Efabless, founded in April 2014, is the world’s first fabless electronics company to combine crowdsourcing with open community innovation. It has applied that concept to all aspects of analog and mixed-signal Integrated Circuit (IC) and Intellectual Property (IP) development and commercialization. Efabless serves as a marketplace for innovators by connecting a global community of skilled chip designers with a global community of customers. Its mission is to simplify the process of smart product creation and make it available to everyone. To learn more, go to https://www.efabless.com/
Application Specific Integrated Circuit (ASIC), Electronic Design Automation (EDA), Semiconductor
San Jose, CA
Modernize their integrated circuit (IC) design platform to improve performance efficiency and scalability, enhance security, and optimize costs.
DevOps Consulting Services, Containers, AWS Well-Architected Review, Cost Optimization
Improved performance efficiency and scalability
I could not be happier with nClouds. They worked hard to build a solid infrastructure on AWS that’s working as planned — we couldn’t have accomplished this without them.”
SVP Information Technology, Efabless
Efabless had just received angel funding and wanted to modernize its Open Galaxy IC design platform to support future business growth.
AWS recommended that Efabless collaborate with nClouds, an AWS Well-Architected Partner and Premier Consulting Partner in the AWS Partner Network, in an AWS Well-Architected Review of its production account. The Review — based on a set of architectural best practices for reviewing critical workloads running on AWS — revealed opportunities for infrastructure improvement, including security, reliability, performance efficiency, cost optimization, and operational excellence.
After the Review, Efabless opted to partner with nClouds to remediate these issues.
Efabless wanted to modernize Open Galaxy EDA — an open, integrated design implementation platform with best-in-class tools for advanced integrated circuit (IC) design — to better support its fast-growth business. They required custom scaling for the underlying infrastructure and a more robust monitoring system across all layers of the infrastructure.
The existing workload consisted of two main applications: a static content and marketplace application deployed on AWS Elastic Beanstalk (with 15 services), and an IC design platform running EDA software on Amazon EC2 Linux machines. It was challenging to manage and scale, and was performing compute-heavy tasks (such as simulation) on the machine itself, causing an adverse effect on the current design session.
nClouds began with an AWS Well-Architected Review to determine best practices required for a new version of Efabless’s Open Galaxy workload running on Amazon ECS.
Based on the findings of the Review, Efabless asked nClouds to enhance its security. nClouds integrated OpenVPN in an Amazon VPC, eliminated direct connections to Amazon EC2 machines from the public internet, enforced multi-factor authentication (MFA), eliminated keys associated with IAM users, and moved users to IAM roles to provide credentials dynamically for access to services such as Amazon EC2 and Lambda. AWS Systems Manager was implemented for configuration management and security-related operations like patching.
nClouds implemented infrastructure as code (IaC) for Efabless’s workload by capturing the existing infrastructure in CloudFormation code and synchronizing resources with CloudFormation.
Efabless asked nClouds to refine an existing proof of concept (PoC) to make it production-ready, and build out the AWS infrastructure and automation for the new platform based on best practices in reliability, operational excellence, and security.
nClouds remediated gaps as necessary, validated the solution for best practices in security and reliability, and developed a solution for scale-down. The next step was to do the non-prod infrastructure buildout, testing, and validation. nClouds set up CloudWatch monitoring, did the planning for prod migration, and then performed prod infrastructure buildout and deployment.
To refactor offline processing, nClouds designed and validated the solution, modified CloudFormation templates for new resources, validated use cases, and set up CloudWatch monitoring for additional components. Then, nClouds did the non-prod feature rollout, testing, and validation, followed by the prod feature rollout.
Impressed with nClouds’ DevOps expertise, Efabless asked nClouds to provide ongoing DevOps resources to augment its small team and maintain the infrastructure, including the CI/CD pipeline and various workloads. They also asked nClouds to build out the platform to the Singapore and Oregon Regions.
Teaming with nClouds, Efabless now has a modernized IC design platform. The project has yielded numerous benefits:
To gain visibility into workload performance and quickly resolve performance issues, nClouds implemented CloudWatch to collect performance-related metrics and integrated Datadog for application performance monitoring. AWS Global Accelerator improves global application availability and performance using the AWS global network. The new architecture includes an Amazon VPC with two AWS AZs to provide high availability, fault tolerance, and scalability. Amazon ECS provides scalability and high performance. AWS Auto Scaling adjusts capacity to maintain steady, predictable performance. AWS CodeCommit provides a secure and highly scalable ecosystem for collaboration.
The existing architecture had a HAProxy load balancer forwarding requests to services by using a public IP. To eliminate the public IP, nClouds replaced HAProxy with Kong, which provides a flexible abstraction layer that securely manages communication between clients and microservices via API. In the new architecture, Kong resides in the Amazon VPC.
OpenVPN eliminates direct connections to Amazon EC2 machines from the public internet. Users need to provide unique authentication from an AWS-supported MFA mechanism in addition to their regular sign-in credentials. IAM roles provide credentials dynamically for access to services such as Amazon EC2 and Lambda. To enhance the security of Amazon EC2 instances, nClouds implemented AWS Systems Manager for configuration management and security-related operations like patching. Amazon EventBridge helps Efabless automate its response to security events. NAT gateway prevents the internet from initiating a connection with instances in the private subnet.
To minimize the creation (and cost) of resources that aren’t required, nClouds assigned IAM policies to the IAM roles that were implemented. IAM policies control who can create and manage AWS resources, the type of resources that can be created, and where they can be created.
To proactively manage resources and reduce unnecessary costs, the new architecture includes AWS Systems Manager, which provides a detailed inventory of AWS resources and configuration for entity lifecycle tracking. Data from CloudWatch enables Efabless to make rightsizing decisions to optimize the cost of compute resources.
Using AWS Auto Scaling, a decommissioning process was implemented to automatically identify and remove unused resources and perform rightsizing operations. AWS Lambda and Amazon SQS remove the need for Efabless to manage resources and enable efficient cost allocation and attribution by scaling performance and cost in line with usage.
You can also email us directly at firstname.lastname@example.org for your inquiries or use the form below