CasaToro, Well-Architected
The Challenge
Casa Toro’s digital transformation team has developed a solution that integrates the transversal services of its business application ecosystem through microservices; and that are orchestrated through a component that centralizes the interaction of internal applications and the integration with external third parties.
“We are very happy to achieve this achievement and have AWS as a technological platform that supports our operation. We continually strive to provide trust to our customers not only through the products and services we offer, but also through all digital channels and experiences. Today we operate our platforms more efficiently, with the robustness and security that our clients and company require”
Jaime Mayoral, Digital Transformation Manager.
“From the beginning, one of our first challenges was to optimize the operation and integration of all our applications and platforms through a single ecosystem, but this had great challenges, which is why the application and review of compliance with the 6 pillars of the recommended framework “AWS (Well-Architected Framework) gives us the confidence to continue growing and operating with the certainty that we are doing things right.”
Moises Añez, Chief Technology Officer at Bellpi, a spinoff of CasaToro.
Strategy and Solution
Due to the criticality of this solution, Casa Toro decided to execute a Well-Architected Framework Review (WAFR) to improve, reinforce, and optimize the infrastructure that supports this solution. Expressing special interest in reinforcing the pillars of Reliability, Operational Excellence and Cargo Security.
To carry out this optimization, 10 activities distributed across the 5 pillars of good architecture practices were prioritized and agreed upon: Security (2), Performance (1), Reliability (3), Cost Optimization (1), and Operational Excellence (3). ).
These activities for the improvement of each of the aforementioned pillars, had the following scope:
Security
- The management of user credentials and authentication was strengthened and improved, in addition to making programmatic access control more efficient.
- More robust password policies were established, and with appropriate periodicities.
- AWS System Manager services were activated, which support network protection management, and the configuration and parameterization of VPCs, subnets, end-points, and IP addressing were optimized.
- All unnecessary public accesses were eliminated. In addition to the application of the necessary configuration to ensure the protection of data at rest and in transit.
- Additionally, important guidelines and recommendations were shared with the entire technical team to stay up to date with security recommendations, as support to develop their threat model and control objectives.
Performance
- The configuration of metrics and alarms was defined to monitor the behavior of EC2 instances, ECS service and database, and other components, in order to understand how their interaction affects the overall performance of workloads and identify opportunities to improve performance. and efficiency.
Reliability
- Service quotas were evaluated in order to manage them appropriately and thus allow planned growth based on their use.
- The infrastructure team was guided in the design and development of runbooks for the most recurring operational activities.
- Supported the optimization of the Disaster Recovery Plan (DRP) with the refinement of Backup and restore strategies through the use of AWS Backup, with retention periods according to the criticality of the business and established in conjunction with Casa Toro.
- AWS CloudFormation was implemented to standardize and streamline the deployment of infrastructure components and accelerate adaptation to required changes.
Cost Optimization
- A permanent monitoring scheme was defined on the use of resources and the relationship between installed and used capacity, through the activation of Cost Allocation Tags and the Cost Explorer.
- A plan was made for the implementation of a pricing model to reduce costs (savings plan).
Operational Excellence
- A telemetry strategy was designed and implemented that allows the behavior of each of the workloads to be recorded and supports decision-making with solid data.
- Metrics of the most important components were included, such as instances, orchestrators, microservices, databases, and balancers, among others.
Benefits
Ability to make informed and timely decisions:
The establishment of a complete monitoring scheme through dashboards, metrics, and alarms allows Casa Toro’s digital transformation team to have a tool that enables the visualization and management of its resources in a centralized way, improving the opportunity to act in a manner timely and proactive concerning events or other operational incidents, and even providing them with inputs to make optimizations to improve performance and efficiency.
This scheme is not only useful in improving performance, but we also improve costs by not having oversized resources, and supporting budget management and monitoring through the issuance of alarms and the generation of cost and usage reports.
Awareness of the importance of the security of your loads:
Additionally, to the management of credentials and user authentication, a substantial improvement in security was achieved. VPCs have been configured to provide a private, secure, and scalable environment, including gateways, routing tables, and public and private subnets. This exercise of privatizing its network layer allowed Casa Toro to be clear about the points with the greatest security risk and to establish a detailed risk mitigation and control plan.
Adoption and implementation of good practices:
Casa Toro managed to substantially improve its knowledge and adoption of good practices on AWS, thanks to the actions and recommendations executed during this Well Architected Framework Review; As a result of this, they are able to implement and replicate these improvements in their other loads and successfully resolve the risks.
Additionally, and as a consequence of this WAFR; Casa Toro adopts and establishes the practice of Infrastructure as Code (IaC) to manage its loads. Many of these activities were addressed in conjunction with Casa Toro, which served as leverage so that the technical team could understand, internalize, and establish these practices within their internal processes; facilitating the implementation and adjustment processes, thus reducing the execution of errors, and providing uniformity between the different environments (for example, development, pre-production, and production, which are the same, or practically the same, simply by scaling the resources).
About CasaToro
CasaToro, founded in 1934, is the largest network of dealerships and after-sales services in Colombia. It sells the Ford, Mazda, Renault, and Volkswagen brands and has a used line of all brands. In addition, it represents the John Deere brand with its agricultural line, garden, utility, and golf equipment.
About Clouxter
At Clouxter we enable the adoption path and consolidate the cloud in organizations. Our focus is on DevOps, Migration, Security, and Analytics, providing the key pieces to have a great Cloud strategy. We have extensive experience in different industries such as Banking, Media, Fintech, Public Sector, ISVs and Startups.
We accompany organizations on this path and accelerate their adoption curve, covering the Definition, Planning, Implementation, and Operations of their solutions, through our Professional Consulting Services, Managed Services, and Local Billing.