NKID’S
Migration to AWS
Nkid Group is running a number of Microsoft workloads in various environments including on-premises, local data center in Vietnam, Microsoft Azure and AWS.
Industry
Retail
Technology
OVERVIEW
Nkid Group is running a number of Microsoft workloads in various environments including on-premises, local data center in Vietnam, Microsoft Azure and AWS.
KEY CHALLENGES
With more than 44 TiniWorld Centers, 35 TiNiStore shops as well as 2079 retail shops serving 8 million customers all over Vietnam. The group is on a continuous expansion with opening of new centers and shops to serve customers all over the country.
Nkid Group is running a number of Microsoft workloads in various environments including on-premises, local data center in Vietnam, Microsoft Azure and AWS. Recently, Nkid see the need to move more workloads to AWS to utilize the benefits of AWS’s scalability, service integration and stability. A high priority were two .NET Core 2.2 web applications running on Windows Server 2016 with a Microsoft SQL Server 2016 Standard database. These two web applications, one of which also includes a reporting server, are all running in 2 standard Windows virtual machines with manually set up IIS web server.
Nkid needed the following:
– Migration Web server and Database server to AWS Cloud platform
– Monitoring and quick response to issues on Production
– Easy administration and maintenance of resources (should not have to remote to Windows Server and configure IIS web server)
– Leverage AWS services for full digital and online services, remote and automation, services monitoring and notification
– Auto scaling and elasticity to scale according to demand
– Infrastructure costs optimization
These needs should be covered by a service that supports auto scaling and allows customer to manage servers from the UI (AWS Console) with a good support for Microsoft – Windows Server and IIS.
SOLUTION
Renova Cloud migrated Nkid Group’s workloads to EC2 for Microsoft Windows Server environment where the resources are provisioned by Elastic Beanstalk managed platform .NET on Windows. In this managed platform, IIS web server is configured to run the .NET Core apps using deployment manifest.
The solution runs Elastic Beanstalk with a CloudFormation template that can be automatically updated using a CI/CD workflow from 3rd party platform Travis CI. Elastic Beanstalk is set to auto-scale in to 1 instance outside operational hours and out up to 8 instances during times of high traffic. For new instances, Microsoft PowerShell script is implemented to adjust certain app pool settings in IIS, and to download certain files required by the app from a private S3 bucket. CloudWatch logs are used for all logging purposes, and metrics and alarms are applied to alert on the health of the solution.
Both Elastic Beanstalk apps EC2 instances and the separately deployed RDS for MS SQL Server are located in private subnets with security group rules restricting inbound traffic, while NAT Gateway and a bastion host in the same VPC are facilitating outgoing connections to internet and remote connections. The public-facing front of web apps are Application Load Balancer which also handles routing the traffic to EC2 instances. Route 53 is used to associate custom domain DNS to the load balancer, and ACM for applying the SSL certificate in ALB so that the sites are accessible only through secure HTTPS protocol. The Web Application Firewall (WAF) was setup in front of ALB and geo-blocking rules were applied.
Renova Cloud supported to modify app code and configuration to ensure functioning in auto scaling environment. This is necessary so that the app is not dependent on locally stored state in the hosting instance. In particular, the target of Nlog .NET logging framework was changed to store application logs in CloudWatch, instead of saving into the local file system of the Windows Server instance.
Highlights of the solution:
Elastic Beanstalk for both .NET Core workloads
Using managed platform: .NET on Windows Server
Advantages of Elastic Beanstalk
Managed platform which is pre-configured to run .NET Core
Load balancing and auto scaling support
Monitoring UI from AWS Console
Ease of use for Nkid
RDS with MS SQL Server Standard
Using RDS, database is managed and stable with backups, resilience
S3, EBS snapshots and RDS snapshot copy for backups
CloudWatch for monitoring and logging, event sourcing/scheduling
Lambda functions for scheduling, event bus with EventBridge
VPC services; VPN connections and NAT Gateway
BENEFITS
The solution brings many benefits to Nkid Group. The right-sizing that is achieved due to better monitoring of the system and the combination of scheduled and dynamic auto scaling of the environments, answers two key business needs: firstly the system is capable of responding to highly variable and increasing traffic in a short time, allowing it to perform well and keeping end user experience excellent; secondly eliminating the waste of having to oversize instances, as the system can be scaled in to minimal number of instances during times of low traffic and outside operational hours. Cost optimization is one of the major benefits. The unified monitoring experience in CloudWatch allows Nkid to have a real-time overview of the system and respond quickly to any issues experienced.
The automation includig all the scripts, yaml files, CloudFormation templates and deployment manifests documented by Renova Cloud provides Nkid the means to fully understand the apps and the system. With this Infrastructure as Code (IaC) approach, everything in the system becomes reproducible. If an instance experiences a problem, it can be stopped or terminated, and new instance automatically set up. No manual access to IIS web server or app’s physical file system in the Windows Server instance is required. Troubleshooting can be done with CloudWatch Logs, instead of having to remote desktop into the hosting instance to analyze the app’s status and download logs. This significantly reduces the admin and operations workload and allows the team to focus on other tasks.
Renova Cloud’s solution leveraging Elastic Beanstalk .NET on Windows platform, RDS for SQL Server, and other AWS services is architected with the highest security, but without compromising the operational excellence or the cost effectiveness. The potential attack surface is minimized through the proper use of VPC, private subnets, security groups and WAF rules. As such, Nkid can be assured of the security.`
