AWS Partner Network (APN) Blog
Accelerating AWS Adoption Using Servian’s Cloud Foundation Solution
By Greg Luxford, Sr. Consultant – Servian
By Murty Chappidi, Sr. Partner Solutions Architect – AWS
Servian |
Customers adopting the cloud often build foundational infrastructure in an organic fashion, where components such as governance and compliance are added over time as cloud adoption grows.
This can lead to lack of automation, inconsistent security, poor documentation, and teams using multiple tools and processes to deploy solutions on top of the base infrastructure. The lack of governance and compliance specifically can increase costs, security risk, resource sprawl, and hinder the adoption of best practices.
Servian Cloud Foundation helps organizations build an automated, secure, compliant, and fully customizable account and infrastructure foundation on Amazon Web Services (AWS). It’s a well-architected and opinionated blueprint built from Servian’s expertise and experience helping customers address security, compliance, DevOps, and infrastructure as code (IaC) adoption challenges.
Servian Cloud Foundation significantly reduces time to adoption for building solutions at speed and scale, while decreasing risk and putting in place consistent best-practice processes.
Servian is an AWS Partner specializing in cloud, DevOps, data, and managed services. Servian holds AWS Competencies in DevOps and Data and Analytics, and is a member of the AWS Public Sector and Solution Provider Partner Programs.
Key Differentiator
Servian Cloud Foundation is not just a set of tools; it deeply engages with internal teams responsible for owning and managing the cloud infrastructure. This helps teams uplift DevOps skills, tooling of the solution, and processes to maintain and deliver infrastructure in a consistent manner.
Customers adopting Servian Cloud Foundation have demonstrated greater compliance, consistency, and broader adoption of DevOps best practices while delivering solutions using IaC.
Servian Cloud Foundation addresses four key areas of cloud adoption challenges:
- Account structure: Environment separation through account structure strategy, including shared services, compliance, and workload (dev/test/prod) accounts.
- Security: Apply best practice security and compliance, including identity and access management (IAM), central monitoring and logging, and notifications.
- Networking: Foundational network solution, including virtual private cloud (VPC) and subnet design, site-to-site connectivity via virtual private network (VPN), bastion hosts, and domain name system (DNS) setup.
- Automation: This is achieved through software-defined infrastructure, continuous integration, and deployment pipelines.
Solution Overview
Servian Cloud Foundation caters to different needs and tooling flexibility. The solution is built using Terraform with the declarative HashiCorp Configuration Language (HCL) and Docker at its core.
Centralized code repositories and code pipelines are deployed as part of the solution as a completely automated CI/CD pipeline.
Servian works in partnership with stakeholders to customize, embrace, and uplift internal teams in rapid adoption of IaC and DevOps practices at scale using Terraform and CI/CD tools for deploying all infrastructure as code. Servian includes training for internal stakeholders to use the solution, and provides oversight support and reinforcement learning to ensure success of adoption.
Servian Cloud Foundation has the following security and compliance features:
- PCI compliant: The core platform solution has been audited several times by multiple auditors and passed with no marks against it. This makes the platform ready to host critical financial workloads that manage credit cards and other financially critical data.
- Built with ISO 27001 and HIPAA compliance in mind: The core platform solution has been deployed in, and is in use by, organizations that are required to be ISO 27001 and HIPAA compliant, managing health and personally identifiable information (PII) both in the US and Europe.
- Central log aggregation ready for SOC/SIEM integration: All Amazon CloudWatch logs are aggregated to a single write-only Amazon Simple Storage Service (Amazon S3) bucket for long-term storage and audit trails of events in the cloud. This is kept in a segregated account with limited access, ready to be integrated into existing security operations center (SOC) and security incident and event management (SIEM) solutions.
- Complete audit log of all changes to platform (fully driven by CI/CD): As requirements change and the platform has to change to accommodate, full visibility and audit logs are provided through the CI/CD lifecycle, with handover points and stage gates to comply with auditory and legislative constraints.
- Implements AWS best practices utilizing a security-in-depth approach to IAM defined as code: The core platform has a built-in, opinionated approach to IAM using managed policies and roles. User-centric IAM roles are defined for each environment with account trust, only allowing user accounts in a single account.
- Security monitoring with policies defined as code: Utilizing native AWS tools like Amazon GuardDuty, AWS Trusted Advisor, and AWS Config Rules to provide a set of security policies that monitor the environment and alerts on resources that don’t align to the defined rulesets.
How it Works
Servian Cloud Foundation comprises the following components, all of which are declared within Terraform code that is run through an automated CI/CD pipeline for deployment, or use the native AWS CloudFormation capabilities.
- Foundations: Pre-configured, secure, scalable, multi-account AWS environment
- Organizations: Multi-account management
- Cross-account audit: AWS IAM, AWS Config, AWS Systems Manager
- Centralized logging: AWS CloudTrail and AWS Config
- Centralized monitoring: Amazon CloudWatch and Amazon SNS
- Network: Peered VPCs, VPN connectivity, NACL, security groups
- Codified: Defined as code for simple and auditable change management
- CI/CD compatible: Ready to be managed by automated lifecycle processes
Figure 1 – Servian Cloud Foundation architecture.
Benefits
Code is customizable and kept DRY (Don’t Repeat Yourself). This allows rapid adoption of solutions in a consistent way with less repetition. Common infrastructure configuration can be modularized for reuse.
The heavy use of variables allows defining custom versions of infrastructure with the ability to reuse an existing module. The use of Terraform reduces the time taken to learn specific command line interface (CLI) and API commands while maintaining a state of all resources.
The consistent approach, ability to modularize, define common variables centrally, and leverage a singular language to learn can increase a team’s ability to execute at massive scale and speed.
Servian Cloud Foundation is a flexible platform that permits easy integration into CI/CD pipelines and the code repository of your choice. It can be natively integrated into AWS services including AWS CodeCommit, AWS CodeBuild, AWS CodeDeploy, and AWS CodePipeline.
Alternatively, Servian Cloud Foundation can integrate into existing tools that teams may be using such as Jenkins, GitLab, GitHub Enterprise, or other cloud-based CI/CD tools. This allows easy integration into any existing processes, or to allow adoption of new tools and practices.
To maintain consistency of the deployment environment, Servian deploys Docker containers that run Terraform operations. The use of Docker permits integration into your tool of choice, such as Amazon Elastic Container Service (Amazon ECS) or Amazon Elastic Kubernetes Service (Amazon EKS). This flexibility allows faster adoption by utilizing existing processes and tools with the flexibility to adopt new tools.
State files are stored on Amazon S3 for resource state management.
Adoption of Servian Cloud Foundation
Servian Cloud Foundation is a comprehensive and collaborative engagement typically delivered over a four-week period (or less) depending on the size, complexity, customizations, and specific requirements.
There are two milestones during deployment that cover core platform infrastructure and operational and security oversight.
Milestone 1: Core Platform Infrastructure
- A standardized and expandable organizational account structure.
- Standardized and auditable approach to identity using AWS IAM roles and users.
- Core platform networking features VPC, subnets, routes, NACLs, security groups, connectivity.
- CI/CD pipeline for continuously testing and deploying changes to the cloud platform.
- High-level architecture diagram of the AWS foundation.
Milestone 2: Operational and Security Oversight
- Full visibility of all changes and events in your AWS platform using Amazon GuardDuty, AWS CloudTrail, and AWS Trusted Advisor.
- Security and operational policies deployed through AWS Config Rules with alerting on key risks built in.
- Centralized logging solution for seamless integration for all workloads, ready to be integrated into a SOC or SIEM solution.
- Automated Amazon EBS volume tagging through Amazon CloudWatch Events.
The core network, security, and operational capabilities required for a successful cloud journey are delivered as pre-built, extensible IaC to ensure a flexible and robust environment to set you up for success quickly and safely.
At the end of the foundation phase, customers will be ready to start deploying workloads, pending any customization required to satisfy security and operational concerns.
Customer Success Story
Betfair Pty Limited (Betfair Australia) is the Australian operation of the web betting exchange, Betfair. Established in 2005, Betfair Australia operates the country’s only betting exchange under a Northern Territory Betting Exchange License.
Since August 2014, Betfair Australia has been fully owned by Crown Resorts Limited. Betfair is the world’s largest, and Australia’s only, peer-to-peer wagering platform, providing services to their customers through web and mobile applications.
Challenge
Betfair wanted to create infrastructure in AWS that could enable innovation in their environment quickly and securely.
With a vision to establish AWS as a key part of the company’s IT infrastructure, Betfair wanted a design that was well-architected but also flexible and easy to support as they grew their use cases and usage of the platform through application and product builds and future service migrations.
With a lean technical team and desire to move faster, Betfair turned to Servian for assistance to uplift cloud infrastructure with a focus on automation.
Solution
By deploying Servian’s AWS solution, Betfair was able to move to an automated IaC solution that could automatically deploy new accounts through CI/CD pipelines.
Servian Cloud Foundation provided AWS CodePipelines to deploy new accounts with reusable architectural patterns, and AWS CodeBuild to run Terraform scripts to build out IaC. As Servian’s solution is built from code, the Betfair team was able to deploy and make changes as required.
Servian had the foundations up and running for Betfair in just three weeks.
Read the full customer case study >>
Conclusion
Servian Cloud Foundation accelerates cloud adoption following best practices in a secure, flexible, and consistent manner.
Using the experience gained over many years of working at scale with brands and businesses of all shapes and sizes, Servian Cloud Foundation is built to tackle cloud and DevOps adoption challenges.
Servian’s holistic approach to involving the customer into the tooling, processes, and best practices ensures customers can continually adopt the solution beyond the initial cloud foundation deployment.
Servian’s unique approach and extensive experience sets organizations on the right path and helps keep them there.
Servian – AWS Partner Spotlight
Servian is an AWS Partner specializing in cloud, DevOps, data, and managed services. Servian holds AWS Competencies in DevOps and Data and Analytics, and is a member of the AWS Public Sector and Solution Provider Partner Programs.
Contact Servian | Partner Overview
*Already worked with Servian? Rate the Partner
*To review an AWS Partner, you must be a customer that has worked with them directly on a project.