About the Client
SecureKloud EBC is a unique, live digital radio for the Hindi-speaking community in the US. It is a part of the SecureKloud Media Group which is a leading Media Holding that targets to unite highly fragmented South Asian media market. SecureKloud EBC can be conveniently downloaded as an App for Android and iOS, as well as accessed via web in three time zones:Eastern, Central and Pacific. In fact, SecureKloud EBC was airing 24/7 and was hosting applications on Colocation data center.
The oldest Ethnic Radio station in the U.S., EBC Radio has been successfully catering to South Asian Indians from NY to NJ to parts of PA on 1170 AM for over 16 years. In September 2015, EBC Radio joined forces with SecureKloud Media Group and was renamed into SecureKloud Radio EBC.Today SecureKloud Radio EBC is available in four frequencies: 1170 AM, HD2 97.1 FM, 104.7 FM and 100.7 FM and reaches out to over 800,000 South Asians in NJ, NY, PA and CT.
Business Challenges Faced by the Client
When SecureKloud EBC first launched its service it grew quickly, gaining popularity between Hindi-speaking community and the enthusiasts needing their services, creating rapid year-over-year growth. But their existing on-premise systems were not able to support the application’s demand in type of compute resource and network latency during live and on-demand streaming sessions. Scaling was one of the significant challenge in an environment without virtualization. From the appdev front which previously used on-premise, continuous integration, deployment and delivery management of codes were a high burden. It was difficult and time-consuming to manage the software and hardware. The repositories lacked backup and clustering capabilities, and this led to occasional downtime, thus affecting the user experience of listeners across geographies. Inevitably, our client wanted to focus more on software development based on the feedback. Their core requirement was to be worry free about the infrastructure designing, provisioning and managing which was difficult with the exisiting system.
AWS gives an option of flexible services which are designed to enable companies to build and deliver products more rapidly and reliably.This can be done using AWS and DevOps practices.
These services simplify the following:
- Simplify provisioning and managing infrastructure
- Deploying application code
- Automating software release processes
- Monitoring your application and infrastructure performance
DevOps is the blend of social methods of insight, practices, and tools that builds an organization’s ability to deliver applications and services at high velocity. This helps evolving and improving products at a faster pace than organizations using traditional software development and infrastructure management processes. This speed enables organizations to better serve their customers and compete more effectively in the market
SecureKloud have undergone a deep understanding of the client’s expectation to deliver state-of-the-art regional entertainment, we proposed an architecture where the SecureKloud EBC infrastructure was to be setup inside Amazon VPC. We took to the tasks of migration and DevOps implementation of the SecureKloud EBC setup on AWS Cloud. We also had the opportunity of providing 24/7 Managed Services, rendering the client with Scalability, High Availability, Security, DevOps and Support.
Unlike in traditional, the DevOps model brings together the development and operations teams. Sometimes, These two teams are merged into a single team where the engineers work across the entire application lifecycle, from development and test to deployment to operations. They develop a range of skills not limited to a single function.Quality assurance and security teams may also become more tightly integrated with development and operations and throughout the application lifecycle. These teams use practices to automate processes that historically have been manual and slow.They use a technology stack and tooling which help them operate and evolve applications quickly and reliably. These tools also help engineers independently accomplish tasks (for example, deploying code or provisioning infrastructure) that normally would have required help from other teams, and this further increases a team’s efficiency
- Wowza Media Server for Media delivery and MongoDB with Replication Clusters for storage with high availability
- Assets stored and delivered from Amazon S3 and Amazon CloudFront
- Load Balanced using Amazon Elastic Load balancers and performance accelerated using Amazon Cloud Front and Amazon ElastiCache
- Amazon CloudWatch and Amazon SNS set up to monitor resources, send notifications, track logs and metrics.
- Cold DR in alternate AWS region using Route53 using Cloud Formation template, EBS/S3 copy, MongoDB Snapshot/dump replication
- AWS CloudTrail and AWS Config set up with Python AWS Lambda for Security and Governance
DevOps in AWS
- Entire architecture was provisioned automatically in AWS using Amazon CloudFormation template. AWS CloudFormation offered SecureKloud EBC developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion
- Continuous delivery was implemented using AWS Code Pipeline. AWS CodePipeline leveraged a continuous delivery service for fast and reliable application updates. It builds, tests, and deploys the code every time there is a code change, based on the release process models of SecureKloud EBC defined. This enables them to rapidly and reliably deliver features and updates. It also helped in easily build out an end-to-end solution by using pre-built plugins for popular third-party services like GitHub and integrating their own custom plugins into any stage of the release process
- Deployment to various environments was handle using AWS Code Deploy. AWS CodeDeploy leveraged the automation of code deployments to any instance, including Amazon EC2 instances and instances running on-premises. It made the process easier for SecureKloud EBC to rapidly release new features, helped them avoiding downtime during application deployment, and handled the complexity of updating applications. SecureKloud EBC used AWS CodeDeploy to automate software deployments, eliminating the need for error-prone manual operations, and the service scaled with their infrastructure so they can easily deploy to one instance or multiple
Design for HA/DR
- Usage of Fault tolerant building blocks like ELB, S3, CloudFront SNS, SES for HA
- HA ensured by using Multiple AWS Availability Zones within a region
- Cold DR in alternate region using Route53, Cloud Formation template, EBS/S3 copy to DR regions and MongoDB Snapshot/dump replication to DR. RTO and RPO of 30 mins to DR
- ELB + Auto Scaling of Web/App ensuring HA for multiple AZ inside a region
- MongoDB replica sets in Multiple AZ inside a region for HA
- Amazon ElastiCache Redis for storing session and cache data with read slave for HA
Design for Security
- VPC Flow logs and CloudWatch logs for security
- Encryption and Key rotation using Amazon KMS
- S3 Encryption using KMS, EBS encryption
- AWS IAM and MFA for access control
- Configured AWS Cloud Trail logs and AWS Config for Governance
- Isolated network using Virtual Private Cloud (VPC)