nClouds Client Story BKJ Digital

How nClouds helped BKJ Digital migrate their application stack to Kubernetes on AWS for increased flexibility, improved infrastructure reliability, and enhanced security and compliance.

About BKJ Digital

BKJ Digital is a distributed team of engineers, strategists, designers, and problem-solvers that delivers product and software strategy, engineering, and enablement to enterprises. They provide their clients with strategic consulting, solution planning, user experience design (UX), visual design, and a complete suite of development, testing, and hosting services. To learn more, go to www.bkjdigital.com.

Industry

IT Services, Product Strategy & Engineering

Location

San Francisco, CA

Challenge

Enhance the flexibility, infrastructure reliability, security, and compliance of their application stack to support their fast-growth business.

Featured Services

Migration, DevOps Services – Infrastructure Build-Out and Automation, Containers, CI/CD.

Download Case Study

Benefits Summary

icon

Increased flexibility

icon

Improved reliability

icon

Enhanced security and compliance

The BKJ Digital team needed to migrate a fleet of production applications from a legacy infrastructure provider to a modern, flexible, Kubernetes-based stack. The nClouds team's deep experience with Kubernetes on Amazon EKS helped us plan and execute our migration to AWS in record time.”
Ben Durbin,

Director of Technology, BKJ Digital

Challenge

Challenge: Enhance the flexibility, infrastructure reliability, security, and compliance of their application stack to support their fast-growth business.

BKJ Digital needed a sophisticated compute platform for their fast-growth business that provided the performance efficiency of a flexible, reliable infrastructure, and met the security and compliance requirements of their end-customers. They wanted to migrate their production applications from a legacy infrastructure provider to a modern, flexible, Kubernetes-based stack.

Why AWS and nClouds

AWS recommended that BKJ Digital work with nClouds, a Premier Consulting Partner in the AWS Partner Network (APN), because of its AWS DevOps Competency and AWS Migration Competency status and deep experience in those areas.

BKJ Digital leveraged several Amazon Web Services:

    AWS Partner
  • Amazon ElastiCache for Memcached - A managed, Memcached-compatible, in-memory store that provides sub-millisecond latency to power real-time applications.
  • Amazon Elastic Container Registry (Amazon ECR) - A fully managed Docker container registry integrated with Amazon ECS that makes it easy for BKJ Digital to store, manage, and deploy Docker container images.
  • Amazon Elastic Container Service for Kubernetes (Amazon EKS) - Makes it easy for BKJ Digital to deploy, manage, and scale containerized applications using Kubernetes on AWS across multiple AWS availability zones to eliminate a single point of failure.
  • Amazon Elastic File System (Amazon EFS) - Provides BKJ Digital with a simple, scalable, fully managed elastic network file system (NFS) for use with AWS services.
  • Amazon Elasticsearch Service - A fully managed service that makes it easy for BKJ Digital to deploy, secure, and operate Elasticsearch at scale with zero downtime.
  • Amazon GuardDuty - A managed threat detection service that provides BKJ Digital with an accurate and easy way to continuously monitor and protect their AWS accounts and workloads.
  • Amazon Inspector - An automated security assessment service that helps improve the security and compliance of applications deployed on AWS.
  • Amazon RDS for MariaDB - Makes it easy for BKJ Digital to set up, operate, and scale MariaDB server deployments in the cloud by managing time-consuming database administration tasks including backups, software patching, monitoring, scaling, and replication.
  • Amazon Virtual Private Cloud (Amazon VPC) - Enables BKJ Digital to provision a logically isolated section of the AWS where they can launch AWS resources in a virtual network that they define.
  • AWS Application Load Balancer (AWS ALB) - To support content-based routing and applications that run in containers.
  • AWS Systems Manager Parameter Store - Provides BKJ Digital with secure, hierarchical storage for configuration data management and secrets management.

BKJ Digital’s solution stack also included additional, essential third-party tools:

  • Alert Logic - Seamlessly connects an award-winning security platform, cutting-edge threat intelligence, and expert defenders to provide security and peace of mind for businesses 24/7.
  • Apache Solr - A standalone, full-text open-source search platform written in Java, from the Apache Lucene project. It provides distributed search and index replication.
  • ELK Stack - An end-to-end stack that delivers actionable insights in real time from almost any type of structured and unstructured data source.
  • Jenkins - An open-source automation server written in Java, to support CI/CD.
  • Prometheus - An open-source systems monitoring and alerting toolkit.
  • Varnish Cache - A web application accelerator (also known as a caching HTTP reverse proxy) designed for content-heavy dynamic web sites as well as APIs. It typically speeds up delivery by a factor of 300x - 1000x, depending on the architecture.

nClouds' Solution Architecture for BKJ Digital

BKJ Digital engaged with nClouds to help them migrate their application stack from SoftLayer (IBM Cloud) to AWS.

nClouds began by performing a Migration Readiness Assessment (MRA). BKJ Digital’s pre-migration infrastructure on SoftLayer had a self-managed MySQL database, Apache Solr servers, network-attached storage (NAS), applications on VMs, containerized applications on Docker Swarm, load balancers, a utility server, and no managed services. The workload on SoftLayer had five web applications and four backend CMS Applications (on the Drupal content management platform). The web applications were jointly running on three servers. All web applications had a Varnish Cache in front of them. The backend applications were running on Docker Swarm. Most applications were containerized.

During the assessment phase of the MRA, BKJ Digital indicated that they needed a sophisticated compute platform (re-platforming), with a caveat that downtime be minimized. They had security and compliance requirements from their end-customers and wanted managed services wherever possible.

During the readiness and planning phase, nClouds determined that BKJ Digital had a pilot and PoC workload already on AWS and needed to be better aligned with the AWS Cloud Adoption Framework. They had an Amazon EKS Cluster and network infrastructure in place (using Terraform), had two services running, and were using AWS CodePipeline and AWS CodeBuild for CI/CD. Their ELK Stack included Amazon Elasticsearch Service, Logstash, and Kibana running on Amazon Elastic Compute Cloud (Amazon EC2). Re-platforming was not a fit for some applications, and a hybrid model (existing setup plus AWS) would be feasible for some time.

During the migration phase, nClouds’ migration team integrated with BKJ Digital’s existing team to implement faster infrastructure build-out using the nClouds code library, best practices for CI/CD and monitoring, and multiple environments with an infrastructure as code (IaC) approach. nClouds evaluated all services for proper containerization practices and provided feedback to BKJ Digital’s development team to fix gaps.

In the new infrastructure, there is a prod VPC and a utility VPC on AWS. Each Amazon VPC connects to the internet through an attached Internet Gateway and has AWS Systems Manager Parameter Store and Amazon ECR. There are three Availability Zones (AZs) in the prod VPC and two AZs in the utility VPC.

In the prod VPC are the following:

  • One public subnet and two private subnets in each AZ.
  • AWS ALB in each public subnet.
  • Varnish Cache in private subnets #1, #3, and #5.
  • Compute workload (including application servers and Apache Solr) running on Amazon EC2 servers that are a part of Amazon EKS.
  • Application servers in private subnets #1, #3, and #5.
  • Apache Solr in private subnet #1.
  • Managed services including Amazon RDS for MariaDB (in private subnet #2), Amazon ElastiCache for Memcached (in private subnet #4), and Amazon Elasticsearch Service (as a part of the ELK Stack for log aggregation, in private subnet #5).
  • Prometheus and the ELK Stack provide monitoring.
  • Security provided by Alert Logic, Amazon Inspector, and Amazon GuardDuty.
  • Amazon EKS cluster and Amazon EFS in private subnet #6.

In the utility VPC are the following:

  • Jenkins master in private subnet #2 and Jenkins agents in private subnets #1 and #3.
  • Alert Logic scanner (in private subnet #1) and Alert Logic IDS (in private subnet #3).
  • Amazon EKS cluster and OpenVPN in private subnet #4.

High-level architecture diagram:


Prod VPC

Solution Architecture

Utility VPC

Solution Architecture

The Benefits

Teaming with nClouds, BKJ now has a sophisticated compute platform for their fast-growth business. The project has yielded numerous benefits:

icon

Increased flexibility

BKJ Digital required a hybrid model (a combination of the existing setup and AWS), as re-platforming was not a fit for some of their applications. Kubernetes provides this flexibility because it works with virtually any type of container runtime and any type of underlying infrastructure — whether it is a public cloud, a private cloud, or an on-premises server.

icon

Improved reliability

BKJ Digital achieved improved reliability by implementing monitoring of their workload components. An AWS Application Load Balancer (AWS ALB) in each of the public subnets provides support for monitoring the health of each AWS service independently. Reliability is also supported by Prometheus’ monitoring and alerting toolkit and ELK Stack’s real-time actionable insights and centralized logging.

icon

Enhanced security and compliance

BKJ Digital’s workload is protected at the AWS account level by Amazon GuardDuty’s continuous detection of malicious activity and unauthorized behavior. Vulnerability management is provided by Amazon Inspector’s configuration assessments against BKJ Digital’s instances for known common vulnerabilities and exposures (CVEs) against security benchmarks, with automated notification of defects. Alert Logic provides managed detection and response (MDR) coverage.

Contact Us Now

You can also email us directly at sales@nclouds.com for your inquiries or use the form below