Microsoft Workloads

By August 9, 2019 Case Study

Customer: Qwikcilver

Customer Engagement

Qwikcilver has revolutionized the gifting landscape with their future ready
technology solutions and we have built ground up a state-of-the-art Stored Value
Platform exclusively for managing gift cards for Merchants, Retailers and Brands.
They are an ISO27001 certified company and have been granted the license to
“Issue” Semi-Closed Loop Prepaid (SCLP) instruments by the Reserve Bank of India
(RBI), the apex Financial Regulatory Authority in India. They conduct annual audits
like CISA and VAPT (Vulnerability Assessment & Penetration testing) and ESCROW
reporting on a quarterly basis. These audits are conducted by authorized agencies
to ensure security of both Qwikcilver systems and client system.

Problem Statement

Qwikcilver was not able to scale their Gift Card platform running on TCL
datacenter. Qwikcilver provides the Gift Card platform for some of the largest ecommerce players in India like Amazon, Flipkart etc. Amazon Prime day was
coming and Qwikcilver is planning to migrate the Gift card platform from on
premise TCL datacenter to AWS to handle the huge amount of traffic that was
expected to come. They want to host their primary DC on AWS and DR on Azure.
The Application is all .NET based with IIS Web Server. SQL Server Enterprise edition
is the database for the application. The application uses AD for LDAP
authentication.

Proposed Solution

➢ Appropriate users, groups and permissions will be created using Identity and
Access Management (IAM)service.
➢ IAM roles will be created to access different AWS service.
➢ Network will be setup using the VPC service. Appropriate CIDR range,
subnets, route tables etc. will be created.
➢ Multiple VPCs will be created for Management, UAT and Production.
➢ Route53 will be configured to create the required DNS records.
➢ 3 Network Load Balancers will be created with Static IP to route traffic to the
Palo Alto Firewall.
➢ ADC server will be created and will be in sync with the on-premise AD server.
➢ Palo Alto Firewall will be deployed across 2 AZs for HA. Auto-scaling is
enabled to always keep 2 instances all the time.
➢ GC platform applications will be deployed across 2 AZs for high availability
and auto-scaling is enabled.
➢ User sessions are stored in the MSSQL database
➢ Internal NLB will route the traffic to the application servers which are also
running across 2 AZs for HA.
➢ MSSQL databases will be deployed on EC2 and will be replicated using
the Always-ON feature to create the read replicas.
➢ Windows Server 2012 R2 is used to deploy Application, AD and Database
servers.
➢ Management VPC will host the Bastion, NTP, AD and other management
applications.
➢ VPC peering will be enabled between all the required VPCs.
➢ CloudWatch service will be used for monitoring and SNS will be
used to notify the users in case of alarms, metrics crossing
thresholds etc.
➢ All snapshot backups will be regularly taken and automated based on the
best practices.
➢ Security groups are used to control traffic at the VM level. Only the
required ports will be opened, and access allowed from required IP
addresses.
➢ Network Access Control Lists (NACLs) are used to control traffic at the subnet
level.
➢ SSL certificates will be deployed on the EC2 to protect data in transit.
➢ CloudTrail will be enabled to capture all the API activities happening in the
account.
➢ VPC flow logs will be enabled to capture all network traffic.
➢ All the logs will be sent to AWS Guard Duty for threat detection
and identifying malicious activities in the account, account
compromise etc.
➢ KMS will be used to encrypt all the data at rest.
➢ AWS SSM will be used to patch the servers regularly.
➢ Palo Alto Firewall is used as WAF and IDS/IPS solution.
➢ AWS System Manager is used for Patch Management.
➢ DR will be setup to Azure as per customer RTO & RPO requirements.
➢ All Server Sizing was initially taken based on the current sizing and its
utilization shared by the customer. Based on the utilization reports in
CloudWatch Servers were scaled up or down.
Additional Details
AWS Services Used: EC2, EBS, ALB, Route53, S3, CloudFormation,
CloudWatch, CloudTrail, IAM, Config, Inspector, Guard Duty, Systems
Manager, Auto-scaling, VPC Peering, KMS

3rd Party Solutions Used: Palo Alto Firewall

Windows Stack used:

➢ .NET Applications
➢ IIS Web Server
➢ RDP Gateway
➢ SQL Server EnterpriseDatabase
➢ Active Directory
[Architecture diagram]
Outcomes of Project
➢ Powerup was able to successfully migrate their core Gift card applications for
Amazon.com on AWS.
➢ Qwikcilver was able to achieve the required scalability, flexibility and
performance.
➢ Amazon Prime day was a big success with zero downtime.

Leave a Reply