About Customer
Industry: Aviation
One of the prestigious customers is one of the prestigious Airlines serving worldwide. The customer is an aviation service provider and has a separate cargo division having a highly trained team that will ensure your cargo is securely handled and safely transported to your destination. They developed the perfect process to maximize efficiency without sacrificing quality. With extensive experience in the airline industry, combined with attention to customer service, also guarantees a professional and hassle-free cargo and delivery service that always exceeds expectations. The combination of an extensive network and a highly trained team allows them to provide a full and comprehensive set of services to their customers.
Whether you require a high-grade door-to-door service, cost-effective airport-to-airport logistics, or the movement of specialized cargo, they have got you covered.
Current Infrastructure
The customer has a separate website for the cargo wing to handle cargo-related business, tracking of the consignment, customer service portal, booking and acknowledgment of the courier, payment portal, etc. Other web applications integrated with the main website and facilitate customers accordingly.
Infra has Dev, QA, and Production environment with all the required security and backup mechanisms in-place as applicable to on-prem DC according to the importance and priority of the on-prem workloads.
The on-prem DC has various servers, Firewalls, storage devices and lots of applications and DBs. Some servers are virtualized but some of them having OS directly installed on bare metal.
The Challenge
Services from on-premises DC are running fine as of now but the challenges are also there:
- 1. Architecting a cloud infrastructure and migrating the applications, databases, and other related data into the cloud infra
- 2. Undefined customer base is producing the challenge of the undefined demand for the backend infrastructure which needs to be ready in minutes.
- 3. A CI/CD Pipeline needs to be set up to facilitate the dev team for continuous development.
- 4. Separate Dev, QA, and Production environment need to be set up and to be integrated for seamless development, testing, and deployment.
- 5. Achieving highly secure cloud infrastructure to manage security-related threats.
- 6. Achieving resiliency to recover the infra and data as it is in a minimum time frame with minimum loss and downtime.
The Solution
As we have to create, migrate, and manage the infra of this customer with ready-to-use services so that we can deploy and enable cloud services on-demand in minutes, we have decided to host the workloads of the customer in AWS Cloud. No need to introduce the capabilities of the AWS as we have already experienced the same in each project.
CI/CD pipeline has been deployed in which code push and pull from the GIT repository. AWS Code pipeline manages the push and pull to/from GIT, AWS Code Build prepares the builds and then the S3 is used to store the build. The AWS Code Deploy, deploying the codes into the UAT, and Production environments.
We have eliminated each challenge by architecting the solution in the AWS cloud platform as:
QA Environment AZ 1A
Here the traffic comes from VPN or from ALB deployed in the public subnet. A CI/CD Pipeline is deploying code in the EC2 where a web application dev.spicetag.com, is inside a private subnet. The Database is also running in another private subnet. The outgoing traffic toward the public internet is taken care of by the NAT gateway deployed in the public subnet along with the ALB.
Production Environment AZ 1A
Here in the private subnet, the traffic is coming to Spicexpress.com, latmile.thespicetag.com-ASG, spicetag.com-ASG via the same ALB which is forwarding traffic to the spicesence.spicetag.com-ASG. All apps are hosted using 4 EC2 instances and except spicexpress.com all three are in autoscaling.
In another private subnet RDS MySQL, Document DB (mongo DB compatibility), and Dynamo DB are configured. ElastiCache (Redis) is also facilitating the requests/responses to/from the primary RDS MySQL DB.
Production Environment AZ 1B
A read replica for MySQL is provided here in a private subnet providing the asynchronous replication between both (Master and Replica) DB instances.
Security
- 1. We have implemented an AWS WAF and all the traffic from the internet is coming through WAF towards infra
- 2. All the important instances are in the private subnet so that public access can't be achieved
- 3. For the developer, VPN is provided to access the infra for development-related management and upgradations
- 4. IAM, KMS and Secret Manager are also deployed to handle the access management and security of the cryptographic data
- 5. MFA is deployed to ensure the verified access on the infrastructure
- 6. The infrastructure is well architected and as per the best practices of the AWS to achieve the security
Resiliency
- 1. A multi-AZ infrastructure has been architected for this customer
- 2. Snapshots are being taken properly with a defined frequency and kept within S3, as-per-required retention period
Other Services
SNS
SES
CloudWatch
CloudTrail
Lambda
System Manager
X-RAY
The Solution/Architecture Diagram
Why AWS?
AWS is designed to allow application providers, ISVs, and vendors to quickly and securely host your applications – whether an existing application or a new SaaS-based application. You can use the AWS Management Console or well-documented web services APIs to access AWS's application hosting platform. AWS utilizes an end-to-end approach to secure and harden our infrastructure, including physical, operational, and software measures. For more information, see the AWS Security Center.
Using AWS tools, Auto Scaling, and Elastic Load Balancing, your application can scale up or down based on demand. Backed by Amazon's massive infrastructure, you have access to compute and storage resources when you need them. With AWS, you take advantage of a scalable, reliable, and secure global computing infrastructure, the virtual backbone of Amazon.com's multi-billion dollar online business that has been honed for over a decade.
Why i2k2?
Our strategy
Cloud Computing – We are highly proficient in cloud hosting serving more than 4000 Corporates with 14000+ VMs and Physical servers mainly in India.
Cloud Consulting – We are adept at delivering solutions on public cloud, private cloud, and Hybrid cloud. We are partners with AWS, Azure, Google, and other cloud providers.
Our mission
Focus to service our customers and create products that are extremely user-centric and solution-oriented with a highly-skilled technical team and a vast experience in the technology space, we have been developing products that are solving real-life issues that can service the masses
Our vision
We offer tailor-made solutions and services so that businesses can leverage the maximum benefits through us. We ensure that the delivery and quality parameters are met and remain committed to the best possible customer experience