Safehub is a San Francisco-based company that provides real-time, building-specific earthquake damage information to expedite emergency response and recovery. Using easy-to-install, affordable sensors combined with advanced data analytics, Safehub calculates damage estimates for individual buildings and portfolios within minutes after an earthquake. Through the cloud-based Safehub Global Platform, building owners have immediate access to actionable data - via text/email alerts and a web dashboard - that enable them to prioritize building assessments, focus resources, and resume operations as quickly as possible.
"Our partnership with ClearScale supported our ability to respond to market demands quickly, helping us deliver timely new features and products to market. We worked with ClearScale’s DevOps and application-development experts to implement a solid AWS solution, allowing us to focus on the innovative cloud platform that our customers depend on."
Safehub’s cloud-computing solution in early 2019 was split between AWS and Heroku. By using multiple cloud service providers, Safehub could not make desired improvements to its Global Platform that would enhance the value of its core offering. Safehub’s leadership team wanted to implement automation, utilize heterogeneous databases, and update legacy processes, but needed to advance their architecture to achieve these goals.
At the time Safehub was presented with this challenge, the business would have to disrupt existing functionality to achieve its goals. Safehub decided to search for a cloud expert with extensive AWS experience so that the organization could optimize its IT architecture entirely on a single platform. ClearScale, an AWS Premier Partner, fit the bill.
After learning about Safehub’s objectives, ClearScale developed a multi-layered plan that involved:
ClearScale set up two types of environments for Safehub: application and management environments, which are provisioned in separate Amazon Virtual Private Clouds (VPCs).
On the application side, ClearScale set up three environments for development, staging, and production resources. It was decided to make this separation logical, rather than physical, and to restrict access to each environment using a tagging strategy. Resources of every environment were tagged with the environment key name and a corresponding value – “Development”, “Staging”, or “Production”. The same tags were used in Identity and Access Management (IAM) policies to restrict or permit access to specific environment resources. This approach allowed for the creation of very compact infrastructure automation scripts and for new environments to be spun-up simply by changing a single input parameter.
The management VPC was set up for shared resources, such as Bastion hosts, logging solutions, virtual private network (VPN) solutions, and resources that only needed to be provisioned once. ClearScale also used the management VPC to deploy an OpenVPN instance for peering in order to establish a connection between the management VPC and each application environment.
As a result of these efforts, Safehub now has a single access point to all of its application environment resources. On top of that, the management VPC can be used in the future to deploy a more sophisticated VPN solution to flexibly manage permissions for the team.
On the IoT side, ClearScale set up Safehub’s application so that IoT devices only need to be registered once before they can publish to production IoT topics. To achieve this, production IoT rules were configured with the following actions:
By configuring the Global Platform solution in this way, Safehub can populate a database with real data from Production IoT devices on demand. When not required, staging and development IoT rules can also be disabled to stop messages from publishing to reduce the environment’s topic load.
Before working with ClearScale, Safehub used AWS Lambda, a cloud service that enables businesses to run code without provisioning or managing servers. However, some instances of Lambda were suffering from latency issues. ClearScale refactored elements of the IT infrastructure to address these problems.
In addition, the ClearScale team improved overall solution performance by consolidating two different database engines, RDS Postgre and DynamoDB, into Amazon Aurora, a relational database built specifically for the cloud. With Amazon Aurora, companies have a highly available, reliable, and commercial-grade database that automates burdensome administrative tasks, such as hardware provisioning and patching.
On the application development front, ClearScale proposed an Infrastructure-as-Code (IaC) approach and prepared continuous integration/continuous delivery CI / CD pipelines with Terraform. Terraform templates were implemented with a modular structure, which can be called multiple times, either within the same configuration or in separate configurations, allowing resource configurations to be packaged and re-used.
Additionally, pipelines were separated into frontend, backend, and Lambda lanes, which enabled ClearScale to update corresponding components independently to predict, create, change, and improve application infrastructure.
Each environment (Development/Staging/Production) is provisioned in a separate VPC. In addition to application environment VPCs, management VPC is provisioned for shared resources like Bastion hosts and logging solutions (e.g. S3 access logs bucket). Along with VPC, peering is established between management VPC and each application environment VPC it will provide you a single access point to all your application environments' resources.
IoT data Republishing
Thanks to ClearScale’s engagement, Safehub now has a secure, fault-tolerant, and high-load ready platform supported by a new AWS account. The solution is designed in accordance with AWS and modern DevOps best practices and uses an IaC approach to maximize efficiency.
ClearScale consolidated previously segmented databases in a robust Amazon Aurora database, making the entire system stable and efficient. In addition, AWS Lambda functions can work in several threads and perform async operations, thus minimizing potential downtimes. Internal communications also take less time to execute.
Additionally, Safehub can deliver new features and products to market much more quickly. End users can have access to data on the Safehub Platform, which is processed faster to make critical decisions to expediate emergency response and recovery. And by refactoring various components, Safehub is equipped to take full advantage of the cloud going forward. The company can respond to market demands, innovate with tremendous efficiency, and scale with its agile CI / CD pipeline.