Client: Staffing Firm
Location: Somerset, NJ
Industry: Staffing & Web Technologies
The Challenge
Our client was experimenting with AWS cloud and as in many companies their cloud test bed quickly became a critical component of their core business. The deployment comprised of a hefty Windows Web Server running MS SQL Standard License. The system, which originally started out with running a couple of sites, was now serving 100+ production sites.
The server was reaching capacity and the client needed help in devising a solution that could scale based on their needs, which were vastly dynamic. The client engaged Aufsite to devise a scalable solution that would meet the following criteria:
- Be scalable (up or down) based on utilization
- Provide redundancy
- Meet the Technical Safeguard standards of HIPAA compliance
- Separation of components (DBs and web servers)
- High Availability
- Strict security at server level
- Multi-factor authentication for Virtual Private Cloud
- Log trail retention
- VPN solution for remote administration
- Keep costs at a minimum
Aufsite devised and implemented a solution that met all of the requirements on time and within budget.
The Solution
The Aufsite architects designed an VPC with public and private subnets keeping future planning in mind. The public subnet contained the Internet Gateway and the NAT Gateway. All future deployments in the public subnet (DMZ) would use the Internet Gateway to access the web. All systems deployed in the Private subnet would use the NAT Gateway to access the internet keeping them securely behind a private network. These subnets were replicated in two Availability Zones. Having two availability Zones provided the much-needed redundancy.
Two web servers were deployed individually in separate private subnets in different Availability Zones for High Availability. They were then added to an Elastic Load Balancer which would serve as the interface for the web sites hosted on the servers exposing only itself via port 80 (HTTP) and 443 (SSL) and the web servers have zero exposure publicly.
Relational Database Service (RDS) was used in place of running MS SQL on a web server. The RDS instance can quickly and easily be upgraded or downgraded based on requirements. This also met compliance requirements in respect to segmenting DB to a separate network.
Using custom Cloudwatch and Cloudtrail implementations, our client was able to monitor activity and manage audit logs, access reports and security incident tracking.
A cost-effective VPN solution was implemented that provided 256-bit encrypted access to allotted users.
“When we were looking for a hosting solution for our ColorsKit platform, configuring the right solution within budget was a challenge for our tech team. Aufsite provided us not only the subject matter expertise and solution but also provided all necessary awareness training to our in-house staff with best practices and compliances standards. What Aufsite brings to the table is cost savings, performance and knowledge in one package!”
– Firm CEO