the logs and Logstash will be used to analyze
them.
➢ All sensitive data like user card details are encrypted using KMS.
Outcomes
➢ Customer was successfully migrated to AWS Aurora RDS from MYSQL
database.
➢ Flipkart’s Xiaomi Sale was a huge success with the AWS infrastructure able to
handle 8000+ TPS.
➢ Customer was able to achieve the required scalability and security on cloud.

AWS Services used

➢ EC2 – to host all application and web servers
➢ EBS – as storage attached to EC2
➢ VPC – to create the required isolated networks on AWS
➢ Elasticache – to host the Redis Caching engine
➢ RDS Aurora – to host the database
➢ KMS – to encrypt data at rest on EBS and S3
➢ S3 – to host the OVF images, to store backups other static details and logs
➢ CloudWatch – used as the monitoring tool
➢ Classic Load Balancer – to distribute the traffic and SSL termination
➢ Direct Connect – to establish a direct private line between AWS and
customer DC
➢ IAM – for Identity and Access Management

Microsoft Workloads

By | Case Study | No Comments

Customer: Sompo

Customer Engagement

Sompo Internationalwas established in March 2017 with the acquisition by Sompo Holdings, Inc.(Sompo) of Endurance SpecialtyHoldings Ltd.(Endurance) anditswholly owned operatingsubsidiaries. Sompo’s corebusiness encompasses one ofthe largest property and casualty insurance groupsin the Japanese domestic market. Seeking opportunities grow their business globally,Sompo acquired Endurance, aglobal provider of property and casualty insurance and reinsurance, to effectively become
their international operation.

Problem Statement

Sompo International wants to migrate 2 of their web services from on-premise to AWS Elastic Beanstalk. Both are .NET based applications and used Microsoft SQL server as the backend. Customer wants to use RDS for the database and AD authentication for SQL server access. Sompo International wants to work with a strong Cloud Consulting Partner like Powerupcloud to help them migrate the applications onto AWS, manage those applications 24*7 and then build Devops capabilities on cloud so that Sompo can concentrate on application development.

Proposed Solution

➢ AWSaccountswillbe createdandmanaged usingAWSOrganizations according tocustomerrequirement.
➢ Appropriateusers, groupsandpermissionswillbecreatedusingIdentityand AccessManagement(IAM)service.
➢ IAM roles will be created to access different AWS service.
➢ Networkwillbesetupusing theVPCservice.AppropriateCIDRrange, subnets,routetablesetc.willbecreated.
➢ NAT gateways will be deployed in 2 public subnetsin 2 different Availability Zones of AWS.
➢ VPN Tunnel will be setup from customer location to AWS data center.
➢ 2 Application Load Balancers will be created forthe 2 applications being migrated.
➢ Route53 service will be used to create the necessary DNS records.
➢ An open source DNS forwarding application called Unbound will be deployed across 2 AZsfor high availability. Unbound allows resolution of request originating from AWS by forwarding them to on-premise environment- and vice-versa.
➢ 2 Elastic Beanstalk environments will be created forthe 2 applications and the .NET code will be uploaded and then deployed onit.
➢ Windows Server 2016 R2 is used to deploy Application& AD.
➢ Both the applications will be deployed across 2 Availability Zones and auto-scaling will be enabled for high availability and scalability.
➢ MSSQL databasewill be deployed on RDS service ofAWS andmultiAZ feature will be enabled for high availability. Database will be replicatedfromon-premisetoAWSbytakingthelatestSQL dumpand restoring/enablingAlways-onreplicationbetweenthe database/usingtheAWSDMSservice.RDSSQL authentication will be used instead of Windows authentication.
➢ Elastic Cache Redis cluster will be deployed forstoring the usersessions. Multi-AZ feature will be turned on for high availability.
➢ All application logs will be sentto Splunk. VPC peering will be enabled between the 2 VPCs.
➢ CloudWatch service will be used formonitoring and SNS will be used to notify the usersin case of alarms, metrics crossing thresholds etc.
➢ Allsnapshot backups will be regularly taken and automated based on the best practices.
➢ All Server Sizing wasinitially taken based on the currentsizing and its utilization shared by the customer. Based on the utilization reportsin CloudWatch Servers were scaled up or down.
➢ NAT gateway is used forinstancesin private network to have accessto internet.
➢ SecuritygroupsareusedtocontroltrafficattheVMlevel.Only the required ports will be opened, and access allowed from required IP addresses.
➢ Network Access Control Lists(NACLs) are used to control traffic atthe subnet level.
o SSL certificates will be deployed on the load balancersto protect data in transit.
o CloudTrail will be enabled to capture all the API activities happening in the account.
o VPC flow logs will be enabled to capture all network traffic.
o ALB accesslogs will be enabled
o AllthelogswillbesenttoAWSGuardDutyforthreat detection and identifying malicious activities in the account,
account compromise.
➢ AWS Config will be enabled, and all the AWS recommended config rules will be created. Additional Details

AWS Services used:

EC2, EBS, ALB, RDS, Route53, S3, CloudFormation,
CloudWatch, CloudTrail, IAM, Config, Guard Duty, Systems Manager, Autoscaling, Transit gateway

3rd Party Solutions Used:

Unbound, Okta[Architecture Diagram]

Windows Stack used:

➢ .NET Applications
➢ IIS Web Server
➢ RDP Gateway
➢ SQL Server EnterpriseDatabase
➢ Active Directory

Outcomes of Project

➢ Powerupcloud was able to setup automated landing zone for Sompo
➢ Sompo was able to meet the required high availability& scalability
➢ Sompo was able to integrate themigrated applicationsto the on-premise
legacy systemsseamlessly

Microsoft Workloads

By | Case Study | No Comments

Customer: Qwikcilver

Customer Engagement

Qwikcilver has revolutionized the gifting landscape with their future ready
technology solutions and we have built ground up a state-of-the-art Stored Value
Platform exclusively for managing gift cards for Merchants, Retailers and Brands.
They are an ISO27001 certified company and have been granted the license to
“Issue” Semi-Closed Loop Prepaid (SCLP) instruments by the Reserve Bank of India
(RBI), the apex Financial Regulatory Authority in India. They conduct annual audits
like CISA and VAPT (Vulnerability Assessment & Penetration testing) and ESCROW
reporting on a quarterly basis. These audits are conducted by authorized agencies
to ensure security of both Qwikcilver systems and client system.

Problem Statement

Qwikcilver was not able to scale their Gift Card platform running on TCL
datacenter. Qwikcilver provides the Gift Card platform for some of the largest ecommerce players in India like Amazon, Flipkart etc. Amazon Prime day was
coming and Qwikcilver is planning to migrate the Gift card platform from on
premise TCL datacenter to AWS to handle the huge amount of traffic that was
expected to come. They want to host their primary DC on AWS and DR on Azure.
The Application is all .NET based with IIS Web Server. SQL Server Enterprise edition
is the database for the application. The application uses AD for LDAP
authentication.

Proposed Solution

➢ Appropriate users, groups and permissions will be created using Identity and
Access Management (IAM)service.
➢ IAM roles will be created to access different AWS service.
➢ Network will be setup using the VPC service. Appropriate CIDR range,
subnets, route tables etc. will be created.
➢ Multiple VPCs will be created for Management, UAT and Production.
➢ Route53 will be configured to create the required DNS records.
➢ 3 Network Load Balancers will be created with Static IP to route traffic to the
Palo Alto Firewall.
➢ ADC server will be created and will be in sync with the on-premise AD server.
➢ Palo Alto Firewall will be deployed across 2 AZs for HA. Auto-scaling is
enabled to always keep 2 instances all the time.
➢ GC platform applications will be deployed across 2 AZs for high availability
and auto-scaling is enabled.
➢ User sessions are stored in the MSSQL database
➢ Internal NLB will route the traffic to the application servers which are also
running across 2 AZs for HA.
➢ MSSQL databases will be deployed on EC2 and will be replicated using
the Always-ON feature to create the read replicas.
➢ Windows Server 2012 R2 is used to deploy Application, AD and Database
servers.
➢ Management VPC will host the Bastion, NTP, AD and other management
applications.
➢ VPC peering will be enabled between all the required VPCs.
➢ CloudWatch service will be used for monitoring and SNS will be
used to notify the users in case of alarms, metrics crossing
thresholds etc.
➢ All snapshot backups will be regularly taken and automated based on the
best practices.
➢ Security groups are used to control traffic at the VM level. Only the
required ports will be opened, and access allowed from required IP
addresses.
➢ Network Access Control Lists (NACLs) are used to control traffic at the subnet
level.
➢ SSL certificates will be deployed on the EC2 to protect data in transit.
➢ CloudTrail will be enabled to capture all the API activities happening in the
account.
➢ VPC flow logs will be enabled to capture all network traffic.
➢ All the logs will be sent to AWS Guard Duty for threat detection
and identifying malicious activities in the account, account
compromise etc.
➢ KMS will be used to encrypt all the data at rest.
➢ AWS SSM will be used to patch the servers regularly.
➢ Palo Alto Firewall is used as WAF and IDS/IPS solution.
➢ AWS System Manager is used for Patch Management.
➢ DR will be setup to Azure as per customer RTO & RPO requirements.
➢ All Server Sizing was initially taken based on the current sizing and its
utilization shared by the customer. Based on the utilization reports in
CloudWatch Servers were scaled up or down.
Additional Details
AWS Services Used: EC2, EBS, ALB, Route53, S3, CloudFormation,
CloudWatch, CloudTrail, IAM, Config, Inspector, Guard Duty, Systems
Manager, Auto-scaling, VPC Peering, KMS

3rd Party Solutions Used: Palo Alto Firewall

Windows Stack used:

➢ .NET Applications
➢ IIS Web Server
➢ RDP Gateway
➢ SQL Server EnterpriseDatabase
➢ Active Directory
[Architecture diagram]
Outcomes of Project
➢ Powerup was able to successfully migrate their core Gift card applications for
Amazon.com on AWS.
➢ Qwikcilver was able to achieve the required scalability, flexibility and
performance.
➢ Amazon Prime day was a big success with zero downtime.

Automated photo moderation

By | Case Study | No Comments

Customer: Shaadi.com

A leading matrimony site in India

Problem Statement

A leading matrimony site in India receives 20,000 new profile creations every day.
A team of 16 reviews the uploaded profile pictures and moderates them based on
9 parameters including nudity, celebrity, blur, group photos, photoshopped images, etc. The customer wanted to automate this moderation process to improve efficiency and reduce manpower costs.

Proposed Solution

Powerup used a combination of Amazon Rekognition and custom rule engine to moderate the images in real-time. The solution was consistently achieving above
80% accuracy. This brought down the moderation time from 24 hours to 3 minutes and the headcount was reduced from 16 to 4.

Cloud Platform

AWS.

Technologies used

Amazon Rekognition, Lambda, OpenCV, Python.

Data Lake on Cloud

By | Case Study | No Comments

Customer: One of India’s largest media companies

Problem Statement

One of India’s largest media companies uses various SaaS platforms to run their media streaming application. Hence all of the customers’ data was residing in these SaaS applications. The customer wanted to build a Data Lake to bring all their customers’ and operations’ data at one place to understand their business better

Proposed Solution

Powerup built real-time and batch ETL jobs to bring the data from varied data sources to S3. The raw data was stored in S3. The data was then populated in Redshift for further reporting while advanced analytics was run using Hadoop based ML engines on EMR. Reporting was done using QuickSight.

Cloud platform

AWS.

Technologies used

S3, DynamoDB, AWS ElasticSearch, Kibana, EMR Clusters, RedShift, QuickSight,
Lambda, Cognito, API gateway, Athena, MongoDB, Kinesis.

DevOps & Provisioning Automation

By | Case Study | No Comments

Customer: A business consulting and technology integration services firm

Problem Statement

A business consulting and technology integration services firm responding with
agile solutions to the challenges of regulated industries. Partnering with
Intellivision, the customer is building a multi-tenant SaaS-based application on
Azure.

Proposed Solution

Powerupcloud helped deploy multiple flavors of the application in Azure App
Services, Azure Container Service, Azure IaaS for developers, testers, and end
customers using end to end automated provisioning scripts.

Cloud Platform

Microsoft Azure.

Technologies used

Azure App Service, Azure IaaS, Automation Runbooks, DocumentDB, Azure Backup
Services, Azure OMS, Azure CLI, Powershell, OrientDB, Nodejs, Nginx.

Running Websites at Scale on App Service

By | Case Study | No Comments

Customer: India’s biggest e-commerce store

Problem Statement

Customer is the India’s biggest e-commerce store and competes with Amazon.
Customer’s non-ecommerce websites like careers, stories (corporate blog) and
websites were on AWS and as part of company-wide Azure adoption, they wanted
to move these sites to Azure PaaS.

Proposed Solution

Powerup helped move Customer’s Careers (PHP based) and Stories (WordPress)
from AWS IaaS to Azure PaaS. The websites were configured to withstand
customer’s scale and sudden surge in traffic due to marketing activities and huge
online presence that they command. CDN was introduced and caching frequently
visited content is enabled for better performance. The stories site was recently
redeployed to App Service Linux backend.

Cloud Platform

Microsoft Azure.

Technologies used

Azure App Service, Application Insights, Azure Security Center, WordPress, MYSQL.

Hosting e-commerce applications on Azure

By | Case Study | No Comments

Customer: India’s best home healthcare service provider

Problem Statement

A new approach to holistic healthcare – India’s best home healthcare service
provider enables you to access all healthcare services and products from the
comfort of your home. The customer wanted to host all its ecommerce application
on Microsoft Azure.

Proposed Solution

Powerup helped setup the customer’s services applications on Azure IaaS services.
The applications were configured for enhanced availability and security. Post
Implementation, Powerup provided trainings with off-site support to help Call
Health team to faster adapt to Microsoft Azure services.

Cloud Platform

Microsoft Azure.

Technologies used

Azure VMs, Azure AD, SQL Azure, V-Net, Resource groups, VPN gateway, Azure
Storage.