Mindgram was looking for an infrastructure design that would allow them to migrate their existing Amazon Web Services infrastructure to Google Cloud Platform as their preferred cloud solution provider and a means to save on costs. The mental care and well-being platform chose Revolgy to draft a design that would rely on GCP’s managed services to make operations easier and cost-optimized.
“The cooperation and communication with Revolgy was smooth and without any issues. During our cooperation, we set up a couple of calls and a Slack channel, and everything went just smoothly. There was always an opportunity to talk and consult on anything. I felt like we were partners cooperating, not two separate companies. We were more like colleagues who could ask each other anything. I would rate Revolgy 10 out of 10.” — Michał Moroz, Backend and Infrastructure Team Manager
The problem statement and existing AWS infrastructure
Mindgram’s existing architecture was hosted on Amazon Web Services (AWS) and built mainly on the EKS clusters with managed RDS PostgreSQL databases. From the initial review of their infrastructure, it became apparent it was well-designed and scalable. Therefore, Revolgy proposed an infrastructure design almost identical to the original, only to be hosted on GCP.
“We were considering a few companies for cooperation, but in the end, we chose Revolgy because their offer was the best. We had two main needs: help configuring the GCP in general and migration consultations. We were primarily focused on the first need, and we were looking for a company that could help us set up our Google Cloud Account and more. Additionally, we wanted them to create a report on how to migrate our application from AWS to GCP.” — Michał Moroz, Backend and Infrastructure Team Manager
Creating a new infrastructure design was tied to reviewing a previously drafted design done by Mindgram. They wanted to double-check that their solution was feasible and asked for a second opinion.
“We asked Revolgy to create and double-check an infrastructure design we had drafted previously to our cooperation. Their design was very detailed, and we got everything we could have asked for. Thanks to Revolgy, we confirmed the approach and the accuracy of the design and were able to move forward with the migration. After the first presentation from Revolgy, we didn’t even have additional questions. It was a really good job.” — Michał Moroz, Backend and Infrastructure Team Manager
As for the technical details, Mindgram used AWS-specific API-based services, such as S3 and Secret Manager, and Amazon’s SQS, which would be migrated to RabbitMQ or GCP’s PubSub in the new design. SQS is a fully managed service that enables sending and receiving messages between different parts of the application. It’s like a post office for applications. SQS can help decouple applications and make them more scalable and reliable.
Existing AWS infrastructure diagram
Further investigating Mindgram’s infrastructure, we found out they used Docker Hub to store their containers and a custom VPN to access their infrastructure from development machines.
The core applications and services run on two EKS clusters in different regions with zonal HA. They used Prometheus to monitor their infrastructure and EC2 for additional VMs, such as a VPN server and a GitHub Workflow runner.
The company used DBProxy to connect to their PostgreSQL databases, Secret Manager to store secrets for their Kubernetes deployments, S3 for storing various files, RDS for 21 PostgreSQL databases, SQS to decouple their applications and services, and EventBridge/CloudWatch Events to automate tasks.
“We calculated that Google Cloud Platform would be cheaper for us than Amazon Web Services, so we decided to switch. Our application is now cheaper than it was before, and we are saving a significant percentage of our costs.” — Michał Moroz, Backend and Infrastructure Team Manager
The solution and new GCP design
Resource management and hierarchy
We designed Mindgram’s new GCP infrastructure to match their existing AWS infrastructure as closely as possible. This would minimize the disruption to their operations during a future migration, which their external colleague did.
The new design organizes GCP resources hierarchically into projects, folders, and organizations at the top. The organization is the root node of the hierarchy, and all resources that belong to an organization are grouped under it. Projects and folders act as IAM boundaries, which means they can use them to control who has access to different resources and what they can do with them. IAM is used to grant access to users, collection of users (groups), and special service accounts.
GCP hierarchy diagram
GCP networking structure
The new GCP architecture is designed to be secure, scalable, and cost-effective. It will use VPC peering, Cloud Armor, and firewall rules to improve security. The application will use a combination of regional GKE clusters, Cloud SQL for PostgreSQL, and HA configuration for Cloud SQL and CloudAMQP to improve availability. It will also rely on spot instances and managed services.
A virtual private network (VPN) solution will be used to allow secure access for developers to the infrastructure.
Cloud Armor will protect workloads from DDoS and web attacks. It does this by filtering traffic and blocking malicious requests. Cloud Armor can also be used to create custom rules for how traffic can reach the workload. Firewall rules will be used to control access to the workload. They define which IP addresses are allowed to connect to the workload. This can restrict access to the workload to authorized users and systems.
GKE clusters will be regional and VPC-native. This means that the clusters will be spread across multiple regional zones. This will improve the workload’s availability by making it less likely that a single zone failure will take down the entire cluster.
Cloud SQL for PostgreSQL will provide a high-performance and scalable database in the new architecture. This will reduce the database’s complexity and improve the availability of the workload.
Customer profile and introduction to Mindgram
Mindgram offers a holistic solution for employees and relatives seeking 24/7 high-quality psychological and self-development support. They aim to “help employees and companies build strength, resilience, and psychological balance.”
Their app is available on mobile and desktop in English, Spanish, and Polish. They cooperate with more than 500 qualified specialists, using clinically proven methods to promote well-being, mental resilience, and personal development. It also provides a wide range of possibilities for self-development, building inner harmony, and improving mental state.
Mindgram was looking to migrate the existing Amazon Web Services (AWS) infrastructure to Google Cloud Platform (GCP), primarily to save on costs. Revolgy was engaged to help Mindgram with the new infrastructure design that would be secure, scalable, and cost-effective. With GCP, Mindgram is now saving a significant percentage of their costs.