Penn Foster- Migration & DevOps

  • AWS
  • Education

The Challenge

Penn Foster engaged with Cloudreach to architect a Cloud and DevOps strategy to better suit their client needs and modernize their infrastructure. Penn Foster was hosting infrastructure almost exclusively in an on-prem data center which proved to be both costly and inflexible. Infrastructure provisioning was noted to be a major bottleneck in their software development lifecycle.  Application and Infrastructure automation was scarce and outdated. Penn Foster needed some direction and additional resourcing to help increase efficiency and decrease costs.

Penn Foster’s applications primarily consisted of .NET codebases with MySQL backends which required mostly windows environments. With little no existing automation, this presented its own challenges in regard to repeatable deployments and infrastructure automation. They desired to be a more reliable and performant service provider for their clients across the board.

The Opportunity

Penn Foster agreed that the Cloudreach team brought the relevant skills and experience desired to provide insight and resources for a successful AWS and DevOps implementation. The Cloudreach team supported the engagement with a DevOps architect, a DevOps engineer, and a Project Manager. With input and feedback from the Penn Foster teams, the Cloudreach team delivered high level and detailed level designs for AWS architecture and a DevOps strategy. This consisted of an organized and secure AWS account strategy, VPC, and Infrastructure architecture that leveraged AWS services such as Elastic Beanstalk, S3, and RDS to reduce overhead and simplify their workflows. It also provided the opportunity to show the benefits of infrastructure as code and automated pipelines in AWS. Cloudreach also helped to identify potential security holes and educate the organization on AWS best practices.

The Solution

Cloudreach enstated a single account strategy consisting of several VPC’s for segregated development and production environments.  Shared services were placed into their own account and VPC’s configured with peering as necessary to reduce the AWS footprint while maintaining security. This allowed Penn Foster engineers to operate within the confines of their own secure environments. Several on-prem practices such as shared VM’s with databases and NFS shares were replaced with relevant AWS services like RDS and S3 to provide scalability and reliability. This simplified what the operations team supported and provided the development teams better flexibility.

EC2, ELB, and AutoScale groups across availability zones were used to add resiliency and balance load for all .NET application services.  These were managed through Elastic Beanstalk and Cloudformation Templates. MySQL databases were provisioned within RDS for high availability, replication, and monitoring. Environments were locked down utilizing security groups and IAM roles to only allow access to required AWS services and applications. The databases and applications were launched their respective restricted subnets to protect against intrusion.

The on-prem dependency for Active Directory in the application service was replaced with a Simple AD implementation and the windows instances relied on .ebextensions to auto join the domain.  SSL termination was moved from IIS to the Elastic Load Balancer in order to eliminate client side authentication. IIS configuration, Web.config templating, and other .NET/Windows dependencies were added to .ebextensions which are executed upon initial instance provisioning and application deployments.  The MSBuild scripts were modified to be less machine dependent and introduced NuGet and Chocolatey for dependency management. Additionally, SumoLogic, Trend Micro, and various tooling were configured utilizing .ebextensions in Beanstalk.

Penn Foster additionally wanted to move onto newer technologies in the DevOps arena, the Cloudreach team recommended and stood up a basic Continuous Delivery toolchain in AWS consisting of Jenkins, Artifactory, and Sonar.  All infrastructure and software installation on the environments are managed through a combination of CloudFormation, Python Scripts, and Elastic Beanstalk in a Jenkins Pipeline.

Finally, Cloudreach configured CloudTrail and CloudWatch to enable logging and resource monitoring on the environment, so that Penn Foster would be notified of any unwanted access attempts and/or impacts to environment performance.

Services leveraged:

  • VPC
  • EC2
  • S3
  • CloudTrail
  • CloudWatch
  • Beanstalk
  • Route53
  • Simple AD

The Benefit

Penn Foster recognized several benefits following the successful implementation of Cloudreach’s AWS and DevOps strategies. Security was paramount to this project. By adhering to AWS best practices for VPC design, IAM permissions, and Security Groups, Cloudreach ensured that only valid employees or contractors would have access to the AWS environments.

Penn Foster now has the ability to launch their entire infrastructure and application deployments with the push of a button.  Their environments are repeatable and auditable. Scalability was another key benefit. With Scaling Policies and Infrastructure automation, Penn Foster can roll out new environments at will without hassle.

By enabling CloudTrail, Penn Foster can view and audit access logs to ensure that malicious entities are not gaining access to the AWS environment. The final key benefit was cost efficiency. AWS services are pay-as-you-go, so Penn Foster does not have to guess future capacity and over-provision services

About Penn Foster

Penn Foster provides career pathways for opportunity youth and adult learners through diverse and affordable online diploma, certificate and degree programs, offered via its high school, career school and college. With more than 30,000 graduates each year, Penn Foster’s online and blended learning programs are delivered in a self-paced, competency-based model wrapped by comprehensive academic, professional and personal support and coaching.