Kistler is a Switzerland-based company known for making high-precision measurement systems and sensors. As part of their digital platform, they needed to improve both the security and speed of their microservices-based system.
They wanted to add strong protection, especially against DDoS attacks, while keeping their existing setup in place. This included supporting strict authentication, operating across multiple environments, and handling a challenging DNS setup with many subdomains. All this while making sure that their services stayed online at all times, even during the migration.
The challenge
Kistler’s main challenge was adding DDoS protection to their platform without breaking existing services. They needed to:
- Add DDoS protection with minimal service impact
- Preserve end-to-end SSL encryption between all service layers
- Fit cleanly into their existing Kubernetes-based infrastructure (AWS EKS)
- Work across multiple environments
- Avoid downtime for critical services during migration
- Improve DNS and SSL certificate management, especially across many subdomains
All of these needed to be done in a way that kept operations stable and secure at all times.
The solution
Revolgy worked with Kistler through the full process — from planning and setup to launch and support. The core of the solution used AWS CloudFront to handle web traffic and AWS WAF (Web Application Firewall) to block attacks and filter traffic by region. The system was designed to ensure end-to-end TLS encryption — maintaining encrypted connections from clients through CloudFront, to the ALB, and down to backend services.
To build the solution, we used a combination of AWS tools for security, traffic routing, and automation. These helped us connect the new setup with Kistler’s existing systems, including their platform based on Kubernetes.
We made the changes step by step, testing as we went to keep things safe. Since the system had to stay up and running the whole time — especially in production — we planned the migration carefully to avoid any downtime.
Results
Kistler now has a platform that’s both safer and easier to manage. Here’s what the project delivered:
- Stronger DDoS protection using AWS WAF
- Geo-blocking to restrict access by region
- Smooth integration with Kubernetes
- End-to-end TLS encryption across all layers
- Easier management of DNS and certificates
- Clear monitoring and alerting
- Robust and flexible WAF rules
Most importantly, the final migration to production was done without any downtime. That was a top priority and a big success, too.
Conclusion
Kistler’s goal was to protect their services and improve infrastructure without affecting day-to-day performance. The solution delivered on all fronts, meeting strict requirements for encryption, DNS management, Kubernetes compatibility, and a smooth, zero-downtime rollout.
Thanks to tools like AWS CloudFront and WAF — and a carefully planned rollout — the team now works with a platform that’s safer, smarter, and easier to manage. Revolgy continues to support Kistler as they build on this foundation.
Working on a similar challenge? Contact Revolgy, and let’s build the solution together.
