SunRun approached ClearScale, an AWS Premier Consulting Partner, with a request: they needed to identify gaps in architecture design, define the steps necessary to execute the migration to Docker and Amazon EC2 Container Service (ECS) on Virtual Private Cloud (VPC) as well as bolster the security for all their data. Unlike other ClearScale engagements, this particular one was truly a partnership as SunRun collaborated with ClearScale during the migration process.
This benefited both parties as it allowed ClearScale to provide guidance on the migration process while enabling SunRun to participate in the actual migration. SunRun’s requirements for the new solution included: reducing costs, bolstering data security, leveraging agile micro services and speed-up the deployments.
ClearScale started the project by evaluated SunRun’s business goals and researched the best possible approach on how to leverage Amazon EC2 Container Service (ECS) on Virtual Private Cloud. This research resulted in an extensive documentation process designed to provide insight into to how best accomplish a successful deployment, migration, identify gaps in the design, and the steps necessary to execute the migration.
ClearScale presented a deployment infrastructure based on Elastic Beanstalk. Docker instances were implemented on Amazon EC2 Container Service (ECS) to automate the CloudFormation process into SunRun’s overall architecture. Not only did this allow SunRun the ability to deploy a process to stand up unique environments conforming to pre-defined criteria, but it also enabled the ability to deploy redundant environments in different geographic zones. ClearScale suggested best practices for deploying Jenkins, presented baseline Cloud Formation templates and more.
The collaboration between ClearScale and SunRun also involved a detailed analysis of solutions designed to protect secure information and keys. Under consideration was Vault and Confidant, two solutions designed to handle any number of secure data, API information, private key information and encryption information.
Starting with Confidant, ClearScale teams extensively researched best practices on how to properly implement a solution, defined the prerequisites in part with SunRun and then deployed the solution to an AWS ECS environment. Although Confidant is an open-source solution, it chooses to rely heavily on AWS features to create a more integrated experience. It leverages AWS Key Management Service (KMS) to make certain that master encryption keys cannot be stolen, it enforces the concept of not sharing authentication credentials with clients by making sure that any authentication credentials that are generated don’t need to be trusted through less-than-trustworthy metadata, thus ensuring a complete end-to-end encryption solution.
In contrast, the Vault solution provides a different approach. Although it does offer similar approaches to encrypted key management, it’s agnostic; this means that the solution could be deployed to any Cloud solution if properly configured. It is able to manage any sort of database credentials, API information, and providing the ability to generate credentials on-demand for specific security needs. In addition, Vault enforces lease contracts with clients to ensure that any keys shared with clients have a limited lifespan in which to be used or they can be revoked at will. Like Confidant, the ClearScale team used the prerequisites to in turn to help create automated scripts that were used to generate CloudFormation templates. These were then deployed to the same type of ECS instance like the Confidant solution before. ClearScale also assisted in migration from their existing MySQL implementation to AWS Aurora.
ClearScale helped SunRun create an efficient and secure architecture design that helped set them up for success. This close collaboration helped the SunRun’s team save time and provided a sizable amount of knowledge transfer between the companies. This also empowered both parties to explore new and unique ways to solve complex cloud challenges. The end result of this collaboration was a production-ready solution that the SunRun team was intimately familiar with and could scale and evolve further as their business grows.
At ClearScale, an AWS Premier Consulting Partner, our goal is not simply to provide a solution for a client’s specific needs. We believe in providing guidance, knowledge and ownership of a solution so that our clients will understand how to manage it and become successful.