Microsoft Workloads

By August 9, 2019 Case Study

Customer: Sompo

Customer Engagement

Sompo Internationalwas established in March 2017 with the acquisition by Sompo Holdings, Inc.(Sompo) of Endurance SpecialtyHoldings Ltd.(Endurance) anditswholly owned operatingsubsidiaries. Sompo’s corebusiness encompasses one ofthe largest property and casualty insurance groupsin the Japanese domestic market. Seeking opportunities grow their business globally,Sompo acquired Endurance, aglobal provider of property and casualty insurance and reinsurance, to effectively become
their international operation.

Problem Statement

Sompo International wants to migrate 2 of their web services from on-premise to AWS Elastic Beanstalk. Both are .NET based applications and used Microsoft SQL server as the backend. Customer wants to use RDS for the database and AD authentication for SQL server access. Sompo International wants to work with a strong Cloud Consulting Partner like Powerupcloud to help them migrate the applications onto AWS, manage those applications 24*7 and then build Devops capabilities on cloud so that Sompo can concentrate on application development.

Proposed Solution

➢ AWSaccountswillbe createdandmanaged usingAWSOrganizations according tocustomerrequirement.
➢ Appropriateusers, groupsandpermissionswillbecreatedusingIdentityand AccessManagement(IAM)service.
➢ IAM roles will be created to access different AWS service.
➢ Networkwillbesetupusing theVPCservice.AppropriateCIDRrange, subnets,routetablesetc.willbecreated.
➢ NAT gateways will be deployed in 2 public subnetsin 2 different Availability Zones of AWS.
➢ VPN Tunnel will be setup from customer location to AWS data center.
➢ 2 Application Load Balancers will be created forthe 2 applications being migrated.
➢ Route53 service will be used to create the necessary DNS records.
➢ An open source DNS forwarding application called Unbound will be deployed across 2 AZsfor high availability. Unbound allows resolution of request originating from AWS by forwarding them to on-premise environment- and vice-versa.
➢ 2 Elastic Beanstalk environments will be created forthe 2 applications and the .NET code will be uploaded and then deployed onit.
➢ Windows Server 2016 R2 is used to deploy Application& AD.
➢ Both the applications will be deployed across 2 Availability Zones and auto-scaling will be enabled for high availability and scalability.
➢ MSSQL databasewill be deployed on RDS service ofAWS andmultiAZ feature will be enabled for high availability. Database will be replicatedfromon-premisetoAWSbytakingthelatestSQL dumpand restoring/enablingAlways-onreplicationbetweenthe database/usingtheAWSDMSservice.RDSSQL authentication will be used instead of Windows authentication.
➢ Elastic Cache Redis cluster will be deployed forstoring the usersessions. Multi-AZ feature will be turned on for high availability.
➢ All application logs will be sentto Splunk. VPC peering will be enabled between the 2 VPCs.
➢ CloudWatch service will be used formonitoring and SNS will be used to notify the usersin case of alarms, metrics crossing thresholds etc.
➢ Allsnapshot backups will be regularly taken and automated based on the best practices.
➢ All Server Sizing wasinitially taken based on the currentsizing and its utilization shared by the customer. Based on the utilization reportsin CloudWatch Servers were scaled up or down.
➢ NAT gateway is used forinstancesin private network to have accessto internet.
➢ SecuritygroupsareusedtocontroltrafficattheVMlevel.Only the required ports will be opened, and access allowed from required IP addresses.
➢ Network Access Control Lists(NACLs) are used to control traffic atthe subnet level.
o SSL certificates will be deployed on the load balancersto protect data in transit.
o CloudTrail will be enabled to capture all the API activities happening in the account.
o VPC flow logs will be enabled to capture all network traffic.
o ALB accesslogs will be enabled
o AllthelogswillbesenttoAWSGuardDutyforthreat detection and identifying malicious activities in the account,
account compromise.
➢ AWS Config will be enabled, and all the AWS recommended config rules will be created. Additional Details

AWS Services used:

EC2, EBS, ALB, RDS, Route53, S3, CloudFormation,
CloudWatch, CloudTrail, IAM, Config, Guard Duty, Systems Manager, Autoscaling, Transit gateway

3rd Party Solutions Used:

Unbound, Okta[Architecture Diagram]

Windows Stack used:

➢ .NET Applications
➢ IIS Web Server
➢ RDP Gateway
➢ SQL Server EnterpriseDatabase
➢ Active Directory

Outcomes of Project

➢ Powerupcloud was able to setup automated landing zone for Sompo
➢ Sompo was able to meet the required high availability& scalability
➢ Sompo was able to integrate themigrated applicationsto the on-premise
legacy systemsseamlessly

Leave a Reply