The Challenge
Skyland Analytics wanted an easy way to improve their responsiveness to customers by launching customer-specific resources with a click of the button instead of spending months manually developing a new customer environment every time they needed one. To accomplish this, Skyland engaged Stelligent to migrate their Centralized Limit Management (CLM) application onto AWS to exploit the power of the AWS-automated infrastructure.
While their existing application was originally running on Heroku, Skyland was interested in using Stelligent’s DevOps Management Service, along with the mu Microservice Framework, to take advantage of the codified nature of the environments that Stelligent offers. Stelligent created mu to simplify the declaration and administration of the AWS resources necessary to support microservices and make it far easier for developers to use Amazon EC2 Container Service as a microservices platform.
Stelligent and AWS Solution for Skyland
Stelligent used Stelligent mu, a great open source tool to orchestrate the automated provisioning of an AWS CodePipeline pipeline. This gives Skyland the ability to provision entire pipelines and automatically build and deploy their application onto AWS. This happened in four stages:
- Commit Stage for polling code changes to the Skyland GitHub repository
- Build Stage that built the dockerized CLM application and pushed the newly built image into an AWS EC2 Container Registry (ECR)
- Acceptance Stage that deployed the entire QA environment and associated AWS resources for testing purposes
- Production Stage that deployed the production environment and all of AWS resources associated with it
Using mu, Stelligent automated the provisioning of Virtual Private Clouds (VPCs) and Amazon Elastic Compute Cloud (EC2) security group resources. Mu configured these resources in line with the industry’s security best practices by following the methodology of least-privilege-access and configured and deployed AWS resources into both public and private subnets. Public subnets are used for the Application Elastic Load Balancer for ECS clusters while private subnets are used for both ECS instances and Amazon Database Service (RDS) databases to ensure the application and its data are blocked off from unauthorized individuals and the open internet. This gives Skyland the ability to set up secure virtual networks for both their own internal AWS environments as well as their customer’s AWS environments.
Stelligent mu also orchestrated the automated provisioning of Amazon ECS (Elastic Compute Container Service) clusters, which are the container-optimized compute clusters that run the dockerized CLM application. These ECS clusters are distributed across multiple subnets/availability zones, making the solution highly available. Automated provisioning of auto-scaling groups for the AWS ECS cluster instances also provides fault tolerance and scalability. Now, Skyland can automatically deploy highly available, fault-tolerant environments and, through mu, can adjust the auto-scaling configuration of ECS instances to fit their needs and the needs of their customers. With auto-scaling, mu creates self-healing environments—instances that will replace themselves in case of failure—which will automatically scale instances up and down to allow the application to always be available.
In addition, mu orchestrated the automated provisioning of AWS databases that are used by the CLM application. These databases are provisioned with industry-standard security best practices in mind. They were deployed into private subnets and locked-down Network Access Control List (NACL) and database security group rules. Using mu, RDS databases can also be configured to be highly available with the use of AWS RDS Multi-AZ failover configuration. With mu provisioning RDS databases for the application, Skyland can create highly available and strongly secured databases.
Stelligent scripted out and automated the provisioning of an AWS CodePipeline, which creates custom ECS Amazon Machine Images (AMIs) that are used for the ECS instances in the AWS account. These custom AMIs are configured with Alert Logic network monitoring to provide additional network security to all instances deployed in the AWS account. Whenever the Amazon ECS-optimized AMI gets updated with security patches, the CodePipeline automatically kicks off and builds a new custom ECS AMI with the latest patches. With the initial task, Stelligent used the mu Framework to automate the process and provision all the resources that house and power the application.
The Benefits/Results
The infrastructure automation and some other benefits provided by mu allowed Skyland to perform the following:
- Improve customer responsiveness — Skyland’s customers can now have their own set of resources in Amazon, secured inside their own virtual, private network
- Improve operational efficiency — Skyland can provision and deprovision environments at will and without the need for assistance. This enables them to operate quickly and efficiently, saving deployment time and lowering development and testing costs
- Improve security — Skyland can enable high levels of network security by provisioning AWS VPC and EC2 Security resources by using mu and the best practices of least-privilege access
Summary
By migrating their application to AWS, Skyland Analytics can now quickly deploy customer sites on demand, even when customers are using different versions of their software. This allows the organization to quickly service their customers and eliminates the need and costs associated with manually developing sites for new customers.
Stelligent was also able to provide Skyland with a cost-efficient system using Stelligent mu framework, which made it easier and faster for Stelligent developers to use ECS as a microservices platform.