Our Cloud Infrastructure

Key Benefits

Cloud infrastructure refers to the collection of features needed to enable cloud computing. Our approach to cloud infrastructure is to bring together all the best practices AWS and Azure has to offer so our client’s cloud deployments are cost-effective, scalable, secure and automated, so you can focus on your core business.

Core Features of the Shelf

  1. Base foundation built with Managed Services
  2. All applications are containerized
  3. High availability and scalability
  4. Disaster recovery
  5. CI/CD
  6. Test automation
  7. Secrets
  8. Centralized (shared) integration layer for all applications
  9. Centralized logging
  10. Centralized monitoring
  11. Shared components
Example of our AWS Cloud Maturity level

Base foundation built with Managed Services

  1. If there’s any managed service available for some specific use case, we have taken that service in use
  2. Focus to develop something new: no need for oversized infra team to do all the maintenance work and troubleshooting all kind of infra related problems
  3. Fault tolerance: all services are automatically distributed between multiple data centers (availability zones) in case of one/multiple data center failure(s) inside the same region
  4. Operate your infrastructure more efficiently and securely
    • Almost all services meet different compliance requirements (ISO, PCI etc.)
  5. You can have automatic updates for all managed services without any manual admin actions

All applications are containerized

  1. Applications consist of many different services (containers) running inside the same stack.
  2. For better: isolation, splitting/sharing of the components/services between different applications
  3. All data are stateless
    • enables horizontal scaling support instead of only vertical
    • all data is stored in external services
    • enables all containers to have read-only files systems to minimize the attack surface
  4. All container images are hardened where all the unnecessary OS command are already removed e.g. cp, rm
  5. Automatic OS patching using scheduled deployments: builds new container images with latest OS security patches included even week basis (if required)
  6. Scan for any vulnerabilities during container image creation (still at PoC phase)

High availability and scalability

  1. All production load are distributed between two data centers (at minimum) with automatic failover
  2. All applications are running in AWS Elastic Beanstalk or Azure App Service which handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring
    • You can scale up (or down) based on several statistics including latency, disk I/O, CPU utilization, and request count

Disaster recovery

  1. All resources are built/managed with Terraform Cloud (Infrastructure as code)
  2. Application code are stored in Bitbucket Cloud
  3. All secrets are stored in 1Password (+ Secrets Automation)
  4. All databases can be restored “live” up to 72 hours back
    • After 72h 35 days back with 1s interval.
    • After 35 days from weekly image (1y retention)
  5. All other static data are stored in S3 storage e.g. uploaded files, images…
  6. All services/servers can re-deployed with Terraform or by running deployment pipelines again

Continuous Integration / Continuous Deployment (CI/CD)

  1. Fully automated deployment pipelines without any manual admin interaction
  2. Releases can be deployed every hour (if you want)
  3. Unit tests are part of the pipelines
  4. Every pull request creates temp. environment (full stack of services) to run test against feature branches (manual and automated) and the URL for this environment will be available via Slack channel
    • Merge or decline will trigger the removal of the temp. env.
  5. Revert back to the old release with a click of the button (of course database restore also required, if applied migrations failed) Run exactly the same releases in staging before going into production env.

Test automation

  1. Cypress.io is continuously testing for any broken features

Secrets

  1. All secrets are stored in 1Password Cloud
  2. All secrets can be fetched from 1Password Secrets Automation service during application startup process
    • Most of the secrets are created by Terraform (by using 1Password module) and fetched by Terraform in later steps no visible secrets anywhere

Centralized (shared) integration layer for all applications

  1. Transforms all requests to be compatible example with different ERP systems (different countries), so that the same application code can be used for all countries
  2. Totally serverless solution
  3. Supports also inbound requests from 3rd party vendors

Centralized logging

  1. All important application logs are streamed/stored in Splunk Cloud
    • Create dashboards based on business KPI’s
    • Makes troubleshooting easy, when you see the whole picture from all of these streams
    • Audit stream from the whole environment

Centralized monitoring

  1. All created, modified or deleted resources are dynamically updated/fetched into external monitoring system.
  2. Find problems before end users and creates tickets automatically to SD from these outages
  3. SLA reporting
  4. Anomaly Detection and automatic RCA reports

Shared components

  1. Applications are sharing the same components via centralized component library no need to implement/code same functionality for every application