AQUA Vietnam (short: AQUA) is a leading electrical appliances company in Vietnam. The company was opened in Vietnam with the establishment of SANYO Factory in 1996 and underwent memorable historical milestones including being voted the No. 1 household electric brand in Vietnam in 2001 and becoming a member of Haier Group in 2012. Since Aqua Vietnam continues to develop and diversify product lines and electrical appliances for the Vietnamese market. In 2018, the company’s revenue reach USD 200 million, and the goal of USD 500 million in the next 5 years.
GET IN TOUCH
AQUA is running a number of Microsoft workloads in various environments, mainly Microsoft Azure. However following a strategic decision from the HQ, AQUA was required to align with the group and use the AWS platform. AQUA technical team approched Renova Cloud to first to help them to migrate all workloads to AWS. As a second phase, AQUA also needed to create a reliable process of CI/CD to speed up and stabilize their application software release cycle.
AQUA had multiple applications running in Azure Web App Service and several MS SQL Server databases running on Azure SQL. Of these applications and databases, 3 apps were identified as business critical and required to migrate, the same requirement for 2 databases. All these applications are .NET Framework 4.5.2 version and require IIS. It was requested to setup a CI/CD process for all 3 applications.
AQUA needed the following:
- Migration Web applications and Databases to AWS Cloud platform
- Monitoring and quick response to issues on Production
- Easy administration and maintenance of resources (should not have to remote to Windows Server and configure IIS web server)
- Leverage AWS services for full digital and online services, remote and automation, services monitoring and notification
- Auto scaling and elasticity to scale according to demand
- Infrastructure costs optimization
- CI/CD process for all applications
These needs should be covered by a service that supports auto scaling and allows customer to manage servers from the UI (AWS Console) with a good support for Microsoft Windows Server and IIS.
Renova Cloud migrated AQUA’s workloads to EC2 for Microsoft Windows Server environment where the resources are provisioned by Elastic Beanstalk managed platform .NET on Windows. In this managed platform, IIS web server is configured to run the .NET app on IIS with customizable settings.
The solution runs Elastic Beanstalk with a CloudFormation template that can be automatically updated using a CI/CD workflow setup using Jenkins CI deployed on the AWS account. Elastic Beanstalk is set to auto-scale in and out between 1 instance and 2 instances for all the applications, so that during times of high traffic the CPU usage is used to trigger scaling to a second instance. The 2 Microsoft SQL Server databases are hosted in 1 RDS SQL Server instance. CloudWatch logs are used for all logging purposes, and metrics and alarms are applied to alert on the health of the solution.
All 3 Elastic Beanstalk apps EC2 instances are located in private subnets with security group rules restricting inbound traffic, while NAT Gateway and a Windows bastion host in the same VPC are facilitating outgoing connections to internet and remote connections. The public-facing front of web apps are Application Load Balancer which also handles routing the traffic to EC2 instances. AQUA uses external DNS provider and domain registrar to associate custom domain DNS to the load balancer, while Renova Cloud has setup ACM for applying the SSL certificate in ALB so that the sites are accessible only through secure HTTPS protocol.
For SQL Server databases, Renova Cloud utilized Database Migration Service (DMS) with Azure SQL as a source. Both data and schema were migrated successfully. Some settings and configuration like external tables and auto-increment had to be manually recorded and re-created in the RDS as DMS doesn’t do it.
Renova Cloud supported AQUA to setup AWS Toolkit in Visual Studio development environment, and modify app code and configuration to ensure functioning in auto scaling environment. This is necessary so that the app is not dependent on locally stored state in the hosting instance. For some of the applications, the code had to be modified to stop the app storing user files (static images) in the local file system. For these applications, Renova Cloud guided the AQUA development team to modify the application to use private S3 buckets for storage instead. This way no user files are persisted in the instances, making it possible to scale in and out.
A complete CI/CD pipeline was setup after discussion between Renova Cloud and AQUA application development team. The CI/CD flow is based on Jenkins CI cluster running on EC2 instances hosted in a separate VPC on AQUA’s AWS account. The administration is performed with a small master node on Linux, while the build jobs are run on a Windows agent node. Windows Server with .NET build tools installed is used because .NET Framework requires Windows builds. AQUA hosts source code in GitHub and on commit to one of the source code repositories, a webhook triggers a Jenkins build in the corresponding build job, either on staging or on production environment based on the source branch. If Jenkins build is successful, the package is put into an S3 bucket and an Elastic Beanstalk deployment is triggered to update the environment. Immutable deployment in EB is used to minimize downtime.
Steps of CI/CD flow:
1/ AQUA developer commit to source code in GitHub
2/ GitHub sends webhook to Jenkins CI with parameters branch, project
3/ Jenkins triggers build job-based on the webhook parameters (staging/production; project)
4/ Jenkins checks out the source code from the correct GitHub repository and branch
5/ Jenkins builds the project using MSBuild for .NET Framework 4.5
6/ For a successful build, Jenkins uploads the package to a private S3 bucket using MSDeploy
7/ Jenkins triggers an Elastic Beanstalk deployment with the package on S3 and new version
8/ Elastic Beanstalk performs immutable deployment and updates the environment
9/ Jenkins records the build results and stores the build artifacts and logs
10/ Elastic Beanstalk updates the environment health and deployment logs
Highlights of the solution:
- Elastic Beanstalk for all .NET Framework workloads
- Using managed platform: .NET on Windows Server
- Advantages of Elastic Beanstalk
- Managed platform which is pre-configured to run .NET Framework on IIS
- Load balancing and auto scaling support
- Monitoring UI from AWS Console
- Ease of use for AQUA
- RDS with MS SQL Server Standard
- Using RDS, database is managed and stable with backups, resilience
- S3, EBS snapshots and RDS snapshot copy for backups
- CloudWatch for monitoring
- VPC services; VPN connections and NAT Gateway
AQUA is able to improve operations as result of the migration and CI/CD on AWS. All the web services have better performance than before the migration, and the database is also showing improved performance. The cost savings due to the ability to scale based on usage are significant.
The automation with the CI/CD flow provides the fastest release times, any time a new feature is completed in the code, the CI/CD process builds and tests the new code and deploys it directly to production environment with minimal time and disruption to the end users. The solution is accompanied with the CI/CD scripts, yaml files, CloudFormation templates and deployment manifests documented by Renova Cloud to provide AQUA the means to fully understand the apps and the system. With this Infrastructure as Code (IaC) approach, everything in the system becomes reproducible. If an instance experiences a problem, it can be stopped or terminated, and new instance automatically set up. No manual access to IIS web server or app’s physical file system in the Windows Server instance is required. This reduces the admin and operations workload and allows the team to focus on other tasks.
Renova Cloud’s solution leveraging Elastic Beanstalk .NET on Windows platform, RDS for SQL Server, and other AWS services is architected with the highest security, but without compromising the operational excellence or the cost effectiveness. The potential attack surface is minimized through the proper use of isolated VPCs, private subnets, security groups and VPN connection. As such, AQUA can be assured of the security.