Windows Workloads, Acqio Payments

WINDOWS WORKLOADS

ACQIO PAYMENTS

Executive Summary

About the Customer

As company’s continuous expansion, business units did not have integration and centralization of their infrastructure components. In this sense, the main objective of the project was to promote complete integration between all business applications, centralizing their management of access policies, groups and users in a single environment. In addition, this integrated environment should meet the scalability, security, and continuity requirements common to Cloud Computing.

Acqio Payments

Acqio is a 100% Brazilian payment company, created by a group of entrepreneurs with experience in various sectors and who together created the largest card machine franchise network in the world.

With an office in São Paulo, Pernambuco and Paraíba, it serves thousands of clients throughout the country.

Case Description

What was proposed:

This Case Study includes the following details regarding Amazon EC2 for Microsoft Windows:

Description of overall solution and how Microsoft products are leveraged

This project with Acqio Payments foresaw two phases: in the first, we provisioned the base communication infrastructure between their on premises environment and their AWS cloud infrastructure; In the second phase, we needed to provisioned and implement their business application – TOTVS Protheus – in the cloud.

Specific Microsoft products used in the solution

- Microsoft Windows Server: The whole environment runs on Windows Server, since their business application – TOTVS Protheus – runs better on Windows;
- Microsoft SQL Server: TOTVS Protheus business application, runs primarily on Windows. Its database engine, runs on SQL Server;
- Microsoft Active Directory: Used as directory service, to ensure an integration throughtout all the environment;

How other AWS services were integrated into the solution

AWS EC2: We are currently running 8 (eight) EC2 instances, which include:

- t3a.large, running Windows Server. It serves as INFOBANC application server;
- t3.large, running Windows Server. It serves as TOTVS Fluig application server;
- t3.medium, running Windows Server and SQL Server. It serves as TOTVS Fluig database server;
- t3.large, running Windows Server. It serves as TOTVS Protheus application server and also host Active Directory service.
- t3.medium, running Windows Server and SQL Server. It serves as TOTVS Protheus database server;
- t3.large, running Windows Server. It serves as TOTVS Protheus test environment application server;
- t3.medium, running Windows Server and SQL Server. It serves as TOTVS Protheus test environment database server;
- t3.micro, running FreeBSD. It serves as VPN Server.

AWS Lifecyle Manager: We have 2 (two) lifecycle policies created to this environment:

- This policy will create a snapshot of all tagged volumes, every 6 hours starting at 03:30 UTC. A maximum of 3 snapshots will be retained of a target volume. The oldest snapshot retained will be <= 18 hours old. Target volumes with these tags Group:PRD.
- This policy will create a snapshot of all tagged volumes, every 24 hours starting at 23:00 UTC. A maximum of 3 snapshots will be retained of a target volume. The oldest snapshot retained will be <= 3 days old.Target volumes with these tags Group:TST

AWS VPC: Regarding VPC, we have 1 (one) VPC created and 6 (six) subnets, even though, we are using 3 (three) subnets. Two of them are publics subnets – one is used by bastion/VPN host; and the other one is used by application server. The other one is a private subnet, used by database servers.

AWS CloudWatch: CloudWatch service its enable to provide infrastructure and services monitoring throughout dashboards and also, events alerts.

AWS GuardDuty: GuardDuty service its enable to support monitoring process, helping to provide insights to our NOC (Network Operations Center) on how to manage threats and security issues.

AWS Directory Service: We use AWS Directory Services, as our Microsoft Active Directory service.

AWS Lambda: We use Lambda to implement and automate moving of snapshots backups throughout AWS regions.

Issues or customer concerns that were overcome

The customer has some concerns: a) safety of the environment; b) infrastructure management; c) scalability; d) continuity.

The premise we considered was the application of the AWS Well Architected framework. In this case, meeting the requirements of each of the five pillars, were implemented:

1. Operational Excellence

1.1. Implementation of continuous monitoring with CloudWatch;

1.2. Integrated connectivity between the on premises environment and the cloud environment;

2. Security

2.1. GuardDuty Implementation

2.2. Restriction of external access to environment doors;

2.3. Access to the environment through VPN only.

3. Reliability

3.1. Using LifeCycle Manager to implement Snapshot Level backups.

4. Excellence in performance

4.1. Calculation of expected demand of the environment for the rightsizing.

5. Cost Optimization

5.1. The environment is being monitored, so that after 90 days we will set up Reserved Instances.

Third-party solutions used:

- TrendMicro Deep Security.
- FreeBSD pfSense.

Project Dates (Start and Conclusion):

Start Date: July 1st, 2019

End Date: August 15th, 2019

Results Achieved:

- Business application running on the cloud;
- Professional managed services provided;
- Centralized management of access policies;
- Centralized management of groups and users;
- AWS Managed Infrastructure Service;
- 99.97% environment availability;
- Managed service.

Leassons Learned:

- Implementation of AWS services (such as Directory Services, Lambda and CloudWatch), enabled us to focus more on business aspects of the project;
- Load balancing between ADs has been set for a second phase of the project, as customer requested. However, as the cost of this balancing is minimal, we believe this architecture should already be proposed in the first phase of such projects.