nClouds Client Story Superside

How nClouds helped Superside migrate services from AWS Elastic Beanstalk to AWS Fargate on Amazon ECS to improve performance efficiency, enhance security, and optimize costs.

About Superside

Superside is a VC-backed (Y-Combinator) always-on company that supplies marketing and sales design, at scale, to enterprise teams. Benefiting from the gig economy, Superside provides its clients with a dedicated team of pre-screened freelance designers via a design subscription service. Superside’s platform enables design collaboration, and it delivers reliable and fast (12-hour) turnarounds at one-third the typical agency cost. To learn more, go to www.superside.com.

Industry

Online, Subscription Design Services

Location

Palo Alto, CA

Challenge

Improve performance efficiency, enhance security, and optimize costs.

Featured Services

Migration, DevOps — Infrastructure Buildout using GitOps methodology

Download Case Study

Benefits Summary

icon

Improved performance efficiency

icon

Enhanced security

icon

Optimized costs

We were impressed with nClouds’ recommended architecture for a unified deployment platform. They truly became an extension of Superside’s team as we implemented the migration.”
Jing Kjeldsen,

CTO & Co-founder, Superside

Why AWS and nClouds

An AWS account manager introduced nClouds to the Superside team. After a series of calls to discuss Superside’s current-state architecture, nClouds determined that Superside would benefit by migrating services from AWS Elastic Beanstalk to AWS Fargate on Amazon ECS, and converting staging from Amazon RDS for MySQL to Amazon Aurora MySQL. Impressed with nClouds’ assessment, Superside decided to move forward with nClouds’ proposal.

Superside leveraged several Amazon Web Services:

    AWS Partner
  • Amazon Aurora MySQL - A fully managed, MySQL-compatible, relational database engine that combines the speed and reliability of high-end commercial databases with the simplicity and cost-effectiveness of open-source databases.
  • Amazon CloudFront - A large-scale, global, and feature-rich CDN that provides Superside with secure, scalable, and intelligently integrated application delivery.
  • Amazon CloudWatch - Monitors applications, responds to system-wide performance changes, optimizes resource utilization, and provides a unified view of operational health.
  • Amazon ElastiCache for Redis - An in-memory data structure service to enhance the ease-of-use and power of Redis, and improve availability, reliability, scalability, security, and performance.
  • Amazon Elastic Container Service (Amazon ECS) - A highly scalable, high-performance container orchestration service that supports Docker containers and enables Superside to run and scale containerized applications on AWS easily.
  • Amazon Elasticsearch Service - A fully managed service that makes it easy for Superside to deploy, secure, and operate Elasticsearch at scale with zero downtime.
  • Amazon GuardDuty - A managed threat detection service that provides Superside with a more accurate and easy way to continuously monitor and protect their AWS accounts and workloads.
  • Amazon Route 53 - A highly available and scalable cloud Domain Name System (DNS) web service, to provide a reliable and cost-effective way to route Superside’s end users to internet applications.
  • Amazon Simple Notification Service (Amazon SNS) - A highly available, durable, secure, fully managed pub/sub messaging service that enables Superside to decouple microservices, distributed systems, and serverless applications.
  • Amazon Simple Queue System (Amazon SQS) - Allows Superside’s team to send, store, and receive messages between different applications in their environment.
  • Amazon Virtual Private Cloud (Amazon VPC) - Enables Superside to provision a logically isolated section of the AWS Cloud where they can launch AWS resources in a virtual network that they define.
  • Amazon VPC NAT Gateway - A Network Address Translation managed service that makes it easy for Superside to connect to the internet from instances within a private subnet in an AWS Virtual Private Cloud (VPC).
  • AWS Application Load Balancer (AWS ALB) - To support content-based routing and applications that run in containers.
  • AWS Auto Scaling - Monitors Superside’s applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost.
  • AWS Fargate - Enables Superside to run containers without having to manage servers or clusters.
  • AWS Identity and Access Management (AWS IAM) - To control users' access to AWS services.
  • AWS Security Hub - Aggregates, organizes and prioritizes security alerts or findings from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Identity and Access Management (IAM) Access Analyzer, and AWS Firewall Manager, as well as from AWS Partner solutions. It continuously monitors the environment using automated security checks based on the AWS best practices and industry standards.
  • AWS Systems Manager Parameter Store - Provides Superside with secure, hierarchical storage for configuration data management and secrets management.
  • AWS Web Application Firewall (AWS WAF) - Helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources.
  • Internet gateway - A horizontally scaled, redundant, and highly available VPC component that allows communication between Superside’s VPC and the internet. It provides a target in Superside’s VPC route tables for internet-routable traffic and performs network address translation (NAT) for instances that have been assigned public IPv4 addresses.

Superside‘s solution stack also included additional, essential third-party tools:

  • Clair - An open-source API-driven analysis engine that inspects containers — App Containers (appc) and Docker containers — layer-by-layer for known security flaws.
  • Datadog - A cloud monitoring service providing visibility into Superside’s entire environment.
  • GitOps - A methodology where git is the single source of truth for the entire DevOps workflow.
  • HashiCorp Terraform - An open-source tool that codifies APIs into declarative configuration files to enable Superside to safely and predictably create, change, and improve infrastructure.
  • Jenkins - An open-source automation server written in Java, to support CI/CD.
  • OpenVPN Access Server - A full-featured SSL VPN software solution to provide fine-grained access control of the infrastructure.
  • SonarQube - An open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.

nClouds' Solution Architecture for Superside

Superside wanted a unified deployment platform to provide improved performance efficiency, enhanced security, and optimized costs for their compute workload.

Superside's existing workload had services running in AWS Elastic Beanstalk (in multi-container Docker mode), and Amazon Elastic Container Service (Amazon ECS). nClouds used HashiCorp Terraform to build the infrastructure to support apps in a serverless environment using AWS Fargate on Amazon ECS, and built a CI/CD pipeline for these services in Jenkins (replacing Atlassian Bamboo). The new Amazon ECS cluster has multi-zone availability, AWS Auto Scaling policies, and integration with AWS Systems Manager Parameter Store.

Before migration, Superside was using two databases — RDS Aurora MySQL in prod and RDS MySQL in staging. Post-migration, Aurora MySQL is being used in both prod and staging.

nClouds used GitOps methodology to provide Superside’s new architecture with infrastructure as code (IaC), system configuration as code, application configuration as code, and application source code.

In the new architecture, AWS Security Hub, Amazon GuardDuty, Amazon SQS, Amazon SNS, Amazon CloudWatch, Amazon Route 53, and Datadog reside on AWS.

nClouds implemented an Amazon VPC on AWS consisting of a multi-AZ setup (three AZs) to handle failover. Within the Amazon VPC resides AWS ALB, AWS WAF, Amazon CloudFront, three private subnets, and three public subnets.


  • AWS Fargate resides in the private subnet in each of the three AZs.
  • Amazon ElastiCache for Redis and Clair reside in the private subnet in AZ A.
  • Amazon Elasticsearch Service and Jenkins reside in the private subnet in AZ B.
  • Amazon Aurora MySQL and SonarQube reside in the private subnet in AZ C.
  • OpenVPN resides in the public subnet in AZ B.

An internet gateway enables two-way communication between public subnets and the internet. An Amazon VPC NAT Gateway enables a one-way connection for resources in the private subnet to access the internet.

High-level architecture diagram:


Solution Architecture

The Benefits

Teaming with nClouds, Superside migrated services from AWS Elastic Beanstalk to AWS Fargate on Amazon ECS to create a unified deployment platform for their compute workload. The project has yielded numerous benefits:

icon

Improved performance efficiency

nClouds integrated Distributed Load Testing for Superside’s web application in the build stage to capture performance metrics that identify bottlenecks or excess capacity. Amazon CloudFront accelerates both static content such as images, scripts, and videos, as well as dynamic content such as APIs or web applications. AWS ALB distributes incoming application traffic across multiple targets in multiple AZs to improve application availability. Amazon Route 53’s latency-based routing helps improve Superside’s application performance for a global audience.

icon

Enhanced security

The new infrastructure includes AWS Security Hub to aggregate, organize, and prioritize security alerts or findings from multiple AWS services. IAM users have been moved to IAM roles wherever possible to enable the granting of temporary access to AWS resources for a particular user instead of providing automated access. OpenVPN in a public subnet provides secured access to Amazon EC2 servers in the private subnet. Amazon GuardDuty is enabled in the Region where the workload is deployed. Managed rules have been implemented for Superside’s existing AWS Web Application Firewall (AWS WAF). SonarQube and Clair were integrated during the build stage of the CI/CD pipeline.

icon

Optimized costs

Superside’s containers have been cost-optimized by implementing need-based scalability. Amazon SQS and Amazon SNS scale in performance and cost in line with usage, allowing efficient cost allocation and attribution. AWS Auto Scaling adjusts Superside’s capacity to maintain steady, predictable performance at the lowest possible cost.

Contact Us Now

You can also email us directly at sales@nclouds.com for your inquiries or use the form below