Our client is one of the world’s leading music company which owns and operates several businesses such as recorded music, music publishing, merchandising and audiovisual content.
The Central Catalogue Application is one of the key applications in our client side. The purpose of the application is to act as a media repository for client’s Business Users. The application combines data from multiple client source systems that include Metadata information, Release schedule for products and so on.
One of the primary media is asset ‘Cover Art’. Business users from across territories use the application to download ‘Cover Art’ and print it for label and promotion purposes.
The environment for the Central Catalogue Application was residing On-Premise within the client datacenter. In order to be able to optimize on hardware and licensing costs as well take advantage of the agility and cost benefits of cloud platform, our client decided to modernize their application by migrating the environment to AWS.
- The physical hardware on which the application was hosted was due for a refresh. This means additional Capex to procure new servers, thereby increased costs
- System upgrades to the physical servers required downtime and impacted availability of the application
- Multiple applications were hosted on the same hardware, hence impacted performance during peak usage
- Scalability of the application was limited by the hardware configuration
- Storage space limitations due to increasing number of images stored on physical servers
- Poor user experience with deteriorating hardware performance
- The MS SQL database on prem was migrated to Windows Servers running on Amazon EC2
- DB size of 1.5 TB migrated
- Migrated SSIS packages
- Upgraded application to support .Net framework 4.5
- Implemented TLS 1.2 security
- Application code was moved to Github
- Verismic is used as the Cloud Management Suite
- AWS CloudTrail is enabled as a default
To fulfill SocialHi’5 need for a client self-service portal that was also easy to maintain, Agilisium’s 5-member expert team built a custom web application with a heavy focus on the visualization of campaign outcomes. They also developed in parallel a DevOps process to maintain, scale and operate this portal.
Web Application Architecture
A variety of AWS services and some open source technologies were used to build and run the web application. The web layer used the PHP framework, included a login and authentication system, and used AWS QuickSight to render its outcome dashboards.
The app layer was built on Python, and the backend services were run on Elastic Container Service (ECS) dockers with Auto Scaling and Auto Load Balancing (ALB) to ensure high availability of the portal. The database was run in a private subnet and used RDS MySQL as the database service.
As mentioned earlier, SocialHi5 necessitated that the solution offered was easy to maintain, scale, and operate. To that end, Agilisium’s DevOps engineers developed a 2-part DevOps process focusing on
- CI/CD for web application development
- Infrastructure Provisioning for maintenance.
Continuous Integration/Continuous Deployment (CI/CD Process)
All application (Web & App Tier) maintenance was articulated via AWS’s Code Pipeline. AWS’s Code Commit, Code Deploy, and Code Build services were invoked to automate the enhancement and maintenance of the self-service portal.
CI/CD Process Flow: Web Tier
CI/CD Process Flow: Web Tier
All infrastructure was hosted on an exclusive SocialHi5 Virtual Private Cloud (VPC), to add an extra layer of confidentiality. AWS CloudFormation templates were used to spin up and maintain a host of AWS services utilized for the self-service portal.
Serverless Web application hosting: EC2, ECS, RDS, S3, SSM, VPC, NAT Gateway, ALB with Autoscaling Group, LAMBDA, Certificate Manager, Route53 were some of the services used to get the portal live.
Security: Web Application Firewall (WAF) was used with Cross-site scripting, Geo match, and SQL injection rules to protect from common cyber threats in conjunction with the AWS inspector service.
Monitoring and Logging: CloudWatch, OpsWorks, Config & Inspector services were also invoked to cover configuration management, logging, and monitoring of the application and infrastructure.
- CloudTrail logs are stored on Amazon S3
- Amazon CloudWatch metrics are enabled to check the health of each component
- PRTG (third party tool) is used for monitoring the health of the environment
- Syxsense tool is used for end point security
- Nessus is used for vulnerability & security scan
- IAM best practices and principles are followed
- Least privileged access is provided
- Unique non-root credentials are provided
- Programmatic access for API calls
- Security groups are defined to restrict traffic
- All Data stores are in private subnet
- Upgrading the application framework to the latest increased the performance of the application significantly. It also enabled the application for new enhancements
- Increased Scalability and Agility that is built into the solution. The limitations that existed with on-prem hardware were eliminated
- Upgrading the Transaction Layer Security (TLS) to newer version increased the security posture of the solution significantly