Transcription
CASE STUDYCLOUD & OPERATIONSAWS Cloud Migrationfor Global TravelCompany’s LegacyHR Application
IN THISCASE STUDYHR Application MigrationCloud MigrationAmazon Web Services (AWS)Amazon CloudFormationSecDevOpsInfrastructure as Code (IaC)Technical OnboardingSITUATION &BUSINESSCHALLENGEThe human resources information systems(HRIS) division of a large global travelcompany was facing a hard deadline tomigrate a legacy data application into theAmazon Web Services (AWS) cloud. Theapplication was a repository of personallyidentifiable information (PII) employee data infour SQL databases with 52 attached drives.The HR IT group started the AWS migrationbut had challenges. The internal team wasnot aware of best practices arounddeployment automation and security,specifically in cloud environments. Aftersetting up an initial lab environment and afailed security review, the project wasblocked from forward progress.While other IT groups within the companypossessed sufficient knowledge to set up thisenvironment, HRIS was wary of exposing thesensitive employee data to workers outsideits division. The group needed expertise fromoutside the company and searched for aconsulting firm to lead the project.AIM Consulting had a large on-site consultingpresence at the travel company, and hadearned a solid reputation in cloud afternumerous large-scale AWS engagements inits IT group, and providing ServiceNowexpertise to HRIS. Based on this reputation,HRIS chose AIM to lead the migration.1
SOLUTIONA cloud architect from AIM’s Cloud &Operations practice worked closely with theHRIS team to engineer a solution thatcorrected the lab environment and built thefoundation for the production environment,evangelizing AWS best practices andeducating the team to manage and maintainthe solution in the future.AIM led the engagement through threedistinct phases:Discovery PhaseWorking with the client team’s primarysystem admin and a data scientist, AIManalyzed the current application environment,which was laden with old human-readableconfig files, while helping the team todiscover suitable AWS resources forthe migration.During this phase, AIM helped to demystifythe cloud by introducing several concepts:Cloud Fundamentals: Starting with smallbuilding blocks and walking the teamthrough the process of creating the basenetwork in the AWS cloud. AIM planned tocomponentize the application to enable asmooth migration.Lift-and-Shift: Migrating SQL instances toEC2 while showing how to attach storagein the cloud.Infrastructure as Code: UsingInfrastructure as Code (IaC),CloudFormation templates, andversion control for IaC artifacts sothe team could step away fromunnecessary documentation.Evangelizing Cloud Scalability:Providing knowledge transfer to the clientteam on scalability concepts, such asautoscaling and the use of AmazonMachine Images (AMIs) as backupmechanisms for fully configured servers.SecDevOps: Embedding security into theentire process, teaching the concepts ofapplication firewall rules known as AWSsecurity groups, and identity and accessmanagement (IAM) roles. By bakingsecurity into the CloudFormationtemplates, security rules could be easilyupdated as the team moved moreapplication components to the cloud. Thisalso enabled the team to easily passsecurity reviews prior to production releaseand launch.2
Implementation PhaseAIM began to migrate the solution usingthese foundational concepts, involving theclient team more as the project evolved.Toward the end of this phase, the client wasable to own much of the migration processwhile AIM served as more of a subject matterexpert for AWS.AIM’s architecture design for the lab/devenvironment passed its security designreview, enabling the team to learn andexperiment more with AWS under lesspressure. AIM deployed the lab/devenvironment servers in the cloud,troubleshooting which ports to open andshowing how to lock them down properly.Next, the security design review for theproduction environment was approved within24 hours of its submittal. Subsequently, AIMdeployed the network in the Amazon VirtualPrivate Cloud (VPC), and then guided theteam in migrating the production servers viaCloudFormation templates, using the lessonslearned from the lab/dev environment. Theenvironment hosted both the legacyapplication and a newer serverlessapplication leveraging Lambda, APIgateways, and Dynamo DB, set up in ascalable multi-availability zone format (one ofthe benefits of the elastic cloud evangelizedby AIM) so that if one datacenter goes offline,the application can still run in the other.AIM highly emphasized SecDevOps bestpractices during implementation, followingthe company’s enterprise risk and security(ERS) protocols. This proved challenging,particularly with the requirement that anyoutbound traffic to the Internet be routedthrough a proxy server and only to adynamically changing whitelist ofaccessible URLs.AIM solved the problem with the use ofa secondary proxy server and leveragingblue/green deployment methodologywith CloudFormation stack updates todynamically change the outbound routesto a secondary proxy server.3
Knowledge Transfer PhaseAt this point the project was fully handedoff to the internal client team, whichcompleted the migration under AIM’scontinuing supervision. AIM ensured that allIaC artifacts were fully checked into versioncontrol and that every aspect of the projectwas fully documented, providing a clearpicture of the solution architecture, resourcesand dependencies.AIM also had one-on-one meetings withevery team member to reviewdocumentation, the end-to-enddeployment process, troubleshooting,and cover any questions.The team had brought in an assistant to theprimary system administrator, a junior techworker with no cloud experience. Throughreading material, offline technical reviews andhands-on practice, AIM fully trained the newadmin resource on AWS administration bestpractices and on the solution itself, quicklybringing the worker to sufficient competency.To conclude the engagement, AIM provided aroadmap of recommended elements toimprove the environment over time, includingadditional monitoring and notifications, a listof 20 best practices to address greaterscalability, redundancy, enhanced automationfunctions, and cost-saving tips likeimplementing Amazon’s EC2 Schedulerfor powering down the solution duringnon-business hours.4
RESULTSThe legacy data application is now running inproduction in AWS, expertly architected,configured, embedded with security, andmanaged by a well-trained internal teamembracing best practices. The clientorganization had full support from theleadership team to embrace the cloud anddevops throughout the division. This enabledteam members to learn and led to a smoothengagement throughout.AIM’s engagementrepresented the turningpoint for the team towardembracing the cloud inevery aspect, leading to apositive culture change.Additionally, the HR department now has amuch better reputation with the company’ssecurity group for completing the duediligence in ensuring that all levels of securityare managed for the implementation.A critical side-effect from the project camefrom AIM’s work with the data scientist, whodiscovered during the security design reviewthat many more people within the companyhad access to the PII data than wasnecessary. This has made the team morevigilant about access to the data, and thedata scientist has implemented acompany-wide set of best practices for PIIdata and compliance standards as a result.
Need help executingon your cloud strategy?AIM’s cloud migration andworkload experts can guideyou from beginning to end.AIMConsultingprovides:Assessmentof your cloudarchitecture andapplicationworkloadrequirementsRe-toolingyour applicationsand services tosupport working inthe cloudCLOUDASSESSMENTASSASE S S COSPROOF OFCONCEPTTBUA R C H I T E C T U RESESSASSE S S S E C U R I TYLDATAMIGRATIONEVI L D P I LOTERAGESTORAGELEVERAGECLOUDS C A LEA U T O M ATET ESTLEARN MORE:aimconsulting.comOPTIONM I GRATESMIGRATEAPPLICATIONMIGRATIONOPTIMIZATIONM O N I T ORR E D E S I GNTrainingyour IT staff to runand support yournew cloud-basedapplicationsUpdating anddocumentingservice levelagreements andsupport processesrunning in the cloud
earned a solid reputation in cloud after numerous large-scale AWS engagements in its IT group, and providing ServiceNow expertise to HRIS. Based on this reputation, HRIS chose AIM to lead the migration. HR Application Migration Cloud Migration Amazon Web Services (AWS) Amazon CloudFormation SecDevOps Infrastructure as Code (IaC) Technical .
