About Customer
Industry: News Agency
Pixstory is a new social media platform committed to transparency, integrity, and decency in which users are held accountable to the truth. Pixstory addresses a critical gap in existing social media spaces by creating a platform that is reliable, safe, and evidence based. As with other social media apps, Pixstory users can post photos and stories and engage with the content posted by other users. What sets Pixstory apart is that it provides an innovative multi-dimensional template for displaying posts that allow users to challenge inaccuracies or abuse and support quality content. Pixstory's format limits singular interpretations of complex issues and fosters structured meaningful debate. Pixstory was founded on the values of honesty, integrity, and accountability with the aim of leading a behavioral shift in the social media space.
Current Infrastructure
Pixstory hosted its applications in a Third-Party datacenter in India. As it is a social media platform Pixstory has two main categories of information to publish on its platform, first is the general news and other platforms which are already floating dynamic information about the events happening in the world like the news apps, and the second is the information which is created by the users who have the profile created on Pixstory platform. So with the use of APIs dev team integrates the platform with another app where general information is floating and in another module dev team also developed a platform where users can create a profile, upload content and publish it. The Pixstory platform also allows create chare, like subscribe, notify, etc. options for their users.
To run this Pixstory has the Dev, UAT, and production environment with the backup and restore services provided by the service provider datacenter company. For security, the DC provider implemented the separate redundant firewall at layer three and enabled the web application security module on the same firewalls. All the apps and DBs are in the same datacenter and in case of any mishappening with workloads they are depending upon the backup only.
The Challenge
The Pixstory has the platform hosted in Tier III datacenter, but challenges are still there like:
- 1. The process of the commissioning new resources is time taken as they have no such a platform on which they can select and run the desired services/instances in case of urgency
- 2. Backup is provided by the DC Team but the restore drills never offered or suggested. So, this like customer is sitting on a ticking time bomb and never knows where it get blasts
- 3. Infrastructure scaling is time taken and ticket-based approach as in case of urgency the business gets hamper till the desired infrastructure not commissioned for the customer. Sometimes the infra scaled up or down after minutes of urgency has passed and loss happened in business
- 4. Nothing is there to achieve resiliency by the DC Service provide as they have kept the infrastructure and backup storage in the same Datacenter. Also restore drills never happened so it is not sure that backup will be useful at the time of disaster
- 5. To achieve the specific needs customer has only option to arrange third party services as the DC team is only providing the cloud infra. For example, they have no 'cache as a service' provided by the datacenter to facilitate the DB operations and accessibility
- 6. Ensure the quick availability of the content in high demand all over the world with low latency
The Solution
When we analyse the above said challenges, the first things comes in our mind that is AWS platform which has the capabilities to provide single stop solution for all the above challenges. Let us describe the solutions as:
Dev Environment
A CI/CD Pipeline has been deployed and which is using the GIT as a code repository
Speech API Server
As Pixstory provides the content by integrating with other media platforms which is handled by the separate API server named Speech API in a public subnet inside a Separate VPC
Production Environment AZ 1A
This is the production environment of Pixstory where the Pixstory App and Web servers are configured in multi-AZ with autoscaling. The Proxy server for the Web Server is deployed in the Public subnet and the API servers are also integrated here. In another private subnet Pixstory DB i.e RDS PostgreSQL is in Multi-AZ and ElastiCache Redis is provided to achieve microsecond latency by caching alongside the existing primary database.
Production Environment AZ 1C
This AZ is only provided to ensure the resiliency for the APP and Web servers along with the RDS PostgreSQL.
QA/Staging Environment
This part consists of the QA and testing set up of the Pixstory. The VPN server, App Server (QA), WEB Server (QA) and Test DBs with Redis are the components of this environment which is providing the exact replica of the production environment so the testing and QA can be performed is in exact scenario as per the production environment.
Security
- 1. AWS WAF is provided to protect apps and APIs against bots and exploits that consume resources, skew metrics, or cause downtime
- 2. AWS GuardDuty is deployed for threat detection and it also continuously monitor the infra to detect any kind of malicious activity
- 3. AWS Standard Shield is also provided to protect from the DDOS attack and safeguard the applications running on the AWS infra
- 4. Important instances are kept in the private subnet and user access can be provided by using VPN
- 5. AWS Security Hub is deployed here for security posture management service that automates best practice checks, aggregates alerts and supports automated remediation
- 6. To ensure the AWS best practices we have also deployed the AWS Trusted Advisor
- 7. Access Management and Security of Keys achieved using the KMS and Secret Manager
- 8. MFA is also implemented to provide an extra layer of authentication
Resiliency
- 1. A multi-AZ infrastructure has been architected for this customer
- 2. Snapshots are being taken properly with a defined frequency and kept within S3, as-per-required retention period
Other Services
SNS
SES
CloudWatch
CloudTrail
Lambda
System Manager
X-RAY
Athena
Glue
Config
The Solution/Architecture Diagram
Why AWS?
AWS is designed to allow application providers, ISVs, and vendors to quickly and securely host your applications – whether an existing application or a new SaaS-based application. You can use the AWS Management Console or well-documented web services APIs to access AWS's application hosting platform. AWS utilizes an end-to-end approach to secure and harden our infrastructure, including physical, operational, and software measures. For more information, see the AWS Security Center.
Using AWS tools, Auto Scaling, and Elastic Load Balancing, your application can scale up or down based on demand. Backed by Amazon's massive infrastructure, you have access to compute and storage resources when you need them. With AWS, you take advantage of a scalable, reliable, and secure global computing infrastructure, the virtual backbone of Amazon.com's multi-billion dollar online business that has been honed for over a decade.
Why i2k2?
Our strategy
Cloud Computing – We are highly proficient in cloud hosting serving more than 4000 Corporates with 14000+ VMs and Physical servers mainly in India.
Cloud Consulting – We are adept at delivering solutions on public cloud, private cloud, and Hybrid cloud. We are partners with AWS, Azure, Google, and other cloud providers.
Our mission
Focus to service our customers and create products that are extremely user-centric and solution-oriented with a highly-skilled technical team and a vast experience in the technology space, we have been developing products that are solving real-life issues that can service the masses
Our vision
We offer tailor-made solutions and services so that businesses can leverage the maximum benefits through us. We ensure that the delivery and quality parameters are met and remain committed to the best possible customer experience