AWS Cloud - Elastic Container Service #11462356/HEAD / v121 |
Tags:
not added yet
New infrastructure is only available in codeBeamer v9.5. Existing clients will be migrated automatically
Table of Contents
IntroductionThe solution was built with security and durability in mind, hosted on AWS, the leading cloud provider. The main concepts include current virtualization and containerization technologies, logically isolated client resources, encrypted and safely stored client data, and the principles of infrastructure-as-code. The automation of processes leave no room for human error when it comes to deployment, updates and more. The time of deployment usually takes less than 1 hour. The main concepts and their implementationDurability and fault-toleranceContainerization makes it possible to decouple the running environment from the application code, making it possible to deploy in a predictable and reproducible way. This makes it possible to debug reported incidents in a safe, client-like environment without client downtimes, or accessing sensitive data at all, where we know that the moving parts behave the same way. This also enables us to quickly redeploy faulty parts, guaranteeing minimal downtimes in a disaster-recovery situation. Container orchestration and application fault-tolerance (AWS ECS)Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service. Customers such as Duolingo, Samsung, GE, and Cookpad use ECS to run their most sensitive and mission critical applications because of its security, reliability, and scalability. In the past years at Intland, we have been constantly improving our solutions to provide a streamlined customer experience with our platform, building mostly around AWS Elastic Beanstalk. Moving to ECS provides more flexibility and control over our processes, while retaining all the advantages Elastic Beanstalk has brought to our customers. ECS makes sure the actual workload matches the desired counts, providing advanced auto-healing and service recovery features with minimal downtimes. Infrastructure durability (AWS Auto Scaling Group)An Auto Scaling group contains a collection of Amazon EC2 instances that are treated as a logical grouping for the purposes of automatic scaling and management. An Auto Scaling group also enables us to use Amazon EC2 Auto Scaling features such as health check replacements and scaling policies. Both maintaining the number of instances in an Auto Scaling group and automatic scaling are the core functionality of the Amazon EC2 Auto Scaling service. In other words, this service is responseible to ensure healthy infrastructure under our loads, recovering failing nodes. Isolating customer resourcesPrivate networking (AWS VPC)Amazon Virtual Private Cloud (Amazon VPC) lets us provision a logically isolated section of the AWS Cloud where we can launch AWS resources in a virtual network that we define. We have complete control over our virtual networking environment, including selection of own IP address range, creation of subnets, and configuration of route tables and network gateways. ECS let’s us launch our client stacks into exclusive VPCs, making them run in their very own private virtual networks., preventing cross-client communication. Firewalls and network traffic control (AWS Security Group)A security group acts as a virtual firewall for the instance to control inbound and outbound traffic, opening only the required ports to the public, and leaving the rest of the systems safely restricted to our infrastructure team. User and access management (AWS IAM)AWS Identity and Access Management (IAM) enables us to manage access to AWS services and resources securely. Using IAM, we can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. For every part of our client stack we use users and roles with minimal access to specific resources to guarantee even more security and isolation. Handling of client dataData volumes (AWS EBS)Amazon Elastic Block Store (EBS) is an easy to use, high performance block storage service designed for use with Amazon Elastic Compute Cloud (EC2) for both throughput and transaction intensive workloads at any scale. A broad range of workloads, such as relational and non-relational databases, enterprise applications, containerized applications, big data analytics engines, file systems, and media workflows are widely deployed on Amazon EBS. Our instances use EBS volumes as their block devices. Databases (AWS RDS)Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. Secrets and passwords (AWS Secrets Manager)AWS Secrets Manager helps us protect secrets needed to access applications, services, and IT resources. The service enables us to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. Users and applications retrieve secrets with a call to Secrets Manager APIs, eliminating the need to hardcode sensitive information in plain text. Encryption and backup of client dataBoth block devices and databases are encrypted with AWS KMS keys and are backed up by AWS Backup, providing automated backups and safe storage of valuable client data at every stage throughout a client’s journey with us. Other servicesVarious other AWS services are helping us provide our customers stress-free, automated deployments and updates of their codeBeamer and Retina stacks. Our DevOps team employs AWS CloudWatch for monitoring and alarms, AWS Lambda for serverless utility functions, DynamoDB as a persistance layer for them, S3 as an object storage, and more. Do you have a specific question for us? Reach out, and our DevOps team will surely have an answer for you.
BackupAWS Backup service is used for creating a daily backup of your data. It is responsible for creating a snapshot of your database and file system, and restoring it in case of data loss.
A new backup is created every day between 12am and 1am (based on the timezone of the selected region). Backups are kept for 12 months (however it can be extended).
Transferable backup can be requested via support@intland.com.
RTORecovery time objective is one hour. Please note that support team is available in only working hours RPORecovery point objective is 1 day by default. See the Backup DowntimeIn case of maintenance work, the application will not be available for a short time of period. The DevOps team will find a time to apply changes in the given maintenance window. Before applying any change on your instance, the DevOps team will contact you.
Production ready deployment takes only couple of minutes. Your DataYour data is your data! It is in a very secure environment, however it can be migrated into other environments (e.g. company server) without information loss. Please contact support@intland.com for more information. What information should you provide?In order to find the prefect size and place for your infrastructure, we need to know the following:
Available Services
Server sizes
Try it!?Do you want to try it? Your private and secure instance can be deployed in couple of minutes. Please contact sales@intland.com. |
Fast Links
codebeamer Overview codebeamer Knowledge Base Services by Intland Software |
This website stores cookies on your computer. These cookies are used to improve your browsing experience, constantly optimize the functionality and content of our website, furthermore helps us to understand your interests and provide more personalized services to you, both on this website and through other media. With your permission we and our partners may use precise geolocation data and identification through device scanning. You may click accept to consent to our and our partners’ processing as described above. Please be aware that some processing of your personal data may not require your consent, but you have a right to object to such processing. By using our website, you acknowledge this notice of our cookie practices. By accepting and continuing to browse this site, you agree to this use. For more information about the cookies we use, please visit our Privacy Policy.Your preferences will apply to this website only.
Note that user-behavior analytics are being captured on this server for the purpose of improving the Codebeamer user experience.