Objectives
- Understand the current and future AWS network design and application architecture requirements
- Restructure the AWS network design to a more suitable AWS environment
- Facilitate web caching through AWS CloudFront Architect a low cost, highly available and scalable solution
Benefits
- High availability of the application and database and highly scalable to manage future high traffic loads
- Security of client data
- Monitoring and alerts on operational issues utilising AWS CloudWatch
Overview of the solution
The client’s turn-key solution allows a brand to drive shopper engagement and loyalty, while providing detailed analytics. The client can now be provided with the same insights and understanding of their environment, shoppers and tenants as a customer in the online world. Having access to this data is integral in leveraging the unique understanding of a shopper’s movements and preferences.
Prior to BBD, the client was running a full web stack digital platform utilising an AWS EC2 instance, developed using modern web frameworks and an open source relational database. This did not provide for high availability or scalability and had no initial web caching mechanism in place to obtain the website locally.
Due to the fact that customer data is integral to this project, the requirements included a network design encompassing strict security measures. BBD first manually configured the backup procedures to a robust and reliable automatic backup service provided by AWS. We utilised Amazon’s Relational Database Services (RDS) which is easy to set up, operate and scale.
The domain is hosted within Amazon’s Route 53, which has a 100% availability SLA and an Amazon Elastic File System (EFS) volume was created for storage of dynamic website data together with an EFS-to-EFS backup solution. The automatic backups of the RDS database and the EFS volume have been configured to run daily. The Simple Notification Service is configured to email the output of the backup events. The client also required bulk emails to be sent from their hosted instances, and operational alerts had to integrate into their Slack Chat channel, to enable them to receive alerts for particular AWS resource metric alarms and backup events. This integration was configured using a Lambda function and Amazon’s Simple Notification Service which was also configured to send bulk emails from the instances.
Approach
The programme focused on organisational systems and processes which provide a platform for sustainable banking innovation through the below initiatives.
Design of the technical architecture for the modernised payment processing programme, together with a roadmap focusing on modernised technical solutions. This aimed to deliver significant business value, while leveraging existing technology investments where feasible
Implementation of Vanguard, BBD’s business automation processor and its Quick Start processes. This message-oriented middleware switch functions as an orchestration engine that communicates with various systems in the client environment. These include core banking systems as well as more modern risk and credit vetting systems. Functionality provided by Vanguard spans client onboarding, card issuing, current and savings account as well as the supporting document processing
Analysis, design and development of management information system reporting to provide detailed daily operational metrics and statistics
This overall approach has led to excellent metric reporting, an quality of service to the client’s customers, consistent first-time resolution of issues and significant cost saving.
Although this was a demanding project, we utilised our co-shoring solutions to quickly scale to the required distributed teams comprising software engineers and business analysts.
Network design
A restructuring of the client’s AWS network design was done, keeping the following criteria in mind:
High availability
- Through the implementation of one Amazon Virtual Private Cloud (VPC) containing two availability zones, with each zone comprising a public and a private subnet – resulting in four subnets: two private and two public
Future network expansion and potential hybrid network
The IP ranges for the VPC and subnets had to be considered and compared to the client’s on-premises IP ranges. In line with best practice recommendations, BBD utilised non-overlapping ranges to cater for a potential future on-premises AWS Hybrid network design
Security
The network was divided into public and private subnets alllows for adequate security measures to be put in place, with additional subnets in a different availability zone ensuring high availability and resilience
The private subnets are used to store the application and database and are not directly exposed to the internet, with restricted access to the application instances via the load balancer and bastion hosts
- Security groups for the private subnets ensure stringent access to resources by allowing access from only the bastion hosts and elastic load balancer
- The RDS security group allows access from only the required instances in the AWS private subnets
The bastion host, which has been set up in the public subnets, allows secure access to the application and database instances in the private subnets
Client’s application and database migration
Database migration
- The relational database was migrated into Amazons RDS, which provides the benefit of a highly resilient and easily scalable service, configured for daily automatic database backups into Amazon’s S3 storage platform
- RDS instances deployed in a multi-AZ fashion have a 99.95% availability SLA, catering for high availability
- Backups were configured using Amazon’s RDS scheduled backup
Application scalability and high availability
- We implemented an internet-facing load balancer and auto-scaled the Amazon EC2 instances
- The auto-scaling group manages the number of EC2 instances to be started, according to the capacity required. This setup will also provide high availability
- AWS provides a 99.99% availability SLA for EC2 deployed in a multi-AZ fashion
Local caching of website data
Amazon’s CloudFront was implemented to gain the benefit of the local caching of website data, as well as the highly-resilient Amazon backbone network for superior performance and availability for their end users
Impact of BBD’s partnership
Our certified AWS professionals were able to use their knowledge and experience to quickly leverage the ability and scale of the cloud and migrate the client’s existing applications, designing a customised cloud solution for the client. Minimal to no downtime during the migration also resulted in operational cost savings.
View all case studies