Bxp software in AWS Cloud Services

From All n One's bxp software Wixi

Jump to: navigation, search

bxp software upgrade to AWS Cloud Services

1 Overview

At bxp we are constantly looking to the future and, in particular, the future needs of our clients. A steady growth in our client base has led to a commensurate increase in the number of individual users and the amount of data being handled. In addition, clients require ever more complex solutions that often become deeply embedded business processes. This has, in turn, produced a demand for the best possible data and system security along with greater flexibility and facility for expansion.

In early 2019, therefore, we initiated the project that has led to the implementation of a solution that will meet and exceed these needs for the foreseeable future.

This has been a significant investment on our part and we are now confident of providing the best possible solutions to our clients for many years to come.

2 Solution

We reviewed a range of possibilities and decided that Amazon Web Services (AWS) would most suit the current and future demands of our clients.

We have therefore moved from our previous high-availability SunGard AS Infrastructure to an AWS environment with even stronger services and off-site business continuity facility.

The move involved migration of client data from the previous Sungard location to the new AWS environment and was jointly supervised by bxp, AWS and Sungard AS who will continue to provide bxp with best-in-class management in support of the new service. (https://www.sungardas.com/en-IE/company/technology-partners/amazon-web-services/)

3 Offering

3.1 Overview

Sungard Provide

• Configuration, implementation and configuration changes

• Patch management & installation and availability monitoring

• Incident management and problem resolution of Elastic Cloud Compute (EC2) instances and Elastic Block Storage (EBS) volumes hosted in AWS

• Virtual Private Cloud (VPC) and Security Group (Firewall) creation, configuration, implementation, configuration changes, availability monitoring, creation of backup and restore firewall rules, incident management and problem resolution

• Elastic Load Balancer (ELB) creation, configuration, implementation, configuration changes, availability monitoring, creation of backup and restore load balancing rules, incident management and problem resolution

• Public interface creation, configuration and management for Internet access to the customer’s VPC

• Creation of an internal VLAN and sub-allocated VLANs in accordance with the customer’s VPC

• Backup policy creation, configuration, implementation, configuration changes, availability monitoring, incident management and problem resolution in accordance with the EC2 instances managed by Sungard AS

Managed Cloud – Cloud OS Managed Solutions: Features

Sungard provide • Initial operating system build and operating system level backup configuration

• Operating system configuration changes upon Customer request

• Management of system administration security access

• Installation of antivirus software identified in the Sungard AS Antivirus Policy

4 Data

We carefully reviewed the data migration process to assess the most secure and efficient way to move client data and, as a result, broke the process down into seven steps.

1. Pre-migration planning o Evaluate the data being moved for stability o Analyse if and how the client’s data is currently growing o Analyse level of customisation

2. Project initiation o Identify and brief key stakeholders o Ensure all clients are aware of the Data Migration Plan

3. Landscape analysis o Establish robust data quality rules and management process o Brief the client on the goals of the project, if required. o Brief the client on shutting down legacy systems, if required

4. Solution design o Determine what data to move o Determine the quality of that data, pre and post move

5. Build & test o Code the migration logic o Test the migration with a mirror of the production environment

6. Execute & validate o Demonstrate that the migration has complied with requirements o Demonstrate that the data moved is viable for business use

7. Decommission & monitor o Shut down and dispose of old systems o Confirm project completion to clients.

4.1 The data move process

We used an SFTP method to encrypt the data in transit with the exchange algorithm configured to run using Elliptic-curve Diffie–Hellman key agreements with a minimum security of AES-256. (https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman)

The exchange was conducted between two Windows based servers using the highest levels of encryption available after being password protected on the live server before the SFTP transfer using AES-256.

After the first password was added the data was transferred through the SFTP server in the SunGard environment, to the AWS environment. During transfer the data was further protected through the ECDH265 encapsulation provided by the SFTP. (https://www.bitvise.com/secure-file-transfer-server-sftp-ftps-ssh-scp)

As the data left the Sungard environment it had an additional layer of encryption added by the SunGard Cisco Firewall that was not be unencrypted until it reached the AWS firewall. (https://www.cisco.com/c/en/us/td/docs/net_mgmt/vpn_solutions_center/2-0/ip_security/provisioning/guide/IPsecPG1.html)

5 Managed Responsibilities

Summary of Offering • HA Web Servers

• Mail Servers

• HA DB Servers

• Single Test Server

• Single Hmail Server

• Single SFTP Server

5.1 All n One Responsibilities

• Install, setup and management of MySQL DB

• Installation, configuration and management of all applications above the OS

• Configuration and management of MySQL replication and ongoing DB management

• Setup and management of IIS on Web Servers

• Setup and management of SFTP server apps

• Setup and management of Test server apps

• File-level backup

• Migration of data from the legacy environment to AWS

5.2 Sungard Responsibilities

• Install, configuration and management of instances up to the Operating System

• Configuration and management of load balancers, security groups (firewalls) and VPN's

• Security patch management of all managed instance

• Anti-Virus management of all managed instances

• Monitoring of all managed instances

• Snapshot backup of all instance (1 per night, overwritten each night)

6 Email Solution

bxp software is able to harness the power of email and allows clients to leverage the medium to improve business processes and speed up operations. Whilst individual tools like Microsoft Outlook are ideal for processing an email account, bxp is focused on mass email sending and the move to AWS has also generated improvements for clients who use the system to process mass emails including:

• Faster mail download

• Faster email connection to bxp

• Better mail output (reputation)

6.1 Improved Email Reputation

Email deliverability is a feedback loop that indicates whether or not you’re sending the right content to the right contacts at the right time. bxp email engagements such as clicks and opens contribute constructively to our email sending reputation. Higher rates of positive engagements improve penetration levels and reduce the chances of denial by a spam filter.

We have also improved the strength of our DMARC records and email deliverability.

6.2 Improved Email Usage Statistics

Using the improved log reviewing system on AWS allows us to identify which emails, if any, bounced, or triggered complaints. This, in turn, means that we are better placed to trouble shoot any issues and can therefore provide a stronger overall email service for our clients. 

7 Back-up and Recovery

Glossary • RTO - Recovery Time Objective

• RPO - Recovery Point Objective

• ATOT - At Time of Test

• ATOD - At Time of Disaster

• Failover - Necessary activity and components used to resume operation

• Failback - Necessary activity and components used to move back to production

• Occupied Data - Storage required for replicated data, including storage for retention

• Protected Instance - Virtual machine or server being protected for ATOT or ATOD

7.1 Cloud Recovery

Cloud recovery includes • Agent-based block replication solution for AWS, Azure or on-premise virtual server running within VMware/ Hyper V hypervisors or Physical server into AWS

• Administration by Sungard AS of the replication onto AWS Infrastructure

• Support of the installation and configuration of replication software

• Creation of replication VPC and associated compute and storage

• Recovery blueprint

• Administration by Sungard AS of failover activities ATOT, or ATOD

• Multiple RPO points over 30 day rolling periods

• An RTO from 15 minutes up to 4 hours for up to 250 servers

Sungard will also provide the following for the amount of Occupied Data (AWS EBS Replication data and AWS EBS Snapshot data) • Monitoring and management of the automated replication system for Occupied Data and Protected Instance(s) residing on AWS services and resources

• Notification of failure to replicate Occupied Data and Protected Instance(s) to the TS

• Hosting a copy of the Protected Instance(s) and Occupied Data on AWS Elastic Block Store or similar AWS storage services, to be provisioned ATOT or ATOD on AWS Elastic Cloud Compute, or similar AWS instances

• Perform Failover activity to validate use of its data and applications following a recovery

• Clear down and deletion of any provisioned AWS Infrastructure at ATOT or ATOD following a Recovery Test or Disaster

• Perform Failback activity production environment following a Disaster declaration

Sungard will provide multiple RPO snapshot points in minutes, hours and days on a rolling 30-day basis. The initial snapshot will copy all occupied storage blocks on the replicated volumes. Subsequent snapshots will only copy blocks changed since the previous snapshot.

7.2 Cloud Recovery Service Level

Sungard will recover the most recent copy of Customer Protected Physical or Virtual Servers (OS only) within the time frame below following the start of an Activation or Recovery Test.

Quantity of Protected Servers On-Demand RTO (in hours) • ≤ 250 (4)

• >251 < 500 TBC based on UAT benchmarking achieved

8 Business continuity

We will be moving data from the SunGard AS Dublin data facility to AWS EU-West-1(Ireland) facility which means that the main production data of bxp and its clients will remain in Ireland.

As part of the move, however, we have a business continuity provision to ensure service bxp is seamlessly maintained in the extremely unlikely event of AWS Ireland having an issue.

Our chosen location for this is AWS EU-West-3 in France. This brings the key advantages of keeping data under the provisions of the GDPR combined with a tried and tested recovery process. There are no restrictions on the transfer of personal data to EEA countries as the GDPR applies throughout the EEA..