BackgroundACE Security Portal (ASP) is a leading provider of unified cyber risk management and security analytics - enabling stakeholders, governance organizations, and security teams to effectively manage technology risk at the speed of business.
ChallengeAs the business grew, ASP deployments quickly became complex as many VPCs were created for the growing customer base. In addition, configuration for shared infrastructure also became more complex with hundreds of customization parameters saved in various configuration files. Tracking , cataloging, and managing these configuration parameters became a bottleneck for ASP growth.
SolutionUse of containers-based application deployment model was adopted instead of running services on native OS/java. Containers offer a consistent and identical run time environment irrespective of the underlying infrastructure. So it was decided to replace the fleet of EC2 with an ECS cluster.
Adopting Active configuration management. As configuration management got complex, configuration data was stored in a Key/Value database. A dedicated UI dashboard was created to standardize entry of new and updates to existing data. This standardization would enable ASP to on-board new customers and initialize a new environment with the push of a button. Active configuration management brought tremendous agility in bringing up new subscribers, as teams other than IT can quickly have insight into what has been provisioned for a subscriber.
Fargate as compute provider: Due to the extensive EC2 fleet provisioned on demand and scale out based on workload, a large EC2 fleet was active at all times. Patching this fleet for security vulnerabilities was tedious and time consuming . AWS Fargate compute provider frees up customers from maintaining security patches for core OS and libraries.