Space travel, competitive sports, and vehicle safety – are just three of many areas of applications that depend on high-tech measurement solutions from Kistler. This Swiss manufacturing company focused on measurement systems and sensors is not only the producer but also a development partner for industry and scientific research offering more than just products.
Continuous monitoring and infrastructure services partner
Kistler came to us looking for a partner to take care of their Operations and Incident management. A fully managed and customized continuous monitoring and alerting service and a complete infrastructure management service.
A significant part of the assignment was the Infrastructure Review with documentation. And that's where Revolgy shined.
Even before we started to consider working on this project, the Maturity Assessment took place. During a short meeting, we guided Kistler through a curated form, according to which we could estimate if the client is cloud-ready. We consider every deal a partnership, so we wanted to verify that we are the right fit for the customer and vice versa. It is the best approach as we are not risking proposing services that may not map the current infrastructure design or the infrastructure operations.
During the discovery phase of the project, we realized there were some gaps to be filled before our Operations team could take over the infrastructure according to our best practices. We mapped and prioritized the gaps (from major to minor) - creating the Cloud Operation Gap Analysis.
Our Delivery team proposed solutions and developed documentation which helped us to secure the partnership with Kistler. From the beginning, our Operations team was a part of the project and contributed to creating a detailed analysis. We consider it standard practice for a majority of our projects.
Mitigating gaps and onboarding the operations
Backups are essential for every disaster recovery strategy and help prevent data loss caused by either an accidental deletion or a backbone infrastructure failure. We recommended configuring every persistent storage with automated backups, including but not limited to RDS instances, EBS volumes, and EKS Clusters.
Services monitoring and alerting
Monitoring and incident response are the basis of successful operations. Initially, some application monitoring was available, but not for any of the AWS services. On top of that, no alerting was set up. Therefore, responses to issues and outages were limited.
In alignment with our best practices and in order to successfully and reliably keep an eye on the infrastructure we suggested monitoring of EC2, RDS, and LBs to be implemented in CloudWatch. And also, alarms to be set up for common HTTP codes, as well as cluster issues with outputs to incident response solutions. Customers' peace of mind is one of our main goals and this solution helped us achieve this.
Infrastructure as code (IaC) is an industry standard that manifests the ability to create and adjust the environment in which the workload is running in a repeatable and dependable manner. It enables organizations to develop, deploy, and scale cloud applications with higher speed, less risk, and reduced cost.
Our team discovered that infrastructure was rolled out using limited infrastructure code. To allow our client to concentrate on their main business and take over the burden of infrastructure management we’ve adopted their existing Terraform code and suggested refactoring and complementing the missing code for describing infrastructure and Helm charts for Kubernetes all of which was to be deployed by the GitLab CICD pipelines as is the standard practice in Revolgy. We’ve also suggested and implemented split account structure with separation of security account (for user login activity), shared account for cross-environment resource sharing and separate accounts for Development, Staging and Production workload respectively. The state of the deployed environments is stored on AWS in an S3 bucket with locking via DynamoDB in this case.
Secrets management refers to the tools and methods for managing digital authentication credentials (secrets), including passwords, keys, APIs, and tokens for use in applications, services, and privileged accounts. In the beginning, Ansible Vault was used for managing deployment secrets. We recommended using Secrets Manager, like AWS Secrets Manager, for dealing with API keys, passwords and other secrets. Ultimately, according to the client’s needs we deployed the Hashicorp Vault in-cluster for secrets management and rotation as a well recognized and trusted solution.
Although the original workload was aligned with industry best practices, certain parts needed adjustments. For example, there was an issue with the identity management part that relies on an in-instance MySQL database. It was not an ideal solution since the lifecycle of the database instance is connected to that of the application. We moved and decoupled the database to RDS, which provided managed scaling and replication. On top of that we’ve deployed Karpenter for agile cluster scaling which proved necessary after the initial trial period.
Our role was and still is to act as a support team for clients' workloads. Kistler decided not to build a separate infrastructure team in-house, instead set up a cooperation between their full stack teams and our certified AWS Infrastructure team. This collaboration works perfectly, we're supporting their application evolution by adopting the infrastructure and taking care of day-to-day operations and monitoring. Their internal team focuses on developing and building the applications, whilst we help with the scalability based on the development progress. With a better ability to scale, Kistler can serve more customers, bringing additional revenue.
Cloud-ready and eligible for production
After the successful gap mitigation and onboarding into our Operations, Kistler remains our client, and we continuously help them with day-to-day operations. Together, we deliver scalable and professionally supervised infrastructure.
If you'd like to discuss how Revolgy can help you become cloud-ready with proper infrastructure setup, don't hesitate to get in touch.