Cloudreach enstated a single account strategy consisting of several VPC’s for segregated development and production environments. Shared services were placed into their own account and VPC’s configured with peering as necessary to reduce the AWS footprint while maintaining security. This allowed Penn Foster engineers to operate within the confines of their own secure environments. Several on-prem practices such as shared VM’s with databases and NFS shares were replaced with relevant AWS services like RDS and S3 to provide scalability and reliability. This simplified what the operations team supported and provided the development teams better flexibility.
EC2, ELB, and AutoScale groups across availability zones were used to add resiliency and balance load for all .NET application services. These were managed through Elastic Beanstalk and Cloudformation Templates. MySQL databases were provisioned within RDS for high availability, replication, and monitoring. Environments were locked down utilizing security groups and IAM roles to only allow access to required AWS services and applications. The databases and applications were launched their respective restricted subnets to protect against intrusion.
The on-prem dependency for Active Directory in the application service was replaced with a Simple AD implementation and the windows instances relied on .ebextensions to auto join the domain. SSL termination was moved from IIS to the Elastic Load Balancer in order to eliminate client side authentication. IIS configuration, Web.config templating, and other .NET/Windows dependencies were added to .ebextensions which are executed upon initial instance provisioning and application deployments. The MSBuild scripts were modified to be less machine dependent and introduced NuGet and Chocolatey for dependency management. Additionally, SumoLogic, Trend Micro, and various tooling were configured utilizing .ebextensions in Beanstalk.
Penn Foster additionally wanted to move onto newer technologies in the DevOps arena, the Cloudreach team recommended and stood up a basic Continuous Delivery toolchain in AWS consisting of Jenkins, Artifactory, and Sonar. All infrastructure and software installation on the environments are managed through a combination of CloudFormation, Python Scripts, and Elastic Beanstalk in a Jenkins Pipeline.
Finally, Cloudreach configured CloudTrail and CloudWatch to enable logging and resource monitoring on the environment, so that Penn Foster would be notified of any unwanted access attempts and/or impacts to environment performance.
- Simple AD