Rokk3r Labs is a company that was founded by some of the best and the brightest entrepreneurs in the country. Extremely skilled at starting and managing ne companies, they come together to form a company that helps launch other start-ups. They help co-build these companies, offering guidance and even hands-on to manage them throughout their first months and years. They handle companies of various sizes and stages in the start-up process.
How does Rokk3r Labs decrease operational costs while increasing their speed to market for new clients? By partnering with a DevOps expert like CloudHesive.
CloudHesive has an excellent reputation for developing innovative and cost-effective cloud solutions so their customers can achieve the highest level of availability and security. As Rokk3r Labs’s client base evolved, they needed to implement new processes to ensure their integration with customers was seamless and offered full protection. Lacking the internal resources, they sourced CloudHesive to build these advanced security measures that could be deployed to support any size infrastructure. Ultimately, the goal was to increase the customers speed to market and improve governance of mission-critical workloads while decreasing error rates and always remaining secure.
“CloudHesive was instrumental in helping us deploy and manage our Kubernetes environment in Amazon. Their expertise and diligence help us decrease our time to market for our software deployments.“ – Brian Sanchez, Chief Technology Officer, Rokk3r Labs
The Challenge
The process of migrating to DevOps methodologies can be a challenge. If not performed correctly companies and management are often left frustrated. To move forward, companies must track essential metrics and put the right people in place to ensure success. In the case of Rokk3r Labs, they had demanding clients with specific SLA requirements that needed to be met right away. Initially Rokk3r attempted to build out the AWS infrastructure for these clients, however concerns remained if the full goal was being achieved. The majority of these SLA requirements were focused around compliance and stability and they lead to reaching out to CloudHesive.
Rokk3r Labs had engaged CloudHesive in the past and knew this relationship would be a good fit. Yet this was a unique project for DevOps experts, especially since Rokk3r AWS infrastructure had already been deployed and needed to be rebuilt while hosting clients. The CloudHesive team needed to disassemble what was currently in place while not interrupting the client’s existing environments. This made it exceptionally difficult to assess and assert management controls from an application that was live and already being managed by a development team. CloudHesive was prepared for the challenge and started assessment for the best solution.
The Solution
CloudHesive performed a well architected review and assessment of the security, availability, and resilience within Rokk3r Lab’s infrastructure and applications. Once the assessment was complete, recommendations were made and subsequently applied to all areas. These recommendations included the implementation of specific tooling, ensuring that each tenant was deployed in a consistent manner, and each application release was deployed in a steady manner without any downtime. However, since the existing deployment process was already hosted on AWS, it was clear that security should be first priority because all their recourses were public and needed to be redirected to a private route. Information security is the highest importance to Amazon Web Services and it is best not to expose resources to the public unless required or needed as a standard practice.
Using an open-source Kubernetes orchestration tool called “KOPS”, an effort was made to migrate the existing infrastructure to a private network in order to better align with best practices and minimize the attack surface of their application’s environment. Using KOPS for Kubernetes, CloudHesive was able to architect, customize, and deploy a more secure and highly available cluster for ScopeWorker’s backend applications.
During this phase, the Kubernetes cluster also needed to be reconfigured, so they could push down information and fasten the cluster to a private network. Metrics-based monitoring was deployed to the cluster using a DaemonSet version of Datadog, as well as a containerized version of Sumo Logic’s agent for log streaming. Additional configuration was also put in place to support a persistent deployment of Trend Micro Deep Security. Along with securing the network, CloudHesive updated the Amazon machine images (AMI), base operating system, and bootstrapping for anti-virus to further enhance the environment’s security and strength. Now that the environment was secure, CloudHesive reset the Identity and Access Management (IAM) roles, reduced the firewalls to minimal communication only, enabled a virtual Multi-factor Authentication (MFA) in the root account that comes with AWS, and rotated all the access keys and secret keys so there would be no lingering passwords.
Other infrastructure improvements included the execution of a multi-availability zone architecture within AWS, as well as applying the principle of least privilege across all AWS modules. The best security practices for VPC, IAM, and Security Group resources were applied systematically as the environment was evaluated. CloudHesive then updated the necessary security documents required by Rokk3r’s clients so they could remain in compliance now and in the future. Lastly, Rokk3r’s existing databases were migrated to encrypted databases for an extra layer of data security.
Technologies Leveraged
AWS: ELB, VPC, EC2, ASG, EBS, CloudFront, S3, ECR, Redshift, Route53
Third party applications or solutions used
KOPS, Kubernetes, Docker, Bit Bucket
The Benefits
The completed project enables Rokk3r Labs to move faster and focus on their core business, which is launching and managing new companies. Not only did their security improve, but the new environment also improved the agility, flexibility, resiliency, and security posture for their clients. They can now meet all requirements from an SLA perspective while being able to repetitively add and deploy new features to their customer’s environments in a reliable, zero downtime approach. As CloudHesive became their Managed Service and Security Provider, their developing teams were able to strictly focus on coding and enhancing the application platform. Making an overall better experience for their internal teams and external customers.
Rokk3r Labs now has greater insights into their environment through the use of the provided tools, customized dashboards, and alert systems. This enables them to secure multiple tiers of infrastructure security and advanced security expertise that can be deployed to support any infrastructure; and allows them to offer a variety of solutions at differing price points, ensuring their cybersecurity strategy is executed alongside every deployment. As a result of this project, Rokk3r has a secure, resilient, and fault-tolerant infrastructure that will be able to easily scale with demand.