Migration & Hosting Infrastructure of Kaarba
Industry: AWS
The Client: Kaarba is designed specifically by focusing on the current need and enriched with automation technology to minimize manual tasks. With the help of an experienced technical team, we manage to keep the cost more pocket-friendly without compromising the feature and quality.
It is suitable for Affiliate Networks, Advertisers, and Agencies. Using in-built cutting-edge technology, Kaarba assists digital professionals in managing their affiliate Network, to track online traffic, analyze the drill-down report, and optimize the performance of the campaign.
The Challenge
Services from on-premises DC are running fine as of now but the challenges are also there:
- They were facing security challenges for which they wanted to opt public cloud in comparison to their on-premises for their application servers.
- Undefined customer base is producing the challenge of the undefined demand for the backend infrastructure which needs to be ready in minutes.
- A CI/CD Pipeline needs to be set up to facilitate the dev team for continuous development.
- They wanted a scalable and a securable infra to meet the demands if there is any peak in future.
- Achieving highly secure cloud infrastructure to manage security-related threats.
Solution
CI/CD pipeline has been deployed in which code push and pull from the GIT repository. AWS Code pipeline manages the push and pull to/from GIT, AWS Code Build prepares the builds and then the S3 is used to store the build. The AWS Code Deploy, deploying the codes into the UAT, and Production environments.
We have eliminated each challenge by architecting the solution in the AWS cloud platform as:
Testing Environment AZ 1A
The users will come to the Route 53 which is AWS native DNS via internet. Then the user will hit AWS Web Application Firewall.
Then via Internet Gateway they will be able to access the EC2 server which is in public subnet.
Production Environment AZ 1A
The users will come to the Route 53 which is AWS native DNS via internet. Then the user will hit AWS Web Application Firewall Which acts on Application Level. Now since the pods or applications which are running on EC2 managed by EKS are in private subnet for security purpose will be frontend by Application Load Balancer which will be holding public IP.
In public subnet, we have configured VPN server on AWS EC2 which will be for accessing the server privately for their in-house developers. Also, NAT Gateway is in place for private servers to communicate to Internet in case of any software upgrade.
Security
- We have implemented an AWS WAF and all the traffic from the internet is coming through WAF towards infra.
- All the important instances are in the private subnet so that public access can't be achieved
- For the developer, VPN is provided to access the infra for development-related management and upgradations
- MFA is deployed to ensure the verified access on the infrastructure
- The infrastructure is well architected and as per the best practices of the AWS to achieve the security.
- All the monitoring and notification services are configured like CloudWatch, CloudTrail and SNS.
- AWS Guard duty is configured which is a threat detection service that monitors Foundational data sources such as AWS CloudTrail event logs, AWS CloudTrail management events, Amazon VPC Flow Logs, and DNS logs
- AWS Security Hub is configured to automate security best practice checks, aggregate security alerts into a single place and format, and understand your overall security posture across all your AWS accounts.
- AWS Config is configured to continually assess, audit, and evaluate the configuration and relationship of your resources on AWS, on premises, and on other clouds.
Resiliency
- Snapshots are being taken properly with a defined frequency and kept within S3, as-per-required retention period
The Solution/Architecture Diagram
Why AWS?
AWS is designed to allow application providers, ISVs, and vendors to quickly and securely host your applications – whether an existing application or a new SaaS-based application. You can use the AWS Management Console or well-documented web services APIs to access AWS's application hosting platform. AWS utilizes an end-to-end approach to secure and harden our infrastructure, including physical, operational, and software measures. For more information, see the AWS Security Center.
Using AWS tools, Auto Scaling, and Elastic Load Balancing, your application can scale up or down based on demand. Backed by Amazon's massive infrastructure, you have access to compute and storage resources when you need them. With AWS, you take advantage of a scalable, reliable, and secure global computing infrastructure, the virtual backbone of Amazon.com's multi-billion dollar online business that has been honed for over a decade.
Why i2k2
As an AWS Advanced Consulting Partner & Managed Amazon cloud services provider, i2k2 provides comprehensive folio of cloud solutions along with prompt and reliable support. Our partnership with AWS goes several years back, even before we formalized our association with the company in 2013. Key reason to choose i2k2 was 20 years of proven business. Talent is vast due to extensive IT exposure in India.
About i2k2 Networks
i2k2 Networks is the No.1 Dedicated Web Hosting company in India and a trusted name in the IT cloud hosting services industry that offers a full gamut of cutting edge enterprise solutions which drive business in today's Internet-powered world. Our folio includes Dedicated Servers, Cloud Hosting- Public, Private and Hybrid, Data Center Services, Business Email Solutions, Managed IT Services, Backup, and DR Solutions, DevOps Services, Cloud Enablement, Enterprise Hardware solutions, and various other integrated services. A team of dedicated and professionally driven IT experts conversant with diverse client requirements are available 24x7x365 to provide extended support. With superior technologies to host, design and develop high-quality websites and applications, we ensure to deliver unmatched value to our clients.