Customer: a leading provider of cloud-based software solutions
About the customer:
Being a part of the highly regulated life sciences industry, recognized the benefits of the cloud a long time ago. The Customer was one of the very first life sciences solution vendors to deliver SaaS solutions to its customers. Currently, that momentum continues as the business goes “all-in on AWS” by moving its entire cloud infrastructure to the AWS platform.
As their platform and solutions are powered entirely by the AWS cloud, the business wanted to find ways to reduce costs, strengthen security, and increase the availability of the existing AWS environment. Powerup’s services were enlisted with the following objectives:
- Cost optimization of the existing AWS environment
- Deployment automation of
- Safety infrastructure on AWS
- Architecture and deployment of centralized Log Management solution
- Architecture review and migration of the client’s customer environment to AWS including POC for Database Migration Service (DMS)
- Evaluation of DevOps strategy
1. Cost optimization of the existing AWS environment
Here are the three steps followed by Powerup to optimize costs:
● Addressing idle resources by proper server tagging, translating into instant savings
● Right-sizing recommendation for instances after a proper data analysis
● Planning Amazon EC2 Reserved Instances (RI) purchasing for resized EC2 instances to capture long-term savings
Removing idle/unused resource clutter would fail to achieve its desired objective in the absence of a proper tagging strategy. Tags created to address wasted resources also help to properly size resources by improving capacity and usage analysis. After right-sizing, committing to reserved instances gets a lot easier. For example, the Powerup team was able to draw a comparison price chart for the running EC2 & RDS instances based on the On-Demand Vs RI costs and share a detailed analysis explaining the RI Instances pricing plans. By following these steps, Powerup estimated a 30% reduction in monthly spending of the customer on AWS.
2. Deployment automation Safety infrastructure on AWS
In AWS, the client has leveraged key security features like Cloud Watch and Cloud trail to closely monitor the traffic and actions performed at the API level. Critical functions like Identity & Access Management, Encryption, Log management is also managed by using features of AWS.
Capabilities like AWS Guard Duty, which is an ML-based tool, which continuously monitors threats and add industry intelligence to the alerts it generates is used by them for 24/7 monitoring; along with AWS Inspector, which is a vulnerability detection tool. To ensure end to end cybersecurity, they have deployed an end to end Endpoint Detection and Response (EDR) solution called Trend Micro Deep Security. All their products are tested for security vulnerabilities using the IBM AppScan tool and manual code review, following OWASP Top10 guidelines and NIST standards to ensure Confidentiality, Integrity, and Availability of data.
As part of deployment automation, Powerup used Cloud formation (CF) and/or Terraform templates to automate infrastructure provision and maintenance. In addition to this, Powerup’s team simplified all modules used to perform day to day tasks to render them re-usable for deployments across multiple AWS accounts. Logs generated for all provisioning tasks were stored in a centralized S3 bucket. The business had requested for incorporating security parameters and tagging files, along with tracking of user actions in cloud trail.
3. Architecture and deployment of centralized Log Management solution
Multiple approaches for Log management were shared with the customer. Powerup and the client team agreed on the approach “AWS CW Event Scheduler/SSM Agent”. Initially, the scope was a generation of Log management system for Safety infrastructure account, later, it was
expanded to other accounts as well. Powerup team built solution architecture for Log management using ELK stack and Cloud Watch. Scripts were written such that it can be used across their clients on the AWS cloud. Separate scripts were written for Linux /Windows machines using Shell scripting and Powershell. No hard coding was done on the script. All inputs are through a CSV file that would have Instance ID, Log Path, Retention Period, backup folder path & S3 bucket path.
Furthermore, Live hands-on workshops were conducted by the Powerup team to train the client’s Operations team for future implementations.
4. Architecture review and migration of the client’s environment to AWS including POC for Database Migration Service (DMS)
The client’s pharmacovigilance software and drug safety platform is now powered by the AWS Cloud, and currently, more than 85 of their 200+ customers have been migrated, with more to quickly follow. In addition, the wanted Powerup to support the migration of one of its customers
to AWS. Powerup reviewed and validated the designed architecture. Infrastructure was deployed as per the approved architecture. Once the architecture was deployed, Powerup used the AWS Well-Architected Framework to evaluate the deployed architecture and provide guidance to implement designs that scale with customer’s application needs over time. Powerup also supported the application team for production Go-live on AWS infrastructure, along with deploying and testing DMS POC.
5. Evaluation of DevOps strategy
Powerup was responsible for evaluating DevOps automation processes and technologies to suit the products built by the client’s product engineering team.
EC2, RDS, CloudFormation, S3.
Powerup equipped the client with efficient and completely on-demand infrastructure provisioning with hours, along with built-in redundancies, all managed by AWS. Eliminating idle and over-allocated capacity, RI management, and continuous monitoring enabled them to optimize costs. They successfully realized 30% savings on overlooked AWS assets, resulting in an overall 10 percent optimization in AWS cost. In addition, the client can now schedule and automate application backups, scale-up databases in minutes by changing instance type, and have instances automatically moved to a healthy infrastructure in less than 15 minutes in case of a downtime, giving customers improved resiliency and availability. The client continues to provide a globally unified, standardized solution on the AWS infrastructure-as-a-service (IaaS) platform to drive compliance and enhance the experiences of all its customers.