Leading Restaurateur Achieves Self-Service IT with Flux7 & AWS Service Catalog
Security with agility allows QSR to retain governance, reduce workload & eliminate wait times
This quick serve restaurant (QSR) is a household name, with thousands of corporate and franchise stores across the globe. As a leading quick serve purveyor, this company is publicly traded on the NYSE and is part of the S&P 500.
Serving millions of customers every day, this organization’s customers have high expectations for 24×7 availability inside the restaurant and out. To meet these high, evolving expectations, this company is launching new options for its on-the-go customers. Its new digital solution needed to be scalable, have high capacity, and be extremely secure. While this QSR chose the Amazon AWS public cloud to meet these business needs, it also needed a solution that would allow its development team to quickly build the new digital platform that would support this organization’s digital evolution.
The QSR called the AWS experts at Flux7 to help it build its new, modern digital platform. Following its three-step process, Flux7 assessed the situation and recommended the use of AWS Service Catalog to provide the development team with the agility that the company needed, with important DevOpsSec guardrails built in to ensure security and governance. Service Catalog provides this organization with the ability to create and manage catalogs of IT services that development can access from a dashboard and launch with the push of a button.
First, Flux7 helped the QSR’s admins create products for the Service Catalog using services including:
- Proxy permissions – For reasons of security, governance and consistency, developers are only given permission to launch Service Catalog products;
- Constrained parameters – Operations can constrain the allowed values a Developer can use for a given parameter(s), thus creating balance between developer agility and operational governance;
- Portfolios – Portfolios allow access of users to certain products and certain parameter values allowing better governance and separation of roles.
To create the Service Catalog products, individual AWS CloudFormation Templates in JSON format are created; these templates define the resources required for the product and the relationships between those resources. Admins can then choose the parameters that the end user can plug in when they launch the product to configure security groups, create key pairs, and perform other customizations. For example, appropriate values were fixed in the mappings to use the correct VPC and Flux7 created product specific parameters such as name, a business ledger number, email, instance type, data classification and more. Last, an instance running the specific product version is created with resources like security groups, subnet groups and parameter groups.
This project involved the deployment of eight Service Catalog products — rds-oracle, rds-mssql, rds-mysql, linux-instance, redshift, windows-instance, tomcat-rds, and iis-stack — with user parameters such as AMI ID, pre-defined controls and the company’s standard tags built in. Each of these eight products were tested, launched in environment with all controls and tags, within minutes.
With pre-approved products created and maintained by the admin team, end users were then able to easily launch their desired product from Service Catalog by providing the required parameters. And, with the push of a button, Service Catalog launches the product.
Security and Governance
An important part of this project was collecting at the outset the key security and governance controls that needed to be built into the Service Catalog products. Flux7 sat down with Network-Operations-Security leaders to discuss with the team what constraints they wanted to enforce on the end-user attributes. The result of this meeting was key governance guidance that was built-into CloudFormation templates and Service Catalog products.
Service Catalog provides ongoing governance as the organization can centrally manage its portfolio of products moving forward, ensuring that they continuously meet security and governance standards — even as they evolve. With security built in, this organization is able to achieve consistent, continuous governance, and is assured that developers are only deploying approved IT services.
Last, Flux7 setup this company’s Active Directory (AD) file system as a login provider to the Windows instances created by the AWS Service Catalog, allowing permitted users to login with their AD credentials.
With Flux7’s help, this company’s AWS Service Catalog solution allows its development team to launch new products with the click of a button. Thus, creating greater agility as developers no longer undergo lengthy IT to wait times for solution provisioning. By removing this barrier, developers have eliminated wait times and are able to begin work immediately, growing code throughput and speeding time to modernization and innovation. In the process, IT workloads are vastly reduced, allowing IT to focus on more strategic initiatives.
In addition, the team at Flux7 finished each project sprint with complete knowledge transfer, teaching the skills surrounding each of its products that the team can effectively manage and grow them into the future. Moreover, the Service Catalog solution has built-in controls that is assured to deliver on this organization’s need for governance and security. In all, innovation has grown and time-to-market of new customer-facing solutions has increased, in the process surprising and delighting customers and growing customer satisfaction. This QSR now has a foundation for delivering a secure, dynamic digital platform that will help it modernize and create new offerings to its demanding clients — today and well into the future.
- IT modernization that feeds new customer offerings
- Extreme security
- Developer agility
- AWS Service Catalog
- CloudFormation Templates
- Security Best Practices
- Eliminated IT wait times
- Speed time to market
- Agility balanced with security