The main objective of QualityPost is to track the delivery of your packages through a web application connected to a database, offering a solution for tracking customers’ shipments with logistics.
On the other hand, they have QPflex that allows you to generate tickets for local deliveries. Another of its integrated businesses within the AWS Cloud is FESA which contains an e-commerce application that sells pharmaceutical online products for its customers.
Due to the problems presented by the lack of robust mechanisms for scaling and high availability in its web application, it was decided to manage the information contained in a database cluster with Amazon RDS, separating the infrastructure through two nodes, one for reading and the other for writing, as well as the updating of the corresponding endpoints within the web application, with which the workloads generated by the application towards the database will be managed in a better way, all this using the best AWS Practices.
Creating a highly available, robust, and secure solution that could handle any event was necessary. The critical solutions needed in the new architecture were:
- High availability of the services the database provides always helps to have the information available.
- Maintain a high availability and autoscaling environment for the tracking application.
3 Layer Security Architecture
The First layer hosts the Database workloads in its private subnet.
The Second layer hosts the Application Workloads also in their private subnet. Only the Application Workloads can access the Database layer through their security groups.
The Third layer is for public access, hosts the Web Application Firewall, and only accesses the application layer through its security group. A Bastion Host is in place to provide access to QualityPost IT Staff.
The homogeneous data migration service was implemented to achieve a transparent transition between the source database, which is in Aurora MySQL serverless, and the destination database, which will be generated on an Amazon Aurora DB cluster with MySQL database engine.
In this case, the schema structure, data types, source code, and target code of the databases may be quite similar, but a proper schema and code transformation is still required before the migration begins. That makes seamless migrations a two-step process:
- First, use the AWS Schema Conversion Tool to convert the source schema and code to match the target database.
- Second, the AWS Database Migration Service migrates data from the source to destination databases.
Workload Phoenix initially was set up on a single EC2 which could cause availability issues in case of a disaster or corruption, it had no backup policy defined.
It was decided that workload Phoenix be improved with a highly available configuration, so it was set up over two availability zones to reduce downtime in case of an issue with an availability zone.
A daily backup policy was set up to protect it from accidental deletion or rollbacks in case of a bad installation from a hotfix, service pack, etc.
Seamless Access from On-Premises to Cloud Infrastructure
The customer needed access to cloud resources from its On-Premises infrastructure, so a Site-to-site VPN was set up.
Their support personnel needed to perform troubleshooting & maintenance, so a bastion host was set up to allow only a single machine to touch cloud infrastructure externally.
The DB was improved by transitioning it to a Highly available configuration with a two-node cluster setup (Writer and Reader nodes), each in an availability zone that provided failover capabilities in case of a disaster. If needed, the customer can easily roll the database up and down from smaller to larger instance types as needs change. Also, it automatically grows storage as needed.
The application’s workload Phoenix was improved with high availability over two zones in the same region. A web application firewall was also set up to help protect web applications or APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources. QualityPost’s WAF implementation gives them control over how traffic reaches their applications by enabling them to create security rules that control bot traffic and block common attack patterns.
Daily backups were configured on workloads to be protected in case of accidental deletion, corruption, or damage and to do rollbacks.
This infrastructure provides a fast, resilient, and high availability environment for the application.
Save money by replacing physical hardware with expensive license fees with AWS services and only pay for what you use.
Deployments are more efficient with fully managed resource provisioning, maintenance, and backup.
IO Connect Services is here to help you by offering cost-effective, high quality technology solutions.
Share this video with your network: