Successful migration of˜ client’s ˚agship email security product to AWS … · 2019-03-28 ·...
Transcript of Successful migration of˜ client’s ˚agship email security product to AWS … · 2019-03-28 ·...
USTGlobal ®
Successful migration of client’s �agship emailsecurity product toAWS Cloud
Client is an American multinational technology conglomerate
that develops, manufactures, and sells networking hardware,
telecommunications equipment and other high-technology
services and products.
Client, in collaboration with UST Global, moved Client Email
Security (CES) product suite from HPS Data Center to a public
cloud. CES is a security suite which scans all the inbound and
outbound e-mails and any vulnerability found will be moved to
junk folder.
Client
The major business concern was to move the CES from hosted
HPS Data Center to public cloud as they were incurring a huge
infrastructure cost on Data Centers at various locations. They
wanted to move to a public cloud with a cost-effective solution
without compromising availability, reliability, and performance.
Business Problem
UST Global, through our extensive expertise in cloud platform,
chose AWS public cloud. Client wanted High Availability (HA),
disaster proof and automated failover solution. The solution was
designed to ensure spread of Data Centers across different
regions with active synchronization for application suites deployed
in both Data Centers. The VPN connectivity was based on a Hub
and Spoke model with advanced encryption. HA was achieved
by Client CSR with IP Security (IPSec) tunnel over WAN. Once
migrated to Cloud, 200+ servers were identified for setup, AWS
security groups tightened, and benchmark testing carried out.
There are two modules for CES which constitutes 2 VMs:
• ESA (Email Security Appliance)
• SMA (Security Management Appliance)
Key Solution
UST Global was onboarded as the first customer for this tool.
Initially, 33% of email traffic was routed through CES in AWS
and later it was scaled to 100%. Initially, 35 customers were
on-boarded, which was scaled up to 250 in 3 months with
15,000 mailboxes.
Success of the Process
Our journey envisaged the successful migration of Client
flagship email security product to AWS Cloud. The cutting-edge
deployment architecture conforms to the highest standards of
security and uses technology to drive extreme automation and
rigorous optimization based on performance characteristics
and resource utilization.
Overall Outcome
30% CostReduction
Reduced Storageand Capacity
SolutionHighlights
Data Centers established in two different regions, instead of
zones so as to comply with Disaster Recovery requirements
ESA and SMA stacks deployed region-wise in multiple zones with
client specified application compliance in AWS
30,000+ Intellectual Property (IP) created for this engagement
Microsoft Threat Modeling tool simulated network traffic flow,
response to attack and other scenarios to comply with Client
security requirements
Performance mapping of VMware with AWS was carried out in
detail as the existing Data Center was in VMware which is
known to have a unique performance attribute
Code-level changes at application level executed to enable
compatibility with the multi-threaded architecture in AWS
Active collaboration with AWS networking team for public IP
requirements
Complete synchronization of database and application
established between data centers in multiple regions
Disaster Recovery scenarios recorded and Playbooks created
for each scenario
Cloud Email Security powered by Nagios based monitoring
solution and JIRA ticketing tool
Vulnerabilities identified using Qualys scanner and scan logs
monitored using Zeus
Data from multiple zones and regions correlated using Icinga, an
open source monitoring solution and Nagios Fusion, to obtain a
single dashboard view for entire topology and GTM
Akamai Intelligent Platform deployed as a geographical load
balancer to achieve high levels of performance and availability
Cost effective and secured solution
180+ parameters being monitored
It is a security product which was built on top of a public cloud which is unique in its segment
Extreme levels of fault tolerance in region as well as zones
Onboarded around 260 customers and around 1600 instances in 1 year
Automating the customer onboarding process – whenever a new customer comes in, automatically instances are spun up and customer is onboarded
Similarly, when a customer offboards the instance will be removed
Initially we built the entire setup in cloud infrastructure for the US region which took almost 40 days to complete. UST automated the entire process where we can setup the entire infrastructure in any region within 2-3 hours
Key Milestones and Achievements
Main challenge was that it was not a customer migration, it was a tool migration
We need to ensure 100 % uptime for this entire application
RTO and RPO had to be zero
Fault tolerance in zone to zone and region to region
AWS Region to Region Connectivity: During earlier days AWS was not having connectivity between two regions. UST suggested IPsec VPN using Client CSR, which was Client’s own product.
Nagios High-Availability: There was need of shared filesystem between zone 1 and zone 2. AWS was not able to provide a shared filesystem at all regions. So, the solution was to use EFS & Shared File System (OCFS & DRBD).
AWS Multicast Capability: AWS was not able to provide multicast between two regions. Here the solution was to use N2N Service - Multicast Support across Zones which was a utility.
Client CSR Router Product Issues: It was not providing the proper performance as men-tioned. The new release from Client was used for bug fixes
Challenges
USTGlobal ®
UST Global® is a fast-growing digital technology company that provides advanced computing and digital services to large private
and public enterprises around the world. Driven by a larger purpose of Transforming Lives and the philosophy of “fewer Clients,
more Attention”, we bring in the entrepreneurial spirit that seeks the fastest path to value in today’s digital economy. Our
innovative technology services and pioneering social programs make us stand apart.
UST Global is headquartered in Aliso Viejo, California and operates in 25 countries. Our clients include Fortune 500 companies in
Banking and Financial Services, Healthcare, Insurance, Retail, High Technology, Manufacturing, Shipping, and Telecom. UST
Global believes in building long-lasting, strategic business relationships through agile and client-centric global engagement
models that combine local experts and resources with cost, scale, and quality advantages of global operations.
For further information, contact: [email protected]
Corporate Office: UST Global®, 5 Polaris Way, Aliso Viejo, CA 92656 www.ust-global.com
Phone: (949) 716-8757 Fax: (949) 716-8396
UST Global® Copyright © 2019. All Rights Reserved.
COUNTRIES YEARSEXPERIENCE
20,000+19+25+PEOPLE
/USTGlobal /USTGlobal /ustglobalweb /company/ust-global