nClouds Client StoryEfabless

How nClouds helped Efabless modernize its integrated circuit (IC) design platform to improve performance efficiency and scalability, enhance security, and optimize costs.

About Efabless

Efabless, founded in April 2014, is the world’s first fabless electronics company to combine crowdsourcing with open community innovation. It has applied that concept to all aspects of analog and mixed-signal Integrated Circuit (IC) and Intellectual Property (IP) development and commercialization. Efabless serves as a marketplace for innovators by connecting a global community of skilled chip designers with a global community of customers. Its mission is to simplify the process of smart product creation and make it available to everyone. To learn more, go to https://www.efabless.com/

Efabless Logo
Industry

Application Specific Integrated Circuit (ASIC), Electronic Design Automation (EDA), Semiconductor

Location

San Jose, CA

Challenge

Modernize their integrated circuit (IC) design platform to improve performance efficiency and scalability, enhance security, and optimize costs.

Featured Services

DevOps Consulting Services, Containers, AWS Well-Architected Review, Cost Optimization

Download case study

Benefits Summary

icon

Improved performance efficiency and scalability

icon

Enhanced security

icon

Optimized costs

I could not be happier with nClouds. They worked hard to build a solid infrastructure on AWS that’s working as planned — we couldn’t have accomplished this without them.”
Greg Shaurette,

SVP Information Technology, Efabless

Challenge

Challenge: Modernize their integrated circuit (IC) design platform to improve performance efficiency and scalability, enhance security, and optimize costs.

Efabless had just received angel funding and wanted to modernize its Open Galaxy IC design platform to support future business growth.

Why AWS and nClouds

AWS recommended that Efabless collaborate with nClouds, an AWS Well-Architected Partner and Premier Consulting Partner in the AWS Partner Network, in an AWS Well-Architected Review of its production account. The Review — based on a set of architectural best practices for reviewing critical workloads running on AWS — revealed opportunities for infrastructure improvement, including security, reliability, performance efficiency, cost optimization, and operational excellence.

After the Review, Efabless opted to partner with nClouds to remediate these issues.


Efabless leveraged several Amazon Web Services:

  • Amazon CloudWatch (CloudWatch) - Monitors applications, responds to systemwide performance changes, optimizes resource utilization, and provides a unified view of operational health.
  • Amazon Elastic Compute Cloud (Amazon EC2) - A web service that provides Efabless with secure, resizable compute capacity in the cloud.
  • Amazon Elastic Container Service (Amazon ECS) - A highly scalable, high-performance container orchestration service that supports Docker containers and enables Efabless to run and scale containerized applications on AWS easily.
  • Amazon EventBridge - A serverless event bus that makes it easy to connect applications using data from your applications, integrated Software-as-a-Service (SaaS) applications, and AWS services. It delivers a stream of real-time data from event sources, such as Zendesk, Datadog, or Pagerduty, and routes that data to targets like AWS Lambda.
  • Amazon Simple Queue System (Amazon SQS) - Allows the team at Efabless to send, store, and receive messages between different applications in their environment.
  • Amazon Virtual Private Cloud (Amazon VPC) - Enables Efabless to provision a logically isolated section on AWS where they can launch AWS resources in a virtual network that they define.
  • AWS Auto Scaling - Monitors Efabless’s applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost.
  • AWS Availability Zone (AWS AZ) - One or more discrete data centers with redundant power, networking, and connectivity in an AWS Region, enabling Efabless to operate production applications and databases that are more highly available, fault-tolerant, and scalable than would be possible from a single data center.
  • AWS CloudFormation (CloudFormation) - Allows Efabless to treat its infrastructure as code, automate operations, and bring up new environments.
  • AWS CodeBuild - A fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy.
  • AWS CodeCommit - A fully-managed source control service that hosts secure Git-based repositories. It makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem. CodeCommit eliminates the need for Efabless to operate its source control system or worry about scaling its infrastructure.
  • AWS CodePipeline - A fully managed continuous delivery service that helps Efabless automate the build, test, and deploy phases of release pipelines to rapidly and reliably deliver features and infrastructure updates.
  • AWS Global Accelerator - A service that improves the availability and performance of Efabless’s applications with local or global users. It provides static IP addresses that act as a fixed entry point to application endpoints in a single or multiple AWS Regions, such as Application Load Balancers, Network Load Balancers, or Amazon EC2 instances.
  • AWS Identity and Access Management (IAM) - To control users' access to AWS services.
  • AWS Lambda (Lambda) - Enables Efabless to run code without provisioning or managing servers. Pay only for the compute time consumed — there is no charge when code is not running.
  • AWS Step Functions - A serverless function orchestrator that makes it easy for Efabless to sequence AWS Lambda functions and multiple AWS services into business-critical applications.
  • AWS Systems Manager - To provide visibility and control of the infrastructure.
  • Internet gateway - A horizontally scaled, redundant, and highly available VPC component that allows communication between Efabless’s VPC and the internet. It provides a target in Efabless’s VPC route tables for internet-routable traffic and performs network address translation (NAT) for instances that have been assigned public IPv4 addresses.
  • Network address translation (NAT) gateway - Enables instances in a private subnet to connect to the internet or other AWS services, but prevents the internet from initiating a connection with those instances.

Efabless’s solution stack also included additional, essential third-party tools:

  • Datadog - A monitoring and analytics tool to determine performance metrics and event monitoring for infrastructure and cloud services. The software can monitor services such as servers, databases, and tools.
  • GitLab - A complete DevOps platform for the entire software development and operations lifecycle, delivered as a single application.
  • Kong - An API gateway and platform that provides a flexible abstraction layer to securely manage communication between clients and microservices. It focuses on scalability, high performance & reliability. The Kong server, built on top of NGINX, processes the API requests and executes the configured plugins to provide additional functionalities to the underlying APIs before proxying the request upstream.
  • OpenVPN Access Server - A full-featured SSL VPN software solution to provide fine-grained access control of the infrastructure.

nClouds' Solution Architecture for Efabless

Efabless wanted to modernize Open Galaxy EDA — an open, integrated design implementation platform with best-in-class tools for advanced integrated circuit (IC) design — to better support its fast-growth business. They required custom scaling for the underlying infrastructure and a more robust monitoring system across all layers of the infrastructure.

The existing workload consisted of two main applications: a static content and marketplace application deployed on AWS Elastic Beanstalk (with 15 services), and an IC design platform running EDA software on Amazon EC2 Linux machines. It was challenging to manage and scale, and was performing compute-heavy tasks (such as simulation) on the machine itself, causing an adverse effect on the current design session.

nClouds began with an AWS Well-Architected Review to determine best practices required for a new version of Efabless’s Open Galaxy workload running on Amazon ECS.

Based on the findings of the Review, Efabless asked nClouds to enhance its security. nClouds integrated OpenVPN in an Amazon VPC, eliminated direct connections to Amazon EC2 machines from the public internet, enforced multi-factor authentication (MFA), eliminated keys associated with IAM users, and moved users to IAM roles to provide credentials dynamically for access to services such as Amazon EC2 and Lambda. AWS Systems Manager was implemented for configuration management and security-related operations like patching.

nClouds implemented infrastructure as code (IaC) for Efabless’s workload by capturing the existing infrastructure in CloudFormation code and synchronizing resources with CloudFormation.

Efabless asked nClouds to refine an existing proof of concept (PoC) to make it production-ready, and build out the AWS infrastructure and automation for the new platform based on best practices in reliability, operational excellence, and security.

nClouds remediated gaps as necessary, validated the solution for best practices in security and reliability, and developed a solution for scale-down. The next step was to do the non-prod infrastructure buildout, testing, and validation. nClouds set up CloudWatch monitoring, did the planning for prod migration, and then performed prod infrastructure buildout and deployment.

To refactor offline processing, nClouds designed and validated the solution, modified CloudFormation templates for new resources, validated use cases, and set up CloudWatch monitoring for additional components. Then, nClouds did the non-prod feature rollout, testing, and validation, followed by the prod feature rollout.

Impressed with nClouds’ DevOps expertise, Efabless asked nClouds to provide ongoing DevOps resources to augment its small team and maintain the infrastructure, including the CI/CD pipeline and various workloads. They also asked nClouds to build out the platform to the Singapore and Oregon Regions.

High-level architecture diagram:

Solution Architecture

The Benefits

Teaming with nClouds, Efabless now has a modernized IC design platform. The project has yielded numerous benefits:

icon

Improved performance efficiency and scalability

To gain visibility into workload performance and quickly resolve performance issues, nClouds implemented CloudWatch to collect performance-related metrics and integrated Datadog for application performance monitoring. AWS Global Accelerator improves global application availability and performance using the AWS global network. The new architecture includes an Amazon VPC with two AWS AZs to provide high availability, fault tolerance, and scalability. Amazon ECS provides scalability and high performance. AWS Auto Scaling adjusts capacity to maintain steady, predictable performance. AWS CodeCommit provides a secure and highly scalable ecosystem for collaboration.

icon

Enhanced security

The existing architecture had a HAProxy load balancer forwarding requests to services by using a public IP. To eliminate the public IP, nClouds replaced HAProxy with Kong, which provides a flexible abstraction layer that securely manages communication between clients and microservices via API. In the new architecture, Kong resides in the Amazon VPC.

OpenVPN eliminates direct connections to Amazon EC2 machines from the public internet. Users need to provide unique authentication from an AWS-supported MFA mechanism in addition to their regular sign-in credentials. IAM roles provide credentials dynamically for access to services such as Amazon EC2 and Lambda. To enhance the security of Amazon EC2 instances, nClouds implemented AWS Systems Manager for configuration management and security-related operations like patching. Amazon EventBridge helps Efabless automate its response to security events. NAT gateway prevents the internet from initiating a connection with instances in the private subnet.

icon

Optimized costs

To minimize the creation (and cost) of resources that aren’t required, nClouds assigned IAM policies to the IAM roles that were implemented. IAM policies control who can create and manage AWS resources, the type of resources that can be created, and where they can be created.

To proactively manage resources and reduce unnecessary costs, the new architecture includes AWS Systems Manager, which provides a detailed inventory of AWS resources and configuration for entity lifecycle tracking. Data from CloudWatch enables Efabless to make rightsizing decisions to optimize the cost of compute resources.

Using AWS Auto Scaling, a decommissioning process was implemented to automatically identify and remove unused resources and perform rightsizing operations. AWS Lambda and Amazon SQS remove the need for Efabless to manage resources and enable efficient cost allocation and attribution by scaling performance and cost in line with usage.

Contact Us Now

You can also email us directly at sales@nclouds.com for your inquiries or use the form below