Showcases
.svg){kind=logo}
Tech Service VI-III-Solution Architecture-Zack Chong
In this article, we will describe how the MetaAge Digital AWS MSP technical team assists Odysseus Digital to monitors and manages their infrastructure on AWS. MetaAge has a team of architects and maintenance operations with high technology skill to support customers who want to deploy AWS services or further value-added services such as managed maintenance, application software development, API integration, cloud integration, etc.
MetaAge Digital (formerly Sysage Technology) officially become an AWS Managed Service Provider (MSP) in 2022 to provide professional AWS cloud consulting services and cloud managed monitoring services, which can bring more value-added professional services to enterprises or startup company.
In addition to assisting customers to deploy services such as IaaS, PaaS or SaaS in the cloud, MetaAge Digital also provides value-added services such as Cloud Managed Service, API integration, cloud migration, and cloud-to-cloud integration. At present, several customers have been entrusted by MetaAge Digital to host and monitor the customer's cloud architecture. This article will introduce how Odysseus Digital uses the AWS hosting and monitoring services provided by MetaAge Digital to detect and solve related problems.
"New company, experienced team" is the best portrayal of Odysseus Digital Co., Ltd... Odysseus Digital is start by a group of members who have more than 10 years' experience of information planning and system/network integration. In order to start their own business, they established Odysseus Digital in 2009 to provide their customer with latest and best IT system integration services.
Odysseus Digital has a on-premises basic three-tiered service. During use, there have been several problems that were not be found immediately, such as the hard disk capacity is occupied by system logs or temporarily generated application Files, due to unexpected access traffic causes high CPU and RAM usage, resulting in no response from related services. Odysseus Digital will not be able to build or relocate more application architectures to AWS until these problems had been resolved. Therefore, MetaAge Digital assisted Odysseus Digital to migrate the on-premises architecture to AWS and provided a monitoring system based on AWS Monitor Best Practice and its corresponding 24-hour enterprise war room (EWR) to ensure that Odysseus Digital could be in our system and get notified when exceptions occur.
There are two next-generation monitoring (NGM) services provided and developed by MetaAge Digital Solution Technical VI-III(ST630) which is performance monitoring and security monitoring. We use AWS service to deploy our monitoring system such as, use AWS CloudFormation modular deployment method to establish an IAM role and service is required by our monitoring system on the customer's AWS account, authorize calls to the AWS API to collect and create alarms, and monitor the infrastructure, workload health, performance data for applications and multiple components in real time. MetaAge digital monitoring system provides complete infrastructure monitoring, such as detailed indicators such as CPU, Ram, Disk Usage and Disk Current Available Space, and other monitoring indicators can be added according to customer needs.
1. Monitoring of infrastructure
MetaAge Digital's AWS team assisted Odysseus Digital in migrating the original three-tier architecture application to AWS and provided it with a complete monitoring solution. For example, in addition to monitoring the basic capacity data of the EBS mounted on AWS EC2, the related system will predict the growth rate of the hard disk usage, and the MSP maintenance personnel will regularly check the overall usage status, so that in the event of a hard disk alarms such as insufficient disk space, average CPU usage reaching 90%, RAM usage reaching 90%, etc. are handled in advance before they occur, and it will notified to Odysseus Digital and MetaAge AWS architects to carry out follow-up plans to improve the SLA of related customer systems. Avoid the cost waste caused by ignorant resource expansion.
In addition, MetaAge Digital uses Application Load Balancer in AWS to distribute traffic and protect the back end EC2 and other systems. MetaAge Digital will also completely collect relevant data such as Count of visiting websites and HTTP errors and set alarms for it, keep the Odysseus Digital and MetaAge Digital Situation Room personnel informed. If there is a critical error, the EMR personnel will receive an alert at the first time and eliminate it according to the SOP. If it cannot be eliminated, then the second-line maintenance personnel and Odysseus Digital customers will be notified. Relevant data can also be collected to facilitate analysis of the frequency and context of related errors, and then use this data to optimize related services.
2. Logs collection and application
Since the three-tier architecture application deployed in the original local terminal of Odysseus has insufficient hard disk space due to too many OS or Application Logs, the necessary Logs cannot be obtained, and there is urgent need to expand the hard disk. After moving to AWS, MetaAge digital monitoring system actively collects these Logs and transmits them to Amazon S3 for long-term storage and enable life cycle control. Controls storage costs associated with Logs. Relevant Logs include service log such as, Amazon EC2 (OS and App level Logs), Amazon RDS (DB Logs), Amazon ELB (Http status and connection Logs), AWS Cloudfront (CDN Logs) and Performances Metrics, the above all will be kept in S3, periodically moved to cheaper Glacier or deleted.
How Amazon CloudWatch Works
(Source Image:https://aws.amazon.com/tw/cloudwatch/ © Amazon Web Service)
1. Through the NGM system developed by MetaAge digital ST630 and the 24-hour online hosting service center MSP technicians, and integrate relevant records and information to help customers solve problems more efficiently:
→ Able to instantly discover the service anomalies of Odysseus Digital on AWS and deal with them immediately and appropriately
→ Effectively avoid the same issue encountered in the three-tier architecture built by Odysseus Digital on AWS as the original three-tier architecture on the local side
2. Through the NGM system developed by MetaAge digital ST630 and the 24-hour online hosting service center MSP technicians, the efficiency of system maintenance and operation is improved:
→ After migrating to AWS and hosting the service to MetaAge digital MSP, Odysseus Digital reduced the labor and time cost of maintaining the three-tier architecture function and saved the investment in hardware maintenance costs. And there is no need to spend extra cost to employ and train AWS service maintenance personnel, so that relevant technical personnel can concentrate more on projects with higher output value.
3. Through the NGM system developed by MetaAge digital ST630 and the MSP technicians of the 24-hour online hosting service center, the continuous collection and analysis of Logs can better understand the operation status of the system, to help Odysseus Digital to analyze and improve their service:
→ After migrating to AWS and hosting the service to MetaAge digital MSP, Odysseus Digital can easily use AWS services to collect Logs and analyze them, so that Odysseus Digital's technicians can more easily understand the operation status of its services , and leave useful information for emergencies, and even easily manage the storage capacity of Logs
1. MetaAge digital will regularly scan the IAM User and Root Account MFA binding status in Odysseus Digital's AWS account, and there will be different patch actions and user prompts for Root Account and IAM User.
2. Adopt the instance enhanced by the Corporate Identification System (CIS) and perform vulnerability scanning regularly and provide a complete solution for the customer's related Logs to maintain the integrity of their logs to ensure subsequent related checks and applicability.
The MSP team of MetaAge Digital uses AWS Config to set rules for root account MFA enable. If the IAM User's MFA is found to be disabled, it will send an alert notification through AWS Systems Manager Remediation AWS-PublishSNSNotification relevant personnel to deal with.
(Source Image: https://aws.amazon.com/tw/config/ © Amazon Web Service)
MetaAge digital MSP team uses EventBridge and the written Lambda function in Odysseus Digital's AWS account, and scans the customer's IAM User regularly every month, and generates whether there is any binding MFA Reports, and notify relevant personnel for processing, even restrictions on permissions How Amazon EventBridge uses events to wire applications.
(Source Image: https://aws.amazon.com/tw/eventbridge/ © Amazon Web Service)
Using the collection of VPC Flow Logs, for all Odysseus Digital's application Network resources on AWS, collect the Traffic Logs of these resources into an Amazon S3 bucket for storage, and ensure that customer-related Logs can be properly stored, manage, and ensure its integrity. If there is a need for auditing or consulting, you can quickly retrieve the logs for use.
1. The AWS Config set by MetaAge Digital for the MFA of the Root Account will send a notification to the enterprise war room personnel and notify the relevant personnel of Odysseus Digital at the priority, to prevent internal personnel from accessing the Root Account and making unnecessary changes.
2. MetaAge Digital will scan the MFA binding status of the IAM User, and send the scan result notification to the customer's mailbox, and regularly compile a monthly inspection report on the AWS IAM User of Odysseus Digital, to achieve a significant increase the security of IAM accounts to avoid malicious use events.
With the assistance of MetaAge Digital, Odysseus Digital easily migrated its traditional three-tier architecture services to AWS and transferred services smoothly. In addition, the architecture migrated to the cloud can be more comprehensively optimized, and more information can be collected by taking advantage of cloud services to facilitate the formulation of subsequent development and maintenance plans for related systems, and more convenient services from AWS can be used to transform related functions.
At the maintenance and operation level, in addition to eliminating the investment of existing hardware, it can also reduce the maintenance and operation of the server room, including its utility bill. And the original technicians who took the time to maintain the operation can spend their time on projects with more output value. Through the signing of managed services, the recruitment or training of AWS operators is also avoided, and the related applications in the cloud can be managed and controlled more quickly and effectively.
The monitoring and prediction function of MetaAge digital NGM system not only enables maintenance and operation personnel to solve problems faster, but also provides relevant information in combination with MetaAge digital MSP personnel and deploys in advance for related problems that may occur, improving the overall service SLA.
There is also the collection and preservation of Logs, which can not only have life cycle management, but also archive and remove outdated Logs. In addition, it can also ensure the integrity and availability of its logs through a series of solutions, which is not only of great help in auditing, but also in the subsequent application of system development.
Finally, thanks to the diversity of cloud systems, related services can add more functions and usability with the help of AWS, and with the assistance of MetaAge digital, updating and upgrading related systems is no longer a concern.
MetaAge Digital has rich experience in information security, network, storage, server, virtualization, database management, and a team of architects and maintenance teams with deep technology is the best helper for enterprise cloud services. Whether customers want to deploy AWS services, and further value-added services such as Cloud Managed Service, Infrastructure-as-code, API integration, and cloud integration, which can meet multi-faceted needs.
Professional information application service provider
MetaAge Digital (formerly Sysage Technology) started its business in 1998, and has since become "The ICT Solution Provider Professional Information Application Service Provider" role, providing first-class products and professional services for distribution partners and enterprise users, Become the best value-added service brand distributor in the industry. For the majority of distributor partners and independent software vendors (ISVs) of the cloud market, it is also possible to negotiate a distribution cooperation plan and design a framework for follow-up cooperation.
The software and hardware product lines represented by MetaAge are all world-renowned brands, providing strong technical support and tailor-made distribution cooperation solutions for the vast number of distributor partners and independent software vendors (ISVs) of the cloud market. , expand the service scope of partners, and achieve a better customer service experience in a variety of fields.
MetaAge continues to be the best partner for IT intelligence, and sincerely welcomes the old and the new to join hands to create a new digital situation.
Contact Information:
Phone Number: 0800-008-669
Email: aws@metaage.com.tw
