Case Study: Paltech - Networking for complex environments with multiple VPCs and AWS accounts
FTI - A Comprehensive AWS deployment partner in Vietnam market
Paltech is an Outsourcing company who responsible for build up and manage end-customers’ products in Europe. Paltech’s core DevOps and Infrastructure teams are based in Vietnam.
✅ Challenges of Paltech
Paltech wanted to apply the modern cloud-native applications that utilize a microservices architecture to ensure scalability and resilience. Kubernetes offers an easy way to manage, scale, and deploy microservices and provides APIs and tools to enable rolling updates and improve logging and monitoring capabilities. Moreover, Kubernetes works well with their existing CI/CD tools such as Jenkins and Docker and helps improve automation and resource management in the CI/CD pipeline.
Due to its aging on-premises infrastructure, Paltech chose AWS as their cloud infrastructure to migrate workloads and deploy their modern cloud-native applications. While planning for this migration project, Paltech faced these 05 challenges that required a partner with high expertise in Networking, and capable of AWS Networking in Vietnam:
1. Accelerating and protecting (and demand private connectivity) VPN Site-to-Site connection from Paltech’s office to AWS Ireland region for multiple AWS accounts.
2. Reducing the latency and data egress costs when connecting via VPN Site-to-Site connection.
3. Improve the security of network traffic across VPCs and inter-region peering.
4. There were some subnets and VPCs in QAT, MGT, STG and Production environments that overlapped CIDR with end-user (Paltech customer)’s VPCs and too risky for changing due to compliance and required a best practices to avoid this issue.
5. Public endpoints for EKS nodes but not publish the instances and meet the requirements of enhanced networking connections.
✅ FPT Telecom International's Solution
Use AWS Direct Connect + AWS Transit Gateway + AWS VPN Site-to-Site
- AWS Direct Connect is the qualified solution of FPT Telecom International (FTI) which provides both last-mile connectivity from Paltech’s office to nearest AWS Direct Connect locations (Equinix and Global Switch) (High resiliency model)
- AWS Transit Gateway is used to simplify the networking connection and support inter-region transit gateway peering between ap-southeast-1 and eu-east-1 region and between multiple Amazon VPC.
- AWS VPN is used to secure the VPN Site-to-Site connection.
- Our AWS DX monitor is based on this project: https://github.com/awslabs/aws-dx-monitor. Our giamsat247 monitoring system is configured to send the notification emails to the customer when issues occur at last-mile and MPLS infrastructure.
- Other related AWS services: Amazon VPC, Amazon CloudWatch & CloudWatch Events
Encrypt the connection from the office to AWS Regions
- Encrypt all the traffic leaving AWS physical premises and use MACSec layer 2 encryption for traffic over the Direct Connect.
- AWS Transit Gateway to encrypt traffic using AES-256 encryption at the virtual network layer as it travels between Regions.
- Other related AWS services: Amazon VPC
Use AWS Transit Gateway and AWS PrivateLink to avoid overlapping CIDR
- FTI performed the networking evaluation and IP re-planning for further scaling purposes.
- FTI consulted Paltech to connect the application via endpoint service (powered by AWS PrivateLink) and applied with AWS Transit Gateway to integrate workloads on EKS to solve overlapping CIDR challenges while preserving routable IP addresses.
- Use AWS PrivateLink powered endpoint service to share Kubernetes service and ingress (NLB) with end-customer’s VPCs in separate accounts.
- Other related AWS services: Amazon VPC, Amazon CloudWatch & CloudWatch Events, AWS Service Endpoints, AWS NAT Gateway.
Integrate AWS Network Load Balancer with Nginx reverse proxy to publish port 80/443
- FTI used AWS NAT Gateway to present the workload nodes in the private subnets.
- Because the customer did not want to use Application Load Balancer due to project requirements not being met, NLB and Nginx reverse proxy were what FTI came up with to solve the challenge.
- Using AWS Network Load Balancer to publish port 80/443 and integrate Nginx reverse proxy to handle traffic going to backend nodes.
- Enhanced Networking is enabled.
- Other related AWS services: Amazon VPC, Elastic Load Balancing (ELB), EC2/ECS Enhanced Networking.
✅ Outcomes & Benefits
⭐Support Paltech to meet the requirements of network security management in ISO 27001:2022.
⭐Reduce the latency and lagging issues when remoting and connecting to AWS Ireland region up to 50%.
⭐Reduce the data transfer out costs when downloading the files, images... via AWS VPN Site-to-Site connection from AWS accounts by 30%.
⭐Achieved the non-overlapping IP ranges for each VPC being connected.
⭐Publish the endpoints for EKS nodes.
⭐Simplify the networking connection between VPCs and AWS accounts.
⭐Receive comprehensive networking connectivity and dedicated support from FTI team.
✅ About FPT Telecom International (FTI)
⭐FPT Telecom is an AWS Advanced Technology Partner. Since January 2021, FPT Telecom has become Amazon Direct Connect Delivery Partner of AWS in Asia Pacific (APAC). From January 2, 2022, FPT Telecom becomes AWS Advanced Tier Services Partner providing AWS consulting, payment and Managed Service solutions.
⭐In March 2022, FPT Telecom was the first partner in Vietnam to achieve AWS Networking ISV Competency, this certification validates a partner's ability and in-depth experience in consulting, implementing, and administering AWS Direct Connect. Moreover, FPT Telecom is also an AWS Public Sector Partner, certification has experience in providing solutions to government, educational and non-profit organization clients throughout the Vietnam region and around the world.
⭐Information overview of FPT Telecom on APN: https://partners.amazonaws.com/partners/0010h00001cCj5aAAC/
#aws #FPTTelecom #spp #solutionprovider
Hotline: 1900 6973 — Sales: 090.745.1357
Email: [email protected]
Business registration certificate number:
0305793402 first issued by the Department of Planning and Investment of Ho Chi Minh City on May 22, 2008
COPYRIGHT © 2022, FPT TELECOM INTERNATIONAL