About the Client
SecureKloud Radio is a unique, live digital radio for the Tamil-speaking community in the US. It is a part of the SecureKloud Media Group which is a leading Media Holding that targets to unite highly fragmented South Asian media market. SecureKloud Radio can be conveniently downloaded as an App for Android and iOS, as well as accessed via web in three time zones: Eastern, Central and Pacific. In fact, SecureKloud Radio was airing 24/7 and was hosting applications on Colocation data center.
SecureKloud Radio used a traditional modelled infrastructure to support demanding application in type of compute resource and to address network latency during live and on-demand streaming sessions. Scaling was one of the significant challenge in an environment without virtualization. From the appdev front which previously used on-premise, continuous integration, deployment and delivery management of codes were a high burden. It was difficult and time-consuming to manage the software and hardware. The repositories lacked backup and clustering capabilities, and this led to occasional downtime, thus affecting the user experience of listeners across geographies. Inevitably, our client wanted to focus more on software development based on the feedback. Their core requirement was to be worry free about the infrastructure designing, provisioning and managing which was difficult with the exisiting system.
AWS gives an option of flexible services which are designed to enable companies to build and deliver products more rapidly and reliably.This can be done using AWS and DevOps practices.
These services simplify the following:
- Simplify provisioning and managing infrastructure
- Deploying application code
- Automating software release processes
- Monitoring your application and infrastructure performance
DevOps is the blend of social methods of insight, practices, and tools that builds an organization’s ability to deliver applications and services at high velocity. This helps evolving and improving products at a faster pace than organizations using traditional software development and infrastructure management processes. This speed enables organizations to better serve their customers and compete more effectively in the market.
Having comprehended the client’s ambition to deliver cutting edge regional entertainment, SecureKloud proposed an architecture where the SecureKloud Radio infrastructure was to be setup inside Amazon VPC. We took to the tasks of migration and DevOps implementation of the SecureKloud Radio setup on AWS Cloud. We also had the job of providing 24/7 Managed Services, rendering the client with Scalability, High Availability, Security, DevOps and Support.
Under a DevOps model, development and operations teams are no longer “siloed.” Sometimes, These two teams are merged into a single team where the engineers work across the entire application lifecycle, from development and test to deployment to operations. They develop a range of skills not limited to a single function.Quality assurance and security teams may also become more tightly integrated with development and operations and throughout the application lifecycle. These teams use practices to automate processes that historically have been manual and slow.They use a technology stack and tooling which help them operate and evolve applications quickly and reliably. These tools also help engineers independently accomplish tasks (for example, deploying code or provisioning infrastructure) that normally would have required help from other teams, and this further increases a team’s efficiency
- Load Balanced using Amazon Elastic Load balancers and performance accelerated using Amazon Cloud Front and Amazon ElastiCache
- Wowza Media Server for Media delivery and MongoDB with Replication Clusters for storage with high availability
- Assets stored and delivered from Amazon S3 and Amazon CloudFront
- Amazon CloudWatch and Amazon SNS set up to monitor resources, send notifications, track logs and metrics.
- AWS CloudTrail and AWS Config set up with Python AWS Lambda for Security and Governance
- Cold DR in alternate AWS region using Route53 using Cloud Formation template, EBS/S3 copy, MongoDB Snapshot/dump replication
DevOps in AWS
- Entire stack was provisioned automatically in AWS using Amazon CloudFormation template. AWS CloudFormation offered SecureKloud Radio developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning and nupdating them in an orderly and predictable fashion.
- Continuous delivery was implemented using AWS Code Pipeline. AWS CodePipeline leveraged a continuous delivery service for fast and reliable application updates. It builds, tests, and deploys the code every time there is a code change, based on the release process models of SecureKloud Radio defined. This enables them to rapidly and reliably deliver features and updates. It also helped in easily build out an end-to-end solution by using pre-built plugins for popular third-party services like GitHub and integrating their own custom plugins into any stage of the release process
- Deployment to various environments was handle using AWS Code Deploy. AWS CodeDeploy leveraged the automation of code deployments to any instance, including Amazon EC2 instances and instances running on-premises. It made the process easier for SecureKloud Radio to rapidly release new features, helped them avoiding downtime during application deployment, and handled the complexity of updating applications. SecureKloud Radio used AWS CodeDeploy to automate software deployments, eliminating the need for error-prone manual operations, and the service scaled with their infrastructure so they can easily deploy to one instance or multiple
Design for HA/DR
- HA ensured by using Multiple AWS Availability Zones within a region
- Usage of Fault tolerant building blocks like ELB, S3, CloudFront SNS, SES for HA
- ELB + Auto Scaling of Web/App ensuring HA for multiple AZ inside a region
- MongoDB replica sets in Multiple AZ inside a region for HA
- Amazon ElastiCache Redis for storing session and cache data with read slave for HA
- Cold DR in alternate region using Route53, Cloud Formation template, EBS/S3 copy to DR regions and MongoDB Snapshot/dump replication to DR. RTO and RPO of 30 mins to DR
Design for Security
- Isolated network using Virtual Private Cloud (VPC)
- Encryption and Key rotation using Amazon KMS
- S3 Encryption using KMS, EBS encryption
- AWS IAM and MFA for access control
- Configured AWS Cloud Trail logs and AWS Config for Governance
- VPC Flow logs and CloudWatch logs for security