Babbly needed to develop and manage a stable, future-ready Kubernetes infrastructure that could support frequent application releases and automate security. It also needed to meet industry compliance requirements.Solutions Cloud, Public Cloud, Data, Data Management, Data Modernization, Security, Data Protection Platforms Cloud, Amazon Web Services (AWS), Data, AWS Data, Security
Seeking a stable and future-proof infrastructure
Babbly helps young infants build their communication skills. The software start-up had an infrastructure that was still in the development stages, but needed to be made stable and future-proof, while also improving customer experiences. In addition, the application required new security features to help it maintain compliance with the Health Insurance Portability and Accountability Act (HIPAA), which sets standards for using sensitive patient data.
Also needed were comprehensive automated pipelines to manage infrastructure and application deployments. Another requirement was for monitoring and logging solutions that would support production workloads.
The application had been using Kubernetes clusters on Amazon Web Services (AWS) with a development pipeline that used Bitbucket for planning and management. Basic deployment processes were also already in place.
Babbly’s team of two developers had no spare capacity to develop or manage a robust foundational infrastructure. The Babbly team was aware of the breadth of AWS services available, so decided that a technology partner with deep expertise was necessary. It needed a partner who could both identify suitable services and implement them to enable Babbly to meet its goals.
Choosing the right AWS experienced partner
Babbly chose Onica (a Rackspace Technology company). Onica is a leading AWS Partner Network (APN) Premier Consulting Partner. The expertise in DevOps and AWS services that Onica could bring to the project made it a perfect choice. There was an urgent need for support to get the application ready for a marketplace launch, while also enhancing operations and maximizing efficiency.
The Onica and Babbly teams worked closely to ensure that all of the requirements and pain points were well understood from the outset.
One of the initial priorities was to meet a submission deadline for a closed beta. This deadline had to be met before the application could go live on the Google Play store. Work began with the implementation of a production ready Kubernetes cluster.
To achieve this, an Amazon Elastic Kubernetes Service (Amazon EKS) infrastructure with Amazon Relational Database Service (Amazon RDS) for database management was implemented. The infrastructure was built using a multi-stage pipeline for development and production that supported improved QA testing.
“Onica (a Rackspace Technology company) came onboard matching the high standards the Babbly team embodies, and worked closely with us so we could release our application on schedule.”
Deploying security and encryption
Security and end-to-end encryption were an important part of Babbly’s design from the outset. The application had to incorporate robust protection against cyberthreats.
Achieving this requirement began with the Amazon Certificate Manager’s native integration with the Elastic Load Balancer service. This made it simple to secure public endpoints hosted on Amazon Route 53. The Amazon Web Application Firewall service integrated with the Elastic Load Balancing service provided protection against common cyberattacks, such as SQL injection and cross-site scripting.
The AWS WAFv2 service also allowed the ability to attach AWS Managed Rules, which support many of the Open Web Application Security Project’s (OWASP) top 10 security risks. The OSWAP is an international non-profit organization dedicated to web application security, which advises on the highest threats to protect against cyberthreats.
Meeting HIPAA compliance goals
To meet HIPAA compliance, intra-cluster encryption was achieved by deploying the security-first service mesh, Linkerd, which added critical security, observability and reliability features to the Kubernetes stack without the need for application code changes. This effectively secured pod communication.
Within the Kubernetes stack, the team deployed the ALB Ingress controller and external DNS module to seamlessly modify Amazon Route 53 records as new services were provisioned. The pod-level permissions of the Amazon EKS service enable these services to function. They meet the industry standard of “least permissive” access, as each container is granted its exact needs. Bitbucket pipelines were used for deployment and AWS CloudFormation was used for standing up all of the infrastructure as code.
Amazon CloudWatch Container Insights provide monitoring and metrics of the Babbly application stack. This allows the application’s current logs and performance information to be seen from a single view. All logs are shipped to Amazon CloudWatch log groups, which are critical for compliance requirements and auditing.
The CLI tools meant for creating Amazon EKS clusters were moved to a managed infrastructure-as-code approach. This allows greater flexibility, improved compliance checkpoints and increased control over deploying Amazon RDS and the virtual private cloud (VPC), as well as the overall cluster. This level of flexibility and control provides Babbly with a strong foundation upon which to meet HIPAA compliance.
A production ready Kubernetes architecture — which normally takes several months to build — was completed in just six weeks to meet the application launch deadline.
Ready to keep growing
What normally takes several months was achieved in just six weeks as the production-ready Kubernetes architecture was ready in time to meet the application launch deadline. Onica’s own open source development tools, such as Runway, helped achieve this goal.
The Runway tool was built based upon previous customer experiences. It can coordinate and accelerate infrastructure-as-code deployments, and includes native support for Kustomize, allowing for easy deployment of Kubernetes manifests. Security and monitoring enhancements were also added with encrypted file systems and SSL. Amazon CloudWatch Container Insights were set-up to facilitate troubleshooting right down to the container level. The addition of these features will help the infrastructure meet HIPAA compliance standards.
The infrastructure was built with automated scalability capabilities so that fluctuations in demand can be met. Babbly also benefits from continuous integration and continuous delivery (CI/CD) efficiency improvements. Other introductions include an automated application deployment pipeline, which allows the development team to ideate, implement and deploy updates and features quickly.
Throughout the process, Onica’s team held working sessions with Babbly’s DevOps engineer and provided ample documentation to educate the company on both the enhancements as they were implemented and how to operate the new infrastructure independently.
Additions to the infrastructure have improved customers’ experiences in uptime. The infrastructure lives in different availability zones, and there are automated database backups that ensure a reliable end-user experience is maintained becomes more diverse, we will need to incorporate the flexibility and dynamic nature of the cloud.
About Rackspace Technology
Rackspace Technology is a leading end-to-end multi-cloud technology services company. We can design, build and operate our customers’ cloud environments across all major technology platforms, irrespective of technology stack or deployment model. We partner with our customers at every stage of their cloud journey, enabling them to modernize applications, build new products and adopt innovative technologies.
Let’s Talk Strategy
Tell us a little about your challenges and we’ll contact you.