Amdocs Powers Cloud Transformation for a Cybersecurity Firm
By driving an Amazon ECS migration, Amdocs enabled the risk protection specialist to overcome legacy constraints and achieve speed, resilience, and cost savings.
The firm's legacy cloud-based platform no longer met its needs, and Amdocs was appointed to aid the migration to Amazon ECS. With applications rebuilt using infrastructure as code, the transition is set to unlock better cost-efficiency, reliability and speed of delivery.
About the customer:
The firm is an innovative digital risk protection specialist that automates surface, deep and dark web searches for critical business data and potential threats. It enables customers to detect data breaches and monitor threats outside their immediate network.
Outgrowing the legacy platform
Following a prolonged period of growth, the firm was facing challenges centered on the cost, complexity and operability of its cloud-based platform.
The architecture supported a significant, and steadily increasing, number of environments related to the firm’s digital risk protection products. While the legacy platform had initially been an appropriate choice for deployment and scaling, more than 100 load-balancers were being maintained. This was costly and unsustainable, plus limited feedback on failed deployments was causing frustration.
Another issue was the need for intercommunication between deployed environments. With the legacy set-up, this resulted in a significant administrative overhead: dozens of security groups required manual changes to permit necessary traffic.
Together these factors meant the deployment of new features and services had a long lead time (sometimes weeks) and introduced an untenable level of performance risk. Delivering small environmental changes was also a challenge. An additional problem was the use of public subnets to allow access to the internet, which goes against security best practice guidance.
With further growth and development on the cards for the firm, there was an immediate need to enhance control and mitigate these issues. Amdocs was appointed to steer a migration to a new AWS environment better suited to the firm’s evolving requirements. Advanced engineering support streamlined the transition and maximized the opportunity for ongoing improvement using infrastructure as code.
“The time had come to migrate to a more sophisticated environment and modernize our ways of working. To achieve this goal, we needed a short-term injection of specialist expertise, and Amdocs had exactly what we needed.”
Migrating to Amazon ECS
Since the firm was already leveraging Docker to build deployments, the options we discussed for the new environment included Amazon ECS (EC2 and Fargate) and Amazon EKS.
The firm understood the benefits of Amazon EKS but viewed it as a technology to adopt in the future as it would present a steep learning curve for developers. However, earlier experimentation with Amazon ECS (EC2) on different workloads had generated good results, so this was selected as the preferred option.
Amdocs set about working with the firm’s team to migrate containers from the legacy platform to a highly available ECS cluster. Everything was built using infrastructure as code, allowing the firm to spin up and tear down environments as required.
The ECS cluster was deployed using multiple EC2 instances in an autoscaling group across multiple availability zones. Then the load balancer was attached to multiple target groups and we used path-based routing to target the correct container based on the path of the URL. This allows the firm to manage environments more easily, with higher resiliency and better security.
We also built a proof of concept allowing the firm to use AWS Systems Manager Parameter Store for all environment variables in the ECS task definitions. Now variables can be stored securely, and task definitions can be stored in a Git repository which limits the risk of sensitive information leaking.
Third party applications and solutions
Amdocs built the entire infrastructure with the IaC tool Terraform from Hashicorp, an AWS Advanced Technology Partner. This allowed us to create repeatable infrastructure, enabling the firm to benefit from safer deployments. The firm’s prior experience with this tool influenced its selection over cloud-native alternatives such as CloudFormation. Terraform code was stored in a Git repository hosted in Bitbucket, enabling version control of code and easy identification of any changes made.
Cost-effective, reliable and fast
Migrating from the legacy platform to Amazon ECS is the right move at this point in its development. Taking advantage of the opportunity to introduce infrastructure as code unlocks additional benefits surrounding cost-efficiency, reliability and speed. Paths to production will become more streamlined and effective, driving cumulative benefits to strengthen the firm’s position at the forefront of digital risk protection.
“With the support of Amdocs, we've instigated a seamless transition to Amazon ECS. We are confident that the changes will enable our teams to work more effectively and increase the pace of software delivery.”
An ongoing cycle of improvement
The migration strategy is based on moving one service at a time, evaluating each in turn before moving to the next. With 80 services in total, conducting a full migration with infrastructure as code rebuilds will be a lengthy process. However, taking a cloud-native approach will deliver significant long-term benefits, and the firm can continually refine cybersecurity services that have already moved to Amazon ECS while the migration is ongoing.
