Background
ACE Security Portal (ASP) is a leading provider of unified cyber risk management and security analytics – enabling stakeholders, governance organizations, and security teams to effectively manage technology risk at the speed of business.
Challenge
As the business grew, ASP deployments quickly became complex as many VPCs were created for the growing customer base. In addition, configuration for shared infrastructure also became more complex with hundreds of customization parameters saved in various configuration files. Tracking, cataloging, and managing these configuration parameters became a bottleneck for ASP growth.
Solution
The use of a containers-based application deployment model was adopted instead of running services on native OS/java. Containers offer a consistent and identical run time environment irrespective of the underlying infrastructure. So it was decided to replace the fleet of EC2 with an ECS cluster.
They were adopting Active configuration management. As configuration management got complex, configuration data was stored in a Key/Value database. A dedicated UI dashboard was created to standardize the entry of new and updates to existing data.
This standardization would enable ASP to onboard new customers and initialize a new environment with the push of a button. Active configuration management brought tremendous agility in bringing up new subscribers, as teams other than IT can quickly have insight into what has been provisioned for a subscriber.
Fargate as compute provider: Due to the extensive EC2 fleet provisioned on demand and scale out based on workload, a large EC2 fleet was always active. Patching this fleet for security vulnerabilities was tedious and time-consuming. AWS Fargate compute provider frees up customers from maintaining security patches for core OS and libraries.
Results
The use of Fargate eliminated the need for security and patching of the EC2 fleet, thus saving ASP engineers countless hours of tedious and repetitive tasks. Fargate-based ECS cluster helped in security audits of the solution. Also, the security scanning of Docker containers was much more straightforward than patching the OS and libraries of the EC2 fleet.
The speed of provisioning significantly increased, and new solutions could be provisioned in hours and days rather than weeks. The need for technical staff that would oversee a new subscriber infrastructure provisioning was significantly reduced.
Committed to delivering the best
Thousands of AWS and CNCF-certified Kubernetes solution partners have unique expertise and focus areas. Our focus is on best practices in security, automation, and excellence in Cloud operations.
Please reach out to us if you have any questions.
