AWS DevOps and Docker Best Practices Grow Secure Innovation

Enabling MicroServices with MicroAgility for Financial Services Market Leader

Profile

With millions of devices and terminals deployed worldwide, this provider of point-of-sale (POS) systems consistently brings innovation to the payment industry, changing the way merchants do business and interact with customers like never before. Trusted for its hardware and proprietary operating systems, security and encryption software, and certified payment software, this Fortune 1000 company maintains a solid reputation for enabling merchants to easily and quickly customize the point of sale through innovative apps that provide customers with rich, contextual in-store experiences.

Challenge

This leader in the financial services market has historically relied on on-premise compute resources. They maintain multiple data centers and host their assets from their own compute farms. However, with two new projects launching – both of which had tight timelines; were considered highly strategic to the business; and required creating solutions that simultaneously enabled development, retained agility, and provided a high level of security – this company realized it could benefit from the additional agility cloud based DevOps could provide.

As a result, this financial services organization chose AWS consulting partner Flux7 to help them successfully achieve their aggressive goals within the allotted timeframe.

Solution

The first step in the process was selecting Amazon Web Services (AWS) which allowed the organization to quickly scale to demand without expensive hardware purchases. Then devops consultants Flux7 went to work, focused on simplifying and streamlining the organization’s IT using its best-practice based cloud implementation process consisting of Assess, Attune and Engage services.

During assessment, Flux7 helped this firm design an AWS architecture that centered on key requirements. Specifically, the firm did not want to have IPSec tunnels, a typical practice, between their data centers and AWS, because they wanted to keep the two applications separated. Additionally, they required that code repositories were kept on-premise and that Active Directory federation for Single Sign On (SSO) was used. Flux7 created a cloud computing architecture to meet these security requirements and that allowed admin and machine access to the environment without compromising on security.

Flux7 provided the organization’s IT team with OpenVPN, Jenkins, and documentation on MediaWiki along with in-house tools for rapidly developing CloudFormation templates, graphical design compiler, and scripts to perform various functions. The goal of the solution was to simplify and automate IT, in the process empowering the financial services firm to manage its own infrastructure, in spirit with AWS’ mission of self-service IT.

The two projects featured four key focus areas:

  • Automation focused on high availability, portability and agility. Because the project was complex with numerous microservices–each developed autonomously by different teams–Flux7 deployed Docker. Using Docker containers, Flux7 was able to provide this firm with a homogeneous deployment framework ideal for the variation in technology stacks across these services. This approach helped streamline infrastructure needs, making it easier to port services across environments. It also increased the level of automation which in turn increased agility and decreased risk associated with manual efforts.

  • Continuous integration and continuous deployment (CI/CD). Following a key tenet of DevOps, Flux7 created a continuous integration environment, applying CI/CD best practices to this project with Docker. The firm and Flux7 worked together to implement a unique build and deploy system with Docker at its core, an on-premise code repository, and on-cloud build deployment. The most innovative component, the portable system for configuration management and code deploy uses AWS Code Deploy, S3, and a Docker registry that provides CD. The system is self-service for Development, giving developers greater control over the process, allowing them to quickly bring up new environments, testing against them, and easily starting over if need be.
    • Security. While the enterprise was already very focused on security, Flux7 was able to provide another layer of expertise when it came to security in the cloud and the surrounding ecosystem of tools. For example, the system for configuration management and code deployment was configured to satisfy strict security requirements that the code repository remain on-premise and that development could deploy to production without accessing sensitive data. In response, Flux7 developed an automated mechanism to make sensitive configuration data available to production Docker containers without any involvement from Developers or IT or having the need to save those files anywhere in plain text.

      Now, IT can create configuration files with sensitive data, encrypt and upload it to S3. Developers simply specify the names of the configuration files needed to run the application in production. This elegant, purpose-built solution automatically downloads the right file, decrypts it on the fly via KMS, and makes it available to the application at run time. Thus achieving critical separation of roles between development and IT, while maintaining high levels of AWS DevOps driven productivity.
    • Culture Change. While technology played an important role in these projects, overseeing a culture change to support the new initiatives was also important. As such, the enterprise designed, defined and created a Center of Excellence for DevOps comprised of engineers who Flux7 trained to use and extend the environment. In addition, Flux7 focused on educating development teams about how to deploy their applications in Docker containers and focused specific lessons on knowledge transfer and being change agents, not just ‘doers’.

      To do so, Flux7 brought its innovate approach to bear which addresses the last 10% of a project where the actual amount of work is often less than the work needed to communicate about it offline. Thus, when this project neared the last 10% mark, Flux7 hosted dungeons, or virtual goal-oriented working sessions. The goal in each session was to solve a specific problem collaboratively in order to ensure customer requirements were met; to make the customer feel at-home with the setup; and to provide training and mentorship. The overarching goal of the culture change elements was to enable the customer to extend the AWS environment on their own. The team is now both enabled and excited to do so.

      These four elements combined to increase developer agility which shortened the time to market of new applications associated with these projects. They also combined to decrease costs driven by reduced wait times for IT when standing up Dev/QA/ Staging/Prod environments and the ability to eliminate capacity planning and backup disaster recovery.

    Benefits

    The initiative touched several areas of the organization, helping developers increase agility by improving development processes which increased productivity and resulted in faster time to market. This translates into faster innovation and strategic advantage in a highly competitive market.

    For operations, this initiative effectively removed wait times to stand up environments, and with cloud elasticity, removed the need for capacity planning and the purchase of expensive hardware to support the plan’s worst case scenarios. Moreover, the AWS auto-scaling environment allows the organization to start small and grow the service as it gains customer traction.

    Using Availability Zones and AWS Regions meant that there was no longer a need for a backup DR environment. Together these features saved the significant cost of purchasing additional compute, storage, load balance and networking gear.

    Through these two cloud-based DevOps initiatives, this financial services organization was able to greatly simplify and streamline its IT, including the code deployment process. Flux7 applied its extensive experience with technology, processes and culture change to help create greater agility that now allows the firm to take full advantage of a changing marketplace to drive innovation and short and long term business success.

    Business Needs

    • Build on market reputation for innovation
    • Further grow development agility
    • Increase time to market for competitive advantage
    • Maintain strict security and compliance

    Solution

    • AWS DevOps-based approach
    • Flux7 toolchain based on Docker, Jenkins, OpenVPN,and MediaWiki

    Benefits

    • Increased developer agility and sped time to market
    • Decreased time to stand up new environments
    • Eliminated need for additional hardware purchases
    • Eliminated capacity planning and need for backup DR environment

    Technical Details

    • AWS Services Used: EC2, S3, EBS, Route53, AWS VPC, CloudTrail, CloudConfig, CloudFormation, CodeDeploy, AWS autoscaling, Elastic Load Balancer, KMS, RDS

    Other Services

    • Docker, Jenkins, MediaWiki, OpenVPN