Proposed Solution & Architecture

For migration of 100+ instances, Application Discovery and Dependency Mapping (ADDM), Cloudamize Assessment tool is used. Various applications on the servers and its dependency on network devices within the customer infrastructure was mapped for planning and migrating the workloads to AWS Cloud.

• Assessment: Inventoried the physical and virtual servers/devices to secure precise TCO calculations into AWS; to identify the most efficient AWS capacity options.
• Planning: Discovered all applications and their dependencies, detailed phased migration on which & when to migrate.
• Migration: Import the plan into migration tools to confidently and efficiently move workloads to AWS.

DPLI workloads migrations are done through “rehosting” / “lift-and-shift” strategy by automating with AWS SMS, AWS DMS and Carbonite.

• AWS SMS: With the Agent less AWS Server Migration Service (SMS), migration of VMware/ HyperV on-premises workloads to AWS has been automated by scheduling and tracking incremental replications of live server volumes.
• AWS DMS: Used to migrate the rational databases from on-premises to RDS DB or a database on an Amazon EC2 instance per design.
• Carbonite Migrate: Quickly and easily migrates physical, virtual and cloud workloads over any distance with minimal risk and near-zero downtime. DPLI migration of Physical servers to AWS, is accomplished by carbonite.
• Data Migration has been done with an initial one-time copy using Snowball storage followed by delta data migration over WAN.

Proposed two-tier web application architecture with two layers of firewalls.

• With F5 WAF VE for layer 7 protection in public subnet covering OWASP top ten threats including SQL injection, cross site request forgery, broken authentication, session management and security misconfigurations monitoring the HTTP and HTTPS requests forwarded to Amazon CloudFront/ Application Load Balancer.
• For Advance Perimeter Threat Detection and Prevention, Checkpoint cloud guard has been deployed protecting form advanced malware and zero day attacks.

Enabled Encryption using AWS KMS and Gemalto HSM for key storage and Management.

Proposed Architecture is based on AWS well-architected framework ensuring operation excellence, Security, Reliability, Efficiency and Optimization by using Auto Scaling Group, Application Load Balancer, Multi AZ RDS, CloudWatch, CloudTrail, CloudFormation, GuardDuty, Config, Glacier/S3 and EFS.

Business Benefits

• IT Transformation from maintenance service to a strategic business contributor and enabling business digitization, modernization and micro-services architecture.
• Business continuity with close monitoring of environment and automated capabilities to trigger DR in case of service disruptions.
• Pay-as-you-go model with auto-scalability, faster implementation and higher service availability.
• Pro-active monitoring of utilization and performance through CloudInfinit CMP and self-service.
• 100% cloud migration within 90 days for such complex environment.
• Network and Infra deployment time came to as low as 48 hours, compared to 14-15 weeks before migration.
• Processing time for one of the mission critical application (tax certificates) has come down from 3 days to just a few minutes.