Executive Summary
As the Fringe customer base grew rapidly, the senior management team determined it was time to fine-tune its Amazon Web Services infrastructure to ensure it could scale efficiently to handle the increased customer demand while also complying with customer security requirements. To solve this challenge, Fringe turned to Avahi Technologies. Avahi built an AWS environment that uses infrastructure as code and serverless compute resources to deploy services in Kubernetes clusters. Through a control plane, the clusters automatically manage the availability of nodes that schedule containers, manage application availability, and store data. In addition to enhancing security and streamlining the Fringe CI/CD process, the Avahi solution enables the infrastructure to automatically scale up and down while also complying with security standards such as SOC2.
About the Customer
Fringe—the world’s first personalized, well-being marketplace—enables employers to save money by consolidating employee experience, benefit, and recognition programs all into one platform. The company offers hundreds of well-being and lifestyle services, intelligently designed to make it easier to recruit and retain talent while also improving employee well-being.
Customer Challenge: Limited Resource Bandwidth to Enhance AWS Infrastructure
As a start-up company, Fringe relied on internal technical resources to deploy an Amazon Web Services (AWS) infrastructure to support customer-facing applications. As the customer base grew rapidly, the senior management team determined it was time to fine-tune the infrastructure to ensure it could scale efficiently to handle the increased customer demand while also complying with customer security requirements.
“With our internal team focused on programming and enhancing our customer applications, we did not have the in-house capacity for handling the infrastructure changes,” says Jeff Brown, the lead software and DevOps engineer for Fringe. “We also knew it would not be cost-effective to hire DevOps and infrastructure resources. Our needs required someone with extensive cloud experience.”
In looking for a partner to assist with the infrastructure tuning, Brown knew that experience with application containers was a must to support Fringe’s CI/CD pipeline. “Ideally, we hoped to find a partner who could set up an enhanced AWS environment that would be possible for us to maintain on our own with junior technical resources,” Brown adds.
Partner Solution: Avahi Designs Serverless Infrastructure-as-Code Environnent
To take on the challenge, Fringe turned to AWS for advice. AWS recommended Avahi Technologies, which specializes in helping start-up companies that need to enhance their cloud infrastructures.
As shown in the image below, Avahi built an AWS environment for Fringe that uses infrastructure as code and serverless compute resources to deploy services. Since Fringe relies on Kubernetes containers to run its microservices application architecture, Avahi set up Amazon Elastic Kubernetes Service (EKS) clusters. The service automatically manages the availability of containers through a control plane that schedules containers, manages application availability, and stores cluster data.
With EKS, as the workload increases on customer applications, Fringe can leverage the performance, reliability, and availability of its AWS infrastructure as well as integrations with AWS networking and security services. Avahi also added mechanisms for automatic horizontal and vertical scaling. These include Karpenter, a third-party open-source cluster auto-scaler that provisions new nodes in response to un-schedulable container pods in Kubernetes clusters. This tool is complemented by Kubernetes Horizontal Pod Autoscaler, which automatically scales the number of container pods.
Avahi also enhanced the security architecture by deploying Amazon GuardDuty for threat detection and Amazon Inspector for vulnerability management. Other key security services include AWS CloudWatch, which monitors compute resources while AWS Security Hub conducts security best-practice checks.
Also providing security is Amazon Key Management Service (KMS), which provides encryption. All the security tools centralize the management of AWS accounts and provide system monitoring along with alarms when compute resources hit preset thresholds.
To streamline the CI/CD pipeline, Avahi connected the Fringe GitHub repository used by software developers to a trio of AWS services: AWS CodePipeline automates the building, testing, and deploying of the release process each time a code change occurs while AWS CodeCommit securely stores, publishes, and shares software packages. In addition, AWS CodeBuild compiles source code, runs tests, and produces ready-to-deploy software packages.
Results and Benefits: The Ability to Quickly Roll Out and Scale Secure Environments
The solution Avahi delivered allows Fringe to quickly roll out new development, staging, and production environments. The internal Fringe teams just need to apply DNS changes to connect with API calls that come from Fringe employees and customers, and users get directed to the same database and systems of record as with the previous infrastructure.
With the security enhancements applied by Avahi, the Fringe AWS environment is now ready to go through a SOC2 audit, which will provide a big assist in assuring Fringe customers that their data and user-accounts are safe. Fringe is also positioned to comply with other security regulations and standards that customers might ask about.
“We also have software integration partners that we have to demonstrate our security posture to,” Brown points out. “They have stringent requirements too, and thanks to Avahi, we can address the concerns of any of our partners and customers.”
The biggest plus for Brown is the node scaling: Karpenter watches traffic, demand and CPU metrics and will automatically enroll new resources as nodes for Kubernetes so that Fringe can scale up and scale down as needed. And with the enhanced AWS infrastructure created by Avahi, Fringe can now hire junior DevOps resources to maintain the environment.
“Throughout the project, whenever we ran into any infrastructure engineering challenges, Avahi would get things resolved quickly,” Brown says. “It’s nice when you have a partner that does not require hand-holding—they know how to work through issues on their own and provide specific details to describe any changes they made. The pooled level of expertise they offered gave us a level of comfort that we were being guided towards the right solution.”
About the Partner: Avahi Technologies
Avahi Technologies is a cloud-native focused company and Amazon Web Services (AWS) partners with a team of cloud, data, and software engineering experts and experiences obtained through years of working within the cloud ecosystem. An extraordinary team of highly-certified Avahi experts excels in architecting and operating secure, automated, cloud-based solutions built on AWS. With a focus on becoming an extension to existing customer teams, Avahi offers exceptional service and works tirelessly to build the right solutions to solve business problems.