Sorting
Deployments found: 5
The Challenge Despite its long-established roots,Corte dei conti (Cdc)isn’t an institution that has remained entrenched in the past. It understands that modernization is key to keeping relevant in a fast-moving world, and as a result it has embraced change in its processes and structure. IT has been central to this. Leandro Gelasi, IT officer at Corte dei conti, says,“We have a deep commitment to continuous improvement, and to support this goal we need an agile and elastic IT infrastructure.” Gelasi and his team wanted to move away from time-consuming management of physical IT. “We wanted to focus on providing an excellent service, rather than on handling hardware,” he says. A larger initiative to boost employee productivity went hand in hand with this efficiency drive, as Gelasi continues, “We wanted to change the way our 3,000-plus employees worked, enabling them to access applications from anywhere, on any device. But we had to ensure that this flexibility for staff didn’t jeopardize the safety of data.” Given its high-profile role in keeping public finances in check—and with the Italian government requiring agencies to cut IT expenditure in line with wider budget cuts—Cdc also had to focus on reducing its own costs. With a largely Citrix-based infrastructure, Corte dei conti had invested a lot in training its staff in this technology. It wanted to make the most of this investment, while at the same time making its architecture more agile.
Why Amazon Web Services The answer was a hybrid cloud environment, and Cdc chose Amazon Web Services (AWS) and AWS Advanced Consulting Partner XPeppers to help it in this journey, starting with adopting a virtual desktop infrastructure (VDI) based on Amazon WorkSpaces. Gelasi says, “We looked at AWS and realized it was the perfect platform for our migration to the cloud. We had worked with XPeppers before, so it was our first choice to help us move to AWS and ensure seamless integration with our Citrix environment.” The infrastructure runs on 25 Amazon Elastic Compute Cloud (Amazon EC2) instances, which run only during office hours, between 8:00 am and 8:00 pm. Cdc uses AWS Lambda to orchestrate the startup and shutdown for each instance. Each department has a dedicated Amazon Virtual Private Cloud (Amazon VPC) and a virtual private network connection between the VPCs and Cdc’s data centers. Paolo Latella, solutions architect at XPeppers, says, “Because it deals with sensitive data, Corte dei conti needs a secure architecture. We worked with Cdc to explain best practices in the cloud, ensuring that it maintains the highest security levels.” For example, AWS Identity and Access Management (IAM) helps the court control access to resources, and Amazon CloudWatch allows the team to keep applications running smoothly. Plus, through the AWS Marketplace, Cdc can choose the software and services it needs to implement a security model that replicates its on-premises structure.
The Benefits First and foremost, Gelasi and his team feel safe working in the cloud. “We have no concerns about security or compliance,” he says. “It’s not easy to replicate the same security levels that we have on premises, but working in AWS, we’re confident that we’re following best practices for data protection, network access, and other security measures.”
He continues, “The service that our users are getting is vastly improved. We have very little feedback, which is great for us. No news is good news in IT.” In addition, internal users have more flexibility and can access applications on their laptops, tablets, and smartphones from anywhere. “We have made it possible for court employees such as magistrates to work effectively from home. Previously, they could only access applications from the office, but now they can do this wherever they are. As a result, they’re much more productive. Decisions get made faster and the whole system works better. It’s a brilliant result for our entire organization,” says Gelasi. Managing processes is also easier, so the Cdc IT team can focus on developing services for both internal and external clients. One of the IT team’s goals in the organization’s larger drive to boost efficiency is to provide services to government agencies across Italy. Gelasi says, “With our AWS infrastructure, it’s easier for us to offer IT to other institutions, which helps them cut costs in line with government initiatives.” “We’re saving money in the cloud too,” he continues. “By moving to AWS, we avoided €40,000 in hardware costs.” Operating expenses are more difficult to determine, but Gelasi is convinced that with the VDI project, Cdc is cutting energy consumption and saving money on air conditioning and electricity. “One of the drivers of the project was to get better visibility of costs and be more accountable,” he says. “As we move more of our infrastructure to the AWS cloud, we’ll be able to do this too.” Having successfully deployed VDI to 250 users across Cdc, the team is now rolling it out across all of the organization’s regions, eventually giving its 3,000 employees the tools to be more productive. The court is also working with XPeppers to build its disaster recovery on AWS and move more workloads to the cloud for improved agility. “The biggest benefit of working in the AWS cloud? I can’t pinpoint just one,” says Gelasi. “It’s the whole package. We’ve got more flexibility, we can scale seamlessly, and we have more time to provide a great service to our customers.”
Why Amazon Web Services Coinbase evaluated different cloud technology vendors in late 2014, but it was most confident in Amazon Web Services (AWS). In his previous role at NASA’s Jet Propulsion Laboratory, Witoff gained experience running secure and sensitive workloads on AWS. Based on this, Witoff says he “came to trust a properly designed AWS cloud.” The company began designing the new Coinbase Exchange by using AWS Identity and Access Management (IAM), which securely controls access to AWS services. “Cloud computing provides an API for everything, including accidentally destroying the company,” says Witoff . “We think security and identity and access management done correctly can empower our engineers to focus on products within clear and trusted walls, and that’s why we implemented an auditable self-service security foundation with AWS IAM.” The exchange runs inside the Coinbase production environment on AWS, powered by a custom-built transactional data engine alongside Amazon Relational Database Service (Amazon RDS) instances and PostgreSQL databases. Amazon Elastic Compute Cloud (Amazon EC2) instances also power the exchange. The organization provides reliable delivery of its wallet and exchange to global customers by distributing its applications natively across multiple AWS Availability Zones. Coinbase created a streaming data insight pipeline in AWS, with real-time exchange analytics processed by an Amazon Kinesis managed big-data processing service. “All of our operations analytics are piped into Kinesis in real time and then sent to our analytics engine so engineers can search, query, and find trends from the data,” Witoff says. “We also take that data from Kinesis into a separate disaster recovery environment.” Coinbase also integrates the insight pipeline with AWS CloudTrail log files, which are sent to Amazon Simple Storage Service (Amazon S3) buckets, then to the AWS Lambda compute service, and on to Kinesis containers based on Docker images. This gives Coinbase complete, transparent, and indexed audit logs across its entire IT environment. Every day, 1 TB of data—about 1 billion events—flows through that path. “Whenever our security groups or network access controls are modified, we see alerts in real time, so we get full insight into everything happening across the exchange,” says Witoff . For additional big-data insight, Coinbase uses Amazon Elastic MapReduce (Amazon EMR), a web service that uses the Hadoop open-source framework to process data, and Amazon Redshift, a managed petabyte-scale data warehouse. “We use Amazon EMR to crunch our growing databases into structured, actionable Redshift data that tells us how our company is performing and where to steer our ship next,” says Witoff . All of the company’s networks are designed, built, and maintained through AWS CloudFormation templates. “This gives us the luxury of version-controlling our network, and it allows for seamless, exact network duplication for on-demand development and staging environments,” says Witoff . Coinbase also uses Amazon Virtual Private Cloud (Amazon VPC) endpoints to optimize throughput to Amazon S3, and Amazon WorkSpaces to provision cloud-based desktops for global workers. “As we scale our services around the world, we also scale our team. We rely on Amazon WorkSpaces for on-demand access by our contractors to appropriate slices of our network,” Witoff says. Coinbase launched the U.S. Coinbase Exchange on AWS in February 2015, and recently expanded to serve European users.
The Benefits Coinbase is able to securely store its customers’ funds using AWS. “I consider Amazon’s cloud to be our own private cloud, and when we deploy something there, I trust that my staff and administrators are the only people who have access to those assets,” says Witoff . “Also, securely storing bitcoin remains a major focus area for us that has helped us gain the trust of consumers across the world. Rather than spending our resources replicating and securing a new data center with solved challenges, AWS has allowed us to hone in on one of our core competencies: securely storing private keys.” Coinbase has also relied on AWS to quickly grow its customer base. “In three years, our bitcoin wallet base has grown from zero to more than 3 million. We’ve been able to drive that growth by providing a fast, global wallet service, which would not be possible without AWS,” says Witoff . Additionally, the company has better visibility into its business with its insight pipeline. “Using Kinesis for our insight pipeline, we can provide analytical insights to our engineering team without forcing them to jump through complex hoops to traverse our information,” says Witoff . “They can use the pipeline to easily view all the metadata about how the Coinbase Exchange is performing.” And because Kinesis provides a one-to-many analytics delivery method, Coinbase can collect metrics in its primary database as well as through new, experimental data stores. “As a result, we can keep up to speed with the latest, greatest, most exciting tools in the data science and data analytics space without having to take undue risk on unproven technologies,” says Witoff . As a startup company that built its bitcoin exchange in the cloud from day one, Coinbase has more agility than it would have had if it created the exchange internally. “By starting with the cloud at our core, we’ve been able to move fast where others dread,” says Witoff . “Evolving our network topology, scaling across the globe, and deploying new services are never more than a few actions away. This empowers us to spend more time thinking about what we want to do instead of what we’re able to do.” That agility is helping Coinbase meet the demands of fast business growth. “Our exchange is in hyper-growth mode, and we’re in the process of scaling it all across the world,” says Witoff . “For each new country we bring on board, we are able to scale geographically and at the touch of a button launch more machines to support more users.” By using AWS, Coinbase can concentrate even more on innovation. “We trust AWS to manage the lowest layers of our stack, which helps me sleep at night,” says Witoff . “And as we go higher up into that stack—for example, with our insight pipeline—we are able to reach new heights as a business, so we can focus on innovating for the future of finance.”
After maintaining on-premises hardware and custom publishing software for nearly two decades, The Seattle Times sought to migrate its website publishing to a contemporary content management platform. To avoid the costs of acquiring and configuring new hardware infrastructure and the required staff to maintain it, the company initially chose a fully managed hosting vendor. But after several months, The Times' software engineering team found it had sacrificed flexibility and agility in exchange for less maintenance responsibility. As the hosted platform struggled with managing traffic under a vastly fluctuating load, The Seattle Times team was hamstrung in its ability to scale up to meet customer demand. Tom Bain, the software engineering manager overseeing the migration effort, says, "We had a fairly standard architecture in mind when we set out to do the migration, and we encouraged our vendor to adapt to our needs, but they struggled with the idea of altering their own business model to satisfy our very unique hosting needs."
Why Amazon Web Services To address these core scalability concerns, The Seattle Times engineering team considered several alternative hosting options, including self-hosting on premises, more flexible managed hosting options, and various cloud providers. The team concluded that the available cloud options provided the needed flexibility, appropriate architecture, and desired cost savings. The company ultimately chose Amazon Web Services (AWS), in part because of the maturity of the product offering and, most significantly, the auto-scaling capabilities built into the service. The Seattle Times' new software is built on the LAMP stack, and the added benefits of native, Linux-based cloud hosting made the most sense when choosing a new vendor. The Seattle Times developed a proof-of-concept and implementation plan, which was reviewed by a team from AWS Support. “They looked over our architecture and said, ‘Here are some things that we recommend you do, some best practices, and some lessons learned,’ ” says Rob Grutko, director of technology for The Seattle Times. “They were very helpful in making sure we were production ready.” After implementing the desired system architecture and vetting the chosen components and configuration with AWS, The Times deployed its new system in just six hours. The website moved to the AWS platform between 11 p.m. and 3 a.m. and final testing was completed by 5 a.m. — in time for the next news day.
How Seattle Times Uses AWS Seattletimes.com is now hosted in an Amazon Virtual Private Cloud (Amazon VPC), a logically isolated section of the AWS cloud. It uses Amazon Elastic Compute Cloud (Amazon EC2) for resizable compute capacity and Amazon Elastic Block Store (Amazon EBS) for persistent block-level storage volumes. Amazon Relational Database Service (Amazon RDS) serves as a scalable cloud-based database, Amazon Simple Storage Service (Amazon S3) provides a fully redundant infrastructure for storing and retrieving data, and Amazon Route 53 offers a highly available and scalable Domain Name System (DNS) web service. The Times is using Amazon CloudFront in front of several Amazon S3 buckets to distribute a huge collection of photo imagery. The combination of Amazon CloudFront and Amazon S3 is used to embed photos into news stories distributed to The Times readers with low latency and high transfer speeds. Additionally, Amazon ElastiCache serves as an in-memory “cache in the cloud” in The Times’ new configuration. The Times is also using AWS Lambda to resize images for viewing on different devices such as desktop computers, tablets, and smartphones.
The Benefits With AWS, The Seattle Times can now automatically scale up very rapidly to accommodate spikes in website traffic when big stories break, and scale down during slower traffic periods to reduce costs. “Auto-scaling is really the clincher to this,” Grutko says. “With AWS, we can now serve our online readers with speed and efficiency, scaling to meet demand and delivering a better reader experience.’’ Moreover, news images can now be rapidly resized for different viewing environments, allowing breaking-news stories to reach readers faster. “AWS Lambda provides us with extremely fast image resizing,” Grutko says. “Before, if we needed an image resized in 10 different sizes, it would happen serially. With AWS Lambda, all 10 images get created at the same time, so it’s quite a bit faster and it involves no server maintenance.” Rather than relying on a hosting service to fix inevitable systems issues, The Times now has complete control over its back-end environment, enabling it to troubleshoot problems as soon as they occur. “When an issue happens, we can go under the hood and troubleshoot to get around nearly any problem,” says Grutko. “It’s our environment, and we control it.” When the company encounters a problem that it can’t solve, it relies on AWS Support. “Our on-boarding experience was quite good with the AWS support team,” says Miles Van Pelt, senior development engineer at The Seattle Times. “It really felt like they went out of their way to answer our questions and research topics that we couldn't readily find in their extensive documentation.” By choosing AWS, The Seattle Times is now better positioned to deliver in its pursuit of being a leading-edge digital news media company. “By moving to AWS, we’ve regained the agility and flexibility we need to support the company’s journalistic mission without incurring the expense and demands required of a pile of physical hardware,” says Grutko .
About Expedia
Expedia, Inc. is a leading online travel company, providing leisure and business travel to customers worldwide. Expedia’s extensive brand portfolio includes Expedia.com, one of the world’s largest full service online travel agency, with sites localized for more than 20 countries; Hotels.com, the hotel specialist with sites in more than 60 countries; Hotwire.com, the hotel specialist with sites in more than 60 countries, and other travel brands. The company delivers consumer value in leisure and business travel, drives incremental demand and direct bookings to travel suppliers, and provides advertisers the opportunity to reach a highly valuable audience of in-market travel consumers through Expedia Media Solutions. Expedia also powers bookings for some of the world’s leading airlines and hotels, top consumer brands, high traffic websites, and thousands of active affiliates through Expedia Affiliate Network.The Challenge
Expedia is committed to continuous innovation, technology, and platform improvements to create a great experience for its customers. The Expedia Worldwide Engineering (EWE) organization supports all websites under the Expedia brand. Expedia began using Amazon Web Services (AWS) in 2010 to launch Expedia Suggest Service (ESS), a typeahead suggestion service that helps customers enter travel, search, and location information correctly. According to the company’s metrics, an error page is the main reason for site abandonment. Expedia wanted global users to find what they were looking for quickly and without errors. At the time, Expedia operated all its services from data centers in Chandler, AZ. The engineering team realized that they had to run ESS in locations physically close to customers to enable a quick and responsive service with minimal network latency. Why Amazon Web Services Expedia considered on-premises virtualization solutions as well as other cloud providers, but ultimately chose Amazon Web Services (AWS) because it was the only solution with the global infrastructure in place to support Asia Pacific customers.“From an architectural perspective, infrastructure, automation, and proximity to the customer were key factors,” explains Murari Gopalan, Technology Director. “There was no way for us to solve the problem without AWS.”
Launching ESS on AWS
“Using AWS, we were able to build and deliver the ESS service within three months,” says Magesh Chandramouli, Principal Architect.
ESS uses algorithms based on customer location and aggregated shopping and booking data from past customers to display suggestions when a customer starts typing. For example, if a customer in Seattle entered sea when booking a flight, the service would display Seattle, SeaTac, and other relevant destinations. Expedia launched ESS instances initially in the Asia Pacific (Singapore) Region and then quickly replicated the service in the US West (Northern California) and EU (Ireland) Regions. Expedia engineers initially used Apache Lucene and other open source tools to build the service, but eventually developed powerful tools in-house to store indexes and queries. By deploying ESS on AWS, Expedia was able to improve service to customers in the Asia Pacific region as well as Europe.“Latency was our biggest issue,” says Chandramouli. “Using AWS, we decreased average network latency from 700 milliseconds to less than 50 milliseconds.”
Running Critical Applications on AWS
By 2011, Expedia was running several critical, high-volumes applications on AWS, such as the Global Deals Engine (GDE). GDE delivers deals to its online partners and allows them to create custom websites and applications using Expedia APIs and product inventory tools. Expedia provisions Hadoop clusters using Amazon Elastic Map Reduce (Amazon EMR) to analyze and process streams of data coming from Expedia’s global network of websites, primarily clickstream, user interaction, and supply data, which is stored on Amazon Simple Storage Service (Amazon S3). Expedia processes approximately 240 requests per second. “The advantage of AWS is that we can use Auto Scaling to match load demand instead of having to maintain capacity for peak load in traditional datacenters,” comments Gopalan. Expedia uses AWS CloudFormation with Chef to deploy its entire front and backend stack into its Amazon Virtual Private Cloud (Amazon VPC) environment. Expedia uses a multi-region, multi-availability zone architecture with a proprietary DNS service to add resiliency to the applications. Figure 2 demonstrates the architecture of the GDE service on AWS. Expedia can add a new cluster to manage GDE and other high volume applications without worrying about the infrastructure.“If we had to host the same applications on our on-premises data center, we wouldn’t have the same level of CPU efficiency,” says Chandramouli. “If an application processes 3,000 requests per second, we would have to configure our physical servers to run at about 30 percent capacity to avoid boxes running hot. On AWS, we can push CPU consumption close to 70 percent because we can always scale out. Fundamentally, running in AWS enables a 230 percent CPU consumption efficiency in data processing. We run our critical applications on AWS because we can scale and use the infrastructure efficiently.”
Using IAM to Manage Security
To simplify the management of GDE, Expedia developed an identity federation broker that uses AWS Identity and Access Management (AWS IAM) and the AWS Security Token Service (AWS STS). The federation broker allows systems administrators and developers to use their existing Windows Active Directory (AD) accounts to single sign-on (SSO) to the AWS Management Console. In doing so, Expedia eliminates the need to create IAM users and maintain multiple environments where user identities are stored. Federation broker users sign into their Windows machines with their existing Active Directory credentials, browse to the federation broker, and transparently log into the AWS Management Console. This allows Expedia to enforce password and permissions management within their existing directory and to enforce group policies and other governance rules. Additionally, if an employee ever leaves the company or takes a different role, Expedia simply make changes to Active Directory to revoke or changes AWS permissions for the user instead of inside of AWS.Standardizing Application Deployment
The success of the ESS and GDE services sparked interest from other Expedia development teams, who began to use AWS for regional initiatives. By 2012, Expedia was hosting applications in the US East (Northern Virginia), EU (Ireland), Asia Pacific (Singapore), Asia Pacific (Tokyo), and US West (Northern California) Regions. Expedia Worldwide Engineering culled best practices from these initiatives to create a standardized deployment setup across all Regions. As Jun-Dai Bates-Kobashigawa, Principal Software Engineer explains,“We’re using Chef to automate the configuration of the Amazon Elastic Compute Cloud (Amazon EC2) servers. We can take any AWS image and use scripts stored in Chef to build a machine and spin up an instance customized for a team in just in a few minutes.”
The team consolidated all AWS accounts under one AWS account and provisioned one Amazon VPC network in each Region. This allows each Region to have an isolated infrastructure with a separate firewall, application layer, and database layer. Expedia applies Amazon EC2 Security Group firewall settings to safeguard applications and services. Amazon VPC is completely integrated into Expedia’s lab and production environments.“The Amazon VPC experience for the developer is totally seamless,” says Bates-Kobashigawa. “Developers use the same Active Directory service for authentication and may not even know that some of the servers that they log onto are running on AWS. It feels like a physical infrastructure with its own subnets and multiple layers, and it’s also easy to connect to our on-premises infrastructure using VPN.”
Expedia uses a blue-green deployment approach to create parallel production environments on AWS, enabling continuous deployment and faster time-to-market.“One of our metrics for success is the reduction of time to deploy within our teams,” says Gopalan. “We use this method to launch applications pretty quickly compared to a traditional deployment. Moreover, reducing the cost of a rollback to zero means we can be fearless with deployments.”
The Benefits
Expedia uses AWS to develop applications faster, scale to process large volumes of data, and troubleshoot issues quickly. By using AWS to build a standard deployment model, development teams can quickly create the infrastructure for new initiatives. Critical applications run in multiple Availability Zones in different Regions to ensure data is always available and to enable disaster recovery. Expedia Worldwide Engineering is working on building a monitoring infrastructure in all Regions and moving to a single infrastructure. Generally, teams have more control over development and operations on AWS. When Expedia experienced conversion issues for its Client Logging service, engineers were able to track and identify critical issues within two days. Expedia estimates that it would have taken six weeks to find the script errors if the service ran in a physical environment. Previously, Expedia had to provision servers for a full-load scenario in its data centers.“To deploy an application using our on-site facility, you have to think about the physical infrastructure,” Bates-Kobashigawa explains. “If there are 100 boxes running, you might have to take 20 boxes out to apply new code. Using AWS, we don’t have to take capacity out; we just add new capacity and send traffic to it.”
Chandramouli comments, “When I was developer, you didn’t want to invest in architecture if you didn’t know how the application would turn out. I had to plan upfront and build a proof of concept to present to stakeholders. By using AWS, I’m not bound by throughput limitations or CPU capacity. When I think of AWS, freedom is the first word that comes to mind.”