CLOUD MIGRATION, DEPLOYMENT &

MANAGED SERVICES

SERVICES

Start Date – 12th December 2018 Status – In Progress

HELPED BLS INTERNATIONAL ACHIEVE A SCALABLE AND SECURE INFRASTRUCTURE WITH CLOUD MIGRATION, DEPLOYMENT & MANAGED SERVICES.

CLIENTOVERVIEWA recognized pioneer in the arrangement of Government to Citizen (G-to-C) administrations, Company has earned itself an immaculate notoriety for setting benchmarks in its space of skill. This mission for magnificence has seen its development exponentially, finished the most recent twelve years, to set up itself as an accomplice of decision for customer governments around the world. Utilizing its overwhelming position and business openings in fast development advertises, the association is presently ready to drive transformational advancements in the G-to-C Business all inclusive.

CUSTOMER OBJECTIVE

LANDSCAPE

Client’s quest for excellence has seen its growth exponentially, over the past decade, to establish itself as a partner of choice for G-to-C Business worldwide. With its dominant position and business opportunities, client wanted a highly scalable IT infrastructure which is also Esquema Nacional de Seguridad (ENS) High certified.

•

OS PLATFORMSWindows & Linux

SOLUTION APPROACH

Assessment & Solution• Assessment of the existing architecture and existing network and security configuration• Migrating the production environment onto AWS, setting up AWS infrastructure.• Cost optimization of AWS infrastructure after migration of the production environment.• AWS EU (Frankfurt) region was chosen for hosting the severs for compliance as the AWS EU region is covered by ENS high certification.• AWS Web Application Firewall (WAF) & Shield were deployed for security for web application and Distributed Denial of Service (DDoS)• Multi A-Z environment was deployed to host the web-servers and applications servers of Linux and Windows • Enabled IP whitelisting for internal Private IPs• Elastic Load Balancing (ELB) was deployed to reduce latency• Amazon Elastic File System (Amazon EFS) was used to provides simple, scalable, elastic file storage • Amazon CloudWatch, AWS CloudTrail and AWS Config were used for monitoring, governance and evaluation of the AWS infrastructure.

Deploymenti. After the solution was agreed upon, smooth deployment process was initiated which also included educating the customer on the ease to move and start on cloud.ii. The deployment planner had all the milestones and timelines mentioned which ensured that the project was completed on time with the sheet.

Validatei. Post successful deployment of resources on cloud, the infrastructure was validated on all the pointers (security, accessibility, etc.) before handing it over to the client.ii. After the application was tested by the customer on all the parameters, a cut-over date was agreed for Go-Live.iii. Post Go-Live, a validation tracker was sent to the customer, which ensured all the agreed activities had been done.

Transitioni. Smooth transitioning and handover to support was ensured by having proper KT sessions with the team and introducing them to the customer. ii. Inventory, Credentials, Security Status, Server Hardening & Patching, best practices operational checklist were handed over.

Tools and services usedi. Native AWS monitoring services (CloudWatch, CloudTrail, Config) for auditing and monitoring. Also, the Nagios XI, one of the third-party monitoring tools, was configured to monitor the infrastructure . ii. Integration of both Native and other monitoring tools with ITSM platform (Symphony Summit) made a good experience for real-time incident management. Even, change and CI items were managed properly. iii. Centilytics is used as the cloud management platform for providing better visibility and manging spends on the cloud, Also, Reporting, Governance was made easy through this tool.

•

•

•

• Migrating to an infrastructure which is highly available, scalable, secure and is also Esquema Nacional de Seguridad (ENS) certified. • Securing the web application from cyberattacks. Protection from Distributed Denial of Service (DDoS) for their website and application.

OPERATIONAL BEST PRACTICES

1. Patching AutomationAWS Systems Manager Patch Manager automates the process of patching managed instances with security-related updates. For Linux-based instances, you can also install patches for non-security updates.

2. Backup & DRFor Backup of EC2 instances, native image based incremental backup will be triggered & which will further be integrated with our in-house auto-backup tool for automatic scheduling & alerting for every successful & unsuccessful backup.

3. Firewall & SecurityAWS EU (Frankfurt) region was chosen for hosting the severs for compliance as the AWS EU region is covered by ENS high certification.AWS EC2 Security Groups will act as the firewall to allow the access only from defined IPs in the security rules. VPC Flow logs have also been proposed (as a future roadmap) which is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC.

4. Tagging RecommendationsAWS Resource were tagged as per agreed naming convention & AWS best practices

DESIGN CONSIDERATIONS

Security by design solution architectureSegregation of subnets based on workload.S3 bucket was created for storing objects.

SOLUTION ARCHITECTURE

••

•

24X7 Monitoringfrom Progressive NOC

Cloud Watch& Cloud Trail

Public Subnet

MySQL Slave(Not Active yet)

VPC

Amazon glacier

S3 Bucket

Backup

Linux ApplicationServer

windows ApplicationServer(Not Active yet)

Availability Zone 2

MySQLLinux ApplicationServer

windows ApplicationServer

MySQLMySQL

Web Server Linux

RAS

Web Server Linux

Public Subnet

Public Subnet Public Subnet

Availability Zone 1

AWS EU (Frankurt) Region

VPN GatwayCustomer

On-Primises

P2S VPNconnection

Users

SERVICES USED

EC2 VPN GATEWAY SECURITY GROUPS CLOUD TRAILCLOUDWATCH

OUTCOMES

AWS was the cloud of choice with which client could move faster, operate more securely, and save substantial costs; all while benefitting from the scale and performance of the cloud and Amazon Web Services (AWS) is Esquema Nacional de Seguridad High certified. This certification establishes security standards that apply to all government agencies and public organizations in Spain, and service providers on which the public services are dependent on.

The customer has opted 24x7 managed service support where Progressive Infotech is offering Proactive Monitoring, support, advisory, and management of the infrastructure. As part of the managed service deliverables, Progressive Infotech is committed in providing better customer experience through Alert Management, Security Controls, Infrastructure & Cost Optimization. scheduler has been enabled for the required business hours.

AWS CONFIG S3

© Progressive Infotech Pvt.Ltd. 2019

AWS WAF AWS SHIELD ELB