Leveraging Amazon EC2 F1 Instances for Development and Red Teaming in DARPA’s First-Ever Bug Bounty Program
This past year, Effectual’s Modernization Engineers partnered with specialized R&D firm Galois to support the launch of DARPA’s first public bug bounty program – Finding Exploits to Thwart Tampering (FETT). The project represents a highly unique use case showcasing Effectual’s application expertise, and was approved this week to be featured on the AWS Partner Network (APN) Blog.
Authored by Effectual Cloud Architect Kurt Hopfer, the blog will reach both AWS customers and technologists interested in learning how to solve complex technical challenges and accelerate innovation using AWS services.
In 2017, the Defense Advanced Research Projects Agency (DARPA) engaged research and development firm Galois Galois to lead the BESSPIN project (Balancing Evaluation of System Security Properties with Industrial Needs) as part of its System Security Integrated through Hardware and Firmware (SSITH) program.
The objective was to develop tools and techniques to measure the effectiveness of SSITH hardware security architectures, as well as to establish a set of “baseline” Government Furnished Equipment (GFE) systems-on-chip (SoCs) without hardware security enhancements.
While Galois’s initial work on BESSPIN was carried out entirely using on-premises FPGA resources, the pain points of scaling out to a secure, widely-available bug bounty program soon emerged.
It was clear that researchers needed to be able to stress test SSITH hardware platforms without having to acquire their own dedicated hardware and infrastructure. Galois leveraged Amazon EC2 F1 instances to scale infrastructure, increase efficiencies, and accelerate FPGA development.
SpiraLinks: Rapid migration to AWS unlocks new cloud-native capabilities
SpiraLinks offers tailored consulting services for projects, technical event, and implementation management to Fortune 500 companies, including designing, installing, and hosting secure web-based systems for human resources, compensation, and finance teams. The company’s FocalReview® planning suite is a leader in compensation and performance management, supporting customers in the US and beyond.
Driven primarily by the upcoming consolidation and closure of the data center hosting its product platform, SpiraLinks had made the strategic decision to migrate its infrastructure to the AWS Cloud. This included three application servers, a legacy Oracle database environment, and an older standalone Windows application. The company also had several virtual machines that were being retired by their MSP.
SpiraLinks recognized that a successful migration would provide an opportunity to modernize its technology stack and leverage new AWS capabilities to better serve its customers. However, without the internal resources to accomplish the move, the company needed to engage a partner with the technical resources and expertise to achieve the migration.
Benefits of the AWS Cloud
The company chose to migrate to an AWS environment to increase efficiencies, improve security and compliance, and optimize costs. In addition, the SpiraLinks wanted to access new AWS Native services to modernize and evolve its business.
Outsourcing Migration Expertise to Effectual
To achieve these business objectives, SpiraLinks partnered with Effectual to lead its migration and modernization efforts. Effectual is a cloud first, security first managed and professional services company and AWS Premier Consulting Partner with deep expertise leading complex migrations and managing modern cloud environments across VMware, VMware Cloud on AWS, and native AWS environments.
Solutions & Outcomes
Completed a full migration of customer-facing applications from on-prem infrastructure to a new, modern, secure AWS environment in less than a month.
Deployed all new modern Linux and Windows servers in separate VPCs for improved security
Configured Amazon Elastic Block Store (EBS)for the three Linux EC2 instances hosting Wildfly (formerly JBoss)
For Oracle database server:
Migrated all data from legacy Oracle environment
Upgraded and deployed database into a new Amazon Relational Database Service (RDS), allowing for adoption of Session Manager for accessing application servers (improving security and decreasing costs) and providing added functionality with real-time performance insights
Increased the security layout of the data environment by isolating it in its own private subnet and restricting access
Restricted access via approved ports from application servers
Deployed to a single AWS RDS instance with individual database schemas
Replicated and enhanced mail sending capabilities to utilize Fluent Ltd. mail relay service.
Increased security due to inherited ISO certification from AWS.
Created an AWS Identity and Access Management (IAM)group and defined the IAM policy to provide SpiraLinks developers with access to the AWS Systems Manager Agent(SSM). Once the IAM groups and policies were configured, shared initial login credentials with the primary SpiraLinks contact and configured Multi-Factor Authentication (MFA) to enhance solution security.
Deployed and configured CloudTrail and CloudWatch EC2 log streams to monitor instances, and also configured email alerting for these services.
Configured Amazon Data Lifecyle Manager (Lifecycle) to take snapshots, with a rolling 14-day retention period.
Established a clearer understanding of data needs as well as the specific benefits of AWS environment and services in order to make informed choices.
Through its partnership with Effectual, SpiraLinks was able to achieve a rapid migration of its infrastructure to the AWS Cloud and avoid unexpected downtimes associated with the closure of its MSP’s data center. The migration to an AWS environment provided opportunities to improve security, increase efficiencies, and optimize costs while opening new pathways to modernizing using AWS native services and capabilities.
Moving forward, SpiraLinks will utilize the newer, more secure AWS environment for its many tools and benefits in accordance with the constantly changing business and operational requirements of the SpiraLinks client base. Specifically, compliance and data protection/privacy will be evolving challenges for SpiraLinks and the client base. The AWS environment has been chosen as an excellent “base of operations” to meet those challenges.
SpiraLinks will continue to work with Effectual as a Modernization Service Provider to utilize their expertise in addressing the company’s long-term goals and challenges. In addition, SpiraLinks and Effectual have developed an evolving roadmap that includes further modernization efforts to increase automation, availability, reliability, and security – further establishing the position of SpiraLinks as an industry leader.
About Time Tours: Guiding a Successful SaaS Journey
About Time Tours is a Pacific Northwest startup redefining how the real estate industry plans, organizes, and coordinates home tours between agents and homebuyers. With market expertise but only a general business idea, the company asked us for help developing a SaaS-based solution. We guided them on their SaaS journey from a basic app concept to a scalable production-ready launch using AWS SaaS services and best practices.
As a startup, About Time had already identified key pain points facing both realtors and home buyers for scheduling home tours. For all involved, the existing process was time consuming, cumbersome, and fraught with unnecessary complexity. About Time saw an opportunity to streamline scheduling and communication and capture feedback. The company also wanted to maximize the market opportunity and go to market as quickly as possible.
Building the business case & defining the product vision
Given almost 50% of our professional service engagements are SaaS focused, we have deep experience implementing the SaaS business model for clients. We started with About Time by embarking on a full discovery process, beginning with building a well-defined business case for their solution and outlining their product strategy.
This included evaluating customer pain points, developing user stories, and creating a seamless UX/UI experience. We also conducted a competitive analysis of off-the-shelf solutions to determine what problems they solved, how they solved them, and their challenges. After establishing the business case and product vision, we built a series of wire frames showing functionality of features and workflow before moving on to mockups of the app.
Aligning the MVS with AWS SaaS best practices
For SaaS clients, defining a Minimum Viable Service (MVS) always poses the greatest challenge. It is also the most critical stage on the SaaS journey where resources are concerned, as you can easily over architect your solution and run up costs. We worked with About Time to decide on the right MVS, knowing they would receive important feedback after going live that would likely change the app in future sprints.
Once we had defined the MVS, the AWS SaaS Enablement Framework provided a clear, thorough process for us to evaluate tenancy, security compliances, and compare cost models against the company’s revenue objectives. We also helped About Time prepare documentation and collateral in support of their efforts to secure investor funding.
From development to launch -Leveraging the Well-Architected Framework
In the next phase, our development efforts followed an agile process with milestones sprint by sprint and continual, transparent communication with About Time’s founders and investors. We used the Well-Architected Framework to ensure we were properly evaluating tradeoffs and applying cost optimization strategies when it came to reliability and security. We also segregated their personally identifiable information (PII) data in a multi-tenant environment to meet security compliances.
In addition, we built their app 100% on serverless so it can scale rapidly as their user traffic increases and utilized a pay as you go model to keep costs per user in line with their profit margin and revenue expectations for sustainability and growth.
For testing, our team conducted performance tests to ensure the app could handle expected traffic and security tests to confirm there were no hacking activities. We also held an informal gameday so that there is support documentation in place in case the app goes down during a live environment. Last, our SLA with the company sets expectations regarding our response time and steps we will take to ensure they are up and running quickly.
At launch, About Time’s final mobile and web app represents a highly scalable SaaS solution capable of growing with market demand without compromising on security and cost. Our next steps include capturing feedback and optimizing features and workflows to keep customers happy and satisfied with their solution.
Working with the Effectual team to refine our MVS gave us an objective view of how to align our revenue goals with the right cost model so we could take an informed approach to choosing the best SaaS strategy. As we scale, we know we can meet our business objectives and deliver a high-quality customer experience.
Tricon American Homes: IT modernization helps industry leader keep pace with accelerated growth
Tricon American Homes (TAH) is the fourth largest single-family rental company in the US. Founded in 2012, the publicly owned company has a portfolio of over 20,000 homes in ten states. As one of the country’s fastest-growing real estate companies, Tricon has gained a competitive advantage by offering highly responsive, personalized customer service and translating it into profitable long-term relationships.
Since 2016, the company has more than doubled its rental home portfolio. This accelerated growth highlighted the need to formalize and streamline processes, reduce costs, and optimize its operational efficiencies. With properties spread out over large geographic areas, Tricon was also in search of scalable solutions for managing, servicing, and maintaining their homes as well as a responsive communication platform for delivering a high-touch, seamless experience to its residents.
Challenges to pursuing these strategies included limited internal development resources as well as a lack of off-the-shelf solutions for the single-family vertical market. As the company expanded, Tricon partnered with a specialized team of solutions architects at Effectual to integrate their business requirements with DevOps expertise and take advantage of evolving Amazon Web Services (AWS) solutions.
Improving operational efficiencies while scaling teams and services quickly
Combining multiple data sources to create complete and holistic reporting
Innovating continuously to optimize costs and meet market demand
Creating a DevOps culture focused on automation, cross department communication and collaboration
During the last four years, Effectual has supported these goals by designing, developing, and deploying numerous solutions for the company leveraging the AWS Cloud. These include applying IoT capabilities, integrating smart home technologies, and utilizing AI/ML managed services for revenue enhancements.
Solutions & Benefits
Operational Efficiencies One of Effectual’s first projects was to streamline Tricon’s existing rental process and leverage automation to integrate existing administrative functions with custom business applications. In addition, the team developed and launched a 200-home smart home pilot with BeHome247, a cost-saving program Tricon is rolling out to its entire portfolio.
Continuous Integration – Continuous Deployment (CI/CD) To speed time to market deployments, increase reliable releases, and provide a secure environment, the team also created a CI/CD stack and pipeline that aligned new feature requests from ideation to deployment.
Performance & Functionality In order to reduce AWS costs and increase scalability, Effectual streamlined Tricon’s application payments, built a performant dashboard, and deployed AWS S3 for highly scalable cloud object storage.
Monitoring & Logging Last, by integrating all aspects of custom applications with CloudWatch, Tricon can now easily monitor and quickly troubleshoot issues without affecting their customer experience.
The success of these initial improvements has led Tricon to further expand its partnership with Effectual, including exploring new AWS services and developing additional custom applications to better serve its residents. The company is rapidly become an industry leader in new technologies.
“Effectual has been an extension of our team for several years, and we appreciate their focus on implementing scalable, innovative, and well-architected solutions in partnership with us. They continually go above and beyond to ensure that new projects are successful by asking questions and clarifying assumptions to truly understand our business objectives. We utilize their knowledge to evaluate new technologies and services to ensure that our technology stack is optimized.”
– Dawn Dalton, VP of Business Systems
Implementing Modern Cloud Management & Optimization
As the team addressed Tricon’s development requirements, it recognized the company was going to need ongoing management to monitor and maintain the security and performance of its AWS platform as well as to identify opportunities for cost optimization and business intelligence strategies.
With a growing estate of applications running on AWS continued, it became apparent that opportunities existed to improve the maintenance and security of Tricon’s environments. As a cloud-first, security-first Modernization Service Provider, Effectual provided the experience and expertise to keep the company on a path of continued innovation.
In particular, Tricon had experienced disruptions within critical business systems and wanted to improve their response time with greater visibility into what was causing errors. By establishing automated monitoring alert systems, Effectual has helped Tricon to respond quickly and resolve issues as they occurred, reducing downtime and improving customer experience.
“We’re coming to resolution much faster now on issues. Before working with Effectual, it was taking us longer to figure out the root cause.”
– Gregg Knutson, Sr. VP of Information Technology
With consistent reporting, Effectual’s delivery team has also been able to uncover patterns affecting Tricon’s costs. During a recent quarterly business review, Effectual reviewed the company’s 6 month cost trends and identified an unutilized RI (Reserve Instance) that had become orphaned. Resolving the issue helped Tricon take advantage of the significant discount RIs offer – a key strategy for cost optimization. This proactivity is one of the most important benefits of having a long-term partnership with a Modernization Service Provider.
As a trusted advisor, Effectual’s overall goal is to set Tricon on a path of scalability and growth with the confidence it can securely and reliably serve its customers. This includes aligning the company’s business goals with new tools, methodologies, and strategies to support their growing business.
“We try to be a forward-thinking organization in terms of technology, and really want to leverage modern IT systems. With this partnership, we’ve deepened our ability to meet the growing needs of our technology roadmap.”
Zolo Media: Integrating custom solutions to activate and capture a media-hungry regional market
Zolo is a media broadcaster and production company based in Central Oregon. The company provides broadcast and advertising solutions through local, network, and original programming to Central Oregon viewers. Zolo is owned by Telephone and Data Systems, Inc. [NYSE: TDS].
Recognizing that viewers are increasingly consuming content online, Zolo positioned itself to offer viewers a robust online viewing experience with daily video content, live streaming, and real-time weather information. The company asked Effectual to help them evaluate approaches for building their new online media platform.
Strategic consulting reveals clear requirements and high level objectives
Effectual and Zolo had a collaborative, in-depth discovery process that uncovered the complex business requirements and technical needs for the new platform. Zolo was particularly concerned about meeting the rigorous corporate security, legal and risk compliance requirements of its parent company TDS.
Scope, budget and project phasing recommendations matched Zolo’s requirements and business objectives.
Complied with all security, legal and risk requirements of publicly-traded parent company.
“Effectual has been an amazing partner over the past year – always finding a way to make “what if” happen and showing us the possibilities.”
– Michele O’Hara / Marketing & Creative Services, Zolo Media
Amazon Web Services (AWS) empower reliable performance and website scalability
As a certified AWS solutions architect, Effectual saw quickly that AWS could provide Zolo performance reliability for its streaming content while allowing the company to dramatically scale its offerings.
Caching and scalability of up to 2 billion unique visitors per month
Consistent, uninterrupted streaming content
Hosting bandwidth and cost scales with site traffic
Ability for multi-authors to add content
Custom integrated technical solutions build user community
The team built a custom website design responsive to desktop, tablet and mobile that complemented the platform offerings
Xenon, Inc: IoT Proof of Concept Accelerates New Market Opportunities
Xenon, Inc. is a custom hardware provider offering full-service engineering, integration, and field service solutions for the oil and energy industries. The company provides process and environmental analytics, industrial instrumentation and automation, and electrical systems.
Though Xenon primarily serves industrial markets, the firm was approached in 2018 by a new customer interested in applying their industrial engineering background to building IoT solutions for optimizing home maintenance, monitoring, and asset protection. An institutional single-family residence company with a portfolio of thousands of homes, the client was particularly interested in testing automated door locks, water sensors, and other smart devices for secure access and efficient maintenance. Their proposed plan included deploying devices in vacant properties each month with a three-year installation phase.
Partnering with Xenon provided an opportunity to explore and validate the impact of installing IoT smart home solutions for improved customer experience and reduced operational costs. For Xenon, the project presented a new market outside of its industrial focus. To respond, they needed a proof of concept to test in the first 200 homes and present to executives.
Leveraging expert advice for faster proof of concept
Xenon began building the IoT platform in Amazon Web Services (AWS) on its own, but soon encountered issues. As hardware engineers, they realized they were outside their core competency and needed help from experienced solutions architects on software integration with their client’s property management system. They engaged Effectual to review their existing architecture and implement Well-Architected best practices.
Xenon’s primary challenge was creating a cost-efficient cloud architecture that could scale. When the Effectual team conducted an initial review of the company’s environment, we confirmed the existing software layer would require fundamental changes to meet their cost requirements. In addition, our evaluation revealed the platform was built on one computer with no staging environment and no redundancy. This existing environment jeopardized the long-term reliability and scalability of the platform.
Based on this analysis, our team estimated Xenon would quickly out-capacity their existing environment at 100 homes. This was insufficient, as they needed to prove they could scale rapidly to service the company’s expanding property portfolio. Effectual also felt Xenon’s small development team could benefit from mentoring and guidance on key concepts and AWS IoT Core best practices.
Key recommendations and outcomes included:
Built a scalable, reliable proof of concept that met the client’s business requirements and budget
Confirmed AWS as the right solution for expanding their offering
Established DevOps best practices and trained internal team on processes
Educated company on costs and complexity of creating an IoT solution on a traditional infrastructure with EC2, load balancers. Showed them the significant benefits of using a serverless framework to process IoT events from Amazon Kinesis and device command management.
Developed 187 AWS Lambda functions for an estimated 40,000,000 events per month.
Implemented Amazon Kinesis to collect, process, and analyze 60,000 incoming records per day (30 MB of streaming data per day) to provide reliable, real-time insights and rapid response capabilities.
Deployed AWS API solution with an advanced logging and control layer for Xenon’s large scale IoT system to handle a high volume of burstable requests. Designed one gateway to ingest IoT alarms and events, and another to receive commands from external systems and applications.
Implemented Amazon DynamoDB as the primary storage mechanism for scalability with all tables using On-Demand for capacity control.
With Effectual’s help, Xenon responded quickly with a functional, reliable proof of concept that addressed their client’s pain points and met their business requirements. They validated AWS as the best cloud solution for propelling their project forward and gained a solid understanding of AWS IoT services.
Results & Next Steps
For their client, the project provided a better grasp of the costs and resources needed to deploy smart home systems in their properties. It also revealed what checks and balances they need to put in place for their operations.
From Effectual’s perspective, these outcomes are precisely what a successful proof of concept project should accomplish. If the client does decide to roll out these systems to its entire portfolio, we look forward to helping Xenon revisit its current configuration with some new approaches to further unlock the potential of the AWS Cloud.
Wingo IoT: AWS IoT Solutions Position Startup for Rapid, Secure Scalability
Wingo IoT is an Oregon-based startup that integrates inexpensive IoT and legacy automation systems into one intelligent solution for industrial applications. Its key value proposition lies in collecting critical data for operational analytics, AI and ML modeling, and insurance premium and claim reductions. Established in April 2018 by an experienced technical team, Wingo focused its early development efforts on local sensor networks and isolated edge devices for data collection. The company’s hybrid IoT solution included 100% offline monitoring at sites and low-cost methods for collecting and managing facility data.
From the beginning, Wingo was aware their initial cloud architecture would require major improvements to meet stringent availability and security requirements for modern enterprise applications. A growing pipeline of large industrial customers motivated CTO Glynn Fouche to approach Effectual for a Well-Architected Framework Review as well as expert advice on Amazon Web Services (AWS) IoT solutions.
Starting with Well-Architected best practices to build long term success
Fouche recognized Wingo needed to properly leverage cloud services in order to best serve their customers. In particular, he wanted to set the young venture up for success from the start by aligning Wingo’s development process with the 5 Pillars of the AWS Well-Architected Framework.
As an AWS Advanced Consulting Partner and authorized Well-Architected reviewer, Effectual frequently helps early-stage companies leverage cloud-based solutions for projects ranging from proof of concept to full-scale custom software development. In this case, it was clear that with few developers, limited resources, and impending customer rollouts, Wingo was on a tight schedule to identify critical issues for remediation, improve real-time reporting, and operationalize its development process.
Given the company’s aggressive timeline, our team of solutions architects completed a thorough Well-Architected review and remediation in less than three months. During the process, we uncovered 34 high-risk issues requiring attention.
In the process of addressing these key issues, Effectual’s contributions include:
Developing cost predictions for company revenue model
Adopting a flexible consumption model to reduce development to cost ratio and increase product margins
Designing and implementing DevOps process for long term scalability
Establishing data storage plan leveraging a combination of Amazon DocumentDB, Amazon S3, AWS Glue and Amazon Redshift for quickly indexing data with instant access
Ensuring security compliance in a multi-tenant environment by isolating sensitive data
Creating NOC dashboard using AWS Lambda for real-time monitoring and business logic for pulling analytics
Deploying Amazon CloudFront to move small json payloads of dynamic content
Leveraging API Gateway as the medium for mobile and web apps to trigger backend API services in AWS Lambda
Providing security and disaster recovery analysis as well as recommendations for a secure, highly available, and fault-tolerant architecture
In addition, implementing Well-Architected best practices has strengthened Wingo’s confidence it can serve larger customers and meet their strict business and compliance requirements. Based on past experience, Fouche believes Wingo is much better prepared to handle comprehensive due diligence and security audits. The review process and documentation will also have a significant impact on the company’s ability to raise capital and could add significant value in the event of a purchase.
In collaboration with Effectual, Wingo’s next steps include documenting security practices as well as failover and recovery recommendations for performance reliability. These steps are critical as the company develops its cloud-based data architecture, user interfaces, and API gateways for external integrations.
Results & Next Steps
With the Well-Architected review complete, Wingo is now positioned to approach both new customers and potential investors with greater confidence in its ability to receive, process and store data in the cloud and offer powerful data insights for driving optimal business outcomes.
Warm Welcome: Replicating the SaaS delivery model with a smart Proof of Concept (POC)
With a history of successful SaaS ventures for the photography and real estate industries, entrepreneur David Jay launched Warm Welcome as a Proof of Concept (POC) in early 2019. The product delivers highly personalized video messages through email to support customer onboarding and retention. After investing nine months to gather user feedback, Jay had developed a clear pricing model, a list of MVP features, and go-to-market strategy. However, he needed Effectual’s help refactoring the POC to address security and reliability concerns to make the solution production-ready.
Evaluating trade-offs, defining priorities
Highly skilled at building strong, loyal user communities, Jay and his team are adept at responding to user requests, defining focused MVPs, and gathering valuable customer feedback. With Effectual’s support, they have also learned how to use the Well-Architected Framework to evaluate trade-offs and determine priorities for their POCs.
For Warm Welcome, the team decided that time-to-market in the POC phase was a priority. Their goal was to quickly capture user feedback in order to understand the product’s business value.
Aligning pricing and marketing strategies
The first version of Warm Welcome was a small, low fidelity MVP tightly focused on solving the customer’s biggest problems, which were closing a sale and onboarding a new client. Based on analytics, user surveys, phone calls, and focus groups, the company gained key insights into the value of the product. This helped them align their messaging and marketing with the needs of their customers.
In addition, they carefully tracked their actual costs, allowing them to build a pricing model to accurately fit their cost model.
Refactoring architecture for reliability and security
While reliability and security were acceptable trade offs during the POC phase, they needed to be addressed prior to moving into production. Effectual began refactoring the POC by conducting a Well-Architected Framework Review (WAFR), resulting in a re-evaluation of the initial tradeoff decisions. In addition, Effectual offered the following recommendations:
Secure the environment to autoscale using EC2, ElasticBeanstalk, AutoScalingGroups
Set up a CI/CD pipeline with parallel environments to increase agility and lower risks
Leverage additional AWS tools and services including Cloudfront, S3, Aurora RDS, and ElasticTranscoder
Warm Welcome is one of many projects Effectual has worked on with Jay over the last several years. Throughout the client relationship, Effectual has provided strategic advice and technical expertise through all phases of discovery, development, and deployment.
Verdant Web Technologies: Seamless Integration with Amazon EC2 for Microsoft Windows
Verdant’s management software solutions track, access, and update facility Environmental Health & Safety (EH&S) compliance and sampling information. With a growing customer base, the company was beginning to confront scalability, reliability, and performance challenges that could not be solved with their existing on premise infrastructure. Verdant President Ron Petti engaged Effectual to conduct a Well-Architected Framework review and support their migration to the AWS cloud.
As an enterprise level company, Verdant wanted to migrate to AWS with their existing Microsoft technology stack. This was a requirement for two reasons: 1) All of their technical engineers already used Microsoft (.NET and SQL Server); and 2) Verdant’s industry clients had tools integrated with Microsoft and were loyal to their solutions. With several Microsoft certified developers, we were confident of a seamless integration with AWS services.
We rewrote Verdant’s entire on-premise workload to AWS using Amazon EC2 for Microsoft Windows Server, building a scalable framework that addressed their business challenges. To do this, we leveraged IIS and the .NET framework. We kept the company’s SQL Server but hosted it on Amazon RDS for SQL Server to improve capacity, decrease costs, and reduce database administration. We also automated their deployment using Jenkins and Elastic Beanstalk. Like their enterprise clients, they were using Active Directory for user authentication which we were able to easily integrate with SAML.
In the end, Verdant was able to stay with a Microsoft technology stack their internal team and customers trusted and were familiar with while taking advantage of the compute capacity of the AWS cloud. Because we began with an existing framework, we were also able to complete the migration far more quickly and focus on adding value with our customized solution.
Verdant Web Technologies: AWS tools improve scalability, profitability, and customer experience
Verdant offers management software solutions to track, access, and update facility Environmental Health & Safety (EH&S) compliance and sampling information.
With a growing customer base and a maturing product, Verdant was starting to encounter big DevOps and infrastructure challenges that threatened to slow its market momentum. The company’s migration of thought and concept demanded a far more scalable model. To the Effectual team, it was clear that the AWS platform could help them pivot and evolve.
Standardized architecture improves DevOps
Verdant’s primary pain point was architecture. With six different code bases unique to each client, the company updated code changes manually, published them out to 10+ web servers, and ran its SQL scripts on multiple databases. The process was overwhelming their team, impacting scalability, and preventing them from writing new features. The company’s IP also lived with a single developer, creating some vulnerability. Our team immediately got to work rewriting the company’s software with multi-tenant support, allowing different organizations to manage their data separately but with a standardized code base.
Streamlined DevOps by automating the deployment/development process with a build server and rapid deployment tools
Created a faster, more reliable migration to the AWS Cloud
Leveraged AWS for greater security and global redundancies to safeguard against potential downtimes
IP knowledge is now shared broadly by Verdant’s entire team so the company is no longer reliant on one person to protect its IP
The ability to scale rapidly to meet customer demand
“Effectual has been an amazing partner in the development of our enterprise platform which is now our life blood. Along with their responsiveness, solution engineering depth and capabilities we appreciate their tight management of project budgets and schedules. Effectual is a valued resource and critical part of the Verdant Team!”
– Ron Petti / President, Verdant Web Technologies
Eliminating hardware lowers cost of customer acquisition
Before deploying AWS, it took Verdant weeks to onboard new clients with a process that required significant hardware investments. Infrastructure was a fixed asset regardless of the number of clients. Our solutions turned infrastructure into an operating cost and eliminated hardware altogether.
Reduced new client onboarding from 2 weeks to 1 hour
Eliminated need for costly hardware
Decreased customer acquisition costs
Scalable solution allows for fast response to market demand
For Verdant, the timing for the project couldn’t have been better. Shortly after its completion, the company’s client base exploded overnight when schools around the US were compelled to perform extensive drinking water testing in reaction to the national crises in Flint Michigan. The revelation resulted in stricter reporting requirements and EH&S monitoring across Oregon, driving sudden intense demand for Verdant’s software solutions. With Effectual’s help, the company was well positioned to capitalize on incoming project opportunities, which resulted in a national award (with Environmental Business Journal)
AWS solutions such as Elastic Beanstalk support continuous development and innovation and help Effectual manage multiple application environments for the development/testing/release cycle
Increased customer satisfaction with ability to quickly add new functionalities
Tourvast: Building SaaS Solutions Using Scalable Innovation
Tourvast is a Software as a Service (SaaS) provider with a marketing platform that offers real estate photographers tools for creating property presentations and virtual tours that showcase their skills, leverage their art, and build their business. The platform also offers agents the opportunity to enhance their brand across social networks with high end, quality photography and video assets.
While the platform had been in existence for over a decade as licensed software, Tourvast executives wanted to evaluate the company’s intellectual property and consider options for writing their own application for greater usability. With new business requirements and a new go-to-market strategy, they contacted Effectual for help with their decision-making process and next steps. Our team provided insights and strategic advice and ultimately implemented a more scalable platform based on the secure, reliable infrastructure of the Well-Architected Framework.
Recalibrating the pricing model
Effectual solutions architects began a discovery process that included wire-framing and architecture planning. This exposed one of Tourvast’s primary challenges, which was the inability to scale its pricing model. Due to the unpredictability of its customers’ large media files, the current architecture was not consistently covering costs.
Conducted an in-depth revenue modeling analysis to identify average costs based on number of photos uploaded as well as the number of videos, pdfs, and other assets created.
Designed new architecture for cost objectives with pay-for-use pricing to reduce capital expenses.
Improving performance, scaling for demand:
In addition, tenant activity was slowing performance and impacting overall customer satisfaction and retention.
The existing workflow began with a transaction outside of the platform between a real estate agent and photographer to secure photos for the creation of marketing deliverables. Photographers paid a subscription fee for a specific number of properties in advance and banked them like a credit system. After taking photos of the agent’s identified property, they uploaded their images on the website in order to organize them into deliverables such as slideshows, virtual tours, flyers, and more. Once complete, they provided their realtor customer links to those assets. Upon the agent’s approval of the copyrighted materials, they pay the photographer the invoiced amount through Tourvast to release the media for use.
The challenge was that each time a photographer uploaded their image files, the software would immediately resize them and create a slideshow. This process would take up the site up to 10 minutes while the photographer waited for it to complete. At the same time, it froze platform functionality for all customers on the site.
Leveraged serverless architecture using S3 and AWS Lambda for media and multi-tenant loads, resulting in greater flexibility and stability.
Implemented CloudFront for streaming videos to deliver content to end users with lower latency.
Deployed a blue-green architecture on AWS creating a continuous integration/continuous deployment (CI/CD) pipeline, including up to 10 servers for burstable traffic.
Code is now developed and deployed to an AWS Elastic Beanstalk environment, with two separate, but identical, environments (blue and green) to increase availability and reduce risk. This allows the application to continues to run seamlessly while new code is deployed without impacting the user experience.
Implemented DevOps strategies and best practices with parallel development, testing, staging, and production environments.
Ensured that no development takes place in production
Created a testing environment for internal QA
Enhanced reliability with a staging environment built for “friends and family” releases with a copy of production data scrubbed for security reasons (with scale of data to mimic what happens in production)
Today, Tourvast is a SaaS company that owns its own intellectual property, with full control over its roadmap. With support from Effectual, it owns its maintenance backlog and understands its third party dependencies and costs. Last, our team continues to help the company innovate and build improvements using proof of concepts fueled by cost-effective AWS tools.
Robert Axle Project: eCommerce website redesign increases product sales and customer connections
Robert Axle Project is the authority on 12mm and 15mm thru axles for bikes. They provide the highest quality products that allow families, adventurers, commuters and recreationists to enjoy traveling by bicycle. Sales are international, online through its e-commerce website as well as through dealers, distributors and OEM partners.
As the “RAP” products have grown in popularity, and in “fit” complexity with an expanding variety of different bike styles and brands, company founders recognized they needed a stronger e-commerce website platform.
RAP has a strong customer following and sense of their community through social media channels, trade shows and industry connections. During website planning we identified 4 different customer personas to message to about not only about the product, but also in the different narratives and imagery that could be shared around actually ‘having’ and using the product from RAP.
Thoughtful website copy and messaging was matched with imagery to draw visitors into a compelling company narrative about experiences, recreating and possibility with the RAP product.
The transition in content from heavy product and features focus to more customer benefits and aspirations orientation with the new website increased website engagement respectably – with 110+ % increase in page views and 23% decrease in the site-wide bounce rate.
“Effectual worked hard to understand our business needs and develop custom features that increased traffic, conversions and engagement with our customers. With excellent project management and communication throughout the process!”
– Katy Bryce & Chris Kratsch / Founders, Robert Axle Project
Custom fit selector streamlines visitor experience
An increasing complexity in matching product ‘fit’ to increasing variations of bike and trailer types, RAP sales support knew there had to be a better way. They asked Effectual to build a custom “fit selection” tool compatible with the new website CMS.
Automating the ‘fit’ process has facilitated customer ease with securing the right product through the website, dramatically reducing sales support calls and product returns.
New website at the hub of a fuller engagement platform increases visits
Actively engaged with their community, RAP’s new website supports this conversation – through regular story content (blog posts) and integration with social media feeds. Fresh, regular and fun content that’s attractive to search engines and industry forums brings a 150% increase in website traffic.
Online product sales have increased 125% since the website’s launch.
Pole Pedal Paddle: Cost Optimization Strategies Maximize Impact for Local Non-Profit
Held in Bend, Oregon, the SELCO Pole Pedal Paddle (PPP) event is a popular annual multi-sport relay race benefiting Mt. Bachelor Sports Education Foundation (MSBEF). Over 2500 amateur and pro athletes compete solo or as a team in the race each year. The six legs of the race include Alpine skiing, Nordic skiing, biking, running, a canoe/kayak/SUP leg, and a sprint to the finish. Race Manager Molly Cogswell-Kelley asked Effectual for a custom solution to improve race registration, team management, and results reporting as well as to reduce PPP costs.
One of the main cost drivers was an expensive yearly subscription service with a third party provider. With two races (the adult PPP and the kid’s PPP), the event was paying for two subscriptions. In addition, even though their production only ran 4 ½ months each year, they were being charged for an entire year. The off-the-shelf service also lacked needed functionality for managing PPP’s different categories and unique team structures. In addition to growing costs, the organization had a new legal requirement for attaining parent signatures for child waivers.
Applying Well-Architected Framework best practices for cost optimization, our team worked on several strategies targeting the PPP production environment and development process to address business requirements and meet cost objectives.
First, it was clear that an annual subscription was a poor pricing model for the once a year event. We shifted to a more flexible, pay-as-you-go solution with AWS to ensure usage and costs match PPP’s short production timeline. Using AWS allowed PPP to run servers and pay for usage only when their environment was turned on. Given that our development team has nine months each year to develop new features and push out code, we also decided to use spot instances for the development and CI/CD environment, representing a 90% discount.
For the same amount PPP was paying each year to manage its waivers, we were able to build a custom application with far greater functionality and flexibility to accommodate ongoing development needs. Due to the nonprofit’s budget constraints, we focused on the adult PPP race as the first phase of the project. We were able to build on this framework two years later for the kids PPP.
To optimize costs, Effectual leveraged their existing knowledge with .Net membership provider, .Net user provider and the .Net MVC frameworks and libraries. This allowed Effectual to focus only on the custom business logic and leverage out of the box solutions for logins, account creation, registrations, and password creation. This also meant we did not have to re-engineer a security feature, which kept development costs lower. For enterprise reporting and integration, Effectual chose Microsoft SQL Server and IIS.
By consolidating expenses, utilizing spot instances, and integrating AWS services with existing Microsoft technologies, we deployed custom applications that have significantly reduced PPP’s costs and improved their overall user experience year after year.
Several years ago, Effectual worked with BBQ manufacturer MAK Grills on a product ideation project for a new web app giving owners remote operational control of their grills. Prior to our engagement, the company’s outsourced development process had stalled and they needed help salvaging the project. After reviewing their existing code, we were able to address their wishlist and launch the app on an aggressive timeline.
While the app ran successfully for the first few years, the company began to experience performance issues as its customer base expanded. MAK Grills President Bob Tucker re-engaged Effectual for a Well-Architected Framework Review to evaluate their solution, which was crashing daily and shutting down all of their grills.
For the review, Tucker had the following objectives:
Stabilize the production environment
Build an affordable solution using their existing Microsoft technology stack (.NET, SQL Server, IIS)
In our Well-Architected Review, we discovered that the company had recently hired someone to rewrite their firmware. During the rollout, the firmware had 10,000 BBQs sending messages to the MAK Grills website every 5 seconds. This increase in traffic was causing their server to crash at least once a day. They had tried to fix the issue but it was still unresolved. With owners who expected their mobile service to be available 24/7, it was clear the company had a serious customer service problem on their hands.
Actions & Recommendations from the Well-Architected Review
Analyzed the MAK Grills Microsoft server (.NET technology stack with a SQL Server on the backend) to identify what was crashing.
Consulted with their firmware developer to provide guidance on IoT best practices.
Coordinated all of the company’s outsourced engineering teams to ensure they are on the same page in terms of cost objectives and best practices for scalability and reliability.
Our team also recommended that MAK Grills capture their market metrics to understand the business value of their offering. We installed Google Analytics to evaluate customer behavior and created a company dashboard for greater visibility into user data. In addition, we suggested they evaluate switching their business model to monthly subscription pricing (versus charging a $300 upfront cost for the app at time of purchase).
Based on user feedback and customer data, the MAK Grills sales team is now testing a monthly subscription pricing model with new customers. Effectual’s remediation has stabilized a production environment that can scale automatically, and the company can focus on new product innovation to keep its customers engaged and happy.
FinTech Startup: Maintaining security and meeting compliance in a fast-growing, innovative company
One of our clients is a fast-growing FinTech company that provides payroll card solutions for US businesses of all sizes. Their primary product offering is a direct deposit debit card that maximizes direct deposit participation among unbanked employees, eliminating the hassle of cashing paper checks.
Prior to a recent acquisition, the startup was enjoying success as a market leader with a wave of new customer acquisition. Its growth trajectory was also attracting new investors keen to enter the FinTech market. At the same time, the 100-employee company was facing challenges meeting its PCI DSS (Payment Card Industry Data Security Standard) compliance in a rapidly changing regulatory environment. Deep into their growth mode, the company’s leadership was told by investors they could not commit significant funding until new compliances were met.
For FinTech startups, PCI fines can threaten critical cash flow and bottom line profitability. Companies who fail to pass their audits can be fined anywhere from $5k to $100k per month depending on their size. Given their aggressive first-to-market strategy, the pressure was on the team to operationalize solutions and meet compliance immediately.
Originally engaged by a third-party security company to help the company with custom software development, Effectual was introduced by their auditing company to help address its regulatory and security concerns. As an Amazon Web Services (AWS) Advanced Consulting and Well-Architected Partner, Effectual has in-depth experience identifying security vulnerabilities. More importantly, the firm’s core expertise is translating those recommendations into clear, pragmatic steps for operationalizing long-term solutions.
Rapid growth and changing internal roles
As the startup expanded to service its widening customer base, internal roles and operational responsibilities were continually changing. The result was an unclear separation of permissions and duties as well as a lack of capacity or direction for detailed oversight. While former consultants had provided high level recommendations for mitigating security concerns, they had not provided the firm with practical, specific solutions for implementing them, leaving the team uncertain as how to proceed.
Reviewed all seven workloads – particularly related to Primary Account Number (PAN) data – to ensure the company had change management in place. This included security encryption, data storage, and permissions access.
Isolated workloads to keep access separate, creating an Amazon account for each workload.
Outlined clear separation of duties for auditing changes in their environment, with segmented duties and workloads.
Documented and aligned policies, processes, and permissions with internal changes and promotions to provide stability of roles and what tools each will use consistently going forward.
Managing multiple 3rd party vendors and outsourced workloads
The growing company had also become 100% reliant on third-party vendors for its workloads. Keeping eight different vendors informed of its regulatory and compliance requirements and ensuring necessary standards were met had become extremely difficult for the inexperienced team to manage. In addition, the client was at the mercy of its vendors’ competing timelines and unpredictable capacities. This was dramatically slowing its ability to respond to crucial deadlines for compliance. Effectual’s Well-Architected Framework Review quickly surfaced these issues as well as the need for remediation.
Coordinated project management with all third-party vendors to remedy immediate issues affecting compliance.
Built a secure CDE data environment to store PAN data.
Reduced the number of outside vendors to be more manageable and complimentary.
Migrated two PCI-compliant workloads to Amazon using AWS Lambda, Amazon DynamoDB, GuardDuty, and API Gateway.
Outlined plan for migrating remaining workloads to Amazon in the next seven months.
Meeting compliance as an everyday activity
Working with Effectual, the client succeeded in passing its crucial PCI audit in less than 3 months. More importantly, the company has built a DevOps foundation for its future growth and regulatory compliance with everyday operations that ensure its continued success.
As a result, the startup is now skilled at the following:
Understanding its separation of duties, including how many people are involved and needed to facilitate a change in its environment
Documenting and aligning policies, processes, permissions with internal changes and promotions to create greater efficiencies and security
Strategically utilizing third-party vendors and keeping them informed as to its compliance needs
“At first, we brought Effectual on board to build an onboarding web application. But they’ve been far more than just a software development firm. Their DevOps infrastructure expertise, ability to build products in a PCI compliant manner, and emphasis on data security has been a game changer for us.”
Economic Development of Central Oregon (EDCO): Digital solutions that adapt and evolve with a growing organization
EDCO is a regional non-profit that helps companies move, start and grow in Central Oregon.
EDCO had just stepped into a rebranding process to capture its leadership role as an information and networking hub for the region’s business community. At the top of the list: redesigning and overhauling their website. Built years before on a closed, proprietary platform, their non-responsive site didn’t reflect their own progress and was time-consuming for staff to update and keep current.
“The Effectual team has the talent and creativity to respond to whatever you can dream up – so think big.”
– Brian Vierra / Venture Catalyst, EDCO-Bend Venture Conference
Content strategy informs brand messaging
Working closely with tech companies and entrepreneurs, EDCO wanted a digital presence as dynamic as its clients. The group’s new branding aligned with its long-term strategic plan but hadn’t been translated into an effective content strategy that engaged visitors. During an extensive collaboration, we developed the voice and lexicon, user personas, and calls to action that ultimately shaped brand messaging throughout the site as well as in other marketing initiatives.
78% increase – average time on site
30% increase – number of pages viewed
Content strategy process refined overall brand messaging
Discover Your Forest + US Forest Service: Strategic consulting uncovers new opportunities to engage visitors
Discover Your Forest promotes the discovery of Deschutes and Ochoco National Forests and Crooked River National Grassland by enriching the experience of visitors, building community support and creating the next generation of environmental stewards.
DYF’s new leadership team was ready to explore using digital technology to connect visitors and volunteers to its services and expand its donor base. Our discovery process uncovered strategic opportunities for integrating digital solutions that DYF hadn’t considered possible or affordable – launching them into a new phase of innovation and expansion.
Empowering visitors with easy access to information
DYF’s wanted a digital kiosk at the new Cascade Lakes Welcome Center that gave visitors simple access to trail and permitting info. Our team built a custom web app leveraging their existing US Forest Service databases, making trail and use information user-friendly and instantly available to visitors. Directly after launch, the Forest Service began evaluating the web app for regional offices in the Northwest and beyond.
Easy, 24-7 access to visitor information
Increased permitting revenue
New digital solution for Forest Service visitor services
“Partnership with Effectual helped us engage with a wider audience than we’d ever imagined. Their strategic guidance was invaluable and it shows in our final product.”
– Rika Nelson / Executive Director, Discover Your Forest
Mobile app transforms visitor engagement
As conversations evolved, Effectual encouraged DYF to look beyond the web app to a mobile solution that could engage visitors anywhere. The Forest Service had shelved the idea of a mobile app in the past due to cost and technical issues. New research and some collective problem-solving revealed that going mobile was within reach and within budget.
Simple UX makes trail and permit info easy to discover
Expanded engagement and access beyond bricks and mortar experience
Leveraged existing technology platforms with little added cost
Created a standardized, clean set of data deployable across other Forest Service locations
Deep dive business strategy delivers outstanding online experience
Last, the DYF static website needed a complete redesign to boost engagement and connect visitors and volunteers to the group’s mission. Effectual guided their team through an in-depth planning process to identify key personas and calls to action that would drive design and user experience and deliver desired outcomes.
Finely tuned UX development and design aligned with business goals
FISMA Moderate Requirements met with AWS Infrastructure
Effectual led a Federal Government client in their journey from on-premises infrastructure to a secure cloud environment in AWS.
This Federal Government customer required a move from its on-premises infrastructure to a centralized cloud environment. This move was predicated on the requirement for increased security, flexibility in provisioning infrastructure, and a refresh of technology. The new AWS infrastructure must also be assessed at a FISMA Moderate level for production.
Our team led the discovery, architecture, and implementation of an agency’s new infrastructure. We designed a multi-region, international architecture that allowed end users to quickly access virtual desktops at regions closest to those users. The centralized management and region-based architecture allowed devices to move outside the boundary, the virtual desktops infrastructure scaled as users joined around the world, and the agency was able to provision lower cost technology, such as thin clients, to achieve a refresh.
Our team supported the agency in its ATO efforts by provisioning compliant infrastructure and services in alignment with FISMA Moderate controls, then produced documentation supporting the architecture, allowing the agency to get a full ATO.
Our AWS-based architecture and deployment supported configuration of infrastructure to meet minimum workloads, which then scaled as users came online. Additionally, multiple user desktops could be provisioned on a single server, cutting down on associated costs.
The agency’s network needed to be overhauled as a result of security concerns. With the AWS backbone and multi-region architecture, users experienced a decrease in latency and the zero-trust model improved network security.
Satellite Imagery Analysis Simplified with Serverless Infrastructure
Effectual worked with a Federal Government customer to provide a mission critical solution that simplified its Land Satellite sensor processing software of the Earth’s land surface.
The images provide uninterrupted data to help land managers and policymakers make informed decisions about our natural resources and the environment.
A Federal Government customer looked to us to migrate its on-premises infrastructure to a Serverless infrastructure in AWS to ensure cost optimization, availability, and application performance while logging satellite images.
Our team implemented AWS Lambda, AWS Batch, Kubernetes, and Amazon EKS. This ensured the client’s ability to collect satellite images that would be used to help scientists track land change due to climate, urbanization, drought, wildfire, and biomass changes.
We implemented AWS Lambda to run code without servers. By implementing Serverless infrastructure the client was able to reduce cost by 80%.
Our team implemented Kubernetes to provide automated container orchestration and higher availability across multiple regions. This allowed users – both domestic and abroad – to access satellite photos more efficiently via the web for personal and private use.
We set up serverless storage to compact the client’s satellite imagery retrieval process from 2 weeks to 2 hours.
Service Employees International Union (SEIU) Application Migration
When flooding took out the New York data center of the national nonprofit, SEIU, the organization found a need to act on a move to the AWS cloud.
Through third-party and cloud-native tools, we provided the infrastructure, resources, and products necessary to efficiently migrate workloads.
The national nonprofit serves branches of the organization with centralized IT based out of its New York offices. When NYC was hit by Hurricane Sandy in 2012, it led to flooding of the organization’s data center, housed in the basement of the building. The resulting outage took a week to recover from. The nonprofit needed a cloud-based backup solution to ensure that it could be prepared against future disasters.
We began with an assessment of the organization’s data center posture, then created a migration plan and proposed architecture to support the nonprofit moving forward in AWS. We configured VPCs, subnets, networking, and configured access policies. We also connected a third-party disaster recovery service to ensure consistent synching of information between on-premises and cloud servers.
Piece of Mind
After going without its critical IT infrastructure for a week, the nonprofit had confidence its cloud infrastructure would be highly available.
The AWS infrastructure included VPN connectivity to the on-premises network in order to replicate Active Directory and SQL databases to ensure ongoing operations.
In addition to an initial VPN connection, our team configured remote VPN connectivity from field offices in seven east coast cities to ensure all users could access the environment in the event of a failure.
GenomeNext is a genomic informatics company dedicated to accelerating the promise and capability of predictive medicine and scientific discovery. It commercializes genomic analysis tools and integrated systems for the evaluation of genetic variation and function.
The advanced informatics and data management solutions are designed to simplify, expedite and enhance genetic analysis workflows. GenomeNext solutions provide the market with genomic data and analysis at an unprecedented combination of performance, quality, cost and scale without requiring the investment in high-performance computing resources and specialized personnel. The proprietary platforms address a broad range of highly interconnected markets, including sequencing, genotyping, gene expression, and molecular diagnostics. GenomeNext customers include leading genomic research centers, academic institutions, government laboratories, and clinical research organizations, as well as pharmaceutical, biotechnology, agrigenomics, and consumer genomics companies.
GenomeNext needed a more efficient way to develop and deploy application changes to its Amazon Web Services Genomics Cloud Platform while maintaining high level of security and compliance.
We worked with GenomeNext to design efficient development and agile management process, setup internal DevOps software and AWS infrastructure components, mapped processes to appropriate security and compliance controls, integrated third party DevOps tools with the GenomeNext Cloud platform, implemented development life cycle environments (Dev, QA, and Prod) on AWS, monitored and reduced AWS costs, and architecture high availability and disaster recovery. Our solution enhanced GenomeNext’s ability to quickly and securely roll out application development and infrastructure changes with minimal to zero downtime through the use of tools such as AWS Elastic Load Balancing, AWS CloudWatch, AWS CloudFormation, and AWS CodeDeploy.
GenomeNext recognized the advantages of DevOps automation by a significant increase in deployment frequencies, a dramatic decrease in deployment failures, immediate recovery of failed deployments, and reduction in the time required for changes.
By combining AWS and DevOps, GenomeNext can automate the deployment of an exact copy of its Production solution within minutes into any AWS region, allowing it to meet its recovery time objectives.
GenomeNext realized cost saving utilizing DevOps and AWS. Cost saving came in terms of maintaining a small staff, increased quality of products, reduction deployment complexity, and faster time to market.
Supporting the Delivery of Early Warning Signs for Earthquakes
Effectual delivered a mission-critical solution to a Federal Government Client that ensured the delivery of early warning alert notifications for earthquakes and other natural disasters over multiple geographical locations to save lives.
This could not have been done without a Cloud-based solution to ensure a resilient system.
This Federal Government customer required a move from its on-premises infrastructure to a centralized Cloud environment. The client looked to our team to handle high availability architecture and fault tolerance to meet workloads over multiple geographical locations quickly after a natural disaster. The solution required improved resilience and redundancy capabilities, application performance, and control monitoring.
Our team built out a highly available and scalable infrastructure to meet demand in the wake of a disaster. We utilized the customer’s containerized solution and created a pipeline leveraging a GitLab Runner in Amazon Web Services (AWS) to manipulate and manage the AWS Elastic Kubernetes Service (EKS) deployments. This ensured the client’s ability to deliver early warnings for natural disasters through their application.
Our team configured Amazon CloudWatch metrics to identify a surge in traffic in the event of a disaster. This fully integrated AWS service is built with more resilience. Kubernetes was implemented to provide automated container orchestration and higher availability to reach across multiple regions.
We created a proprietary AWS-hosted Git solution to do all the linking, testing, and delivery to code. Our solution increased the rate at which the client released updates to the solution by 90%.
We deployed a GitLab Runner in conjunction with GitLab Continuous Integration to ensure all applications were provisioned through a pipeline. These necessary changes led to extreme version control and expediting developer updates.
Predictive Analytics: Volcanic Activity Analyzed Through Moving Magma
Effectual delivered a mission-critical solution to a federal government client that ensured their sensor processing software was able to predict volcanic activity through moving magma.
This information is used to help scientists forecast seismic activity over multiple geographical locations. This could not have been done without a Cloud-based solution to ensure a resilient system.
Our customer required a move from its on-premises infrastructure to a centralized Cloud environment in AWS. They looked to our team to handle high availability architecture and fault tolerance to meet workloads over many geographical locations quickly after a natural disaster.
We provided a highly available and scalable infrastructure that ensured efficiency in wake of volcanos and other natural disasters. This sensor processing solution ensured predictive analytics, resilience, and scalability.
We worked with the customer to create a solution that ensured the user could collect volcano data to analyze and utilize for machine learning to better predict when volcanoes erupt.
Our team configured Amazon CloudWatch metrics to identify a surge in traffic in the event of a disaster. Kubernetes was implemented to provide automated container orchestration and higher availability to reach across multiple regions.
We configured EC2 instances that ensure adequate capacity to meet traffic demands and compute capacity. Our team automated launch configurations to allow the client to quickly launch and/or scale application servers in target environments in the future.
Bird Conservation Science Enabled by Automated Monitoring and Analysis of Migration Patterns
Effectual led a Federal Government client in need of automation, reliability, and efficiency for their bird identification website.
The customer supports the collection, archiving, management and dissemination of information from banded and marked birds in North America. This information is used to monitor the status and trends of resident and migratory bird populations.
This Federal Government customer required a move from its on-premises infrastructure to a centralized cloud environment. The client looked to our team to redesign their website, creating a system that would produce automated checks to save time and manual effort when registering banded and checked birds into the database.
Our team assisted the customer in creating a system that would require minimal effort to keep up and running for years. This system saved time and manual effort through the implementation of Amazon Elastic Compute Cloud (Amazon EC2) to automate cron jobs for repetitive tasks to push all submitted web surveys from bird hunters and enthusiasts to the on-premises database. When banded birds were checked in, the system would be able to ensure the identification was correct, eliminating the need to manually check that information.
We utilized Amazon EC2 to automate database syncing. This allowed the bird banding lab to be more efficient when a bird was reported on their website. The client no longer needed to manually log and input the bird species. AWS CloudFormation was implemented to reduce manual work while developing an environment, ensuring productivity when debugging issues.
We used GitLab Continuous Integration in conjunction with GitLab Continuous Deployment to check code for errors, expediting developer changes.
Our team implemented Amazon CloudWatch Events for serverless workflow to trigger Lambda functions. Without having to provision or manage, the client was able to keep the same server running by keeping it warm with a CloudWatch Event. This reduced response times from 3 seconds to a couple hundred milliseconds.
Ensuring Least Privilege Access: Implementing an Active Directory Federation Service
Effectual led the implementation of an enterprise grade Active Directory Federation Service (ADFS) for a large Federal Government client.
Effectual enabled reliable and secure cyberspace capability by providing a highly innovative network architecture, engineering, integration, and simulation services with unrivaled expertise and commitment.
The client looked to our team to move its highly disparate environment into a highly collaborative one. By implementing Federated Access to the Amazon Web Services environment, this ensured least privilege access to client users.
We worked with the client to setup an AWS Identity and Access Management (IAM), federated sign-in through Active Directory (AD), and Active Directory Federation Services (ADFS). This ensured least privilege access to client users.
Our team enabled reliable collaborative connectivity to a cadre of remote workers that needed access to the system while utilizing the ADFS PIV card solution.
We were able to meet all security requirements by using a federated solution, allowing the client to set permissions and access levels across different systems. The Federated solution also improved auditing management of credentials.
We implemented AWS CloudFormation to create a template to use when multiple accounts register in the system. This led to an increase in efficiency and ensures consistent configurations overtime.
Real-time logging of Tsunami Data Aids in Disaster Response
Effectual worked with a federal government customer to provide information for local land-use and emergency response planning to avoid development in hazardous zones and to plan evacuation routes to communities along low-lying coastlines vulnerable to tsunamis.
The customer looked to our team to quickly and effectively move their public-facing web applications and internal applications to the AWS cloud to ensure resiliency, availability, and real time logging of tsunamis.
We implemented a solution comprised of Amazon CloudWatch, AWS CloudTrail, Alarms, and Serverless Storage. This ensured the clients ability to collect data to help scientists understand tsunamis through their application to develop how to most effectively improve preparedness and response to tsunamis.
Resiliency We implemented Amazon CloudWatch to schedule data collection that self-triggers when a tsunami is detected.
Availability By implementing AWS CloudTrail the client was able to easily access tsunami data to help scientists understand the sources of local tsunamis so that the impacts of future events may be mitigated.
Real Time Logging Our team set up serverless storage to collect data from these seismic networks to process key components in the impact of tsunamis.
Serverless Infrastructure Enables Data Access Related to Environmental Issues
Effectual worked with a Federal Government client to provide a mission critical solution that scientists could apply to classification tasks on large data sets related to earthquakes, volcanic activity, waterline erosion, and water quality.
This Federal Government customer looked to our team to migrate its on-premises infrastructure to a serverless infrastructure on AWS. The client was in need of a centralized data catalog, management solution for users, and data access for environmental issues.
We supported the client with a serverless solution that consisted of Amazon API Gateway, Amazon Cognito User Pools, AWS Lambda, and AWS Step Functions. This ensured the customer’s ability to make high-volume, complex data accessible to stakeholders, policymakers, and managers to facilitate data-driven conversations about environmental issues in a secure setting.
Our team implemented API Gateway to handle the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls to process any surge of traffic on its website.
Wey implemented AWS Cognito User Pools for control over user authentication and user access for the website. This allowed for secure token handling and management of authenticated users from all identity providers.
We implemented Lambda functions to run code in a serverless environment and process its large data sets related to environmental issues. The client was able to reduce cost by 80%.
TNTP’s mission is to end the injustice of educational inequality by providing excellent teachers to the students who need them most and by advancing policies and practices that ensure effective teaching in every classroom.
In the wake of a flooding, TNTP looked to Effectual to quickly and effectively move their public-facing web applications and internal applications to the AWS cloud for better cost, scalability, disaster recovery capabilities, and better application performance.
Effectual worked with TNTP to define a migration strategy, set up the infrastructure in accordance with best practices and to take advantage of the full feature set of cloud, and provided scripts to automate future updates and deployments. Effectual introduced TNTP to the Infrastructure as Code model so that they could version control the state of their infrastructure through the use of AWS CloudFormation templates and take advantage of AWS’ built-in resource dependency definitions to perform rolling updates with minimal downtime or system impact.
TNTP experienced lower costs for running their workloads in the cloud compared to on-premise IT hardware and maintenance costs. Effectual assisted TNTP to utilize cloud purchasing options and offerings to meet TNTP’s technical requirements while remaining cost-efficient.
The use of the AWS cloud provided capabilities for flexible infrastructure to allow accommodation of various sizes of workloads. The infrastructure used AWS Auto Scaling capabilities along with custom settings in AWS CloudWatch to automatically scale to accommodate larger workloads while retaining transparency of the scaling activities to the end user.
Failover capabilities and strategies such as the use of AWS Elastic Load Balancing within AWS were implemented to protect the system, maximize uptime, and minimizes data loss in the event of a disaster. Notifications, alarms, and safeguards were put in place to ensure immediate notification of any abnormal behavior.
Applications Rearchitected in AWS to Automate Security Triggers
Effectual led a Federal Government client in their journey from on-premises to AWS by extending their data center into the cloud and rearchitecting their applications.
Effectual provided guidance in the following areas
Implementing Automation for the client.
Creating a new AWS infrastructure and environment.
Updating and retooling current applications.
Building the solution as a receiver and retooling specific applications to function in the new environment.
Interpreting and providing additional information and understanding of features that are new and being developed as it pertains to their issues.
Our Team Leveraged the following technologies
AWS CloudFormation templates were created for DevOps
Organizations and AWS Config for management of the system
AWS CloudTrail and Amazon CloudWatch were utilized for automating security recommendations
Amazon CloudWatch was programmed to alert the client if changes were made in their system. The response would trigger the system to return to original configurations and alert security to these changes.
AWS infrastructure resources, EC2 instances and RDS database infrastructures
Migration to the Cloud
We rebuilt client applications in the AWS Cloud to connect to their on-premises data. This made their applications more accessible by all and created a working hybrid environment for their data.
We deployed AWS infrastructure services, including Amazon CloudWatch to monitor resources and trigger responses to changes in the environment.
Management of Resources
The services in AWS monitor both on-premises and AWS cloud environments. The time to build components in the environment was significantly reduced and instances were saved as a template for repeatability.
FISMA Compliance Requirements Met for Self-Service Cloud Solution
Effectual enabled a Federal Government customer to set up a self-service cloud solution which is secure, compliant, and automated to scale up and down as necessary.
The Customer wanted to scale out compliant accounts to meet security concerns such as accessing only approved services, protecting centrally managed resources, and ensuring logging and change activity was being captured. The overall issue was ability to consistently provision AWS accounts in a scalable fashion and manage them over time, keeping them up-to-date with newly approved AWS Services. The goal was to provide secure and compliant cloud hosting options while setting up a customer self-service solution.
We assisted the client in creating their entire environment from Infrastructure as Code while implementing a strict change control processes via GitLab. Custom pipelines were created based off the CI/CD framework for structured code. Overall the entire process was automated, eliminating the scalability issue of provisioning accounts. Our resources worked directly alongside the agency resources to document and achieve a FISMA Moderate ATO.
The customer was able to quickly provision accounts in a consistent method across multiple geographical locations and regions. The entire environment can be deployed in one hour.
We enabled the customer to securely provision their own infrastructure, standardized methodology, and least-privileged architecture. This methodology ensures security in the cloud for the client.
Management of Resources
The services in AWS monitor both on-premises and AWS cloud environments. The time to provision new accounts was reduced from a month to one minute. The deployments are now consistent and can be saved for later use.
Effectual delivered a mission-critical solution to a client that ensured the delivery of UAV imagery taken from infrastructure towers that were used to alert high risk fire areas of a wildfire and other natural disasters.
Our customer required a move from its on-premises infrastructure to a centralized Cloud environment in AWS. They looked to us to handle high availability architecture and fault tolerance to meet workloads over many geographical locations. We automated common activities such as change requests, monitoring, patch management, security, and backup services, and provided full-lifecycle services to provision, run, and support enterprise infrastructure.
We provided a client with Technical Amazon Web Services Infrastructure architecture to deliver a comprehensive, secure, and cost-effective hosting solution for supporting their efforts with Pacific Power. In addition, our team delivered Managed Services for the customer’s AWS environment. This assisted with the client’s ability to deploy drones to inspect the infrastructure of electrical towers and ensure their efficiency in wake of natural disasters.
The implementation of Amazon CloudWatch Events for serverless workflow to trigger Lambda functions. Drones are programmed to deploy and inspect electrical towers to ensure that they are performing correctly.
We created a proprietary AWS-hosted solution in order for the customer to lower costs by running their workloads in the cloud. Our team assisted the client to utilize cloud purchasing options and offerings to meet their technical requirements while remaining cost-efficient.
We configured EC2 instances that ensure adequate capacity to meet traffic demands and compute capacity. The implementation of automated launch configurations to allow the client to quickly launch and/or scale application severs in target environments in the future.
RFD & Associates, Inc., is an IT Technical Services Company with over 30 years of experience delivering IT solutions to public and private sector clients.
RFD delivers solutions from Mainframe to Mobile and everything inbetween. They have helped hundreds of organizations design, build, purchase and implement optimal technology solutions to achieve business goals. RFD needed help designing and developing a scalable, Amazon Web Services (AWS) cloud hosted, multi-tenant web and mobile friendly application. The proposed solution had a requirement to integrate with external APIs to ensure flexibility for future enhancements and integration with third-party tools. The application was also required to be compliant with Personally Identifiable Information (PII) and the U.S. Health Insurance Portability and Accountability Act (HIPAA) security.
Effectual Provided Guidance in the following areas
AWS design and architectural services to include making RFD’s multi-tenant hosting environment PII/HIPAA compliant
Provided AWS Training and best practices guidance on how to leverage AWS resources
Assisted in helping RFD achieve its defined goals:
Identify the challenges presented in third-party hosting of AWS.
Evaluate the use of cloud services to meet RFD business and technical requirements.
Determine portable containerization services.
Evaluate architectural decisions in AWS Commercial and GovCloud Regions.
A four-phased approach was developed to implement an AWS hosted environment for RFD:
Phase 1: Discovery, AWS Service Selection, and PII/HIPAA Security Requirements Determination.
Phase 2: AWS Foundation Build. Provisioned appropriate environments and access; established AWS accounts
Phase 3: AWS Service Build. Provisioned AWS services to include: EC2, Route53, S3, WAF, etc.
Phase 4: Process Documentation and Environment Review. Created AWS documentation of resources and provided reports on overall solution, security and cost.
We configured EC2 instances that are PII/HIPAA compliant ensuring adequate capacity to meet traffic demands and compute capacity. In addition, we implemented automated launch configurations to allow RFD to quickly launch and/or scale application severs in target environments in the future.
Security & Compliance
The implementation of AWS Compute, Storage, and PII and HIPAA compliant Database services to ensure the security of sensitive data used in the environment.
To maximize the functionality of many services, AWS CloudWatch was configured to help RFD set thresholds/alarms to monitor custom metrics for auto-scaling needs.
Digital Transformation Journey of a Global Restaurant Chain
A year long cloud transformation from a global network of physical data centers used to run company systems and applications.
One of the world’s largest restaurant chains offers technology services to its stores and franchisees that perform functions as diverse as POS systems, store management systems, data analysis and predictive analytics, digital advertisement and e-commerce and customer engagement platforms.
Their IT organization uses a small core staff with limited resources supported by a network of service providers and partners to fulfill key IT roles. Traditionally, the company used a global network of physical data centers to run their applications.
The company engaged with members of our team on key transformation initiatives
Need to build environments faster and with more flexibility than what traditional infrastructure in a data center could provide
Need to decouple scale up / out decisions from development cycles to speed the development process (get new apps and update apps faster)
Address local needs while maintaining global standards
Reduce CapEx to increase financial flexibility and agility
Lack of internal expertise in implementing and managing a global, enterprise public Cloud environment
Need to tie costs to specific internal projects and teams while benefiting from economies of scale
Following the completion of this engagement a prominent financial analyst commented: “The company is establishing a first-mover advantage with digital that can drive sustainable share gains in late 2017 and beyond.”
Reduced time to deploy infrastructure from 60- 120 days to minutes
Implemented Cloud automation for some workloads to enable same day deployments
Enabled global deployment of resources in AWS regions close to end customers / users to increase performance and decrease latency
20-50% cost reduction on next generation deployments for customer engagement and data warehouse projects vs. traditional models
Enabled internal bill back of resources in AWS to specific projects and teams
Following the completion of this engagement a prominent financial analyst commented: “company is establishing a first-mover advantage with digital that can drive sustainable share gains in late 2017 and beyond.”
A longtime leader in golf equipment and apparel needed to find an alternative disaster recovery solution for a new ERP system.
Finding itself with a number of legacy IT systems, the company was looking to upgrade their infrastructure in a number of areas. With an upcoming planned elimination of a corporate disaster recovery support platform, IT management saw an opportunity to investigate alternative solutions for their DR requirements.
“We wanted to upgrade our disaster-recovery capabilities in order to mitigate the chance of data loss in our mission-critical, enterprise resource planning or ERP system,” said the Director of Infrastructure and Services.
“We were looking at the concept of continuous data protection in both our onsite production and DR environments,” he added. The company also wanted to incorporate newer technology, which would allow for quickly scaling memory size, CPU and disk space – without having to purchase incremental hardware.
While they were using nightly backup and data replication for disaster recovery, the company envisioned a solution with a lower recovery point objective (RPO) through continuous replication. They required a best-of-breed disaster recovery environment to match the 99.99 percent uptime of their new Oracle ERP solution.
The planned elimination of a legacy DR platform provided an opportunity to modernize.
“From the very beginning, we were talking about instances and hourly costs. This was an entirely diﬀerent approach from the colocation options we explored earlier.”
To achieve their vision of a scalable DR environment, the company needed to look beyond colocation. Our experts helped the company focus on finding a suitable DR as a Service and cloud solution.
“For a long time, we did not think our requirements would work with Amazon. We required private networking and multiple nodes to be replicated synchronously, that seemed to defy implementation at a public cloud provider,” said the director of infrastructure and services.
To facilitate disaster recovery of its ERP database, the company decided on an Oracle Limited disaster recovery optimized solution. “We learned that the Oracle Limited solution was available to us at no cost when in sleep or standby state.”
AWS is an authorized cloud platform for Oracle — one of a very small number of approved cloud vendors.
It was the flexibility and willingness to share its operations expertise that attracted the company to effectual’s team. “From the very beginning, we were talking about instances and hourly costs. This was an entirely diﬀerent approach from the colocation options we explored earlier.”
An economical cloud-based, disaster-recovery environment oﬀering the potential to do more with less.
The company deployed the architecture for its disaster recovery platform on Amazon Web Services. “We can even move between various Amazon data centers if needed for changing protection requirements – without incurring any data transfer charges.”
The effectual team was able to build a custom, and cost-eﬀective, DR environment harnessing the power of AWS. The company had a highly specific use case for the deployment of cloud resources for disaster recovery in an AWS environment. It was an ideal opportunity for Effectual to architect and secure an optimized solution at scale.
Transforming an existing legacy environment and building it natively on AWS.
A leading social media company’s apps explore the humanness of people instead of simply quantifying how good they are, or judging how professional their work may be. Users can upload their work directly to their platform, using it to edit photos, with enhancements – including white-balancing, filters and journaling – readily available. One user documented his mother’s fight with cancer, displaying the emotions he and his family felt during a very trying time.
In 2015, the company acquired a platform that creates tangible photo books, prints and gifts for digital photos. The platform was using a non-native environment and didn’t believe it was the right strategic technology in the long term. The combined companies have more than 30 million monthly active users across its platform consuming 5 billion images. Reliable infrastructure users can depend on is essential. The company wanted to work with experts who to help them transform their existing legacy environment and build it cloud natively on AWS.
30 million monthly active users consuming 5 billion images
Reliable infrastructure users can depend on is essential. The company wanted to work with experts who to help them transform their existing non-native environment and build it cloud natively on AWS.
The companies DevOps team is very capable – they had significant experience with Chef, using it to configure their servers and developer machines – but the transformation to AWS required resources the team just didn’t have.
The transformation to AWS required resources the company’s team just didn’t have.
30 million monthly active users consuming 5 billion images.
Reliable infrastructure users can depend on is essential. The company wanted to work with experts who to help them transform their existing non-native environment and build it cloud natively on AWS.
Since migrating to AWS, the company has seen great benefits: “Operationally, AWS is faster and more configurable than what was being used,” said the VP of Engineering at the company. “The new environment is faster, more reliable, and cost efficient. All three are pretty important things!”
Most importantly, this solution had a big impact on the stability of the company’s platform and by extension, it’s brand. Previously, the platform had experienced random reboots on several occasions. The successful transition to AWS allowed them to have confidence going into the holiday season, their most important quarter of the year. Confidence in the reliability and performance of their platform allowed the company to focus on maintaining a great experience for their user community.
“The experts had both the attitude and the aptitude, and I feel as comfortable as I possibly could in having AWS as the long-term foundation for our infrastructure.”
Bring in the Experts
With the support of our experts the company was able to seamlessly migrate from its existing environment to AWS. From the start, the company was impressed with our experts knowledge and expertise. “They inspired a lot of confidence, and their team clearly had the technological expertise,” said the VP of Engineering. “We knew they could get the job done.”
Our experts leveraged their extensive experience with Vagrant and Packer to build a strong foundation for the company’s cloud native environment. This enabled the company to emulate the user experience of their members. The insights they gained helped them improve their product, streamline their operations and deliver an optimized user experience.
“Technology expertise is the number one thing we look for when hiring an outside firm,” said the VP of Engineering. “The experts had both the attitude and the aptitude, and I feel as comfortable as I possibly could in having AWS as the long-term foundation for our infrastructure.”