Health Insurance Platform Migration
The client runs a health insurance distribution and health plan management platform that helps to decrease administrative expenses, simplify the overall process of choosing the best-fit health insurance and integrates advanced health products. Their product development organization of 300+ staff members was substantially limited by their existing bare-metal infrastructure. The IT team had limited resources and a high degree of difficulty maintaining their on-prem infrastructure and were heavily challenged with the business needs for performance, scalability, security and disaster recovery. It was difficult to scale and coordinate the teams and develop new services with CI/CD in place from day one. AWS was determined to be the best option to achieve their objectives of elasticity and administrative simplicity, as well as meeting HIPAA compliance requirements.
To ensure the deployment of additional cluster capacities, A2C Cloud created an automated deployment template to accelerate the setup of new instances, from the initial 40-80 man hours to just 2-4 hours of automated processes. The infrastructure was moved from bare-metal servers to the Amazon province cluster (EKS), which is incorporated into two subnets of one VPC – public for the world and private for the team. Kuber’s nodes are in autoscale groups and spread over public/private parts of the network. Workers nodes with the app are located in the private zone.
- Kubernetes cluster in it’s own VPC
- Elastic Load Balancer and Public Ingress Node as for the public part
- OpenVPN for access to the private part of the network
- For AppsServices subnet – a Kafka cluster consisting of 3 servers + Implementation of RDS PSQL, ElasticSearch, ActiveMQ, S3, CloudFront, Route53
- Special protection measures - App+DB_s were hidden by a private network and closed for access from the Internet
- Visible part - only LoadBalancers
- Access to the cluster restricted by IAM+VPC endpoints
- MongoDB Atlas as a service for DB
- Auto-Scalable function and Userdata deploy function
- Support for three CloudFormation templates - one for VPC, one for RedHat SSO, and one for everything else
- Use of peering connections, security groups, IAM roles/policies