Based on Tecpel’s growth and geographic expansion challenges, the company established in its strategy the need to invest in technology to support this growth. In this sense, based on Valcann’s role as an AWS partner, the project was established for a complete migration of Tecpel’s computing infrastructure to the Cloud. Valcann and AWS were chosen as the partners to deliver this project.
Case Description
This Case Study includes the following details regarding Amazon EC2 for Microsoft Windows:
Description of overall solution and how Microsoft products are leveraged
The TOTVS RM business application runs exclusively on Windows with SQL Server. In this regard, the use of Windows Server and SQL Server is critical, not only because of the platform’s technical requirement, but mainly because of the ability of both solutions to deliver native integration with the partner platform.
Specific Microsoft products used in the solution
-
-
Microsoft Windows Server: The whole environment runs on Windows Server, since their business application – TOTVS RM – runs only on Windows;
-
Microsoft SQL Server: TOTVS RM business application, runs only on Windows. Its database engine, runs on SQL Server;
-
Microsoft Active Directory: Used as directory service, to ensure an integration throughtout all the environment;
-
How other AWS services were integrated into the solution
AWS EC2: We are currently running 4 (four) EC2 instances, which are:
-
-
m5.2xlarge, running Windows Server. It has a Reserved Instance (1 year no upfront) associated to it. It serves as TOTVS RM application server. It also runs TSPlus Remote Desktop service;
-
m5.2xlarge, running Windows Server and SQL Server Web. It has a Reserved Instance (1 year no upfront) associated to it. It serves as TOTVS Protheus database server;
-
t2.micro, running FreeBSD. It serves as VPN and Firewall software appliance, running pfSense application.
-
t3.medium, running Windows Server. It has a Reserved Instance (1 year no upfront) associated to it. It serves as FACTOR application server and also host Active Directory service.
-
AWS Lifecyle Manager: We have 3 (three) lifecycle policies created to this environment:
-
-
This policy will create a snapshot of all tagged volumes, every 24 hours starting at 03:00 UTC. A maximum of 3 snapshots will be retained of a target volume. The oldest snapshot retained will be <= 3 days old. Target volumes with these tags ResourceGroup:Network.
-
This policy will create a snapshot of all tagged volumes, every 6 hours starting at 13:00 UTC. A maximum of 12 snapshots will be retained of a target volume. The oldest snapshot retained will be <= 3 days old. Target volumes with these tags ResourceGroup:RM.
-
This policy will create a snapshot of all tagged volumes, every 24 hours starting at 03:00 UTC. A maximum of 3 snapshots will be retained of a target volume. The oldest snapshot retained will be <= 3 days old. Target volumes with these tags ResourceGroup:Factor.
-
AWS VPC: Regarding VPC, we have 1 (one) VPC created – TECPEL-VPC-172.31.0.0/16 – and 6 (six) subnets, even though, we are using 3 (three) subnets. Two of them are private subnets – one is used by application server and the other by database server. The other one is a private subnet, used by bastion/VPN host.
AWS CloudWatch: CloudWatch service its enable to provide infrastructure and services monitoring throughout dashboards and also, events alerts.
AWS GuardDuty: GuardDuty service its enable to support monitoring process, helping to provide insights to our NOC (Network Operations Center) on how to manage threats and security issues.
AWS Directory Service: We use AWS Directory Services, as our Microsoft Active Directory service.
AWS VPN Services: We use AWS VPN Services to provide site to site VPN.
Issues or customer concerns that were overcome
The main challenge posed by the customer was the need for the partner to have expertise in business applications, especially TOTVS RM platform. By learning about the Valcann Cloud Applications solution, which has preconfigured layer of services and infrastructure in all the main business applications in the brazilian market, including TOTVS RM, Tecpel chose Valcann to be its service partner.
Besides partner’s expertise on Business Applications, the customer also has some other concerns: a) safety of the environment; b) infrastructure management; c) scalability; d) continuity.
The premise we considered was the application of the AWS Well Architected framework. In this case, meeting the requirements of each of the five pillars, were implemented:
1. Operational Excellence
1.1. Implementation of continuous monitoring with CloudWatch;
1.2. Integrated connectivity between the on premises environment and the cloud environment;
2. Security
2.1. GuardDuty Implementation
2.2. Restriction of external access to environment doors;
2.3. Access to the environment through VPN only.
3. Reliability
3.1. Using LifeCycle Manager to implement Snapshot Level backups.
4. Excellence in performance
4.1. Calculation of expected demand of the environment for the rightsizing.
5. Cost Optimization
5.1. The environment is being monitored, so that after 90 days we will set up Reserved Instances.
Third-party solutions used:
-
-
FreeBSD pfSense: Used to provide both VPN connectivity and firewall features – such as content filter, IDS and IPS;
-
TSPlus Remote Desktop Application: Used to deliver application virtualization and environment.
-
TrendMicro DeepSecurity: Used to provide security and antivirus/antimalware prevention and detection.
-
Results Achieved:
-
-
AWS Managed Infrastructure Service;
-
Professional managed services provided;
-
99.97% environment availability;
-
Increased end-user application performance;
-
Greater efficiency in supporting and meeting operational demands;
-
Environment elasticity.
-
Lessons Learned:
-
-
Implementation of AWS services (such as Directory Services, Lambda and CloudWatch), enabled us to focus more on business aspects of the project;
-
Initially the technical proposal was to use AWS RDS as DBMS technology. However, the customer chose to use the DBMS installed on EC2 instance, due to the costs;
-
While Valcann’s migration can be done in a few hours, the customer’s need to understand the new paradigm takes time. In this case, a good practice is to explain in detail the technical migration roadmap.
-
Using the AWS Well Architected framework as an architectural reference, helps us make clear to the customer the value of a good service partner.
-
Initially we thought that we could use pfSense also to site to site VPN. But, in this case, since our client’s business application it’s very sensitive to network variations, we had to switch to AWS VPN, considering that its way more stable than our previous solution using pfSense.
-
Archictecture Diagram
About Tecpel, Tecnologia em Papel
Tecpel, founded in June, 2000, is part of a group that has been active in the importation and distribution of papers for printers, publishers and journalistic companies for over 30 years. Business experience and market credibility make Tecpel one of the most important paper distributors in Brazil. Constant investments in human resources and logistics allow it to serve each of its clients differently, according to their needs.
To exceed the expectations of an increasingly demanding market, Tecpel offers products from the world’s largest manufacturers with high quality and innovative solutions. Its area of operation extends to all states of Brazil with its 5 warehouses in Recife, Sao Paulo, Curitiba, Rio de Janeiro and Porto Alegre, with a portfolio of products such as newspaper, couche, offset, triple and duplex board, LWC. , SCA, Bookpaper, Thermal paper, Adhesive paper and etc.
Always guided by supply responsibility and aware of the dynamics of this market, Tecpel has sufficient stocks to support its growth and especially the growth of its customers.