Microsoft Workloads

By August 9, 2019 July 31st, 2020 AWS, Case Study, Cloud Case Study, DevOps

Customer: Sompo

Customer Engagement

Sompo International was established in March 2017 with the acquisition by Sompo Holdings, Inc.(Sompo) of Endurance Specialty Holdings Ltd.(Endurance) and it swholly owned operating subsidiaries. Sompo’s core business encompasses one of the largest property and casualty insurance groups in the Japanese domestic market. Seeking opportunities grow their business globally, Sompo acquired Endurance, a global provider of property and casualty insurance and reinsurance, to effectively become their international operation.

Problem Statement

Sompo International wants to migrate 2 of their web services from on-premise to AWS Elastic Beanstalk. Both are .NET based applications and used Microsoft SQL server as the backend. Customer wants to use RDS for the database and AD authentication for SQL server access. Sompo International wants to work with a strong Cloud Consulting Partner like Powerup to help them migrate the applications onto AWS, manage those applications 24*7 and then build Devops capabilities on cloud so that Sompo can concentrate on application development.

Proposed Solution

➢ AWSaccounts will be created and managed using AWS Organizations according to customer requirement.
➢ Appropriate users, groups and permissions will be created using Identity and Access Management (IAM) service.
➢ IAM roles will be created to access different AWS service.
➢ Network will be setup using theVPC service. Appropriate CID Rrange, subnets, route tables etc. will be created.
➢ NAT gateways will be deployed in 2 public subnets in 2 different Availability Zones of AWS.
➢ VPN Tunnel will be setup from customer location to AWS data center.
➢ 2 Application Load Balancers will be created forthe 2 applications being migrated.
➢ Route53 service will be used to create the necessary DNS records.
➢ An open source DNS forwarding application called Unbound will be deployed across 2 AZs for high availability. Unbound allows resolution of request originating from AWS by forwarding them to on-premise environment- and vice-versa.
➢ 2 Elastic Beanstalk environments will be created forthe 2 applications and the .NET code will be uploaded and then deployed onit.
➢ Windows Server 2016 R2 is used to deploy Application& AD.
➢ Both the applications will be deployed across 2 Availability Zones and auto-scaling will be enabled for high availability and scalability.
➢ MSSQL data base will be deployed on RDS service of AWS and multi AZ feature will be enabled for high availability. Database will be replicated from on-premise to AWS by taking the latest SQL dumpand restoring/enabling Always-on replication between the database/using the AWS DMS service. RDSSQL authentication will be used instead of Windows authentication.
➢ Elastic Cache Redis cluster will be deployed forstoring the user sessions. Multi-AZ feature will be turned on for high availability.
➢ All application logs will be sentto Splunk. VPC peering will be enabled between the 2 VPCs.
➢ CloudWatch service will be used for monitoring and SNS will be used to notify the users in case of alarms, metrics crossing thresholds etc.
➢ All snapshot backups will be regularly taken and automated based on the best practices.
➢ All Server Sizing was initially taken based on the current sizing and its utilization shared by the customer. Based on the utilization reports in CloudWatch Servers were scaled up or down.
➢ NAT gateway is used for in stances in private network to have access to internet.
➢ Security groups are used to control trafficat theVM level. Only the required ports will be opened, and access allowed from required IP addresses.
➢ Network Access Control Lists(NACLs) are used to control traffic at the subnet level.
o SSL certificates will be deployed on the load balancers to protect data in transit.
o CloudTrail will be enabled to capture all the API activities happening in the account.
o VPC flow logs will be enabled to capture all network traffic.
o ALB access logs will be enabled
o All the logs will be sent to AWS Guard Duty for threat detection and identifying malicious activities in the account,
account compromise.
➢ AWS Config will be enabled, and all the AWS recommended config rules will be created. Additional Details

AWS Services used:

EC2, EBS, ALB, RDS, Route53, S3, CloudFormation,
CloudWatch, CloudTrail, IAM, Config, Guard Duty, Systems Manager, Autoscaling, Transit gateway

3rd Party Solutions Used:

Unbound, Okta[Architecture Diagram]

Windows Stack used:

➢ .NET Applications
➢ IIS Web Server
➢ RDP Gateway
➢ SQL Server Enterprise Database
➢ Active Directory

Outcomes of Project

➢ Powerup was able to setup automated landing zone for Sompo
➢ Sompo was able to meet the required high availability& scalability
➢ Sompo was able to integrate the migrated applications to the on-premise
legacy systems seamlessly

Leave a Reply