MediaBank migrates to a scalable and highly available AWS production environment
PAM is the world leader in smart navigation, enabling guests and customers to easily navigate new environments such as precincts, venues and shopping malls. PAM enables consistent and easy management through the entire lifecycle of the complex signage and wayfinding systems.
Facilities Managers get a highly user friendly administration experience, with less frustration and a huge increase in productivity.
Mediabank Pty Ltd, which developed PAM, successfully launched solutions for large Australian universities. Their next objective was to expand into the US market.
To support plans for expansion, PolarSeven provided Mediabank with a refreshed environment aligned to the AWS Well Architected Framework. This removed technical debt and addressed issues of Security, DevOps, and Elasticity.
With Monitoring included, the developers could focus on developing their world leading platform PAM, and MediaBank could focus on their business development plans to expand into the US.
The current AWS environment that hosts PAM was set up in 2016, and while serving its purpose well, it had organically grown with new features, resources and technologies to accommodate an ever expanding customer base. To support expansion, modernisation of the environment was necessary to align with the AWS Well Architected Framework ensuring operational excellence and security are inherent in the architecture, while optimising costs for the coming years.
In summary, Mediabank needed to deploy a new best practice environment to remove technical debt and ensure ability to scale globally, supporting more clients.
At the same time, the development team needed to be shielded from the operational complexities of the technical environment to allow them to focus exclusively on rolling out new releases.
Security: the first step in establishing a Well Architected Framework is establishing a robust security regime throughout the environment.
PolarSeven implemented a Landing Zone using AWS Control Tower, as it provides the most straightforward way to setup and govern new, secure, multi-account AWS environments based on AWS best practices.
PolarSeven established the Organisational Units and applied Guardrails through the AWS Control Tower dashboard. Guardrails are high-level rules that provide the ability to implement preventative or detective controls to govern resources and compliance across AWS accounts.
Finally, AWS Single Sign-On (SSO) was rolled out to centrally manage access to multiple AWS accounts and provide users with single sign-on access to all their assigned accounts and applications from one place.
DevOps: to address DevOp issues, PolarSeven implemented AWS CloudFormation, which allowed MediaBank to model and provision, in an automated and secure manner, all the resources needed for their applications across all regions and accounts via a plain text file.
AWS CloudFormation provides a single source of truth for all AWS and third party resources, with the benefits of:
Automated, replicable deployment
Cross account and Cross region management
Scaling: to address the scaling issue, the PAM application stacks were deployed on the AWS Elastic Container Services (ECS) on top of AWS Elastic Cloud Compute (EC2) instances. Amazon ECS Auto Scaling was enabled to give the ability to scale the individual containers when additional capacity of the cluster is required.
Monitoring: AWS CloudWatch was implemented to monitor the AWS resources and components that make up the PAM Landing Zone and environment.
PolarSeven configured CloudWatch to detect simple metric thresholds such as when the finite resources of RDS free disk space exceeded set thresholds, as well as many advanced composite metrics to cope with the complexities of the elastic properties of the solution. Alarms are routed directly to the PolarSeven Service Desk for triage and remedy.
The benefits of the Well Architected solution were clear. Utilising AWS Control Tower for security ensured Mediabank could:
address the requirements of better demarcation and security across different accounts, user roles and customers, based on Principle of Least Privilege (PoLP)
automate multi-account set up based on AWS Landing Zone best practice ensuring multi-account compliance and governance is built in the solution.
The use of AWS CloudFormation DevOps solution allows PAM developers to deploy new application features in a consistent and controlled way into Dev, Test and Live environments, without having the burden of understanding the technical complexities of those environments.
Auto Scaling provided by AWS ECS gave MediaBank the ability to:
Optimise for availability, for costs, or for a balance of both.
Automatically maintain performance, and
Anticipate costs and avoid overspending.
Knowing that their environment was being proactively monitored, and that most potential issues would be identified and remedied by PolarSeven before they became problems, allowed MediaBank to focus on developing their world leading platform PAM, and their business development plans to expand into the US.
Submit your details below to download the PDF copy
Post Implementation review with Simon Morgan – Head of Development at Mediabank PAM
What were some pain points being experienced that prompted a search for a cloud services provider?
We needed to move from our current local Sydney provider to AWS for better monitoring, scaling and entering the US market.
Our reliance on their service was a limitation to allow us to grow the business into new markets overseas where we needed to have a local data presence.
What was the engagement process like? How was PolarSeven found?
I had been to some of the AWS Meetups in Sydney and met Darrell (PolarSeven CEO) there. We had several conversations and moved from there to a formal engagement.
What due diligence process was undertaken to minimise risk and ensure the best provider was successfully engaged?
PolarSeven have hosted the Meetup for a long time which showed me that they were a serious face in the Cloud Service Consultancy and Darrell was a good public face of the organisation.
Technical qualification was established through our early discussions with an initial workshop with some of the team members which showed that they could understand our requirements and gave confidence to us in their ability to deliver.
What solution was implemented within the business?
We collaboratively developed Cloud Formation templates that could be supported in the long term by PolarSeven.
By using some of PolarSeven's existing templates and some of Mediabank's previous work we created a custom template for Mediabank.
This was part of the reason why we liked PolarSeven because of their readiness to work in a collaborative fashion.
The following diagram outlines the environment to be deployed on AWS for Mediabank PAM production environment.
The deployment architecture will leverage several AWS services for building the virtual private cloud (VPC) across multiple Availability Zones (AZ) for availability and redundancy. The AWS services and their relevance to the current scope are listed in this section.
The following AWS services were utilised while implementing this solution.
Amazon VPC – Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) Cloud where you can launch AWS resources in a virtual network that you define.
Availability Zones – Regions are separate geographic areas within them are Availability Zone’s which are isolated locations. We deploy infrastructure across multiple AZ’s to ensure high availability (HA) for high value stacks and redundancy for others.
Amazon Route 53 – Mediabank.com.au domain hosted on Amazon Route 53 for ease of management.
Auto Scaling – Auto Scaling helps you maintain application availability and allows you to scale your Amazon EC2 capacity up or down automatically according to conditions you define.
Amazon Simple Notification Service (SNS) – Amazon SNS is a fast, flexible, fully managed push messaging service
Amazon Simple Storage Service (S3) – Amazon S3, provides developers and IT teams with secure, durable, highly-scalable object storage.
Amazon EC2 – Amazon Elastic Compute Cloud provides computing resources to run applications.
Amazon RDS – Amazon Relational Database Service, is the SQL database service supporting SQL Server, Oracle, PostgreSQL, MySQL and MariaDB
Amazon CloudWatch – Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS.
AWS CloudTrail – Enabling CloudTrail will provide audit capability and accountability for all actions on the environment.
Network Address Translation – Network Address Translation instance is required within an Amazon VPC to enable instance on a private subnet to access the internet. The NAT is deployed in an Auto Scaling group of one to provide redundancy and availability.
Virtual Private Network – VPN appliance will enable secure and controlled access to the environment for development and admin purposes.
The design of the scripts and template has allowed the Amazon VPC to be created in different regions. Multiple Amazon VPCs can be created within the same region, with the option of prod or non-prod.
Prod/non-prod configuration varies in instance type, RDS Multi-AZ support, NAT Gateway, and the number of AZs. Basically non-prod Amazon VPCs are provisioned with reduced resources and availabilities.
What specifications needed to be adhered to?
We had some Business and some Technical Requirements that needed to be adhered to.
For the business we required reliable and secure cloud services with high availability and Auto Scaling. This is essential to the company’s future growth along with the ability to deploy into other regions so we can deal with clients requiring their data stored in their local country, i.e. if we were to get an airport in the U.S for example we need to be able to manage their data in country.
We also needed visibility and transparency to ensure that the environment is understood by all parties and well documented.
Backup and Disaster Recovery are of course a must for any business and flexibility and agility to give us the ability to release new feature requests quickly and reliably.
On the Technical Requirements we deployed an Amazon VPC environment and have a repeatable and extensible process for building an application stack.
We needed to follow AWS Architecture best practices to make it highly secure and make sure that everything was well documented.
We used a DevOps approach where all infrastructure is managed as code (IAC) in a source code management repository with end to end scripting.
What were some of the alternative options proposed, that were not undertaken and why?
We knew that AWS was the clear choice for us. As the market leader and especially with the size and scale available globally it was a clear choice for us.
There was simply no way that we could scale the business using our local provider and other cloud services did not offer the same scale and service as AWS.
How would you describe the project in terms of success? Was the business value realised?
Yes. Our reasons for moving into the AWS environment were very clear to us as a business that we needed to be able to scale and open to other markets, such as the US.
This simply wasn’t possible with our previous private cloud provider and hampered business growth.
What were some KPIs used to measure the success of the project?
Our operating cost is similar to our previous private cloud provider but we now have clustered systems running across multiple data centres with High Availability that was not possible with the old configuration.
We also have not experienced any outages or downtime since the transition.
We have removed dependencies from the previous data centre with use of cloud formation which allows a high degree of transparency of configuration and change management.
The ability to re-launch into new zones with purpose-built stacks quickly and effectively has made our development easier and faster to deploy.
Were there any unexpected benefits that arose once the project had been completed?
No real unexpected benefits as we knew what we were looking for but it has made it possible for us to scale and have access to advanced AWS capabilities that weren’t possible through the old DC centre.
Do you see yourselves expanding to utilise more AWS services into the future?
Yes, definitely. We will be looking at moving to a serverless architecture using AWS Lambda in the future.
How did you rate your experience with PolarSeven?
Excellent, good collaboration and very flexible to work with. A good team effort and backup for the person on site from the broader PolarSeven team when required.
This showed through with great technical depth across the team.
Would you use PolarSeven again?
Would you recommend PolarSeven to others?
Yes, I certainly will.