Read the Case Study

Total Page:16

File Type:pdf, Size:1020Kb

Read the Case Study Customer Case Study – Education Babbly helps babies communicate with a HIPAA- compliant Kubernetes infrastructure. This child development start-up needed to address industry compliance needs while strengthening platform security, scalability and reliability. Our customer The obstacles they faced Babbly is an AI-powered platform that helps Babbly needed to develop and manage parents interact with, track and improve a stable, future-ready Kubernetes their children’s speech development from infrastructure that could support frequent birth to two years using machine learning application releases and automate as well as expertise from pediatricians and security. It also needed to meet industry language therapists. compliance requirements. How we helped What we achieved together Public Cloud — Amazon Web services (AWS), In just six weeks, Onica (a Rackspace AWS CloudFormation, Kubernetes, Amazon Technology company), built a production Certificate Manager, Amazon EKS, Amazon ready Kubernetes architecture for the Babbly RDS, Amazon CloudWatch Container Insights, application. Security increased with the Amazon Route 53, Amazon Web Application deployment of tools that enabled several Firewall, Elastic Load Balancing, AWS WAFv2, capabilities, including end-to-end encryption. AWS Managed Rules, Linkerd, Bitbucket, Customer experience was enhanced with Runaway, Kustomize. improvements in uptime and reliability. “We were looking for an experienced partner that can help us achieve our desired production-ready infrastructure within a very short timeframe. Onica came on-board matching the high standards the Babbly team embodies, and worked closely with us so we could release our application on schedule.” Carla Margalef Bentabol CTO and Co-Founder, Babbly Seeking a stable and logging solutions that would support Choosing the right AWS One of the initial priorities was to meet production workloads. a submission deadline for a closed beta. future-proof experienced partner This deadline had to be met before the The application had been using Kubernetes application could go live on the Google Play Babbly helps young infants build their Babbly chose Onica, a Rackspace Technology clusters on Amazon Web Services (AWS) store. Work began with the implementation communication skills. The software start-up company. Onica is a leading AWS Partner with a development pipeline that used of a productionready Kubernetes cluster. had an infrastructure that was still in the Bitbucket for planning and management. Network (APN) Premier Consulting Partner. development stages, but needed to be made Basic deployment processes were also The expertise in DevOps and AWS services To achieve this, an Amazon Elastic stable and future-proof, while also improving already in place. that Onica could bring to the project made it Kubernetes Service (Amazon EKS) customers’ experiences. Additionally, the a perfect choice. There was an urgent need infrastructure with Amazon Relational application required security features Babbly’s team of two developers had no for support to get the application ready for Database Service (Amazon RDS) for database to achieve compliance with the Health spare capacity to develop or manage a robust a marketplace launch, while also enhancing management was implemented. Insurance Portability and Accountability foundational infrastructure. The Babbly team operations and maximizing efficiency. Act (HIPAA), which sets standards for using was aware of the breadth of AWS services The infrastructure was built using a sensitive patient data. available, so decided that a technology The Onica and Babbly teams worked closely multi-stage pipeline for development partner with deep expertise was necessary. to ensure that all of the requirements and production that supported Also needed were comprehensive automated It needed a partner who could both identify and pain points were well understood improved QA testing. pipelines to manage infrastructure suitable services and implement them to from the outset. and application deployments. Another enable Babbly to meet its goals. requirement was for monitoring and Rackspace Technology Customer Case Study 2 services to function. They meet the industry Deploying security and standard of “least permissive” access, as encryption each container is granted its exact needs. Bitbucket pipelines were used for deployment Security and end-to-end encryption were and AWS CloudFormation was used for an important part of Babbly’s design from standing up all of the infrastructure as code. the outset. The application had to be robust against cyberthreats. Amazon CloudWatch Container Insights provide monitoring and metrics of the Achieving this requirement began with Babbly application stack. This allows the the Amazon Certificate Manager’s native application’s current logs and performance integration with the Elastic Load Balancer information to be seen from a single view. service. This made it simple to secure public All logs are shipped to Amazon CloudWatch endpoints hosted on Amazon Route 53. The log groups, which are critical for compliance Amazon Web Application Firewall service requirements and auditing. integrated with the Elastic Load Balancing service provided protection against common The CLI tools meant for creating Amazon cyberattacks, such as SQL injection and EKS clusters were moved to a managed cross-site scripting. infrastructure-as-code approach. This allows greater flexibility, improved compliance The AWS WAFv2 service also allowed the checkpoints and increased control over ability to attach AWS Managed Rules, deploying Amazon RDS and the virtual private which support many of the Open Web cloud (VPC), as well as the overall cluster. Application Security Project’s (OWASP) This level of flexibility and control provides top 10 security risks. The OSWAP is an Babbly with a strong foundation upon which international non-profit organization to meet HIPAA compliance. dedicated to web application security, which advises on the highest threats to protect against cyberthreats. Ready to keep growing What normally takes several months Meeting HIPAA was achieved in just six weeks as the production ready Kubernetes architecture compliance goals was ready-intime to meet the application To meet HIPAA compliance, intra-cluster launch deadline. Onica’s own open source encryption was achieved by deploying the development tools, such as Runway, helped security-first service mesh, Linkerd. Linkerd achieve this goal. added critical security, observability and The Runway tool was built based upon reliability features to the Kubernetes stack previous customer experiences. It can with no application code changes required. It coordinate and accelerate infrastructure- effectively secured pod communication. ascode deployments, and includes native Within the Kubernetes stack, the team support for Kustomize, allowing for easy deployed the ALB Ingress controller and deployment of Kubernetes manifests. external DNS module to seamlessly modify Security and monitoring enhancements were Amazon Route 53 records as new services also added with encrypted file systems and were provisioned. The pod-level permissions SSL. Amazon CloudWatch Container Insights of the Amazon EKS service enable these Rackspace Technology Customer Case Study 3 were set-up to facilitate troubleshooting right About Rackspace down to the container level. The addition of these features will help the infrastructure Technology meet HIPAA compliance standards. Rackspace Technology is the multicloud The infrastructure was built with automated solutions expert. We combine our expertise scalability capabilities so that fluctuations with the world’s leading technologies — in demand can be met. Babbly also benefits across applications, data and security — to from continuous integration and continuous deliver end-to-end solutions. We have a delivery (CI/CD) efficiency improvements. proven record of advising customers based Other introductions include an automated on their business challenges, designing application deployment pipeline, which solutions that scale, building and managing allows the development team to ideate, those solutions, and optimizing returns implement and deploy updates and into the future. features quickly. As a global, multicloud technology services Throughout the process, Onica’s team pioneer, we deliver innovative capabilities held working sessions with Babbly’s of the cloud to help customers build new DevOps engineer and provided ample revenue streams, increase efficiency and documentation to educate the company create incredible experiences. Named a best on both the enhancements as they were place to work, year after year according to implemented and how to operate the new Fortune, Forbes, and Glassdoor, we attract infrastructure independently. and develop world-class talent to deliver the best expertise to our customers. Everything Additions to the infrastructure have we do is wrapped in our obsession with improved customers’ experiences in our customers’ success — our Fanatical uptime. The infrastructure lives in different Experience™ — so they can work faster, availability zones, and there are automated smarter and stay ahead of what’s next. database backups that ensure a reliable end-user experience is maintained becomes Learn more at www.rackspace.com or call more diverse, we will need to incorporate the 1-800-961-2888. flexibility and dynamic nature of the cloud. This case study is for your informational purposes only. RACKSPACE MAKES NO WARRANTIES, EXPRESS
Recommended publications
  • Performance Efficiency Pillar
    Performance Efficiency Pillar AWS Well-Architected Framework Performance Efficiency Pillar AWS Well-Architected Framework Performance Efficiency Pillar: AWS Well-Architected Framework Copyright © Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. Performance Efficiency Pillar AWS Well-Architected Framework Table of Contents Abstract and Introduction ................................................................................................................... 1 Abstract .................................................................................................................................... 1 Introduction .............................................................................................................................. 1 Performance Efficiency ....................................................................................................................... 2 Design Principles ........................................................................................................................ 2 Definition .................................................................................................................................
    [Show full text]
  • Amazon Silk Developer Guide Amazon Silk Developer Guide
    Amazon Silk Developer Guide Amazon Silk Developer Guide Amazon Silk: Developer Guide Copyright © 2015 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. The following are trademarks of Amazon Web Services, Inc.: Amazon, Amazon Web Services Design, AWS, Amazon CloudFront, AWS CloudTrail, AWS CodeDeploy, Amazon Cognito, Amazon DevPay, DynamoDB, ElastiCache, Amazon EC2, Amazon Elastic Compute Cloud, Amazon Glacier, Amazon Kinesis, Kindle, Kindle Fire, AWS Marketplace Design, Mechanical Turk, Amazon Redshift, Amazon Route 53, Amazon S3, Amazon VPC, and Amazon WorkDocs. In addition, Amazon.com graphics, logos, page headers, button icons, scripts, and service names are trademarks, or trade dress of Amazon in the U.S. and/or other countries. Amazon©s trademarks and trade dress may not be used in connection with any product or service that is not Amazon©s, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. AWS documentation posted on the Alpha server is for internal testing and review purposes only. It is not intended for external customers. Amazon Silk Developer Guide Table of Contents What Is Amazon Silk? .................................................................................................................... 1 Split Browser Architecture ......................................................................................................
    [Show full text]
  • Web Application Hosting in the AWS Cloud AWS Whitepaper Web Application Hosting in the AWS Cloud AWS Whitepaper
    Web Application Hosting in the AWS Cloud AWS Whitepaper Web Application Hosting in the AWS Cloud AWS Whitepaper Web Application Hosting in the AWS Cloud: AWS Whitepaper Copyright © Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. Web Application Hosting in the AWS Cloud AWS Whitepaper Table of Contents Abstract ............................................................................................................................................ 1 Abstract .................................................................................................................................... 1 An overview of traditional web hosting ................................................................................................ 2 Web application hosting in the cloud using AWS .................................................................................... 3 How AWS can solve common web application hosting issues ........................................................... 3 A cost-effective alternative to oversized fleets needed to handle peaks ..................................... 3 A scalable solution to handling unexpected traffic
    [Show full text]
  • Amazon Mechanical Turk Requester UI Guide Amazon Mechanical Turk Requester UI Guide
    Amazon Mechanical Turk Requester UI Guide Amazon Mechanical Turk Requester UI Guide Amazon Mechanical Turk: Requester UI Guide Copyright © 2014 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. The following are trademarks of Amazon Web Services, Inc.: Amazon, Amazon Web Services Design, AWS, Amazon CloudFront, Cloudfront, Amazon DevPay, DynamoDB, ElastiCache, Amazon EC2, Amazon Elastic Compute Cloud, Amazon Glacier, Kindle, Kindle Fire, AWS Marketplace Design, Mechanical Turk, Amazon Redshift, Amazon Route 53, Amazon S3, Amazon VPC. In addition, Amazon.com graphics, logos, page headers, button icons, scripts, and service names are trademarks, or trade dress of Amazon in the U.S. and/or other countries. Amazon©s trademarks and trade dress may not be used in connection with any product or service that is not Amazon©s, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. Amazon Mechanical Turk Requester UI Guide Table of Contents Welcome ..................................................................................................................................... 1 How Do I...? ......................................................................................................................... 1 Introduction to Mechanical Turk .......................................................................................................
    [Show full text]
  • How Can Startups Make Use of Cloud Services
    California State University, San Bernardino CSUSB ScholarWorks Electronic Theses, Projects, and Dissertations Office of aduateGr Studies 4-2021 How can startups make use of cloud services Gauri Nade Gauri Nade California State University - San Bernardino Follow this and additional works at: https://scholarworks.lib.csusb.edu/etd Part of the Educational Technology Commons Recommended Citation Nade, Gauri and Nade, Gauri, "How can startups make use of cloud services" (2021). Electronic Theses, Projects, and Dissertations. 1262. https://scholarworks.lib.csusb.edu/etd/1262 This Thesis is brought to you for free and open access by the Office of aduateGr Studies at CSUSB ScholarWorks. It has been accepted for inclusion in Electronic Theses, Projects, and Dissertations by an authorized administrator of CSUSB ScholarWorks. For more information, please contact [email protected]. HOW CAN START UPS MAKE USE OF CLOUD SERVICES A Project Presented to the Faculty of California State University, San Bernardino In Partial Fulfillment of the Requirements for the Degree Master of Science in Information Systems and Technology by Gauri Rajendra Nade May 2021 HOW CAN START UPS MAKE USE OF CLOUD SERVICES A Project Presented to the Faculty of California State University, San Bernardino by Gauri Rajendra Nade May 2021 Approved by: Benjamin Becerra, PhD, Committee Chair Conrad Shayo, PhD, Reader Jay Varzandeh, PhD, Dept. Chair, Information & Decision Sciences © 2021 Gauri Rajendra Nade ABSTRACT The purpose of this project is to discuss the technical obstacles that small and medium-sized enterprises (SMEs) face, as well as how cloud computing can help to solve these issues. Cloud computing has the ability to radically change competitive environments by offering a new forum for generating and delivering business value and market development.
    [Show full text]
  • Using Amazon Web Services for Disaster Recovery October 2014
    Amazon Web Services – Using AWS for Disaster Recovery October 2014 Using Amazon Web Services for Disaster Recovery October 2014 Glen Robinson, Attila Narin, and Chris Elleman Page 1 of 22 Amazon Web Services – Using AWS for Disaster Recovery October 2014 Contents Introduction ...............................................................................................................................................................3 Recovery Time Objective and Recovery Point Objective ................................................................................................4 Traditional DR Investment Practices ............................................................................................................................4 AWS Services and Features Essential for Disaster Recovery ...........................................................................................5 Example Disaster Recovery Scenarios with AWS ...........................................................................................................9 Backup and Restore ................................................................................................................................................9 Pilot Light for Quick Recovery into AWS ................................................................................................................. 11 Warm Standby Solution in AWS ............................................................................................................................. 14 Multi-Site Solution Deployed
    [Show full text]
  • Architecting for HIPAA Security and Compliance Whitepaper
    Architecting for HIPAA Security and Compliance on Amazon Web Services AWS Whitepaper Architecting for HIPAA Security and Compliance on Amazon Web Services AWS Whitepaper Architecting for HIPAA Security and Compliance on Amazon Web Services: AWS Whitepaper Copyright © Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. Architecting for HIPAA Security and Compliance on Amazon Web Services AWS Whitepaper Table of Contents Abstract ............................................................................................................................................ 1 Introduction ...................................................................................................................................... 2 Encryption and protection of PHI in AWS .............................................................................................. 3 Alexa for Business ...................................................................................................................... 6 Amazon API Gateway ................................................................................................................. 6 Amazon AppFlow
    [Show full text]
  • Integrate AWS Route 53 Eventtracker V9.2X and Above
    Integrate AWS Route 53 EventTracker v9.2x and above Publication Date: January 25, 2021 Integrate AWS Route 53 Abstract This guide provides instructions to configure AWS Route 53 to send its log to EventTracker. Scope The configurations detailed in this guide are consistent with EventTracker version v9.2x or above and AWS Route 53 Audience Administrators who are assigned the task to monitor AWS Route 53 events using EventTracker. The information contained in this document represents the current view of Netsurion on the issues discussed as of the date of publication. Because Netsurion must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Netsurion, and Netsurion cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. Netsurion MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, this paper may be freely distributed without permission from Netsurion, if its content is unaltered, nothing is added to the content and credit to Netsurion is provided. Netsurion may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Netsurion, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred.
    [Show full text]
  • Amazon Web Services: Overview of Security Processes August 2015
    Amazon Web Services – Overview of Security Processes August 2015 Amazon Web Services: Overview of Security Processes August 2015 (Please consult http://aws.amazon.com/security/ for the latest version of this paper) Page 1 of 75 Amazon Web Services – Overview of Security Processes August 2015 Table of Contents Introduction ............................................................................................................................................................................ 5 Shared Security Responsibility Model .................................................................................................................................... 5 AWS Security Responsibilities ............................................................................................................................................. 6 Customer Security Responsibilities ..................................................................................................................................... 6 AWS Global Infrastructure Security ........................................................................................................................................ 7 AWS Compliance Program .................................................................................................................................................. 7 Physical and Environmental Security .................................................................................................................................. 8 Fire Detection and Suppression
    [Show full text]
  • On the DNS Deployment of Modern Web Services
    On the DNS Deployment of Modern Web Services Shuai Hao∗y, Haining Wang∗, Angelos Stavrouz, and Evgenia Smirniy ∗University of Delaware, Newark, DE, USA yCollege of William and Mary, Williamsburg, VA, USA zGeorge Mason University, Fairfax, VA, USA Email: fhaos,[email protected], [email protected], [email protected] Abstract—Accessing Internet services relies on the Domain Existing DNS measurements studied the characteristics of Name System (DNS) for translating human-readable names to DNS activities and operations [16], [17], [21], [24], [26], the routable network addresses. At the bottom level of the DNS root or top-level-domain servers [20], [22], [29], [30], [36], or hierarchy, the authoritative DNS (ADNS) servers maintain the actual mapping records and answer the DNS queries. Today, the DNS resolvers [15], [18], [35]. Some works involving the the increasing use of upstream ADNS services (i.e., third-party characteristics of ADNSes mainly focused on the comparison ADNS-hosting services) and Infrastructure-as-a-Service (IaaS) with local DNS (LDNS) servers, but none of them explored clouds facilitates the establishment of web services, and has various ADNS deployments for web services. Complementary been fostering the evolution of the deployment of ADNS servers. to these prior works, we present a large-scale measurement To shed light on this trend, in this paper we present a large- scale measurement to study the ADNS deployment patterns of study in attempt to answer the following questions: (1) how modern web services and examine the characteristics of different do modern web services deploy their ADNS servers? (2) what deployment styles, such as performance, life-cycle of servers, are the characteristics of different ADNS deployment patterns? and availability.
    [Show full text]
  • Amazon Mechanical Turk Getting Started Guide API Version 2013-11-15 Amazon Mechanical Turk Getting Started Guide
    Amazon Mechanical Turk Getting Started Guide API Version 2013-11-15 Amazon Mechanical Turk Getting Started Guide Amazon Mechanical Turk: Getting Started Guide Copyright © 2014 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. The following are trademarks of Amazon Web Services, Inc.: Amazon, Amazon Web Services Design, AWS, Amazon CloudFront, Cloudfront, Amazon DevPay, DynamoDB, ElastiCache, Amazon EC2, Amazon Elastic Compute Cloud, Amazon Glacier, Kindle, Kindle Fire, AWS Marketplace Design, Mechanical Turk, Amazon Redshift, Amazon Route 53, Amazon S3, Amazon VPC. In addition, Amazon.com graphics, logos, page headers, button icons, scripts, and service names are trademarks, or trade dress of Amazon in the U.S. and/or other countries. Amazon©s trademarks and trade dress may not be used in connection with any product or service that is not Amazon©s, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. Amazon Mechanical Turk Getting Started Guide Table of Contents Welcome ..................................................................................................................................... 1 How Do I...? ......................................................................................................................... 1 Introduction to Amazon Mechanical Turk ...........................................................................................
    [Show full text]
  • Streamline Amazon Workspaces Management with Intune Implementation Guide
    Streamline Amazon WorkSpaces Management with Intune Implementation Guide June 10, 2021 Notices Customers are responsible for making their own independent assessment of the information in this document. This document: (a) is for informational purposes only, (b) represents current AWS product offerings and practices, which are subject to change without notice, and (c) does not create any commitments or assurances from AWS and its affiliates, suppliers or licensors. AWS products or services are provided “as is” without warranties, representations, or conditions of any kind, whether express or implied. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers. © 2021 Amazon Web Services, Inc. or its affiliates. All rights reserved. Contents Overview .............................................................................................................................. 1 Cost ...................................................................................................................................... 1 Services Used and Costs ................................................................................................. 2 Architecture overview .......................................................................................................... 4 Walkthrough ......................................................................................................................... 5 Prerequisites....................................................................................................................
    [Show full text]