Boosting Efficiency and Satisfaction with AWS Infrastructure Enhancements
SAN TSG enhanced its infrastructure with AWS services boosting operational efficiency and client satisfaction. They achieved scalability, cost optimization, robust application management, data integrity, high availability, secure API management, and integrated search functionalities, all aligning with their business goals.
San TSG
About the customer
SAN TSG’s journey ignited with the evolution of transportation routes and means of travel in different parts of the world and within Turkey. In response to the intensified demand for tours and vacations, the necessity for computer technologies and software solutions among tour operators and agencies became apparent.
The cornerstone of SAN TSG’s corporate success lies in its steadfast commitment to delivering exceptional service and continuously evolving its products to meet and surpass customer expectations.
SAN TSG, with its dedicated research and development team, takes immense pride in serving as a high-quality solution partner for more than 55 countries and over 500 tourism companies for over three decades. The expertise of SAN TSG in the field of Tourism, combined with its innovative approach, reflects its determination to integrate seamlessly with the technology used by its customers.
Customer Challenge
Although SAN TSG staff has good business knowledge in its domain, they needed expertise in AWS migration and re-engineering their application to become cloud native. To establish a revamped infrastructure, SAN TSG sought a reliable AWS partner with a demonstrated history of successful projects on Amazon Web Services. The legacy tourism software of the SAN TSG is widely used by various local and foreign tourism companies like travel agencies, hotels, airlines, etc. The legacy software is monolithic, hence its deployment, lifecycle management, scalability and maintenance are costly. The company has taken a strategic decision to migrate its current monolithic application to a secure cloud native application that will run as SaaS model, with re-engineering, in other words with refactoring it.
Consequently, SAN TSG collaborated with Commencis to migrate & modernize cloud solutions that would facilitate their clients’ web and app hosting operations seamlessly, taking advantage of AWS’s adaptable structure. Furthermore, with assistance from Commencis experts, SAN TSG successfully transformed its applications into cloud-native solutions, showcasing the advantages of this modernization process.
How the solution was deployed to meet the challenge
The Commencis team has re-designed the software with using AWS services and open-source software to change it from monolithic to cloud native, conducted performance and load tests, and applied right migration strategies for successful migration from on-premises to cloud.
AWS WAF is deployed to block malicious traffic, to prevent SQL injection and XSS attacks, to enhance overall security posture of the solution implemented.
Main Approach Strategy
First, we reviewed the environment within the pilot application scope which is the environment of a client of SAN TSG out of many clients. We totally revamped SAN Octopus for AWS Cloud, moving it from our on-site servers to AWS. Later we set up API Gateway and used API Gateway Authorizer features (+Lambda) along with other AWS services to authenticate and authorize users and validate their license-permission sets. This helped us to prevent unauthorized requests without worrying about the availability of account management services (thanks to API GW, Lambda, Cognito User Pools).
Third party applications or solutions used.
Bitbucket Cloud: Bitbucket Cloud product is used to store source codes of the Lambda functions, Terraform definitions, release management and deployment of the new versions and fixes.
JMeter: JMeter is used to test and report the performance of the Product Information Data Get Services running as Lambda functions.
Terraform: Terraform scripts are developed to define and maintain the AWS infrastructure. Scripts are stored in Bitbucket Cloud like Lambda functions and Api gateway source codes.
AWS Services used as part of the solution.
Amazon WAF (Web Application Firewall) is a web application firewall service which It helps protect web applications from common web exploits and attacks by allowing customers to control and customize web traffic access. AWS WAF is designed to be highly flexible and scalable, allowing organizations to implement granular security policies to safeguard their web applications.
SAN TSG faced a growing threat landscape with increasing instances of web application attacks, including SQL injection and cross-site scripting (XSS) attempts. The company needed a robust and scalable solution to protect its web applications from these threats while ensuring uninterrupted service for its end-users.
Amazon API Gateway streamlines the process of managing APIs for SAN TSG. It simplifies API creation, publishing, and management, making it easier for SAN TSG to expose its services to clients. API Gateway also enhances security through authentication and authorization features, ensuring secure access to APIs and protecting sensitive data. Additionally, it provides valuable insights into API usage and performance, enabling SAN TSG to optimize its services and resolve issues promptly.
Amazon EKS (Elastic Kubernetes Service) offers SAN TSG the advantages of scalability and flexibility. By using EKS, SAN TSG can easily scale their containerized applications, ensuring they can handle varying workloads efficiently. This fully managed Kubernetes service also reduces operational complexity, allowing the team to focus more on application development. Moreover, EKS ensures high availability, minimizing downtime and ensuring uninterrupted service.
With Amazon EC2 (Elastic Compute Cloud), SAN TSG benefits from flexible computing resources. EC2 instances provide the flexibility to adjust capacity based on demand, which is particularly valuable in a dynamic environment. The pay-as-you-go pricing model helps SAN TSG optimize costs by only paying for the resources they use. EC2 instances also support a wide range of operating systems and applications, making them versatile for various workloads.
Amazon RDS (Relational Database Service) simplifies database management for SAN TSG. It is a fully managed service that offloads routine database tasks, allowing the team to allocate more time to application development. RDS offers high availability and reliability through automated backups and failover mechanisms, ensuring data integrity and minimizing downtime. It also provides scalability options to accommodate SAN TSG’s growing application needs.
Amazon OpenSearch (formerly Amazon Elasticsearch Service) empowers SAN TSG with robust search and analytics capabilities. It enhances user experiences by enabling powerful search functionality within their applications. As a fully managed service, OpenSearch eliminates the complexity of cluster management, allowing SAN TSG to focus on its core tasks. The service is designed to scale horizontally, efficiently handling the growth of large datasets.
Other major AWS services used are: S3, Lambda, monitoring & governance services, security services.
Outcome(s)/results
Leveraging on various AWS services including AWS WAF, in collaboration with Commencis, SAN TSG has significantly improved its infrastructure, enhancing operational efficiency and client satisfaction. Through these services, they’ve achieved scalability, flexibility, cost optimization, and robust application management. Additionally, they’ve ensured data integrity, high availability, streamlined API management, reinforced security, and integrated powerful search functionalities, all aligning with their business goals.
Architecture Diagram
Technical Requirements
Main technical requirements shared by SAN TSG are:
- Migrate existing applications from on-premises to AWS with a secure, reliable, and scalable architecture.
- Change the software architecture from monolithic to cloud native which means scalable, reliable, cost controllable, easy to govern.
- Instead of deploying separate environments for each customer, re-engineer the application to run as SaaS (from single tenant to multi-tenant)
- Establish world-class CI/CD pipelines for different environments (dev, test, prod) for secure and fast deployments.
Conclusion
By leveraging AWS WAF, the e-commerce company successfully fortified its web applications against a range of cyber threats. The comprehensive and flexible features of AWS WAF provided the company with the tools needed to protect its online assets while maintaining high availability and costeffectiveness. The success of this deployment demonstrated the effectiveness of AWS WAF in enhancing the security posture of web applications in a dynamic and evolving threat landscape.