Most of new and existing customers of EPAM Cloud Computing Competency Center eventually face problems they cannot resolve on their own. This is when we receive requests to review their infrastructure and solve issues
related to cloud computing and cloud services. This case study has been drawn up based on
actual project experience. It addresses our cooperation with a big European customer who uses Amazon Web Services (AWS) as a hosing for their infrastructure. The project lasted for one week and has been successfully completed.
1. EPAM Cloud Problem Resolution Consulting
EPAM Cloud
Problem Resolution
Consulting
1 │ EPAM SYSTEMS, INC.
May 2013
2. EPAM Cloud Problem Resolution Consulting
Abstract
Most of new and existing customers of
EPAM Cloud Computing Competency Center
eventually face problems they cannot resolve
on their own. This is when we receive requests
to review their infrastructure and solve issues
related to cloud computing and cloud services.
2 │ EPAM SYSTEMS, INC.
This case study has been drawn up based on
actual project experience. It addresses our
cooperation with a big European customer who
uses Amazon Web Services (AWS) as a hosing
for their infrastructure. The project lasted for one
week and has been successfully completed.
3. EPAM Cloud Problem Resolution Consulting
Request Receiving
Initially we received a request to review
infrastructure and suggest possible solutions
for issues experienced by the customer at that
time.
The request itself consisted of two parts:
•
infrastructure plan
•
problems description
The challenge faced by this project has been
amplified as the technical person responsible
for all hardware and cloud part configuration
had left the company and there was no one able
to perform any changes to the infrastructure.
The customer’s technical staff did not include
cloud experts.
The project infrastructure consisted of two parts:
•
Data Center (DC) with dedicated hardware servers
3 │ EPAM SYSTEMS, INC.
•
AWS Virtual Private Cloud (VPC) with
running virtual instances
DC and AWS facilities are connected by a VPN
handled by a Cisco ASA device from the DC
side and a single m1.small instance from the
AWS side. The VPN connection is sometimes
unstable, inciting the customer to perform a
refactoring of this solution.
The application that hosted under AWS is
located in a combination of private and public
VPC subnets and uses internal and external
Elastic Load Balancers (ELBs). One of the major
issues with the ELBs is their IP addresses can
be changed anytime. An ELB instance can be
scaled up or down, depending on request rate
or traffic load. The customer uses CNAME DNS
records to assign a domain name to ELB. This
is why when an ELB’s IP changes, subdomain
experience propagation and resources become
unavailable.
4. EPAM Cloud Problem Resolution Consulting
Request Review
Having received a request, we performed its
initial review and prepared a list of questions
to be sent to the customer’s technical team
regarding the infrastructure and related issues.
Our team went through every part of project
and found different ways to solving the issues
4 │ EPAM SYSTEMS, INC.
that customer faced. After consideration of the
possible solutions we decided to establish a call
with customer’s technical team to clarify some
points and to provide them with suggestions
regarding the infrastructure improvements.
5. EPAM Cloud Problem Resolution Consulting
Meeting with
Customer’s Team
Meeting the customer’s team usually takes
form of a call including experts, managers and
technical people, who consider and decide to
go on with specific solutions.
On our first meeting with the technical team
from the customer side we provided them an
exhaustive explanation of service workflows
and suggested to perform changes to the
infrastructure.
The VPN issue could be solved using default
VPC tools of Customer Gateway and Virtual
Private Gateway. This method allowed
connecting the customer’s hardware gateway
to a VPC network with IPSec VPN. It would be
5 │ EPAM SYSTEMS, INC.
monitored and maintained by AWS. Besides
the ease of configuration and maintenance it
also had a financial advantage. This solution
was twice cheaper than what they had at the
moment.
The ELB IP change issue has a solution of using
Amazon Route53 DNS service. It has complete
integration with ELB and when a subdomain is
pointed to ELB as A record with Alias, ELB IP
change does not influence on availability of a
resource. DNS propagation is minimal.
After this explanations customer’s team decided
to consider this solutions and asked us to go
deeper into the infrastructure and find points to
6. EPAM Cloud Problem Resolution Consulting
Deep Analysis
After receiving a request to analyze the AWS
infrastructure closer, we started from the
following points:
•
security
•
financial efficiency
•
cloud services optimization
From the security point of view, the project had
a significant breach. In order to log in to the
AWS console all project members used root
credentials. This account has full control over
all services, financial and reporting settings.
Root account security breach could be fixed by
using AWS Identity and Access Management
(IAM). This service provides personal user
accounts with complete integration to various
6 │ EPAM SYSTEMS, INC.
services. Users could be divided to groups
and assigned with different access policies.
In order to work in a big team of developers
and operationsб IAM is a must-have security
application.
When we were reviewing the infrastructure, we
noticed that it contained more than 50 servers
running 24/7. However, the customer did not
reserve any of these instances.
In this case reserving instances could save up
to 65% of expenses for compute resources.
Virtual machines that run 24/7 have to be
covered by Heavy Utilization Reservation that
has the biggest upfront fee, but the lowest price
of per-hour instance work.
7. EPAM Cloud Problem Resolution Consulting
Final Overview
After a week of cooperating with the customer’s
technical team we achieved the following
results:
•
Issues experienced by the application
have been solved with no downtime.
•
Infrastructure security situation has
been reviewed and dramatically improved by means of AWS Identity and
Access Management.
•
After reserving EC2 instances, the customer saved more than 40% of monthly
costs for compute resources.
7 │ EPAM SYSTEMS, INC.
As a consequence of this successful
cooperation, the customer decided to continue
their contract with EPAM for a long term.
One of EPAM Cloud Computing Competency
Center experts became a permanent AWS
consultant on this project.