About the client
Manufacturing
Singapore
A visionary solar panel design and manufacturing company headquartered in Singapore, the customer has a global reach extending to over 100 countries and is a leader in the realm of solar innovation. With access to over 1,000 patents and two best-in-class solar panel product lines, their products span the global rooftop and solar power plant markets through a network of more than 1,700 trusted partners and distributors.
With over 35 years of pioneering experience in sustainable solar manufacturing, the customer’s legacy is one of environmental responsibility and forward-thinking innovation. This rich history has earned the company multiple prestigious awards, cementing its position as a leader in cutting-edge solar technology.
Challenge
Overcoming on-premise limitations and potential issues with availability, performance, cost
All the customer’s applications were hosted in an on-premise data centre in Singapore. This set-up meant potential issues with availability, performance, as well as cost. In addition, the arrangement presented challenges of business continuity in the event of any disaster or operational problems.
Manufacturing facilities for the customer are peppered across the globe in Malaysia, the Philippines, the US, and the EU. They were prone to unforeseen downtime from environmental and operational reasons and required manual restarts. As a result, the operations were hampered by sporadic downtimes and extended recovery durations, causing inefficiency, inability to meet production targets, potential business losses, and also compromised client commitments.
The customer was looking to migrate the application from on-premises to the public cloud to address the limitations of relying exclusively on an on-premise solution. AWS turned out to be the perfect fit – Migrating the applications to AWS would help optimize performance and cost, and enhance availability, security and Business Continuity imperatives including a Disaster Recovery(DR) environment for production applications. The migration would also help address resource constraints, the rising capital costs of infrastructure and support growth.
Now, they required a strong cloud partner to support them with the migration of their existing environment to the AWS cloud. Additionally, the partner had to be skilled in utilizing infrastructure-as-code (IaC) to establish the required infrastructure while prioritizing the applicable security and compliance prerequisites for the customer’s environment. As a seasoned premier partner of both HashiCorp and AWS, Cloud Kinetics had the expertise and specialization in infrastructure monitoring that the engagement required.
Solution
Migrating to AWS & streamlining operations through DR capabilities & IaC
Cloud Kinetics recommended a holistic, tailor-made solution with various focus areas that aligned with both business and operational imperatives:
- Cost optimization: Optimize AWS cost consumption, including that of Transit Gateway
- Security: Enhance security by adhering to the CIS benchmark and implementing improved account security policies
- Business continuity: Improve the current architecture to achieve high availability and disaster recovery (DR) capabilities for critical applications and databases. Create a robust DR plan that includes replication and failover strategies to ensure minimal downtime during operational disruptions. Improve current architecture with high availability and DR
- Operational excellence: Implement Infrastructure-as-Code (IaC) using Terraform to automate the provisioning of resources, enhancing operational efficiency and reducing manual errors
The solution was divided into two key aspects:
1. Redesign of AWS architecture based on the Well-Architected Framework
- Re-baseline the existing multi-account architecture to best practices
- Review existing multi-account setup and creation of OUs based on department and other requirements
- Upgrade of Landing Zone with Control Tower to the latest version and Implement SCPs
- Ensure adherence to mandatory guardrails and select proactive and optional controls for enhanced security and operational excellence
- Conduct a comprehensive review of the Security Account, configuring necessary services across all accounts
- Ensure all the necessary services are set up in all accounts
- Implement IAM Access Analyzer for enhanced access management transparency
- Implement a Bastion host for secure remote access management
- Design high-availability solutions for critical systems to ensure continuous operation
- Optimize costs related to the AWS Transit Gateway for efficient resource utilization
- Implement centralized firewall management using Firewall Manager, integrating security groups and Palo Alto firewall for Network Account (Infra-OU)
- Perform workload migration between accounts to meet departmental requirements
- Enforce resource tagging at the OU level for improved resource management and cost allocation
- Migrate Virtual Machines from on-premise to AWS to facilitate the cloud transition
2. Disaster Recovery and Infrastructure-as-Code (IaC) Implementation
- Develop a comprehensive Disaster Recovery (DR) strategy for applications and databases, including Oracle and MSSQL, ensuring data integrity and minimizing downtime during disruptions.
- Utilize Infrastructure-as-Code (IaC) principles using Terraform to automate the provisioning and management of resources on AWS and VMware environments.
Success Metrics
A more efficient, secure, and resilient AWS environment
The project’s quantitative and qualitative results demonstrate significant improvements across all areas, including cost reduction, security compliance, uptime, deployment efficiency, and alignment with the Well-Architected Framework. These enhancements collectively contributed to a more efficient, secure, and resilient AWS environment that aligns with industry best practices and organizational goals.
The results are categorized based on the key objectives of the project related to enhancing the existing AWS infrastructure to optimize costs, improve security, ensure business continuity, achieve operational excellence, and enhance the AWS posture following the Well-Architected Framework guidelines.
Cost optimization
Strategy: Implement cost-saving measures across the AWS environment, including optimizing the usage of Transit Gateway to reduce data transfer costs.
Quantitative Results:
- Target Reduction of Data transfer costs by 45% through optimized usage of Transit Gateway.
- Target Monthly AWS billing reduction by 18% following the implementation of cost-saving recommendations from AWS Cost Explorer.
Security
Strategy: Enhance security by aligning with CIS (Center for Internet Security) benchmarks and improving AWS account security policies.
Quantitative Results:
- Achieve 90% compliance with CIS benchmarks for security.
- Reduction of unauthorized access incidents by 99% after enforcing multi-factor authentication (MFA) across AWS accounts.
Business continuity
Strategy: Improve architecture for high availability and disaster recovery (DR) to ensure business continuity.
Quantitative Results:
- Target achievement of 99.99% uptime for critical services through multi-region deployment.
- Reduce recovery time objectives (RTOs) by 50% with automated disaster recovery procedures.
Operational excellence
Strategy: Implement Infrastructure as Code (IaC) using Terraform to enhance operational excellence and streamline resource provisioning.
Quantitative Results:
- Target to reduce deployment time by 60% with Infrastructure as Code using Terraform.
- Achieved consistent resource configurations across multiple environments.
Well-Architected Framework enhancement
- Enhanced the AWS posture by aligning with the Well-Architected Framework guidelines.
- Conducted a thorough review of the existing architecture against the five pillars of the Well-Architected Framework.
- Addressed identified gaps and implemented best practices for security, reliability, performance, cost optimization, and operational excellence.
The Cloud Kinetics team collaborated closely with AWS and the other partners to provide an integrated solution tailored to the customer’s needs. Leveraging HashiCorp’s tools like Terraform, Cloud Kinetics was able to automate infrastructure as code (IaC) to build, change, and version infrastructure safely and efficiently. By working in tandem with AWS and HashiCorp, Cloud Kinetics optimized the cloud environment to provide an infrastructure that is resilient to the challenges faced by the client. In addition, real-time monitoring solutions from Dynatrace and Datadog helped to ensure issues could be pre-emptively identified and mitigated, reducing the chances of plant shutdowns.
The client commended Cloud Kinetics’ in-depth understanding of industry- and company-specific challenges, as well as the breadth and depth of Cloud Kinetics’ solutioning capabilities, which resulted in holistic outcomes.
By adopting Infrastructure-as-Code (IaC) with Terraform, the customer gained the ability to provision and manage resources quickly and consistently. This increased agility enabled the customer to respond to market demands more rapidly. Automation through IaC streamlined resource provisioning, configuration and management, reducing manual errors and enhancing operational efficiency. The customer’s environment also became more agile, enabling them to adapt to changing requirements and security protocols with ease.