Safe and Cost-Effective Infrastructure to Bring One-Click Deployment For a Cyber-Security Provider
Learn how IT Svit developed reliable, cost-efficient, and fully automated IaC to reduce deployment time from 8 h to 10 min for GlassWall Solutions Ltd.
GlassWall Solutions Ltd: Who are they?
GlassWall Solutions Ltd, a UK-based company, is passionate about making the world a safe place by delivering leading cyber-security solutions. GlassWall Solutions has developed innovative, quantum-leap-level security technology that provides unique protection against document-related cyberthreats. Businesses lose around $8,500 per hour due to ransomware-induced downtime. The ransom payment grew by 104%, up to $780,000. However, the worst is damage to reputation. Fortune 500 companies that have fallen victim to attacks have seen their reputations tarnished. It can take years to build credibility and only seconds to destroy it. It’s difficult to put an exact financial impact associated with the reputational loss but a recent study by Centrify found that 65% of consumers lost their trust in an organization after the breach. GlassWall Solutions provides real-time protection, profound inspection, rehabilitation, and cleansing of all possible file threats. GlassWall’s toolings handle documents, PDF, Word, Excel, images, etc. Plus, it is done without the use of detection signatures completely restoring clean, standard-related files while maintaining their full usability.
Deployment Heaven? Ready, set, go!
How fast should the service be provided if we talk about the security of the whole system and the whole business? In no time/as fast as possible, of course. GlassWall’s leaders subscribed to this opinion and partnered with IT Svit to analyze their existing deployment process and, if necessary, create a new architecture to make it faster. So, we took the challenge!
Challenge details: Audit of the current stack outlined the key bottlenecks for GlassWall. An 8-hour, manual, error-prone, and tangled AWS and VMWare ESXi deployment process with an inability to track the changes, their order, and author, which could lead to a lot of confusion. Plus, an application deployment configuration process was obscure and led to significant delivery lag and mounting development costs.
Our main objective: Over the course of 8-10 weeks, design and implement a solution for efficient, automated (one-click) deployment of multiple independent disposable Kubernetes clusters in the scope of AWS cloud using CloudFormation and VMWare ESXi, provide documentation with detailed diagrams, develop the option to automatically assign a static IPv4 address to VMs in VMWare ESXi deployment.
- Follow the Infrastructure as Code (IaC) approach during the development of infrastructure to make change management simple, transparent, clear, and decrease the troubleshooting time.
- Develop a new AWS and VMWare ESXi infrastructure architecture for fast, automated, and cost-effective deployment.
- Make an automated fleet of single-node, flexible Kubernetes clusters that could be launched in many copies with minimum configuration changes.
- Refactor manifests and helm charts to make the deployment configuration process easier.
- Implement a DHCP server for automated management of IP address leases in the VMWare ESXi environment.
- Support GlassWall’s team with tech documentation.
The project is open-source. For the IaC approach realization, we were supposed to utilize the AWS CloudFormation service. How did we pull this off? We used AWS CloudFormation to build an admin VM that can clone Git repo with Terraform code and execute it while the end-user interacts with CloudFormation template UI only. This allows simple dashboard deployment with a single click of a button. Plus, the CloudFormation stack can be shared leveraging one single link which leads users directly to the configuration page. With the configuration finished, users can launch the stack and get a copy of this particular infrastructure on their AWS account. To have a disposable Kubernetes cluster we built a custom AWS AMI. The AWS CloudFormation stack creates an Auto Scaling group from the AMI with k3s service and a Network Load Balancer. The k3s service provides a Kubernetes cluster with a proper public IP address. Therefore lots of independent clusters were launched. Clusters became easily adjustable. Helm charts and other manifests restructuring enabled predictable version changes tracking. With these upgrades in hand, teams spend less time on operations and application management.
For VMWare ESXi infrastructure automated management we developed Terraform manifests from scratch. We were provided with OVA that should be running there. The OVA wasn’t working as expected, so we converted OVA to VMDK and integrated it into the infrastructure we built. Additionally, using Terraform we created a DHCP server, to assign static IP leases to other VMs. Utilizing Mermaid, an UML diagrams tool that allows defining diagrams in markdown, we made helpful tech documentation for GlassWall’s team to operate the system independently.
Technologies we used:
In just 8 weeks, IT Svit came up with the solution for GlassWall that helped them achieve:
- Deployment time decreased from 8 hours to 10 minutes (48x faster deployment).
- Efficiency. Fewer resources (time/costs/employee-hours) are now required as code deployment has moved from a tedious, manual process to a codified, automated mechanism.
- Customer satisfaction rate is significantly increased as GlassWall assists and addresses customer needs much faster and more efficiently now. Plus, GlassWall Solutions are currently able to optimize their performance to further support the greater cyber-security industry.
Alongside these benefits, IT Svit strengthened the GlassWall team’s capabilities of operating well-developed infrastructure within their SDLC. IT Svit’s blueprint for IaC and CI/CD can be replicated amongst engineering teams across the organization. What’s more, GlassWall can now take advantage of cloud-based development technologies to cut down their data center costs and focus on enhancing AWS cloud development and IaC capabilities. Their product and its infrastructure are now highly available, scalable, and durable, requiring less effort to handle all possible issues. With the GlassWall Solutions Ltd project, we designed and set up architecture to accelerate their deployment velocity at most for GlassWall’s customers to get the best possible services.
Final thoughts: Great ideas deserve great implementation!
IT Svit is all about helping our partners achieve the business objectives through sharp technical performance and reduced operational and development costs. To fulfill this daring goal we provide a full range of DevOps services including CI/CD services, IaC services, GCP/AWS/MS Azure infrastructure architecture design and implementation, DevOps transformation, DevOps consulting, and many others. Feel free to share any questions, comments or send your project description using the form below.