Zenmonics was seeking to extend their channelUnited platform to public cloud infrastructure in order to meet market demand for a SaaS offering, starting with the Account Opening solution.
In response to this business need, Cascadeo delivered a comprehensive assessment of Zenmonics’ infrastructure in support of a planned public cloud deployment initiative. The assessment included a strategy and roadmap for cloud adoption to address Zenmonics’ requirements to:
- Offer a secure, industry-compliant solution
- Increase business agility and engineering velocity
- Ensure Disaster Recovery and Business Continuity capabilities.
Cascadeo is an AWS Premier Tier Services Partner for consulting. The company is an established cloud DevOps engineering firm focused on taking care of client cloud deployments so customers can focus on building products and services. The company specialize in architecting and building environments that require multi-technology dependencies, hybrid cloud solutions and connectivity, complex operational requirements, infrastructure automation, self-healing capabilities, predictive analytics, and continuous deployments. Building for operability and aligning with client business models, objectives, and roadmaps helps ensure success at scale.
Cascadeo and Zenmonics chose an AWS-centric solution, taking advantage of all the benefits of the AWS services. Cascadeo provided engineering and engagement management resources to support iterative development of the Zenmonics Cloud Platform. Zenmonics and Cascadeo co-developed the solution using an Agile-style development / DevOps methodology that allowed rapid, iterative development, and will allow Zenmonics to release new code to production frequently with a heavy emphasis on full-stack deployment automation and configuration management. This allows for fully repeatable deployments and end-to-end configuration management, implemented using Jenkins, CloudFormation, and Docker. Zenmonics developers can deploy and redeploy, the entire system at-will.
To tackle the networking solution Cascadeo worked with Semaphore (networking vendor) in order to provide a mesh network between: Bank’s core system -> VPN connection -> Semaphore Cloud -> DirectConnect -> AWS. This setup allowed API connections to the bank to be fully managed and give future ability for automation to quickly onboard new core systems.
Another key part was to provide Zenmonics the ability to handle DR/BC and achieve an RPO of 2 hours and an RTO of 8. In order to achieve this Cascadeo setup data replication using CloudBasic to from US-East-1 to US-West-2. Along with data replication Cascadeo used AWS bi-directional bucket replication to move logs and other stored data needed by the application to exist in both regions.
To cover the security aspect Cascadeo exposed the security groups, ACLs, and user roles to multi-stack scripts in CloudFormation making it easier to manage updates under change control and SDLC process. Cascadeo implemented a multi-account and VPC setup keeping in line with least access model through each of the environments and just in time authentication through AWS role assumption process. The spoke VPC setup has a management VPC that contains all of the shared resources with all of the other VPC spoked off of it through peering. This configuration allows access to each of the VPC to be restricted to only the security groups of the systems that need access. To further reduce exposure area, the only components in the public space are the OpenVPN and Application load balancer (not the backend service load balancer). Cascadeo also did an implementation of Okta, an SSO platform to take advantage of in depth logging across not only the AWS account but across all logins (i.e. Zenoss, OpenVPN, etc. ). Simple AD was utilized and linked to Okta for least privilege access to each of the boxes.
Amazon EC2, Amazon Elastic Container Service, AWS Fargate, AWS Lambda, Application Load Balancer (ALB), Amazon Auto Scaling, AWS Simple AD, Amazon Simple Storage Service (S3), Amazon Glacier, Amazon Elastic Block Storage (EBS),Amazon Elastic File System (EFS), Amazon RDS (SQL), Amazon VPC, Amazon CloudFront, Amazon Route 53, AWS Direct Connect, Amazon CloudWatch, AWS CloudFormation, AWS Systems Manager, AWS Command Line Interface, AWS Management Console, AWS Identity and Access Management (IAM), Amazon Cognito, AWS Certificate Manager, AWS Key Management Service, AWS WAF, Amazon Simple Queue Service (SQS), Amazon Simple Notification Service (SNS), Amazon Data Pipeline.
Third Party Software and Services:
Docker, Prometheus, Zenoss Core, Zendesk, Jenkins, Gitlab CI/CD, Okta, CloudBasic, Twistlock, Grafana
Zenmonics’ velocity, time to market, and business agility are all dramatically improved through frequent, full-stack deployment automation. Security continues to be at the forefront of Zenmonics’ offering and it is a component that can now easily be managed and keeping them within compliance. Zenmonics’ Customer sales offering has greatly improved by providing the ability to quickly onboard customers and either configure them into a multi- or single-tenant environment.
Cascadeo was engaged by Zenmonics to perform an initial assessment of selected systems and data center infrastructure in support of a planned public cloud deployment initiative. During the assessment, Cascadeo engineers demonstrated expert knowledge and ability to deliver crucial AWS-centric solutions. As a result, Zenmonics chose Cascadeo as their key AWS /infrastructure development Partner. Cascadeo developed a complete solution architecture and proposed a containerized / microservices approach, and the relationship expanded to include application-layer refactoring around AWS platform technologies.
Throughout the Design and Development phases: Cascadeo emphasized the importance of planning for IT Operations supportability. Cascadeo recommended infrastructure- and container- monitoring solutions and Zenmonics again selected Cascadeo to implement these technologies.
Based on Cascadeo’s knowledge and understanding of these technologies and the infrastructure they had developed – combined with Cascadeo’s long history of providing Tier 1 and escalated support and operational task management – Zenmonics selected Cascadeo as their Managed Services provider.
Cascadeo closely follows AWS best practices – focusing on the following cloud vectors:
- Security – Validating the information protection, systems, and assets; OS security patches utilizing documented, scheduled and automated process using SSM. And utilizing AWS Inspector for automating security assessment to improve the security and compliance.
- Reliability – Validating the ability of system to recover from infrastructure or service failures, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues.
- Performance – Validating the use of use computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve
- Cost Optimization – measuring the ability to avoid or eliminate unneeded cost or suboptimal resources by turning off services and environment with scheduled Lambda functions when not in use/operational.
- Operational Excellence– Validating the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures
Cascadeo continues to serve a strategic role as a key engineering partner, and a trusted Managed Services provider to Zenmonics.