Table of contents
No headings in the article.
Today, we are going to solve ABC Entertainment's networking and disaster recovery problems. ABC Entertainment is one of the world's largest video streaming service leaders. It serves the USA region with more than 7,500 employees, among which 2,500 remote employees access the company data centers via a Virtual Private Network (VPN).
The company has its primary data center in Las Vegas, Nevada, USA, privately connected to 500 offices within 100 miles. They also have a secondary data center in Seattle, Washington, privately connected to about 700 offices within 200 miles. Both of these data centers are connected to the internet.
ABC runs its supply chain application on 100 AMD Apex 128 cores, 4TB of RAM servers in Raid 5 in Las Vegas, Nevada at 88% capacity and does not want to refactor their application. Their application isn't available due to capacity issues and it can halt orders from being processed. ABC also runs its website, apps, and database on 2200 AMD Apex 128 cores, 4TB of RAM servers, running 24 hours at 81% capacity split among its 2 data centers of Las Vegas and Seattle. Their database is object storage based and is open to any technologies that allow them to analyze their business data more effectively.
ABC Entertainment cannot afford a security breach and they send proprietary data over the direct connection links. ABC Entertainment is a $15 billion business, with a 16% year growth, which can grow up to 29% with an optimized supply chain, cost optimized disaster recovery planning, new customer intimacy initiatives, and improved 24/7 website performance services. Customers often complain of latency issues when on the website and end up going somewhere else. ABC Entertainment wants an architecture that will improve its overall technology performance to increase its market share. This company also wants to remain on a single cloud since it has a monthly prepaid payment model and if their content isn't available they don't lose revenue. However, they are mandated to have a disaster recovery plan by the government, so they need an upgraded plan if migrating to the cloud.
Company Present Architecture
Each data center has a connection to the other ones via a 20 gigabits direct connection. The routing protocol used within these data centers is the open shortest path first (OSPF) of Area type 0 with an autonomous system (AS).
ABC Entertainment leverages the top three internet providers on its internet-facing routers to service their critical supply chain application that is completely dependent on internet connectivity. The Border Gateway Protocol (BGP) is an exterior gateway protocol. It loads share traffic and could be considered the GPS of routing because it dynamically learns other routes from other routers. The Interior Border Gateway Protocol (IBGP) runs internally to allow network traffic through internal routers. The Exterior Border Gateway Protocol (EBGP) handles external network connections between two external entities.
Behind the routers, firewalls protect the company network. The VPN concentrator sits in a demilitarized zone to handle all IPSec connections from remote employees and put them behind the firewalls to access the company's internal system.
In terms of security, the company uses a McAfee firewall as its first layer of defense to keep all unauthorized traffic out. Behind it, they have access control lists on their routers, and a host-based firewall on their servers. They also use Microsoft Active Directory to store information about users on the network. Finally they use AES-256 for data encryption.
Regarding their 3-tier application architecture, the company uses network load balancers to distribute the traffic to its web servers. Behind that is a group of application load balancers to load share traffic to app servers backed by a PostgreSQL database. All servers are mounted in RAID 5 to provide fast reads because of striping and parity data.
In terms of their current disaster recovery plan, they back up their mission-critical files and machine images to the second data center every 6 hours.
Let's now implement the new architecture to better ABC Entertainment's network.
Company New Architecture
After evaluating the ABC Technology system, I've found that the best way to solve their network architecture is to implement the single cloud, using the public cloud. I will use the Amazon Web Services cloud as the primary cloud to leverage the quality of the infrastructure. I will propose two possible options regarding disaster recovery. They can offload the disaster recovery to a third party, where they handle all of the necessary infrastructure obtained through a monthly subscription. I can also provison Microsoft Azure as the passive cloud within a active/passive disaster recovery strategy, with a recovery time objective (RTO) of less than 30 minutes. For this case study I will go with the latter option, but keep in mind a full and complete architecture must evaluate the true cost of ownership over a period of time.
The internet connectivity from the present architecture is flawed and needs modifications. I will provision four more connections due to the supply chain application's dependency to the internet.
I will enhance the data center's connectivity of the present architecture by provisioning one more direct connection link and enabling IPSec encryption to ensure data integrity.
I will then connect those data centers to public clouds. For disaster recovery I will use an active/passive strategy. This means one site is always active, i.e. a data center, and the other is always passive. I will configure the failover routing in the active site to forward all traffic to the passive site if a problem occurs. Azure will be the passive site and I will create multiple backup copies of their critical applications and/or data. If AWS experiences an outage, Microsoft Azure will become the central cloud within 30 minutes.
I will move the supply chain to the cloud because it will provide auto-scaling to address the availability problems, and to utilize the cloud's analytics ability to make better business decisions. By doing this, I will free 100 big servers and re-purpose them to serve as block storage. That will buy ABC that 16% growth for at least three years. They won't have to worry about their supply chain becoming unavailable and will still benefit from all the infrastructure already in place at no additional charges. Migrating the supply chain to the cloud will allow it to scale as needed and eliminate server capacity issues.
The security architecture in the cloud will be as follows: AWS Advanced Shield for DDoS protection. I will go to the marketplace to get a performance firewall and IDS/IPS system. Leverage the network access control list as a layer of security for my subnets. I will add the host based firewall, anti-virus and anti-malware, and mandate disabling any unnecessary services on any physical or virtual server. To top it off, I will use AWS's security group to protect my virtual machines (EC2) along with the AWS key management service (KMS) to manage data encryption. IAM will manage authentication, authorization, and accounting tasks. I will update the Active Directory to the cloud based AWS Managed Microsoft AD to manage users both on the cloud and on-premises and to mandate Multi-Factor Authentication (MFA).
Regarding their cloud 3-tier application architecture, I will use the AWS network load balancers and use them to handle up to millions of requests. I will then place the web servers and app servers in a cluster placement group to control latency. To replace the RAID 5 configuration, I will provision RAID 1+0. Next, I will use AWS S3 to copy the object-based database data to a data lake. I will use AWS Redshift as the data lake to store the massive amounts of object-based data, to automate the process of analyzing data to help create new customer initiatives, and the automating of backing up data processes. That will give ABC Entertainment the improved performance, availability, and scalability they've been looking for.
The new architecture will allow ABC Technology to grow by 15% and reach its 29% forecast year-to-year growth.
NB: This architecture is an extremely high-level representation as the full one will be so much more detailed and much more complex. The intended audience is the general public.
Thank you for your time, and I hope you enjoyed this architecture study case.
Dan, the Architect.