Industry

Mobile payments

Technology

Amazon EC2
Amazon RDS
AWS DMS
AWS CloudEndure Migration
Amazon OpenSearch Service

OVERVIEW

SmartPay is a Vietnamese payment services provider, a digital service associated with VP Bank and a financial company FE Credit – a large private lender in Vietnam. SmartPay gained a foothold in the booming electronic and mobile payments market, and during 2020 achieved explosive growth. Now SmartPay is an important contender in the Vietnamese payment apps landscape and experiencing growth with new vendors, partners and users.

KEY CHALLENGES

The technology stack of SmartPay is a range of vendor provided as well as custom applications built in-house and running on Linux servers with variety of programming languages, frameworks and OS distributions. The company follows microservices architecture, allowing each team and business unit to choose the technologies for the services they are responsible for. The data stores for each such custom application are also varied, due to the independence of the app teams to choose what works the best for their workloads. Therefore, the solution includes several relational databases, NoSQL databases such as MongoDB, and file storage services.

As is common in microservices architecture, the services communicate with each other via common message queues, while there are multiple load balancers, proxies and firewalls handling the ingress and egress traffic. Obviously as financial services provider, SmartPay adheres to high security standards and these are taken into consideration in all the systems, applications and network design, as well as in the infrastructure implementation.

The customer was hosting all their services on a dedicated infrastructure in  local data centers, which was proving limiting for their changing needs. In particular, attempting to predict the fast growth of the services popularity and the associated need to provision more servers involves a lot of guesswork on-premises and mistakes can be very expensive. The customer needed to balance the performance and stability requirements with the cost of resources used. Another concern was the rapidly increasing operation and maintenance requirement of the services used on-premises. For services such as databases, caching layer and search, the customer was looking for a way to get the operations and maintenance as managed services.

Security and compliance are major concerns for the customer. Certain standards such as PCI-DSS for payment cards processing are mandatory in this industry, and the customer requires the highest levels of security for all their applications, data stores and associated services to protect the integrity and confidentiality of their data and their customers. All interfaces, whether to the end user, to integration partners, to vendors, partners and banks, and to internal operations and maintenance processes, must to using the security best practices and be easily monitored for any threats, breaches or incidents. Thus, a platform with inherently high security standards and powerful security controls was required. Also important was the provider’s experience on serving banking and financial industry.

SOLUTION

Renova Cloud reviewed the customer’s requirements and the current system to gain an overall understanding. The following main topics were identified as of importance to meet the needs of the customer and all stakeholders:

  • The application workloads must be deployed in virtual servers and load-balanced with optional auto-scaling, using auto-healing features as appropriate
  • Stability and adequate performance of the applications is extremely important, due to possibility of losing users and business as result of any low performance or downtime
  • There should be multiple environments for production and non-production workloads with a proper separation between them; however avoiding over-engineered solution
  • Data stores, cache, search, message queue, etc. should be offered as AWS managed service where this is possible
  • Private connectivity from SmartPay premises required; both Direct Connect and VPN
  • High Availability configuration for applications and data stores is important and should be achieved in Multi-AZ basis to withstand the failure of an AZ
  • Cost-effectiveness: it’s important to eliminate waste and identify the necessary and superfluous parts; so the solution must contain only the necessary services

Based on these high level requirements and detailed discussion with the customer’s business, technical and developers regarding the sizing and usage patterns, Renova Cloud drafted a solution on AWS. The migration plan was divided into 2 phases, first Re-host approach with lift-and-shift of all relevant workloads, second phase migrating the required services such as databases, message queues, caching, search to AWS managed services. Renova Cloud as AWS partner performed the migration tasks for the both phases.

  1. Re-host migration phase took place for all the in-scope servers and was performed mainly using the AWS CloudEndure Migration tool with agents installed in the old servers and using the agents to replicate to the new EC2 instances on AWS. For the relational databases within the solution, the AWS RDS service was used as the hosting migration target, and AWS DMS Database Migration Service successfully migrating the whole database directly to the AWS RDS database servers.
  2. Re-platform migration phase involved identifying each workload that could be running well in an AWS managed service, there are several used as target in this phase; the NoSQL database MongoDB was migrated to AWS DocumentDB, Redis was migrated to ElastiCache for Redis, while RabbitMQ message queues were refactored in AmazonMQ topics and Elasticsearch was run with Amazon Elasticsearch.

Both phases were managed as independent projects with clear planning, designing, implementation, testing and delivery phases defined. The customer and their feedback were involved at each step.

The secure private connectivity to the AWS VPC is managed through two different managed VPN solutions. Between customer’s premises and AWS, a Site-to-Site VPN connection with a pair of tunnels is established, allowing connectivity of SmartPay users to their required interfaces. The AWS networking partner also supported to request the Direct Connect setup for faster dedicated connectivity, enabling fast transactions in the app.

The first phase architecture describes the lift-and-shift migration with CloudEndure:

The second phase applies managed services on AWS:

The HA high availability configuration involves running additional resources mostly in a different AZ than the main one used with the solution. For security requirements, clear dashboards and monitoring pages have been created, and Renova Cloud offers managed services with helpdesk and incident management system for urgent cases.

BENEFITS

After the migration was finished, SmartPay experiences a highly scalable and elastic solution on AWS which can be sized and adjusted to their needs easily. The performance is good even in face of increasing traffic, and Renova Cloud has helped to minimize the costs of the architecture. Utilizing managed services for all the workloads where this is an option has reduced the needs of operations and maintenance, allowing the customer to focus their resources to other tasks.

SmartPay is benefitting from AWS in a flexible and sustainable way. Continuing to use AWS hosting and Renova Cloud’s services ensures the stability and innovative growth.