Due to a Ransomware attack, a Financial Services Client in the India Region wanted to migrate all their workloads from the on-premise data center to the AWS cloud and implement AWS best practices for patch management, tagging, cost management, and DR setup to ensure business continuity.
Problem Statement
Patch Management: About a year ago, the client faced a ransomware attack, so they migrated all their workloads from the on-Premise Data Center to the AWS cloud. It was critical for them that all the servers were patched to the latest releases to avoid any Vulnerabilities.
Tagging: The client wanted all the resources to be tagged application-wise and also tag the resources that were MAP migrated. They wanted to segregate ownership and billing for the respective application owners.
Cost Optimization: Post migrating to the cloud they had a big challenge with reducing the operational cost. They wanted support in implementing any automation and other recommendations that can help reduce costs.
DR Setup: Post the Ransomware attack customer’s biggest challenge was to ensure business continuity. They wanted support to set up a DR environment to mitigate such risks.
Proposed Solution & Architecture
Blazeclan’s solution addressed customers’ challenges comprehensively. The team conducted an assessment of the customer’s environment and recommended certain solutions.
Patching Strategy
Blazeclan team used AWS SSM to manage the patching for all the servers, we agreed upon a process with customer and patched all the servers to the latest approved releases. Monthly Patching report is reviewed with customer to ensure there are no gaps
Resource Tagging
We proposed to tag all the existing resources in various AWS accounts wherever it was missing or pending. Post that Service control policy to be implemented to stop any resources from launching in case of tagging being missed. This would ensure that no resources remain untagged.
Cost Optimization
- AWS Lambda code to be written to schedule start and stop for servers in the DEV and UAT environments during off business hours to reduce running cost.
- AWS Lambda code to be written to scan for unused resources in all AWS accounts. Upon identifying such resources, we can check with the client to take further actions like terminating or stopping such resources. This solution would be very effective for EBS volumes and EC2 instances.
DR Setup
Blazeclan proposed to set up a DR environment in Hyderabad region with a separate Active Directory server so that this environment is completely isolated.
Outcomes of Project & Success Metrics
100% Patching Compliance
250K USD Cost Savings (Approx)
Optimized Disaster Recovery Setup
100% Patching Compliance: We were able to achieve 100% pathing compliance by implementing this solution.
Improved cost and resource management: Resource tagging enabled customer to effectively segregate the resources and cost based on various applications. Also MAP migrated resources helped them to get the MAP credits.
Cost Savings: Implementing both proposed Lambdas helped customer to save costs to a very large extent. Total annual savings were approx. USD 230K.
DR Setup: A Disaster Recovery environment was set up and a DR drill was conducted which achieved RPO of 225 mins and RTO of 230 mins. This ensured Business continuity for customers.
Lessons Learned
Transit Gateway peering we used for internal connectivity within Primary VPC and DR VPC.
DR Workload VPC and DR AD VPC connected with Transit Gateways.
Continuous AD replication with DR AD server configuration.
Used AWS native services to reduce the timeline and cost. Industry Vertical: Financial Services