How did Relevance Lab migrate their AWS Cloud workloads to a modern Security Governance platform with AWS Cloud Endure, AWS Control Tower and Automation-First approach?
Click here for the full story.
With need for business agility in the current challenging times, we leveraged Shopify cloud platform to help roll out a new Digital Commerce solution for our key customer.
Click here for the full story.
With the growing need for cloud adoption from various enterprises, there is a need to move end-user computing workload and traditional data center capacity to the cloud. Relevance Lab is working with AWS partner groups to simplify the cloud adoption process and bring in best practices for the entire lifecycle of Plan-Build-Run on the cloud. Following is the suggested blueprint for cloud adoption and moving new workload on to the cloud.
CloudEndure to enable automated Cloud Migration
AWS Control Tower is used to set up and govern a new, secure multi-account AWS environment
AWS Security, Identity and Compliance
AWS Service Management Connector for ServiceNow with Service Catalog management
AWS Systems Manager for Operational Insights
RLCatalyst Intelligent Automation
As part of our own organization’s experience to adopt AWS for both our workspace and server needs, we have followed the following process to cater to needs, of multiple organization roles.
Since we already had an AWS Master account but did not use AWS Control tower initially, the steps followed were as follows.
Setup & launch AWS Control Tower in our Master Account and build multiple Custom OUs (Organizational Units) & corresponding accounts using account factory
Use CloudEndure to migrate existing workloads to the new organizations under Control Tower
For two different organizational units, there is a need to publish separate service catalogs and access to the catalogs controlled by User Roles defined in AD integrated with ServiceNow. Based on the setup only approved users can order items relevant to their needs
Used AWS Service Management Connector to publish the catalogs and integrate with AWS resources
Implementation of RLCatalyst BOTs Automation for 1-Click provisioning
Different guardrails for workload being provisioned for AWS Workspaces and AWS Server Assets based on organization needs
Management of AWS server assets by AWS Systems Manager
Mature ITSM processes based on ServiceNow
Proactive monitoring of workspaces and servers for any incidents using RLCatalyst Command Centre
Based on our internal experience in adopting full-lifecycle of Plan-Build-Run use cases, it is evident that multiple solutions from AWS integrated with ServiceNow and automated with RLCatalyst product provides a reusable blueprint for intelligent and automated cloud adoption. Answering the following quick questions can get your Cloud adoption jumpstarted.
List down your desktop assets and server assets to be migrated to the cloud with an underlying OS, third party software and applications
Designing your AWS Landing zone with security considerations between public- facing and private facing assets
Designing your networking elements between your organization’s business unit segmentation of assets and different environments needed for development, testing and production
List down your cloud cost segmentation and governance needs based on which a multi-organization setup can be designed upfront, and granular asset tags may be implemented
Capacity planning and use of Reserved Instances for Cost optimization
User Management and Identity management needs with possible integration to existing Microsoft AD infrastructure (On-Cloud or On-Prem) and Single Sign-On
Capture the needs from the IT department to provide the organization with Self-Service Portals to be able to Order Assets and Services in a frictionless manner with automated fulfilment using BOTs
The use of Systems Manager, Runbook design & automation and Command Center are used to proactively monitor any critical assets and applications to manage incidents efficiently
Ability to provision and deprovision assets on-demand with automated templates
Automation of User Onboarding and Off-boarding
ITSM Service management with Change, Configuration management database, Asset Tracking and SecOps
Disaster Recovery strategy and internal assessments for readiness
Cloud Security, Vulnerability testing, Ongoing patch management lifecycle and GRC
DevOps adoption for higher velocity of achieving Continuous Integration and Continuous Deliveries
Most organizations moving to cloud is a competency discovery process which lacks best practices and a maturity model. A better approach is to use a solid framework of technology, people and processes to make your cloud adoption frictionless. Relevance Lab with its pre-built solution in partnership with AWS and ServiceNow can help enterprises adopt cloud faster.
Working with a large enterprise customer supporting B2B and B2C business we leveraged Shopify to launch fully functional e-commerce stores enabling new digital channels in a very short window. Post Covid-19 pandemic disrupting existing business and customer reach, large companies had to quickly realign their digital channels and supply chains to deal with disruption and changes in the consumer behaviour. Businesses needed to have a frictionless approach to enable new digital channels, markets and products to reach out in a touchless manner while rewiring their backend fulfilment systems to deal with the supply chain disruptions. Relevance Lab worked closely with our customers during these challenging times to bring in necessary changes of empowering e-commerce, enterprise integrations, and supply chain insights helping create and maintain business continuity with a new environment.
The existing customer had invested in a full fledged but heavy e-commerce platform that was slow and costly to change. With Shopify we quickly enabled them to achieve setting up a fully functional e-commerce store in Canada with standard integrations with region specific context and positive revenue impacts.
It all boiled down to identifying an e-commerce platform which
Is easy and fast to set-up
Is secure and scalable
Incur least total cost of ownership
Provides the convenience to shop on multiple devices
Customizable as per requirement
We have configured the Shopify built-in theme to meet branding requirements and purchase workflows. Payment was enabled through multiple channels, including credit card, PayPal, and GPay. The store was also multilingual supporting two languages x`– English and French. We were able to go live in just four weeks and provide complete functionalities covering over 500 products delivered with a very cost optimized Shopify monthly subscription plan.
In parallel to building the storefront, the operations team simultaneously enabled
Adding new products to the online store
Configuring tax/discounts
Configuring customer support
Validating standard reports such as sales reports etc
The merchant had a complicated tax calculation GST, PST, QST across 13 regions which were simplified by the out of the box country-specific tax configuration in Shopify.
Feature Configuration and Customization Details
Customization of Shopify theme to make the store stand out and look great on web and mobile
Extended store functionalities such as translation, user review, product quick view and product pre-order using apps from Shopify Marketplace
Shopify’s own payment provider to accept credit card payments
Blog publishing through Shopify native blog features to help customers make informed decisions
Enabled multiple languages from Shopify admin and created separate URLs for translated content
Shopify Fulfilment Network offered a dedicated network of fulfilment centers that ensure timely deliveries, lower shipping costs, and a positive customer experience
Shipping suite provides tools to calculate real-time shipping rates, purchase and print shipping labels, and track shipments
Using Shopify built in tax engine to automatically handle most common sales tax calculations
Shopify native Notifications Module to automatically sent email or SMS to customers for confirmation of their order and shipping updates
With minimal effort we have configured Shopify Email to create email marketing campaigns and send them from Shopify
Over 500 products were imported in a matter of minutes using the product Import feature. More advanced features including associating multiple product images to product and meta data were out of the box
Advanced store navigation was configured using collections and tags which helped customers to easily discover products of their choice
Shopify’s analytics and reports provide means to review store’s recent activity, get insight into visitors, analyze online store speed, and analyze store’s transactions
Solution Architecture Key components of Shopify platform are
Partner Dashboard: This provides capabilities including API credentials, track metrics for your published apps, create development stores, and access resources that help you to build your business
Shopify App CLI: Bootstrap a working Shopify app with Shopify command-line tool
Shopify App Generator for Rails: A Rails engine for building Shopify apps
App Bridge: JavaScript library to embed your app seamlessly in the Shopify admin
Shopify Admin API Library for Ruby: A handy software to simplify making Admin API calls in Ruby apps
Shopify Admin API Library for Python: A Python library to simplify making Admin API calls in Python apps
Shopify Admin API GraphiQL explorer: Interactive tool to build GraphQL queries using real Shopify API resources
Shopify Storefront API GraphiQL explorer: Interactive tool to build GraphQL queries for Shopify’s Storefront API
JavaScript Buy SDK: Add Shopify features to any website
Android Buy SDK: Add Shopify features to Android apps
iOS Buy SDK: Add Shopify features to iOS apps
Polaris: Create great user experiences for your apps with Shopify’s design system and component library
Leveraging the above standard Shopify components, the solution was delivered with following storefront architecture.
Relevance Lab Differentiator
Relevance Lab empowers Digital Solutions covering e-commerce, Content, CRM and E-Business. Within e-commerce platforms there are deep specializations on Salesforce Commerce Cloud, Adobe Experience Manager, Shopify.
With a complementary expertise in Cloud Infrastructure, Business Analytics and ERP Integration we help our customers achieve the necessary flexibility, scalability and cost optimization to adopt Cloud platforms covering SAAS, PAAS and IAAS. Based on the context of the business challenge, we provide an end to end perspective in identifying areas of friction and leveraging technology to address the same. In this case there was a quick recovery from Covid-19 induced disruptions and a solution was delivered at a fraction of regular costs with quick ROI achieved. The collaborative approach to deeply understanding customer business problems, ability to consult on multiple solutions and bring in deep expertise to enable the outcome is part of Relevance Lab unique capabilities.
For more details on how we have help achieve frictionless digital business and leverage Cloud based platforms like Shopify for e-commerce feel free to contact marketing@relevancelab.com
Fast-track Cloud adoption with the AWS End User Computing model to have secure and frictionless workspaces for remote working.
Click here for the full story.
Amazon WorkSpaces is a simple to use, cloud based, managed secure Desktop solution. It is a one click deployment product which is available on Windows and Linux operating systems. The main advantage of using Amazon WorkSpaces is as follows.
Easy to provision, Desktop as a Service (DaaS)
Provision, de-provision and lifecycle management using your existing ITSM (ServiceNow, Jira Service Desk or Freshservice)
Extend your existing On-Premise Desktops/Laptops with the AWS Workspaces and manage it centrally
Secured data with reliable, High Availability enabled Desktop solution
Cost effective and on-demand flexibility
Manage and scale up or scale down based on the business need in a centralized way
Accelerate deployment at scale
Need for a secured and effective Cloud End User Computing Model
Amazon WorkSpaces helps in adopting a secure, managed cloud-based virtual desktop model to fulfil your End User Computing (EUC) IT requirement needs. Also, it ensures Organizations move away from the pain of procurement, deployment, and management of a complex environment. The traditional method also has a challenge where the hardware and licenses can be scaled up with additional cost, in case of a need but cannot be scaled down and ends up with unwanted cost in case of seasonal spike. Amazon WorkSpaces help organizations scale up and scale down based on demand and deploy at scale with few click deployment models and with enhanced security of your cloud Desktop. Relevance Lab’s pre-baked solution helps your IT team who has minimal knowledge on AWS adopt DaaS solutions with usage of ITSM platforms or custom Cloud Portal.
Best Practices of Network design for Amazon WorkSpaces
VPC
It is recommended to use a separate VPC for your WorkSpaces implementation. This helps us define the required governance and security guardrails by creating traffic separation.
Directory Service
Each AWS Directory service build requires a pair of subnets for high availability across Amazon availability zones.
Subnet size
Subnet sizes are permanent and cannot be modified and hence need to plan for future capacity. You can define a default security group to your directory services which implies it to all the WorkSpaces under this directory services. Additionally, you can have multiple directory services use the same subnet.
Network Connectivity
Whether you are looking for a pure cloud solution for your AWS WorkSpaces or planning to integrate with your existing on-prem setup, AWS helps achieve both using multiple options as below.
Option 1 – Extend your existing directory to the AWS Cloud.
Option 2 – Utilize your existing on-premises Microsoft Active Directory by using AWS directory Service, AD Connector.
Option 3 – Integrate your on-premise server with AD Connector to provide multi-factor authentication (MFA) to your WorkSpaces.
Option 4 -Create a managed directory with AWS Directory Service, Microsoft AD or Simple AD, to manage your users and WorkSpaces.
Observability of AWS WorkSpaces
This deals with managing lifecycle from creation, usage and termination in an optimal manner. This covers following three areas.
Security and Governance
As per AWS best practices, every individual user account should be set up with AWS IAM roles with right permissions and enable multi-factor authentication (MFA) with each account. Different WorkSpaces on the same physical host are isolated from each other through the hypervisor as though they are on separate physical hosts.
Health Monitoring
CloudWatch Metrics for WorkSpaces gives an insight to the overall health and connection status of all WorkSpaces. This can be per Desktop or aggregated for all WorkSpaces within a Directory. Apart from the default metrics, you can also enable additional metrics.
Cost Optimization
AWS WorkSpaces billing is based on usage and there are 2 options to choose by default.
AlwaysOn – This is the best option when you are a monthly billing mode, and your usage is typically around 6 to 9 hours a day.
AutoStop – This is the ideal option when you are on hourly billing. You can have the WorkSpaces stop after a specified time of inactivity which stops the billing.
One of the best practices is to monitor the usage of the WorkSpaces running mode using Amazon WorkSpaces Cost Optimizer. This solution uses an Amazon CloudWatch event that invokes an AWS Lambda function every 24 hours. This can then convert your WorkSpaces to the most cost-effective model from the next billing cycle. (Hourly to Monthly or Monthly to Hourly) based on your usage pattern.
Automation
WorkSpaces provisioning can be automated using your existing ITSM platforms like ServiceNow, Jira, ServiceDesk or Freshservice.
There are existing connectors like AWS Service Management Connector and RLCatalyst Service Management Connector providing end to end automation.
Relevance Lab is a specalist AWS partner for Desktop as a Service using AWS Workspaces. It has implemented Workspaces with its pre-integrated, secured and matured solutions for its clients using their existing ITSM tools. This has helped customers for a faster adoption of cloud and promoted the cost optimization journey. Relevance Lab’s DaaS solution offering starts with an assessment questionnaire that can help your organizations understand the need to migrate to a secured, scalable and matured solution. Based on the assessment scorecard, we recommend the right solution based on automation, security, governance and compliance model.
This blog refers to the standard Desktop as a Service using AWS Workspaces. In more advanced scenario’s adoption of DaaS also involves additional steps like Storage, Log Monitoring, Security Analytics (SIEM, SOAR), Mail and Office suite options, Container Deployment and Application security signing which will be covered in a separate blog.
We use cookies on our website to provide you with a more relevant experience. To learn more about how we use cookies and how you can manage your cookie settings, please refer to our Privacy.
We do not collect and sell your personal information.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You can opt-out of non-necessary cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
