Jonphil LTD : Migration to AWS Cloud

About the Customer

Jon Phil is a registered and licensed study abroad, immigration and recruitment consulting firm that is based in London, United Kingdom. They work from 3 Main locations: London, Glasgow – UK & Trivandrum – India

Challenge

Customer had found it difficult to maintain their workload in their dedicated server architeture. Client required the access to application set through a VPN solution for securing and restricting the application access to authorized individuals. Apart from these infrastructure scalability was a primary concern which their on-premises environment couldn’t deliver in time considering the pace of business expansion they have in mind.

Why AWS?

By leveraging services in AWS like subnet in VPC, RDS, EC2, S3 etc we were able to come up with a solution that matches their requirement. Additional services were explored such as lambda to come up with a solution to keep the cost to minimal as possible

Why the Customer Choose the Partner?

Clarusto’s major portfolio showcases expertise in the following service pillars.

Enterprise Cloud Migration

Cloud Managed Services

Cost Optimizations Services

Security Governance & Compliance

Partner Solution

Architecture Diagram

The entire architecture consists of Multiple instances and RDS deployed in Custom VPC. Custom VPC consists of subnets which is having public and private subnet [NAT gateway for Private instance]. Application is deployed in windows 2019 server with MySQL 2016 [AMI]. The entire EC2 instance consists of two instances deployed in private subnet and one instance which is OpenVPN deployed in the public subnet. Instances deployed in private subnet can be accessed only after establishing an OpenVPN connection. In private subnet, there are two instances one for deploying client application and another is for managing AD users for the application server. All the instances are running on the latest generation instance type and attached EBS volumes are using volume type GP2. All the EBS volumes are encrypted using the AWS Key Management Service (KMS).

Application Database is managed by AWS RDS MySQL instance which is deployed in the private subnet. For tightening the security, we have disabled public access to the RDS instance a restricted RDS instance access from EC2 instance [application instance].

RDS instance is also encrypted with the AWS Key Management Service (KMS). For cutting the cost we have enabled lambda function to stop and start the instance based on client requirement [working hours]. We have used AWS Backup service to take the backup of the instances, by this, we will be getting 30 days snapshots of EC2 instances deployed in AWS environment.

To make sure that we don’t miss any failed snapshot we have configured the AWS backup to get a failedbackup notification using the help of Amazon Simple NotificationService.We have enabled CloudTrail for all the regions which perform auditing, compliance monitoring, and governance tool. All the CloudTrail logs are stored in AWS S3 bucket.CloudWatch alarm is created for getting the notification if the threshold value is cross beyond a limit. CloudWatch dashboard is created to get aquick glance at all the metrics of the instances running on the AWS environment.

Results and Benefits

•Cost reduction

•Increased metrics collection

•A better backup solution

•Meeting the compliance for 3rd party audits and complianc