Sorting
From A to Z
Deployments found: 5
"We have no concerns about security or compliance. It's not easy to replicate the same security levels that we have on premises, but working in AWS, we're confident that we're following best practices for data protection, network access, and other security measures", Leandro Gelasi, IT Officer
The Challenge Despite its long-established roots,Corte dei conti (Cdc)isn’t an institution that has remained entrenched in the past. It understands that modernization is key to keeping relevant in a fast-moving world, and as a result it has embraced change in its processes and structure. IT has been central to this. Leandro Gelasi, IT officer at Corte dei conti, says,“We have a deep commitment to continuous improvement, and to support this goal we need an agile and elastic IT infrastructure.” Gelasi and his team wanted to move away from time-consuming management of physical IT. “We wanted to focus on providing an excellent service, rather than on handling hardware,” he says. A larger initiative to boost employee productivity went hand in hand with this efficiency drive, as Gelasi continues, “We wanted to change the way our 3,000-plus employees worked, enabling them to access applications from anywhere, on any device. But we had to ensure that this flexibility for staff didn’t jeopardize the safety of data.” Given its high-profile role in keeping public finances in check—and with the Italian government requiring agencies to cut IT expenditure in line with wider budget cuts—Cdc also had to focus on reducing its own costs. With a largely Citrix-based infrastructure, Corte dei conti had invested a lot in training its staff in this technology. It wanted to make the most of this investment, while at the same time making its architecture more agile.
Why Amazon Web Services The answer was a hybrid cloud environment, and Cdc chose Amazon Web Services (AWS) and AWS Advanced Consulting Partner XPeppers to help it in this journey, starting with adopting a virtual desktop infrastructure (VDI) based on Amazon WorkSpaces. Gelasi says, “We looked at AWS and realized it was the perfect platform for our migration to the cloud. We had worked with XPeppers before, so it was our first choice to help us move to AWS and ensure seamless integration with our Citrix environment.” The infrastructure runs on 25 Amazon Elastic Compute Cloud (Amazon EC2) instances, which run only during office hours, between 8:00 am and 8:00 pm. Cdc uses AWS Lambda to orchestrate the startup and shutdown for each instance. Each department has a dedicated Amazon Virtual Private Cloud (Amazon VPC) and a virtual private network connection between the VPCs and Cdc’s data centers. Paolo Latella, solutions architect at XPeppers, says, “Because it deals with sensitive data, Corte dei conti needs a secure architecture. We worked with Cdc to explain best practices in the cloud, ensuring that it maintains the highest security levels.” For example, AWS Identity and Access Management (IAM) helps the court control access to resources, and Amazon CloudWatch allows the team to keep applications running smoothly. Plus, through the AWS Marketplace, Cdc can choose the software and services it needs to implement a security model that replicates its on-premises structure.
The Benefits First and foremost, Gelasi and his team feel safe working in the cloud. “We have no concerns about security or compliance,” he says. “It’s not easy to replicate the same security levels that we have on premises, but working in AWS, we’re confident that we’re following best practices for data protection, network access, and other security measures.”
He continues, “The service that our users are getting is vastly improved. We have very little feedback, which is great for us. No news is good news in IT.” In addition, internal users have more flexibility and can access applications on their laptops, tablets, and smartphones from anywhere. “We have made it possible for court employees such as magistrates to work effectively from home. Previously, they could only access applications from the office, but now they can do this wherever they are. As a result, they’re much more productive. Decisions get made faster and the whole system works better. It’s a brilliant result for our entire organization,” says Gelasi. Managing processes is also easier, so the Cdc IT team can focus on developing services for both internal and external clients. One of the IT team’s goals in the organization’s larger drive to boost efficiency is to provide services to government agencies across Italy. Gelasi says, “With our AWS infrastructure, it’s easier for us to offer IT to other institutions, which helps them cut costs in line with government initiatives.” “We’re saving money in the cloud too,” he continues. “By moving to AWS, we avoided €40,000 in hardware costs.” Operating expenses are more difficult to determine, but Gelasi is convinced that with the VDI project, Cdc is cutting energy consumption and saving money on air conditioning and electricity. “One of the drivers of the project was to get better visibility of costs and be more accountable,” he says. “As we move more of our infrastructure to the AWS cloud, we’ll be able to do this too.” Having successfully deployed VDI to 250 users across Cdc, the team is now rolling it out across all of the organization’s regions, eventually giving its 3,000 employees the tools to be more productive. The court is also working with XPeppers to build its disaster recovery on AWS and move more workloads to the cloud for improved agility. “The biggest benefit of working in the AWS cloud? I can’t pinpoint just one,” says Gelasi. “It’s the whole package. We’ve got more flexibility, we can scale seamlessly, and we have more time to provide a great service to our customers.”
The Challenge Despite its long-established roots,Corte dei conti (Cdc)isn’t an institution that has remained entrenched in the past. It understands that modernization is key to keeping relevant in a fast-moving world, and as a result it has embraced change in its processes and structure. IT has been central to this. Leandro Gelasi, IT officer at Corte dei conti, says,“We have a deep commitment to continuous improvement, and to support this goal we need an agile and elastic IT infrastructure.” Gelasi and his team wanted to move away from time-consuming management of physical IT. “We wanted to focus on providing an excellent service, rather than on handling hardware,” he says. A larger initiative to boost employee productivity went hand in hand with this efficiency drive, as Gelasi continues, “We wanted to change the way our 3,000-plus employees worked, enabling them to access applications from anywhere, on any device. But we had to ensure that this flexibility for staff didn’t jeopardize the safety of data.” Given its high-profile role in keeping public finances in check—and with the Italian government requiring agencies to cut IT expenditure in line with wider budget cuts—Cdc also had to focus on reducing its own costs. With a largely Citrix-based infrastructure, Corte dei conti had invested a lot in training its staff in this technology. It wanted to make the most of this investment, while at the same time making its architecture more agile.
Why Amazon Web Services The answer was a hybrid cloud environment, and Cdc chose Amazon Web Services (AWS) and AWS Advanced Consulting Partner XPeppers to help it in this journey, starting with adopting a virtual desktop infrastructure (VDI) based on Amazon WorkSpaces. Gelasi says, “We looked at AWS and realized it was the perfect platform for our migration to the cloud. We had worked with XPeppers before, so it was our first choice to help us move to AWS and ensure seamless integration with our Citrix environment.” The infrastructure runs on 25 Amazon Elastic Compute Cloud (Amazon EC2) instances, which run only during office hours, between 8:00 am and 8:00 pm. Cdc uses AWS Lambda to orchestrate the startup and shutdown for each instance. Each department has a dedicated Amazon Virtual Private Cloud (Amazon VPC) and a virtual private network connection between the VPCs and Cdc’s data centers. Paolo Latella, solutions architect at XPeppers, says, “Because it deals with sensitive data, Corte dei conti needs a secure architecture. We worked with Cdc to explain best practices in the cloud, ensuring that it maintains the highest security levels.” For example, AWS Identity and Access Management (IAM) helps the court control access to resources, and Amazon CloudWatch allows the team to keep applications running smoothly. Plus, through the AWS Marketplace, Cdc can choose the software and services it needs to implement a security model that replicates its on-premises structure.
The Benefits First and foremost, Gelasi and his team feel safe working in the cloud. “We have no concerns about security or compliance,” he says. “It’s not easy to replicate the same security levels that we have on premises, but working in AWS, we’re confident that we’re following best practices for data protection, network access, and other security measures.”
He continues, “The service that our users are getting is vastly improved. We have very little feedback, which is great for us. No news is good news in IT.” In addition, internal users have more flexibility and can access applications on their laptops, tablets, and smartphones from anywhere. “We have made it possible for court employees such as magistrates to work effectively from home. Previously, they could only access applications from the office, but now they can do this wherever they are. As a result, they’re much more productive. Decisions get made faster and the whole system works better. It’s a brilliant result for our entire organization,” says Gelasi. Managing processes is also easier, so the Cdc IT team can focus on developing services for both internal and external clients. One of the IT team’s goals in the organization’s larger drive to boost efficiency is to provide services to government agencies across Italy. Gelasi says, “With our AWS infrastructure, it’s easier for us to offer IT to other institutions, which helps them cut costs in line with government initiatives.” “We’re saving money in the cloud too,” he continues. “By moving to AWS, we avoided €40,000 in hardware costs.” Operating expenses are more difficult to determine, but Gelasi is convinced that with the VDI project, Cdc is cutting energy consumption and saving money on air conditioning and electricity. “One of the drivers of the project was to get better visibility of costs and be more accountable,” he says. “As we move more of our infrastructure to the AWS cloud, we’ll be able to do this too.” Having successfully deployed VDI to 250 users across Cdc, the team is now rolling it out across all of the organization’s regions, eventually giving its 3,000 employees the tools to be more productive. The court is also working with XPeppers to build its disaster recovery on AWS and move more workloads to the cloud for improved agility. “The biggest benefit of working in the AWS cloud? I can’t pinpoint just one,” says Gelasi. “It’s the whole package. We’ve got more flexibility, we can scale seamlessly, and we have more time to provide a great service to our customers.”
The Challenge
Since its founding in 2012, Coinbase has quickly become the leader in bitcoin transactions. As it prepared to respond to ever-increasing customer demand for bitcoin transactions, the company knew it needed to invest in the right underlying technology. “We’re now in the phase of legitimizing this currency and bringing it to the masses,” says Rob Witoff , director at Coinbase . “As part of that, our core tenets are security, scalability, and availability.”
Security is the most important of those tenets, according to Witoff . “We control hundreds of millions of dollars of bitcoin for our customers, placing us among the largest reserves in our industry,” says Witoff . “Just as a traditional bank would heavily guard its customers’ assets inside a physical bank vault, we take the same or greater precautions with our servers.”
Scalability is also critical because Coinbase needs to be able to elastically scale its services globally without consuming precious engineering resources. “As a startup, we’re meticulous about where we invest our time,” says Witoff . “We want to focus on how our customers interact with our product and the services we’re offering. We don’t want to reinvent solutions to already-solved foundational infrastructure.” Coinbase also strives to give its developers more time to focus on innovation. “We have creative, envelope-pushing engineers who are driving our startup with innovative new services that balance a delightful experience with uncompromising security,” says Witoff . “That’s why we need to have our exchange on something we know will work.”
Additionally, Coinbase sought a better data analytics solution. “We generate massive amounts of data from the top to the bottom of our infrastructure that would traditionally be stored in a remote and dated warehouse. But we’ve increasingly focused on adopting new technologies without losing a reliable, trusted core,” says Witoff . “At the same time, we wanted the best possible real-time insight into how our services are running.”
To support its goals, Coinbase decided to deploy its new bitcoin exchange in the cloud. “When I joined Coinbase in 2014, the company was bootstrapped by quite a few third-party hosting providers,” says Witoff . “But because we’re managing actual value and real assets on our machines, we needed to have complete control over our environment.”
Why Amazon Web Services Coinbase evaluated different cloud technology vendors in late 2014, but it was most confident in Amazon Web Services (AWS). In his previous role at NASA’s Jet Propulsion Laboratory, Witoff gained experience running secure and sensitive workloads on AWS. Based on this, Witoff says he “came to trust a properly designed AWS cloud.” The company began designing the new Coinbase Exchange by using AWS Identity and Access Management (IAM), which securely controls access to AWS services. “Cloud computing provides an API for everything, including accidentally destroying the company,” says Witoff . “We think security and identity and access management done correctly can empower our engineers to focus on products within clear and trusted walls, and that’s why we implemented an auditable self-service security foundation with AWS IAM.” The exchange runs inside the Coinbase production environment on AWS, powered by a custom-built transactional data engine alongside Amazon Relational Database Service (Amazon RDS) instances and PostgreSQL databases. Amazon Elastic Compute Cloud (Amazon EC2) instances also power the exchange. The organization provides reliable delivery of its wallet and exchange to global customers by distributing its applications natively across multiple AWS Availability Zones. Coinbase created a streaming data insight pipeline in AWS, with real-time exchange analytics processed by an Amazon Kinesis managed big-data processing service. “All of our operations analytics are piped into Kinesis in real time and then sent to our analytics engine so engineers can search, query, and find trends from the data,” Witoff says. “We also take that data from Kinesis into a separate disaster recovery environment.” Coinbase also integrates the insight pipeline with AWS CloudTrail log files, which are sent to Amazon Simple Storage Service (Amazon S3) buckets, then to the AWS Lambda compute service, and on to Kinesis containers based on Docker images. This gives Coinbase complete, transparent, and indexed audit logs across its entire IT environment. Every day, 1 TB of data—about 1 billion events—flows through that path. “Whenever our security groups or network access controls are modified, we see alerts in real time, so we get full insight into everything happening across the exchange,” says Witoff . For additional big-data insight, Coinbase uses Amazon Elastic MapReduce (Amazon EMR), a web service that uses the Hadoop open-source framework to process data, and Amazon Redshift, a managed petabyte-scale data warehouse. “We use Amazon EMR to crunch our growing databases into structured, actionable Redshift data that tells us how our company is performing and where to steer our ship next,” says Witoff . All of the company’s networks are designed, built, and maintained through AWS CloudFormation templates. “This gives us the luxury of version-controlling our network, and it allows for seamless, exact network duplication for on-demand development and staging environments,” says Witoff . Coinbase also uses Amazon Virtual Private Cloud (Amazon VPC) endpoints to optimize throughput to Amazon S3, and Amazon WorkSpaces to provision cloud-based desktops for global workers. “As we scale our services around the world, we also scale our team. We rely on Amazon WorkSpaces for on-demand access by our contractors to appropriate slices of our network,” Witoff says. Coinbase launched the U.S. Coinbase Exchange on AWS in February 2015, and recently expanded to serve European users.
The Benefits Coinbase is able to securely store its customers’ funds using AWS. “I consider Amazon’s cloud to be our own private cloud, and when we deploy something there, I trust that my staff and administrators are the only people who have access to those assets,” says Witoff . “Also, securely storing bitcoin remains a major focus area for us that has helped us gain the trust of consumers across the world. Rather than spending our resources replicating and securing a new data center with solved challenges, AWS has allowed us to hone in on one of our core competencies: securely storing private keys.” Coinbase has also relied on AWS to quickly grow its customer base. “In three years, our bitcoin wallet base has grown from zero to more than 3 million. We’ve been able to drive that growth by providing a fast, global wallet service, which would not be possible without AWS,” says Witoff . Additionally, the company has better visibility into its business with its insight pipeline. “Using Kinesis for our insight pipeline, we can provide analytical insights to our engineering team without forcing them to jump through complex hoops to traverse our information,” says Witoff . “They can use the pipeline to easily view all the metadata about how the Coinbase Exchange is performing.” And because Kinesis provides a one-to-many analytics delivery method, Coinbase can collect metrics in its primary database as well as through new, experimental data stores. “As a result, we can keep up to speed with the latest, greatest, most exciting tools in the data science and data analytics space without having to take undue risk on unproven technologies,” says Witoff . As a startup company that built its bitcoin exchange in the cloud from day one, Coinbase has more agility than it would have had if it created the exchange internally. “By starting with the cloud at our core, we’ve been able to move fast where others dread,” says Witoff . “Evolving our network topology, scaling across the globe, and deploying new services are never more than a few actions away. This empowers us to spend more time thinking about what we want to do instead of what we’re able to do.” That agility is helping Coinbase meet the demands of fast business growth. “Our exchange is in hyper-growth mode, and we’re in the process of scaling it all across the world,” says Witoff . “For each new country we bring on board, we are able to scale geographically and at the touch of a button launch more machines to support more users.” By using AWS, Coinbase can concentrate even more on innovation. “We trust AWS to manage the lowest layers of our stack, which helps me sleep at night,” says Witoff . “And as we go higher up into that stack—for example, with our insight pipeline—we are able to reach new heights as a business, so we can focus on innovating for the future of finance.”
Why Amazon Web Services Coinbase evaluated different cloud technology vendors in late 2014, but it was most confident in Amazon Web Services (AWS). In his previous role at NASA’s Jet Propulsion Laboratory, Witoff gained experience running secure and sensitive workloads on AWS. Based on this, Witoff says he “came to trust a properly designed AWS cloud.” The company began designing the new Coinbase Exchange by using AWS Identity and Access Management (IAM), which securely controls access to AWS services. “Cloud computing provides an API for everything, including accidentally destroying the company,” says Witoff . “We think security and identity and access management done correctly can empower our engineers to focus on products within clear and trusted walls, and that’s why we implemented an auditable self-service security foundation with AWS IAM.” The exchange runs inside the Coinbase production environment on AWS, powered by a custom-built transactional data engine alongside Amazon Relational Database Service (Amazon RDS) instances and PostgreSQL databases. Amazon Elastic Compute Cloud (Amazon EC2) instances also power the exchange. The organization provides reliable delivery of its wallet and exchange to global customers by distributing its applications natively across multiple AWS Availability Zones. Coinbase created a streaming data insight pipeline in AWS, with real-time exchange analytics processed by an Amazon Kinesis managed big-data processing service. “All of our operations analytics are piped into Kinesis in real time and then sent to our analytics engine so engineers can search, query, and find trends from the data,” Witoff says. “We also take that data from Kinesis into a separate disaster recovery environment.” Coinbase also integrates the insight pipeline with AWS CloudTrail log files, which are sent to Amazon Simple Storage Service (Amazon S3) buckets, then to the AWS Lambda compute service, and on to Kinesis containers based on Docker images. This gives Coinbase complete, transparent, and indexed audit logs across its entire IT environment. Every day, 1 TB of data—about 1 billion events—flows through that path. “Whenever our security groups or network access controls are modified, we see alerts in real time, so we get full insight into everything happening across the exchange,” says Witoff . For additional big-data insight, Coinbase uses Amazon Elastic MapReduce (Amazon EMR), a web service that uses the Hadoop open-source framework to process data, and Amazon Redshift, a managed petabyte-scale data warehouse. “We use Amazon EMR to crunch our growing databases into structured, actionable Redshift data that tells us how our company is performing and where to steer our ship next,” says Witoff . All of the company’s networks are designed, built, and maintained through AWS CloudFormation templates. “This gives us the luxury of version-controlling our network, and it allows for seamless, exact network duplication for on-demand development and staging environments,” says Witoff . Coinbase also uses Amazon Virtual Private Cloud (Amazon VPC) endpoints to optimize throughput to Amazon S3, and Amazon WorkSpaces to provision cloud-based desktops for global workers. “As we scale our services around the world, we also scale our team. We rely on Amazon WorkSpaces for on-demand access by our contractors to appropriate slices of our network,” Witoff says. Coinbase launched the U.S. Coinbase Exchange on AWS in February 2015, and recently expanded to serve European users.
The Benefits Coinbase is able to securely store its customers’ funds using AWS. “I consider Amazon’s cloud to be our own private cloud, and when we deploy something there, I trust that my staff and administrators are the only people who have access to those assets,” says Witoff . “Also, securely storing bitcoin remains a major focus area for us that has helped us gain the trust of consumers across the world. Rather than spending our resources replicating and securing a new data center with solved challenges, AWS has allowed us to hone in on one of our core competencies: securely storing private keys.” Coinbase has also relied on AWS to quickly grow its customer base. “In three years, our bitcoin wallet base has grown from zero to more than 3 million. We’ve been able to drive that growth by providing a fast, global wallet service, which would not be possible without AWS,” says Witoff . Additionally, the company has better visibility into its business with its insight pipeline. “Using Kinesis for our insight pipeline, we can provide analytical insights to our engineering team without forcing them to jump through complex hoops to traverse our information,” says Witoff . “They can use the pipeline to easily view all the metadata about how the Coinbase Exchange is performing.” And because Kinesis provides a one-to-many analytics delivery method, Coinbase can collect metrics in its primary database as well as through new, experimental data stores. “As a result, we can keep up to speed with the latest, greatest, most exciting tools in the data science and data analytics space without having to take undue risk on unproven technologies,” says Witoff . As a startup company that built its bitcoin exchange in the cloud from day one, Coinbase has more agility than it would have had if it created the exchange internally. “By starting with the cloud at our core, we’ve been able to move fast where others dread,” says Witoff . “Evolving our network topology, scaling across the globe, and deploying new services are never more than a few actions away. This empowers us to spend more time thinking about what we want to do instead of what we’re able to do.” That agility is helping Coinbase meet the demands of fast business growth. “Our exchange is in hyper-growth mode, and we’re in the process of scaling it all across the world,” says Witoff . “For each new country we bring on board, we are able to scale geographically and at the touch of a button launch more machines to support more users.” By using AWS, Coinbase can concentrate even more on innovation. “We trust AWS to manage the lowest layers of our stack, which helps me sleep at night,” says Witoff . “And as we go higher up into that stack—for example, with our insight pipeline—we are able to reach new heights as a business, so we can focus on innovating for the future of finance.”
The Challenge
After maintaining on-premises hardware and custom publishing software for nearly two decades, The Seattle Times sought to migrate its website publishing to a contemporary content management platform. To avoid the costs of acquiring and configuring new hardware infrastructure and the required staff to maintain it, the company initially chose a fully managed hosting vendor. But after several months, The Times' software engineering team found it had sacrificed flexibility and agility in exchange for less maintenance responsibility. As the hosted platform struggled with managing traffic under a vastly fluctuating load, The Seattle Times team was hamstrung in its ability to scale up to meet customer demand. Tom Bain, the software engineering manager overseeing the migration effort, says, "We had a fairly standard architecture in mind when we set out to do the migration, and we encouraged our vendor to adapt to our needs, but they struggled with the idea of altering their own business model to satisfy our very unique hosting needs."
Why Amazon Web Services To address these core scalability concerns, The Seattle Times engineering team considered several alternative hosting options, including self-hosting on premises, more flexible managed hosting options, and various cloud providers. The team concluded that the available cloud options provided the needed flexibility, appropriate architecture, and desired cost savings. The company ultimately chose Amazon Web Services (AWS), in part because of the maturity of the product offering and, most significantly, the auto-scaling capabilities built into the service. The Seattle Times' new software is built on the LAMP stack, and the added benefits of native, Linux-based cloud hosting made the most sense when choosing a new vendor. The Seattle Times developed a proof-of-concept and implementation plan, which was reviewed by a team from AWS Support. “They looked over our architecture and said, ‘Here are some things that we recommend you do, some best practices, and some lessons learned,’ ” says Rob Grutko, director of technology for The Seattle Times. “They were very helpful in making sure we were production ready.” After implementing the desired system architecture and vetting the chosen components and configuration with AWS, The Times deployed its new system in just six hours. The website moved to the AWS platform between 11 p.m. and 3 a.m. and final testing was completed by 5 a.m. — in time for the next news day.
How Seattle Times Uses AWS Seattletimes.com is now hosted in an Amazon Virtual Private Cloud (Amazon VPC), a logically isolated section of the AWS cloud. It uses Amazon Elastic Compute Cloud (Amazon EC2) for resizable compute capacity and Amazon Elastic Block Store (Amazon EBS) for persistent block-level storage volumes. Amazon Relational Database Service (Amazon RDS) serves as a scalable cloud-based database, Amazon Simple Storage Service (Amazon S3) provides a fully redundant infrastructure for storing and retrieving data, and Amazon Route 53 offers a highly available and scalable Domain Name System (DNS) web service. The Times is using Amazon CloudFront in front of several Amazon S3 buckets to distribute a huge collection of photo imagery. The combination of Amazon CloudFront and Amazon S3 is used to embed photos into news stories distributed to The Times readers with low latency and high transfer speeds. Additionally, Amazon ElastiCache serves as an in-memory “cache in the cloud” in The Times’ new configuration. The Times is also using AWS Lambda to resize images for viewing on different devices such as desktop computers, tablets, and smartphones.
The Benefits With AWS, The Seattle Times can now automatically scale up very rapidly to accommodate spikes in website traffic when big stories break, and scale down during slower traffic periods to reduce costs. “Auto-scaling is really the clincher to this,” Grutko says. “With AWS, we can now serve our online readers with speed and efficiency, scaling to meet demand and delivering a better reader experience.’’ Moreover, news images can now be rapidly resized for different viewing environments, allowing breaking-news stories to reach readers faster. “AWS Lambda provides us with extremely fast image resizing,” Grutko says. “Before, if we needed an image resized in 10 different sizes, it would happen serially. With AWS Lambda, all 10 images get created at the same time, so it’s quite a bit faster and it involves no server maintenance.” Rather than relying on a hosting service to fix inevitable systems issues, The Times now has complete control over its back-end environment, enabling it to troubleshoot problems as soon as they occur. “When an issue happens, we can go under the hood and troubleshoot to get around nearly any problem,” says Grutko. “It’s our environment, and we control it.” When the company encounters a problem that it can’t solve, it relies on AWS Support. “Our on-boarding experience was quite good with the AWS support team,” says Miles Van Pelt, senior development engineer at The Seattle Times. “It really felt like they went out of their way to answer our questions and research topics that we couldn't readily find in their extensive documentation.” By choosing AWS, The Seattle Times is now better positioned to deliver in its pursuit of being a leading-edge digital news media company. “By moving to AWS, we’ve regained the agility and flexibility we need to support the company’s journalistic mission without incurring the expense and demands required of a pile of physical hardware,” says Grutko .
After maintaining on-premises hardware and custom publishing software for nearly two decades, The Seattle Times sought to migrate its website publishing to a contemporary content management platform. To avoid the costs of acquiring and configuring new hardware infrastructure and the required staff to maintain it, the company initially chose a fully managed hosting vendor. But after several months, The Times' software engineering team found it had sacrificed flexibility and agility in exchange for less maintenance responsibility. As the hosted platform struggled with managing traffic under a vastly fluctuating load, The Seattle Times team was hamstrung in its ability to scale up to meet customer demand. Tom Bain, the software engineering manager overseeing the migration effort, says, "We had a fairly standard architecture in mind when we set out to do the migration, and we encouraged our vendor to adapt to our needs, but they struggled with the idea of altering their own business model to satisfy our very unique hosting needs."
Why Amazon Web Services To address these core scalability concerns, The Seattle Times engineering team considered several alternative hosting options, including self-hosting on premises, more flexible managed hosting options, and various cloud providers. The team concluded that the available cloud options provided the needed flexibility, appropriate architecture, and desired cost savings. The company ultimately chose Amazon Web Services (AWS), in part because of the maturity of the product offering and, most significantly, the auto-scaling capabilities built into the service. The Seattle Times' new software is built on the LAMP stack, and the added benefits of native, Linux-based cloud hosting made the most sense when choosing a new vendor. The Seattle Times developed a proof-of-concept and implementation plan, which was reviewed by a team from AWS Support. “They looked over our architecture and said, ‘Here are some things that we recommend you do, some best practices, and some lessons learned,’ ” says Rob Grutko, director of technology for The Seattle Times. “They were very helpful in making sure we were production ready.” After implementing the desired system architecture and vetting the chosen components and configuration with AWS, The Times deployed its new system in just six hours. The website moved to the AWS platform between 11 p.m. and 3 a.m. and final testing was completed by 5 a.m. — in time for the next news day.
How Seattle Times Uses AWS Seattletimes.com is now hosted in an Amazon Virtual Private Cloud (Amazon VPC), a logically isolated section of the AWS cloud. It uses Amazon Elastic Compute Cloud (Amazon EC2) for resizable compute capacity and Amazon Elastic Block Store (Amazon EBS) for persistent block-level storage volumes. Amazon Relational Database Service (Amazon RDS) serves as a scalable cloud-based database, Amazon Simple Storage Service (Amazon S3) provides a fully redundant infrastructure for storing and retrieving data, and Amazon Route 53 offers a highly available and scalable Domain Name System (DNS) web service. The Times is using Amazon CloudFront in front of several Amazon S3 buckets to distribute a huge collection of photo imagery. The combination of Amazon CloudFront and Amazon S3 is used to embed photos into news stories distributed to The Times readers with low latency and high transfer speeds. Additionally, Amazon ElastiCache serves as an in-memory “cache in the cloud” in The Times’ new configuration. The Times is also using AWS Lambda to resize images for viewing on different devices such as desktop computers, tablets, and smartphones.
The Benefits With AWS, The Seattle Times can now automatically scale up very rapidly to accommodate spikes in website traffic when big stories break, and scale down during slower traffic periods to reduce costs. “Auto-scaling is really the clincher to this,” Grutko says. “With AWS, we can now serve our online readers with speed and efficiency, scaling to meet demand and delivering a better reader experience.’’ Moreover, news images can now be rapidly resized for different viewing environments, allowing breaking-news stories to reach readers faster. “AWS Lambda provides us with extremely fast image resizing,” Grutko says. “Before, if we needed an image resized in 10 different sizes, it would happen serially. With AWS Lambda, all 10 images get created at the same time, so it’s quite a bit faster and it involves no server maintenance.” Rather than relying on a hosting service to fix inevitable systems issues, The Times now has complete control over its back-end environment, enabling it to troubleshoot problems as soon as they occur. “When an issue happens, we can go under the hood and troubleshoot to get around nearly any problem,” says Grutko. “It’s our environment, and we control it.” When the company encounters a problem that it can’t solve, it relies on AWS Support. “Our on-boarding experience was quite good with the AWS support team,” says Miles Van Pelt, senior development engineer at The Seattle Times. “It really felt like they went out of their way to answer our questions and research topics that we couldn't readily find in their extensive documentation.” By choosing AWS, The Seattle Times is now better positioned to deliver in its pursuit of being a leading-edge digital news media company. “By moving to AWS, we’ve regained the agility and flexibility we need to support the company’s journalistic mission without incurring the expense and demands required of a pile of physical hardware,” says Grutko .
Expedia Increases Agility and Resiliency by Going All In on AWS
Expedia is all in on AWS, with plans to migrate 80 percent of its mission-critical apps from its on-premises data centers to the cloud in the next two to three years. By using AWS, Expedia has become more resilient. Expedia’s developers have been able to innovate faster while saving the company millions of dollars. Expedia provides travel-booking services across its flagship site Expedia.com and about 200 other travel-booking sites around the world.
About Expedia
Expedia, Inc. is a leading online travel company, providing leisure and business travel to customers worldwide. Expedia’s extensive brand portfolio includes Expedia.com, one of the world’s largest full service online travel agency, with sites localized for more than 20 countries; Hotels.com, the hotel specialist with sites in more than 60 countries; Hotwire.com, the hotel specialist with sites in more than 60 countries, and other travel brands. The company delivers consumer value in leisure and business travel, drives incremental demand and direct bookings to travel suppliers, and provides advertisers the opportunity to reach a highly valuable audience of in-market travel consumers through Expedia Media Solutions. Expedia also powers bookings for some of the world’s leading airlines and hotels, top consumer brands, high traffic websites, and thousands of active affiliates through Expedia Affiliate Network.The Challenge
Expedia is committed to continuous innovation, technology, and platform improvements to create a great experience for its customers. The Expedia Worldwide Engineering (EWE) organization supports all websites under the Expedia brand. Expedia began using Amazon Web Services (AWS) in 2010 to launch Expedia Suggest Service (ESS), a typeahead suggestion service that helps customers enter travel, search, and location information correctly. According to the company’s metrics, an error page is the main reason for site abandonment. Expedia wanted global users to find what they were looking for quickly and without errors. At the time, Expedia operated all its services from data centers in Chandler, AZ. The engineering team realized that they had to run ESS in locations physically close to customers to enable a quick and responsive service with minimal network latency. Why Amazon Web Services Expedia considered on-premises virtualization solutions as well as other cloud providers, but ultimately chose Amazon Web Services (AWS) because it was the only solution with the global infrastructure in place to support Asia Pacific customers.“From an architectural perspective, infrastructure, automation, and proximity to the customer were key factors,” explains Murari Gopalan, Technology Director. “There was no way for us to solve the problem without AWS.”
Launching ESS on AWS
“Using AWS, we were able to build and deliver the ESS service within three months,” says Magesh Chandramouli, Principal Architect.
ESS uses algorithms based on customer location and aggregated shopping and booking data from past customers to display suggestions when a customer starts typing. For example, if a customer in Seattle entered sea when booking a flight, the service would display Seattle, SeaTac, and other relevant destinations. Expedia launched ESS instances initially in the Asia Pacific (Singapore) Region and then quickly replicated the service in the US West (Northern California) and EU (Ireland) Regions. Expedia engineers initially used Apache Lucene and other open source tools to build the service, but eventually developed powerful tools in-house to store indexes and queries. By deploying ESS on AWS, Expedia was able to improve service to customers in the Asia Pacific region as well as Europe.“Latency was our biggest issue,” says Chandramouli. “Using AWS, we decreased average network latency from 700 milliseconds to less than 50 milliseconds.”
Running Critical Applications on AWS
By 2011, Expedia was running several critical, high-volumes applications on AWS, such as the Global Deals Engine (GDE). GDE delivers deals to its online partners and allows them to create custom websites and applications using Expedia APIs and product inventory tools. Expedia provisions Hadoop clusters using Amazon Elastic Map Reduce (Amazon EMR) to analyze and process streams of data coming from Expedia’s global network of websites, primarily clickstream, user interaction, and supply data, which is stored on Amazon Simple Storage Service (Amazon S3). Expedia processes approximately 240 requests per second. “The advantage of AWS is that we can use Auto Scaling to match load demand instead of having to maintain capacity for peak load in traditional datacenters,” comments Gopalan. Expedia uses AWS CloudFormation with Chef to deploy its entire front and backend stack into its Amazon Virtual Private Cloud (Amazon VPC) environment. Expedia uses a multi-region, multi-availability zone architecture with a proprietary DNS service to add resiliency to the applications. Figure 2 demonstrates the architecture of the GDE service on AWS. Expedia can add a new cluster to manage GDE and other high volume applications without worrying about the infrastructure.“If we had to host the same applications on our on-premises data center, we wouldn’t have the same level of CPU efficiency,” says Chandramouli. “If an application processes 3,000 requests per second, we would have to configure our physical servers to run at about 30 percent capacity to avoid boxes running hot. On AWS, we can push CPU consumption close to 70 percent because we can always scale out. Fundamentally, running in AWS enables a 230 percent CPU consumption efficiency in data processing. We run our critical applications on AWS because we can scale and use the infrastructure efficiently.”
Using IAM to Manage Security
To simplify the management of GDE, Expedia developed an identity federation broker that uses AWS Identity and Access Management (AWS IAM) and the AWS Security Token Service (AWS STS). The federation broker allows systems administrators and developers to use their existing Windows Active Directory (AD) accounts to single sign-on (SSO) to the AWS Management Console. In doing so, Expedia eliminates the need to create IAM users and maintain multiple environments where user identities are stored. Federation broker users sign into their Windows machines with their existing Active Directory credentials, browse to the federation broker, and transparently log into the AWS Management Console. This allows Expedia to enforce password and permissions management within their existing directory and to enforce group policies and other governance rules. Additionally, if an employee ever leaves the company or takes a different role, Expedia simply make changes to Active Directory to revoke or changes AWS permissions for the user instead of inside of AWS.Standardizing Application Deployment
The success of the ESS and GDE services sparked interest from other Expedia development teams, who began to use AWS for regional initiatives. By 2012, Expedia was hosting applications in the US East (Northern Virginia), EU (Ireland), Asia Pacific (Singapore), Asia Pacific (Tokyo), and US West (Northern California) Regions. Expedia Worldwide Engineering culled best practices from these initiatives to create a standardized deployment setup across all Regions. As Jun-Dai Bates-Kobashigawa, Principal Software Engineer explains,“We’re using Chef to automate the configuration of the Amazon Elastic Compute Cloud (Amazon EC2) servers. We can take any AWS image and use scripts stored in Chef to build a machine and spin up an instance customized for a team in just in a few minutes.”
The team consolidated all AWS accounts under one AWS account and provisioned one Amazon VPC network in each Region. This allows each Region to have an isolated infrastructure with a separate firewall, application layer, and database layer. Expedia applies Amazon EC2 Security Group firewall settings to safeguard applications and services. Amazon VPC is completely integrated into Expedia’s lab and production environments.“The Amazon VPC experience for the developer is totally seamless,” says Bates-Kobashigawa. “Developers use the same Active Directory service for authentication and may not even know that some of the servers that they log onto are running on AWS. It feels like a physical infrastructure with its own subnets and multiple layers, and it’s also easy to connect to our on-premises infrastructure using VPN.”
Expedia uses a blue-green deployment approach to create parallel production environments on AWS, enabling continuous deployment and faster time-to-market.“One of our metrics for success is the reduction of time to deploy within our teams,” says Gopalan. “We use this method to launch applications pretty quickly compared to a traditional deployment. Moreover, reducing the cost of a rollback to zero means we can be fearless with deployments.”
The Benefits
Expedia uses AWS to develop applications faster, scale to process large volumes of data, and troubleshoot issues quickly. By using AWS to build a standard deployment model, development teams can quickly create the infrastructure for new initiatives. Critical applications run in multiple Availability Zones in different Regions to ensure data is always available and to enable disaster recovery. Expedia Worldwide Engineering is working on building a monitoring infrastructure in all Regions and moving to a single infrastructure. Generally, teams have more control over development and operations on AWS. When Expedia experienced conversion issues for its Client Logging service, engineers were able to track and identify critical issues within two days. Expedia estimates that it would have taken six weeks to find the script errors if the service ran in a physical environment. Previously, Expedia had to provision servers for a full-load scenario in its data centers.“To deploy an application using our on-site facility, you have to think about the physical infrastructure,” Bates-Kobashigawa explains. “If there are 100 boxes running, you might have to take 20 boxes out to apply new code. Using AWS, we don’t have to take capacity out; we just add new capacity and send traffic to it.”
Chandramouli comments, “When I was developer, you didn’t want to invest in architecture if you didn’t know how the application would turn out. I had to plan upfront and build a proof of concept to present to stakeholders. By using AWS, I’m not bound by throughput limitations or CPU capacity. When I think of AWS, freedom is the first word that comes to mind.”
Club Automation drives new business growth, safely migrates its health club management application to AWS, protects customer data, and provisions firewalls in 15 minutes instead of several hours by using Barracuda NextGen Firewalls on the AWS Cloud. The organization provides cloud-based enterprise resource planning (ERP) software for health and athletic clubs throughout the United States. Club Automation migrated its applications to AWS and uses Barracuda firewalls provisioned through the AWS Marketplace.
About Club Automation
Club Automation a leading cloudbased software provider with a mission of contributing to a healthier and more active world by empowering more-efficient health and fitness club management. Based in Chicago, the company offers a software-as-a-service (SaaS) solution that enables health and fitness clubs to run their facilities effortlessly.
The Challenge
Not long ago, Club Automation was a small upstart company in the health club software industry with a big goal: to revolutionize the entire industry with a SaaS enterprise resource planning (ERP) solution that manages all parts of a health club’s business. The company is now experiencing explosive business growth. “We came into the club ERP space as an underdog, but we’ve grown extremely fast,” says Max Longin, a founding partner at the company. “About 70 percent of our total revenue as a company has come in the past year.” Even so, Longin considers this a period of “controlled growth.” “We have not really been marketing ourselves—our new customers have been coming to us through word of mouth. Our concern has been that if our systems are not ready to scale to support more growth, we could compromise performance and our customers’ experience.”
To address that concern, Club Automation sought to move its SaaS application to a new cloud technology provider. “We needed more agility and scalability than we had with our previous hybrid-cloud solution, which included a secure but legacy private-cloud environment,” Longin confirms. “We had to scale ahead of required capacity, which was costly and required a lot of planning. We wanted to be more agile, so we could quickly roll out new apps and features for our customers.”
As Club Automation considered new cloud technologies, it also needed to ensure strong security for its application workloads. “We operate in a cardholder environment, and our solution needs to be PCI compliant and highly secure,” Longin says. “We can’t allow access to our backend systems by anyone other than our developers. We had to eliminate attack surface areas within a cloud environment, and we needed the security to enable our business to move our workloads to the cloud safely.”
Why Amazon Web Services
Club Automation decided to move its SaaS application to the Amazon Web Services (AWS) cloud, in part because AWS addressed the company’s security and performance challenges. “Previously, we were not set up to support geographic growth, because we only had a few dispersed data centers and we had challenges deploying security quickly and getting solid performance in all areas of the United States,” Longin says. “We looked at Microsoft Azure, but it wasn’t the right solution for our needs,” says Longin. “AWS fit like a glove, and it offers the best services for our business.” Club Automation runs its web servers on Amazon Elastic Compute Cloud (Amazon EC2) instances and runs background jobs on AWS Elastic Beanstalk, a service for deploying and scaling web applications. The company is also using Amazon Aurora, a hosted relational database service, to store and manage customer membership and financial data.
To safely migrate its SaaS application workloads to AWS, Club Automation chose to work with Barracuda Networks, an AWS Partner Network (APN) Advanced Technology Partner with an AWS Security Competency certification. Barracuda provides firewalls engineered for AWS to help customers deploy a comprehensive security architecture and increase protection against cyberattacks and advanced threats. “I had a previous business relationship with Barracuda and was impressed with the stability of the solutions,” Longin says. Club Automation deployed Barracuda NextGen Firewalls to help secure the company’s AWS environment. The firewalls are installed on an Amazon EC2 instance in the Club Automation Amazon Virtual Private Cloud (Amazon VPC). Each firewall sits in a public subnet, protecting against unauthorized access to the private subnets where the cardholder data environment is located.
Club Automation was able to easily purchase and deploy the Barracuda firewalls through the AWS Marketplace, an online store where customers can find software and services from AWS partners so they can build solutions and run their businesses.
The Benefits
By moving its SaaS application to the AWS Cloud, Club Automation has been able to keep up with its rapid rate of growth. “AWS makes it very easy for us to scale and innovate,” says Longin. “We needed the right platform to enable growth, and we have that. Instead of having to carefully control growth because of platform limitations, we can scale on demand to support an increasing number of clubs with our application. We no longer have any restrictions on how large or fast we grow.” The company now has the agility to respond quickly to customer needs and can deploy its solutions 30–40 percent faster. Longin says, “We have to innovate by giving clubs the features they’re looking for. For example, we’re currently rolling out a new mobile app, branded by each club, and we could not have done that without using AWS and Barracuda.”
Club Automation is taking advantage of Barracuda firewalls to help secure its growing number of AWS services. “We are using the Barracuda NextGen Firewalls, provisioned through the AWS Marketplace, to effectively guard our application against web-based attacks and application layer attacks,” says Longin. “The Barracuda solution plugs in seamlessly to our AWS environment, and it is doing its job of minimizing the attack surface area and helping our customers keep club member cardholder data protected.”
Club Automation has also decreased the amount of time the configuration process took with its previous firewall solution. Barracuda offerings on the AWS Marketplace support AWS CloudFormation templates, which allow developers and administrators to deploy applications within a stack of AWS-related resources. “The Barracuda firewall is a self-service, cloud-based solution that takes less than 15 minutes to get up and running, as opposed to the hours and sometimes days the previous solution took,” Longin says. “Provisioning new users is much simpler and faster. Instead of opening a support ticket and waiting for it to be addressed, we can just go into AWS and provision new users ourselves. This is a key benefit for us as we keep growing.”
Relying on Barracuda, Club Automation enabled its IT team to securely move its SaaS workloads to AWS. “We had considered using a cloud solution a few years ago, but cloud offerings were not what they are today, and security solutions like Barracuda’s were not available,” says Longin. “Our move to AWS would not have been possible without Barracuda firewalls,” remarks Longin. “Using Barracuda helped us safely transition more of our workloads to AWS, and we expect our full production environment to be all-in on AWS by the end of the year.”
In addition, Club Automation benefited from the ease of deployment from the AWS Marketplace. “It couldn’t have been more simple,” says Longin. “All we had to do was find the solution and then quickly configure and deploy it through the AWS Marketplace. In the software industry, it’s rare when something works as expected, but the AWS Marketplace did just that.” In the near future, Club Automation expects to use the marketplace for the upcoming Barracuda metered billing service. “With metered billing, we will be able to consume Barracuda services in the same way we consume AWS services, which will be very cost-effective for us,” Longin says.
Previously, Club Automation had been holding back on expansion and had only grown through word of mouth, because it was concerned that its IT staff could not support rapid expansion. Now, using AWS, the company is poised for major growth. “We are ready and able to grow,” says Longin. “We have started hiring inside sales representatives and creating marketing plans, because we have a platform that enables scalability and expansion while also allowing us to maintain our high standards of customer service. To keep growing fast, we need agility and innovation. That’s what fueled our transition to AWS and Barracuda, and it will continue fueling our growth in this industry.”