Egany is the company creates button sets that optimize user experience, thereby helping to increase website conversions extremely effectively. Developed in 4 regions of AWS (EU, US, Singapore and Tokyo) to serve the global end-users on Shopify, eCommerce platforms across 4 countries.
With the need to develop to meet Egany's global customers, Egany needs to connect to AWS regions quickly and stably. Because Vietnam often has problems with undersea cables, causing VPN connections to become unstable. Besides, ensuring end user connectivity with the highest performance and lowest latency is the top goal.
Due to limited human resources, Egany is lacking personnel with a strong grasp of Networking to support the solution to solve the following concerns and challenges:
1. Need the VPN Site-to-Site to AWS environments across 4 regions with lowest latency and high performance, without using AWS Direct Connect.
2. Present instance only in the private subnet, administrator can only remote access via VPN Site-to-Site.
3. Serve static files and dynamic content for end-users in USA, Singapore, Europe and Tokyo with lowest latency.
4. Singapore is the hub regions with multiple VPCs and there is no centralized routing solution, in additional at least 8 VPCs peering between Singapore’s VPCs and VPCs in other regions, even other regions only have one VPC.
- We implemented the Site-to-Site VPN connection that uses AWS Global Accelerator to route traffic from your on-premises network to an AWS edge location that is closest to your customer gateway device.
- AWS Global Accelerator is used so we can create a new Site-to-Site VPN attachment to enable the acceleration of VPN connection.
- The Customer gateway devices are configured to allow only Private CIDR subnets (in the office) to remotely access to AWS environment via Site-to-Site VPN connection.
- AWS NAT Gateway is used, FTI migrated all of the instances to private subnets and connect to each NAT Gateway in each AZ.
- Other related AWS services: Amazon VPC, Amazon CloudWatch & CloudWatch Events
- We created an Amazon S3 bucket with policy to allow CloudFront to access the data from Amazon S3. Created an Amazon IAM Role for the web instances with dynamic content (origin) will assume. Finally created a CloudFront web distribution with two origins, to securely deliver the dynamic and static content to the users from the two origins.
- Since dynamic content includes personalized content, we configured CloudFront to forward certain HTTP cookies and HTTP headers as part of a request to customer’s custom origin server. CloudFront uses the forwarded cookie values as part of the key that identifies a unique object in its cache. To ensure that you maximize the caching efficiency, we configured CloudFront to only forward those HTTP cookies and HTTP headers that really vary the content (not cookies that are only used on the client side or by third-party applications, for example, for web analytics).
- The following headers are considered when configuring forwarding headers from CloudFront to a custom origin:
+ CloudFront-Is-Mobile-Viewer/Tablet-Viewer/Desktop-Viewer/
+ CloudFront-Viewer-Country
+ Connection
+ Cookie
+ Cache-Control
+ Host
+ X-Forwarded-For
- Egany can leverage the CloudFront locations that are connected to the highly resilient Amazon Backbone Network that provides superior performance and availability for connection to AWS origins, which helps in reducing the overall round-trip time required to establish a connection.
- Other related AWS services: AWS IAM, Application Load Balancer, AWS Route53, Amazon CloudWatch.
- We deployed a Transit Gateway as the centralized router in Singapore that help to simplify routing between VPCs in Singapore region and act as an entry point for traffic from VPC in other region connect to with IPsec VPN attachment.
- Use AWS Route53 and AWS Route53 Resolver endpoints are used. FTI created the Resolver rules and ability to use outbound endpoint to forward the requests defined by these rules to other AWS accounts’ VPCs (inbound endpoint is not shared). And inbound endpoint to forward requests from on-premises Domain server.
- Other related AWS services: Amazon VPC, Amazon CloudWatch & CloudWatch Events, AWS Service Endpoints
⭐Reduce by at least 30% costs compared to Internet Leased Line cost per month, leverage the power of AWS Global Accelerator and AWS Edge networks.
⭐Simplify the networking connection between VPCs and AWS accounts.
⭐Serve both static files and dynamic content to end-users in both 4 countries.
⭐Reduce efforts to check and configure the subnets to avoid overlapping IP range across 4 regions.
⭐Reduce the operational costs compared to hiring more Networking specialists to Egany's team. FTI can support the customer with our experience.
⭐Increase the security of surface attack when moving the workloads to private subnets.
⭐FPT Telecom is an AWS Advanced Technology Partner. Since January 2021, FPT Telecom has become Amazon Direct Connect Delivery Partner of AWS in Asia Pacific (APAC). From January 2, 2022, FPT Telecom becomes AWS Advanced Tier Services Partner providing AWS consulting, payment and Managed Service solutions.
⭐In March 2022, FPT Telecom was the first partner in Vietnam to achieve AWS Networking ISV Competency, this certification validates a partner's ability and in-depth experience in consulting, implementing, and administering AWS Direct Connect. Moreover, FPT Telecom is also an AWS Public Sector Partner, certification has experience in providing solutions to government, educational and non-profit organization clients throughout the Vietnam region and around the world.
⭐Information overview of FPT Telecom on APN: https://partners.amazonaws.com/partners/0010h00001cCj5aAAC/
#aws #FPTTelecom #spp #solutionprovider
Hotline: 1900 6973 — Sales: 090.745.1357
Email: [email protected]
Business registration certificate number:
0305793402 first issued by the Department of Planning and Investment of Ho Chi Minh City on May 22, 2008
COPYRIGHT © 2022, FPT TELECOM INTERNATIONAL