About Client
The client is a specialized non-banking financial company (NBFC) established in 2013, with a focused mission to support academic aspirations through education financing. They offer hyper-personalised financial solutions for students across India and also cater to the funding needs of educational institutions. With a strong commitment to democratizing access to education, the client provides a holistic suite of services designed to empower both learners and educators.
Client Challenge
The client needed a fully isolated disaster recovery (DR) setup, specifically for their Active Directory (AD) infrastructure. Key requirements included:
- DR infrastructure must be completely isolated from the primary setup, especially the Active Directory domain controller (PDC).
- It should support authentication anytime for critical DR applications such as Pennant, Payment Module, and DMS.
- Ensure scheduled synchronization of AD configurations from the PDC without persistent dependency.
- The solution must meet audit standards for DR infrastructure isolation and readiness.
- Ensure quick activation of the DR AD server with minimal manual intervention.
Solution
Blazeclan designed and implemented a secure, isolated, and cost-optimized disaster recovery environment using AWS services. The architecture ensured seamless AD failover capabilities for business continuity during DR scenarios.
Key Implementation Steps:
Network Architecture & Connectivity
- Provisioned VPC and subnets in the Hyderabad (HYD) AWS region to host DR infrastructure.
- Established secure inter-region connectivity between the primary and DR environments using AWS Transit Gateway.
DR AD Server Setup
- Provisioned a Windows Server EC2 instance in the HYD region, matching the configuration of the primary domain controller (instance type, storage, and OS).
- Configured necessary port openings and network rules to enable secure communication with the primary AD server.
- Joined the instance to the existing AD domain.
- Promoted the instance to Additional Domain Controller (ADC) by performing all necessary Active Directory installation and configuration steps.
Domain Synchronization
- Scheduled the DR AD server to power on every Saturday for ~2 hours to sync with the PDC.
- Validated successful replication through log analysis and reboot testing post-sync.
Testing & Validation
- Conducted thorough testing of domain trust, synchronization, and authentication across critical DR applications.
- Simulated DR drills to ensure the new ADC could independently handle authentication during a DR event.
Outcome/Result
Blazeclan implemented a fully isolated disaster recovery solution for the client’s Active Directory infrastructure, achieving the following:
- Cost Efficiency: The DR AD server runtime is limited to approximately 2 hours per week, as validated through monthly AWS billing reviews.
- Reduced Dependency: The DR AD server independently handles authentication during DR drills, removing reliance on the primary domain controller (PDC).
- Audit-Ready Infrastructure: The isolated DR environment meets audit requirements, with no observations related to DR AD dependency or isolation.
- DR Drill Success: All DR drills have been completed successfully, with the DR AD server available and functional as scheduled.
- Fast Activation: The DR AD server can be started and validated within 15 minutes, ensuring quick readiness.
- Improved Business Continuity: Critical applications including Pennant, Payment Module, and DMS can authenticate via the DR AD server during disaster recovery events.
Impact Highlights
- 100% successful AD sync with PDC
- 100% of DR drills completion rate
- ≤ 15 minutes Time to Activate DR
- ~2 hours/week DR instance runtime validated in AWS billing
Tech Stack:
- AWS VPC
- AWS Transit Gateway
- Amazon EC2 (Windows Server)
- AWS Lambda
- VPC Network Firewall
- Active Directory (Domain Join, ADC Configuration)