Hannon Hill, the producer of Cascade CMS, an award-winning content management system, was confident in its choice of AWS for the past year but wanted guidance in whether its environment was soundly constructed, its security was world-class, and overall, whether it was optimizing its costs.
Cascade CMS takes enterprise web strategy to the next level. With built-in tools to eliminate stale content, increase digital outreach, and ensure the best possible audience engagement, it’s no wonder Cascade CMS powers more than 25,000 sites and serves over 100,000 users across the globe.
Hannon Hill recognized the need for an experienced AWS partner to assess its environment and recommend and implement mitigations for identified risks or opportunities for cost optimization. The company engaged eCloud Managed Solutions, an advanced AWS consulting partner, to conduct a Well-Architected Review.
Hannon Hill increased application uptime availability, improved security, and optimized costs, including a projected annual savings of 26%.
The Well-Architected Review is an AWS tool that certified partners conduct for clients. It provides guidance for developers, architects, and sysops as they design, build, migrate or optimize workloads to run secure, high-performing, resilient, and efficient infrastructure for their applications and services in AWS.
The review is a mechanism used to teach, measure, and improve a workload based on the customer’s business and technical objectives. At the project outset, eCloud Managed Solution’s objective was to gain a clear understanding of the current state of the workload and customer’s understanding of AWS architectural best practices. The AWS well-architected framework is its best practice and methodology on how to build out an AWS environment.
eCloud’s deliverable identifies risk, operational inefficiencies and opportunities for cost optimization, and recommends changes that mitigate risk and improve the workload performance while optimizing costs.
To ensure we met all stated objectives, eCloud Managed Solutions leveraged its toolset and resources to conduct a Well-Architected Review (WAR).
Hannon Hill’s primary objective was ensuring a sound security posture. eCloud discovered 143 EC2 instances without an IAM profile attached and S3 buckets without default encryption enabled. AWSConfig, CloudWatch, and CloudTrail were also not enabled. Without these key services being enabled, Hannon Hill had limited insights into monitoring, performance, and security incidents.
Uptime & Availability
Another stated goal was to increase uptime and platform availability. eCloud identified that Hannon Hill lived only in a single Availability Zone, without snapshots or backups scheduled, and with only a single load balancer. Uptime was at-risk.
The final review area cost. Idle EC2 instances were identified, as well as EBS volumes attached to stopped EC2 instances and expired Reserved Instances (RIs).
eCloud Managed Solutions identified a minimum annual savings of 26%.
Results of the Well-Architected Review aligned the Hannon Hill team and eCloud Managed Solutions in assigning first priority to shoring up security. eCloud worked with Hannon Hill to encrypt the unencrypted S3 buckets while defining an IAM role for EC2 instances without an IAM profile attached, then attaching the EC2 instances to the new IAM profile. eCloud also ensured that encryption in transit was operating and configured properly.
Increased Availability and Monitoring Enabled
To increase the availability of mission-critical applications, eCloud leveraged a best practice and configured a multi-AZ approach with application load balancing (ALB) across two AZs, leveraging Route53. To monitor uptime and security requirements and prevent attacks and intrusions, eCloud re-configured a combination of Amazon WAF, and enabled CloudWatch and CloudTrail.
CloudWatch ensures that all performance functions of an application are monitored for operational efficiency and speed. It logs events and sends alerts so that additional resources can be dedicated to the application if there is a need to rapidly scale up. WAF security rules were put in place to control web application traffic to each application. CloudTrail, on the other hand, monitors the back end of the application, ensuring governance, compliance, and operational and risk auditing services are all being performed. The WAR identified that CloudTrail wasn’t enabled.
While CloudWatch looks at application demands, CloudTrail notes AWS account activity, including changes to the Management Console, SDKs, and command-line tools. By enabling these monitoring services, the client now has automated eyes on their application security and performance.
AWS Cost Optimization
Once the remediation steps were deployed and tested, eCloud implemented cloud storage policies to leverage cost optimization best practices, continuous evaluation, and EC2 right sizing. Idle resources and resources attached to stopped instances were shut down. In order to lower costs, rules were built for S3, Infrequent S3, and Glacier. A Reserved Instances (RI) strategy was adopted for existing EC2 and RDS instances, along with future resources. A compliance-driven backup solution, identified by the Well-Architected Review framework, was also built.
Final Result and Benefits
With eCloud Managed Solution’s guidance and direction, Hannon Hill increased application uptime availability, improved security, and optimized costs. Since the remediation, the expected cost savings were delivered and security posture improved. Solutions were delivered to increase application availability and uptime, and a backup solution is in place.
The eCloud Managed Solutions team is dedicated to our client’s success. Due to the AWS Well-Architected Framework and flexibility of the AWS Platform, eCloud Managed Solutions was able to remediate Hannon Hill’s environment and achieve its goals of increased availability in a cost-effective way, aligned with the HIPAA framework.
Due to the success of the Well-Architected Review process, Hannon Hill entrusts eCloud Managed Solutions with continuous cost optimization and security monitoring.