Customer

PAM is the world leader in smart navigation, enabling guests and customers to easily navigate new environments such as precincts, venues and shopping malls. PAM enables consistent and easy management through the entire lifecycle of the complex signage and wayfinding systems.

Facilities Managers get a highly user friendly administration experience, with less frustration and a huge increase in productivity.

Mediabank Pty Ltd, which developed PAM, successfully launched solutions for large Australian universities. Their next objective was to expand into the US market.

In Summary

To support plans for expansion, PolarSeven provided Mediabank with a refreshed environment aligned to the AWS Well Architected Framework. This removed technical debt and addressed issues of Security, DevOps, and Elasticity.

With Monitoring included, the developers could focus on developing their world leading platform PAM, and MediaBank could focus on their business development plans to expand into the US.

Business Need

The current AWS environment that hosts PAM was set up in 2016, and while serving its purpose well, it had organically grown with new features, resources and technologies to accommodate an ever expanding customer base. To support expansion, modernisation of the environment was necessary to align with the AWS Well Architected Framework ensuring operational excellence and security are inherent in the architecture, while optimising costs for the coming years.

In summary, Mediabank needed to deploy a new best practice environment to remove technical debt and ensure ability to scale globally, supporting more clients.

At the same time, the development team needed to be shielded from the operational complexities of the technical environment to allow them to focus exclusively on rolling out new releases.

Solution

Security:

  • The first step in establishing a Well Architected Framework is establishing a robust security regime throughout the environment. PolarSeven implemented a Landing Zone using AWS Control Tower, as it provides the most straightforward way to setup and govern new, secure, multi-account AWS environments based on AWS best practices.
  • PolarSeven established the Organisational Units and applied Guardrails through the AWS Control Tower dashboard. Guardrails are high-level rules that provide the ability to implement preventative or detective controls to govern resources and compliance across AWS accounts.
  • Finally, AWS Single Sign-On (SSO) was rolled out to centrally manage access to multiple AWS accounts and provide users with single sign-on access to all their assigned accounts and applications from one place.

DevOps:

  • To address DevOp issues, PolarSeven implemented AWS CloudFormation, which allowed MediaBank to model and provision, in an automated and secure manner, all the resources needed for their applications across all regions and accounts via a plain text file.
  • AWS CloudFormation provides a single source of truth for all AWS and third party resources, with the benefits of:
    • Automated, replicable deployment
    • Cross-account and Cross region management

Scaling: to address the scaling issue, the PAM application stacks were deployed on the AWS Elastic Container Services (ECS) on top of AWS Elastic Cloud Compute (EC2) instances. Amazon ECS Auto Scaling was enabled to give the ability to scale the individual containers when additional capacity of the cluster is required.

Monitoring:

  • AWS CloudWatch was implemented to monitor the AWS resources and components that make up the PAM Landing Zone and environment.
  • PolarSeven configured CloudWatch to detect simple metric thresholds such as when the finite resources of RDS free disk space exceeded set thresholds, as well as many advanced composite metrics to cope with the complexities of the elastic properties of the solution. Alarms are routed directly to the PolarSeven Service Desk for triage and remedy.

Results

The benefits of the Well Architected solution were clear. Utilising AWS Control Tower for security ensured Mediabank could:

  • address the requirements of better demarcation and security across different accounts, user roles and customers, based on Principle of Least Privilege (PoLP)
    automate multi-account set up based on AWS Landing Zone best practice ensuring multi-account compliance and governance is built in the solution.
  • The use of AWS CloudFormation DevOps solution allows PAM developers to deploy new application features in a consistent and controlled way into Dev, Test and Live environments, without having the burden of understanding the technical complexities of those environments.

Auto Scaling provided by AWS ECS gave MediaBank the ability to:

  • Optimise for availability, for costs, or for a balance of both.
  • Automatically maintain performance, and
    Anticipate costs and avoid overspending.

Knowing that their environment was being proactively monitored and that most potential issues would be identified and remedied by PolarSeven before they became problems, allowed MediaBank to focus on developing their world-leading platform PAM, and their business development plans to expand into the US.