About The Client
The client is an ISV in Global Oil and Gas (O&G) Market. They provide services and consultancy around their products. They have a local presence in several countries and deliver full operational support and project capabilities on an international level.
The Business Challenge
Before the successful migration effort lead by CloudHedge, the client had On-Premise installations of their product. The product in discussion is a framework for trading the O&G produce in the market and is considered in the top 10 critical applications for the O&G industry. It has multiple customizations/integrations already in place with various other systems and APIs being used by all O&G majors.
The client was looking out to offer their Product as a Service instead of license installations. Reason being, to get more control on their highly customizable framework and all the services related queries to streamline maintenance/support the business around their product.
The client had already spent 18 months on the migration effort before they approached CloudHedge with little success.
As a matter of fact, they were already using AWS for their infrastructure setup, but it was 90% manual because of less number of AWS skilled engineers. Another requirement was to make the deployments on-demand.
With limited in-house knowledge on cloud technologies, they also required some training in cloud automation, and cloud operations domains.
How CloudHedge Helped?
The technical implementation challenges were obvious to CloudHedge, but we had also anticipated the challenges we were going to face from the operational and technical debt perspective.
This project was driven by extreme automation where we had to build meta-automation in some cases for example automated workflow setup for Jenkins which then were used by the operations teams to automatically deploy environments. The main reason we had introduced meta automation was because of the technical debt client had already accumulated. Thus, even the operationalization of the automation was an automated process.
As the client had used good enough time with 80% of the work still in question, CloudHedge executed the project in aggressive timelines till the Go-Live + Extended support in 3 months.
The first phase was designing the Account Structure (Data Center Architecture) on AWS. We needed to build a platform that will scale up to 1000+ AWS Accounts over the next 3 years. CloudHedge built automation for AWS Landing Zones.
The first phase included design and automation for high tasks which is as follows:
- Account Structure
- Public/Private networks
- Firewall considerations
- Remote Access Service
- VPNs (OpenVPN and IPSec)
- Domain Delegations across AWS accounts
- Automated Jenkins setup (Jenkins is used as a Workflow Manager)
- IDPS setup
- AWS Config setup
- CloudTrail setup
- A parallel thread was started for building a knowledge base around their framework and their existing methods of deployments for further use.
- Initiation of some the framework automation tasks which will converge in next phases.
The Second phase was dedicated to IAM design and automation. It included design and automation for high tasks which is as follows:
- IAM Users and Group for Humans
- IAM Roles for Humans
- Automatically role assumptions across accounts according to privileges
- IAM Profiles
- IAM roles for machines
- AWS KMS considerations
- AD Integrations and considerations
The third phase was dedicated to design and automate the deployment of framework (Oracle/JAVA/Wildfly/KeyCloak). There were few high-level tasks in this phase which were started parallelly from phase one.
The third Phase included design and automation for high tasks:
- Oracle RDS Multi AZ Automation
- Automation restoration of on-premise Oracle DB to RDS
- Application automation along with configurations
- Auto-healing setups
- Application of encryption for all the data at rest
- JIRA integrations
- DataDog Integrations
- TrendMicro Integrations
In the last phase, CloudHedge helped in operationalizing the setup by DataDog and TrendMicro dashboards along with PagerDuty integrations. CloudHedge also helped in configuring PagerDuty and setting up policies for support.
As the platform solution was thoroughly tested and production ready, rolling it to their customers went as per planned.
The other benefits that came out of building a cloud platform were:
- The solution was made easy to deploy even without highly skilled personals.
- Thorough access level granularity.
- SOC2 compliance with action tracking function.
- Automated issues reporting and assignment.
- Easy, fast and production ready deployments.
- Automated setups of monitoring solutions
- Easy UI access to logs and without repetitive login to different systems to access logs. In fact, the need to login to systems was almost eliminated except for a few critical issues.
- Cloud automation helped in the overall reduction of costs.