EPAM Cloud Problem Resolution Consulting 1 EPAM SYSTEMS, INC. May 2013
Abstract Most of new and existing customers of EPAM Cloud Computing Competency Center eventually face problems they cannot resolve on their own. This is when we receive requests to review their infrastructure and solve issues related to cloud computing and cloud services. This case study has been drawn up based on actual project experience. It addresses our cooperation with a big European customer who uses Amazon Web Services (AWS) as a hosing for their infrastructure. The project lasted for one week and has been successfully completed. 2 EPAM SYSTEMS, INC.
Request Receiving Initially we received a request to review infrastructure and suggest possible solutions for issues experienced by the customer at that time. The request itself consisted of two parts: infrastructure plan problems description The challenge faced by this project has been amplified as the technical person responsible for all hardware and cloud part configuration had left the company and there was no one able to perform any changes to the infrastructure. The customer s technical staff did not include cloud experts. The project infrastructure consisted of two parts: Data Center (DC) with dedicated hardware servers AWS Virtual Private Cloud (VPC) with running virtual instances DC and AWS facilities are connected by a VPN handled by a Cisco ASA device from the DC side and a single m1.small instance from the AWS side. The VPN connection is sometimes unstable, inciting the customer to perform a refactoring of this solution. The application that hosted under AWS is located in a combination of private and public VPC subnets and uses internal and external Elastic Load Balancers (ELBs). One of the major issues with the ELBs is their IP addresses can be changed anytime. An ELB instance can be scaled up or down, depending on request rate or traffic load. The customer uses CNAME DNS records to assign a domain name to ELB. This is why when an ELB s IP changes, subdomain experience propagation and resources become unavailable. 3 EPAM SYSTEMS, INC.
Request Review Having received a request, we performed its initial review and prepared a list of questions to be sent to the customer s technical team regarding the infrastructure and related issues. Our team went through every part of project and found different ways to solving the issues that customer faced. After consideration of the possible solutions we decided to establish a call with customer s technical team to clarify some points and to provide them with suggestions regarding the infrastructure improvements. 4 EPAM SYSTEMS, INC.
Meeting with Customer s Team Meeting the customer s team usually takes form of a call including experts, managers and technical people, who consider and decide to go on with specific solutions. On our first meeting with the technical team from the customer side we provided them an exhaustive explanation of service workflows and suggested to perform changes to the infrastructure. The VPN issue could be solved using default VPC tools of Customer Gateway and Virtual Private Gateway. This method allowed connecting the customer s hardware gateway to a VPC network with IPSec VPN. It would be monitored and maintained by AWS. Besides the ease of configuration and maintenance it also had a financial advantage. This solution was twice cheaper than what they had at the moment. The ELB IP change issue has a solution of using Amazon Route53 DNS service. It has complete integration with ELB and when a subdomain is pointed to ELB as A record with Alias, ELB IP change does not influence on availability of a resource. DNS propagation is minimal. After this explanations customer s team decided to consider this solutions and asked us to go deeper into the infrastructure and find points to 5 EPAM SYSTEMS, INC.
Deep Analysis After receiving a request to analyze the AWS infrastructure closer, we started from the following points: security financial efficiency cloud services optimization From the security point of view, the project had a significant breach. In order to log in to the AWS console all project members used root credentials. This account has full control over all services, financial and reporting settings. Root account security breach could be fixed by using AWS Identity and Access Management (IAM). This service provides personal user accounts with complete integration to various services. Users could be divided to groups and assigned with different access policies. In order to work in a big team of developers and operationsб IAM is a must-have security application. When we were reviewing the infrastructure, we noticed that it contained more than 50 servers running 24/7. However, the customer did not reserve any of these instances. In this case reserving instances could save up to 65% of expenses for compute resources. Virtual machines that run 24/7 have to be covered by Heavy Utilization Reservation that has the biggest upfront fee, but the lowest price of per-hour instance work. 6 EPAM SYSTEMS, INC.
Final Overview After a week of cooperating with the customer s technical team we achieved the following results: Issues experienced by the application have been solved with no downtime. Infrastructure security situation has been reviewed and dramatically improved by means of AWS Identity and Access Management. As a consequence of this successful cooperation, the customer decided to continue their contract with EPAM for a long term. One of EPAM Cloud Computing Competency Center experts became a permanent AWS consultant on this project. After reserving EC2 instances, the customer saved more than 40% of monthly costs for compute resources. 7 EPAM SYSTEMS, INC.
Established in 1993, EPAM Systems (NYSE: EPAM) provides complex software engineering solutions through its award-winning Central and Eastern European service delivery platform. Headquartered in the United States, EPAM employs approximately 8,900 IT professionals and serves clients worldwide from its locations in the United States, Canada, UK, Switzerland, Germany, Sweden, Belarus, Hungary, Russia, Ukraine, Kazakhstan, and Poland. EPAM is ranked #6 on the 2013 Forbes America s 25 Fastest-Growing Tech Companies list and is recognized among the leaders in software product development services by Forrester and Zinnov analysts. The company is also included in the top 30 in IAOP s The 2013 Global Outsourcing 100 list. For more information, please visit www.epam.com Global 41 University Drive Suite 202, Newtown (PA), 18940, USA Phone: +1-267-759-9000 Fax: +1-267-759-8989 EU Corvin Offices I. Futó street 47-53 Budapest, H-1082, Hungary Phone: +36-1-327-7400 Fax: +36-1-577-2384 CIS 9th Radialnaya Street, bldg. 2 Moscow, 115404, Russia Phone: +7-495-730-6360 Fax: +7-495-730-6361 8 1993-2013 EPAM SYSTEMS, EPAM Systems. INC. All Rights Reserved.