weizmann-cloud

Weizmann

A Textile Processing and Export Company overcame its challenges related to availability of the services and security by migrating their windows workload to AWS Cloud.

About the Customer

Weizmann Limited’s core business is Textile

Weizmann has a composite Textile Processing and Manufacturing Facility on 15,175 sq.mt. land at Vatva Road, Narol, Ahmedabad. The Manufacturing facility has an installed capacity to manufacture 24 million meters per annum.

The primary focus is the African market, and the company has been exporting to the African continent for the last 25 years. The product range for Africa includes Cotton Voiles, Pracale and African Prints.

To continue to grow and innovate, the Company has invested in R&D and has successfully developed technology to emboss textiles after the printing process as well as create a unique tie and dye effect in its products for export. Processing and Exports

Executive Summary

Weizmann Limited is the flagship company of the Weizmann Group with business interests in Textile Processing and Exports, Fin-Tech, and Renewable Energy.

Initially engaged in Textile Processing and Exports, A to Z of Non-Banking Finance Activities, in the early 1990s it commenced Money Changing Business as an FFMC registered with RBI, under the brand name Weizmann Forex. The group then commenced money transfer services as representatives of Western Union Money Transfer Services, USA. The group also promoted a Housing Finance Company, Weizmann Homes. Further, the group ventured into the Renewable Energy sector by initially manufacturing NedWind make Wind Electric Generators and later as Renewable Energy Developers primarily Wind Power and Hydro Power under Karma Energy.

Current Challenges by the Customer

Weizmann Limited had an ASP.NET core web-based application hosted with CTRLS Data centre which they wanted to migrate to AWS Cloud for their internal & remote users due to some of its key outstanding features like the flexibility, scalability, manageability, round-the-clock support, etc. related benefits that come alongside an AWS partner who would provide them with the right approach for planning, migrating & deploying those workloads

Below mentioned are some of the challenges that the client was facing for some of their PROD / UAT level infrastructure hosted.

One of the biggest concerns that the client had been facing was the huge costs they were incurring on a year-on-year basis for mostly the PROD environment workloads being run.

Secondly, they were facing support/configuration change management-related issues with their vendor on a frequent basis which resulted in delays in getting those resolved within the stipulated SLAs thus bringing most of their PROD workloads to a halt & heavily affecting productivity & overall output.

The infrastructure hosted with the third-party vendor had limitations when it came to addressing the overall availability of the services being used with risks of facing unplanned maintenance & downtime, especially during an event of a disaster as the vendor didn’t have a DR setup in place.

Further, they had a concern pertaining to the overall security posture of the infrastructure hosted with their existing vendor & were looking to explore additional security-related services like Web Application Firewall, DDoS protection, Load Balancing, etc. that would maximize their productivity & grow resilience to prone external attacks.

Configuring automatic OS patch updates in place for the workloads hosted on the Servers with their vendor, as they didn’t provide that kind of feature.

With respect to the above challenges, they were in search of a Cloud Service provider capable enough of supporting most of the cloud-native features like dynamically scaling up/down the infrastructure’s resources as & when demand, patching-like features, support for automatic backups daily, and other native tools for provisioning applications in UAT & Production that supported ASP.NET framework.

Customer having single standalone Database Server. All the request were directed to this server, hence utilisation was getting high and they were facing issue related to performance and slowness in data retrieval.

The Solution Offered

We provided the client with a HA solution on AWS by using core services like AWS EC2, AWS ELB, AWS Site-to-Site VPN, MS SQL Standard and other security/monitoring-related services like AWS WAF, AWS Shield, AWS CloudWatch & CloudTrail, etc.

We had the ASP.NET application hosted in the AWS environment in N-Tier architecture type with the Web/App Server in the public subnet while the DB Server had been set up in the private subnet, which was followed by applying Security Group (Network level) firewall rules/ port & IP-based restrictions on to each of them.

A Bastion Host Server was provisioned in the public subnet to allow private connectivity from on-premises to the rest of the instances through RDP protocol for their internal users.

As the client wanted to have high availability configured for their on-premises hosted Active Directory, an Additional Domain Controller (ADC) Server was configured on AWS & added to the primary AD for rest.

We deployed and configured an Application Load balancer (Elastic Load Balancer) in the Production environment associated with EC2 Server. To provide access to external users over the Internet.

Also configured security groups for EC2 instances and updated Inbound/Outbound rules wherever necessary as per client requirements.

We have created two MS SQL Databases as primary and secondary and enabled logshipping between these two servers with high availability.

So now the user traffic is distributed between two Database servers, read operation performed on primary and if we require to fetch any reports then it will be retrieved from read replica server.

As the client needed connectivity from their on-premises location to the AWS network, a Site-to-Site IPsec VPN tunnel using a Virtual Private Gateway & Customer Gateway services were created and configured between AWS and the client’s on-premises network.

For security purposes, we set up WAF and Shield in the AWS environment to protect against the most frequent type of SQL injection / DDoS attacks at the Application layer (Layer 7) and Networking & Transport layer (Layers 3 & 4) for everyone which would prove to be effective in taking preventive measures against the same through intelligent threat detection & response control.

We enabled Amazon CloudWatch as a monitoring service to check the health of the Instances.

Backup policies were configured on EC2 instances, and the backed-up data was later stored as Amazon EBS Snapshots while maintaining a copy of the same within Amazon S3 storage.

For compliance, operational auditing & risk auditing of the AWS account, we enabled the AWS CloudTrail service for logging all types of API calls made to the AWS resources & storing the corresponding data within Amazon Simple Storage Service (Amazon S3).

For data recovery & backup purposes, AMI Backup had been set up for the Servers deployed along with EBS Snapshots respectively.

AWS System Manager was set up for troubleshooting & gaining access to the EC2 Servers through the CLI interface and for managing SSM roles. Also, as part of best practices considering that regular OS patch updates need to be applied onto the Servers provisioned, appropriate IAM roles were used for having the same implemented.

Amazon Web Services Infrastructural Services Used

Amazon Virtual Private Cloud (Amazon VPC)

Amazon Elastic Compute Cloud (Amazon EC2)

Amazon Elastic Block Store (Amazon EBS)

Amazon Elastic Block Store Snapshot (Amazon EBS Snapshot)

Amazon Virtual Private Gateway (Amazon VGW)

Amazon Simple Storage Service (Amazon S3)

Amazon CloudWatch

Amazon CloudTrail

Amazon Web Application Firewall (AWS WAF)

Amazon Shield (AWS Shield)

Amazon Elastic Load Balancer (Amazon ELB)

Amazon Systems Manager (AWS SSM)

Amazon Relational Database Service (Amazon RDS)

Amazon Certificate Manager (Amazon ACM)

AWS Identity and Access Management (AWS IAM)

Microsoft Services Used

Windows Operating System

Microsoft ASP.NET / .NET core framework

Microsoft IIS Manager

Microsoft SQL Server Standard Edition

Windows Server Active Directory

Project Start Date: 13-06-2022

Project End Date: 22-08-2022

The Benefits

Reliability & Security

Earlier they were hosting their workload on third-party physical data centre’s, where they were not having any control over the servers. So, they decided to move to AWS cloud taking consideration into account the security offered by AWS Services.

Scalability and Performance

Flexibility to scale up and scale down the Servers as per workload. No limitation on the storage size constraint; can increase the size according to the business need.

Reduced downtime

By migrating their workload to AWS, they no longer had to have the hassle of being concerned about the availability of services & their defined SLAs since AWS would be having the responsibility of maintaining it on the go

Ease of provisioning additional services along with better support

After migrating to AWS, the client no longer faced the limitations to instead go through a rigorous approval process for deploying additional services in their environment while also helping them achieve well-in-time support for any troubleshooting/deployment activities for the infrastructure within the SLAs defined.

Cost-optimization

By moving some of their workloads hosted on CTRLS DC to AWS, they were able to significantly save upon their monthly expenditure billing costs to nearly 40%, reduce latency of the application hosted by 15% & effectively manage the same as well by rightsizing their resources aligned with AWS best practices.

Backup storage

By using backup storage services that make it easy to centralize and automate the backup of data across AWS services in the cloud as well as on-premises using the AWS Storage Gateway. AWS Backup provides a fully managed, policy-based backup solution, simplifying backup management and enabling clients to meet their business and regulatory backup compliance requirements.

Database performance improvement

Once implemented, log shipping is quite easy to manage. Typically, the manual failover process takes no longer than 15 minutes, resulting in speeding up the data retrieval time.

About Pentagon System and Services Pvt Ltd

Pentagon System and Services Pvt Ltd is a leading Infrastructure service provider and System Integrator with a presence across India and Singapore. 

Established more than two decades ago, we cater to over 1200+ Enterprises and SMEs with highly experienced teams for sales, consultants and a vast pool of skilled engineers supporting their mission-critical environments, which covers multi-vendor, multi-platform infrastructure. 

We are an advanced tier Consulting Partners with Amazon Web Services and are also a certified Solution Provider. We serve more than 100 plus customers across segments and verticals with our expertise on the cloud platform. 

Infrastructure
Weizmann-Limited