Revenera

About the Customer 

Revenera has more than three decades of history in software licensing and compliance, growing organically and through acquisitions and providing market-leading solutions that help software companies significantly grow their revenues and save operational cost. 

 

Customer Challenge 

The customer’s on-premises environment had evolved to the point that necessitated a migration to a cloud-native platform to modernize their environments, remain cost effective, and increase feature production velocity and agility. Revenera’s leadership was ready and willing to take the plunge, but prior efforts to migrate their workloads to the AWS cloud had unfortunately been unsuccessful.  

 

Why AWS? 

Revenera's team knew that they needed to migrate key components of their platform to the cloud in order to meet their business goals and had taken multiple cloud platforms into consideration, including Microsoft Azure. Even though prior attempts to migrate their on-premises servers to AWS EC2 instances had been unsuccessful, Revenera’s team recognized the benefits of elasticity, cost efficiency, security, and more that came with deploying their platform to the AWS cloud. Ultimately, the customer decided to pull the trigger on AWS because Sela’s experts provided them with a TCO (Total Cost of Ownership) estimate that exceeded their expectations.  

Why Sela? 

Sela’s team of experts was uniquely qualified to take on the challenge of modernizing Revenera’s platform through the migration of key components to the cloud due to the team’s proven track record of providing scalable, secure, and cost-effective solutions to numerous clients in the AWS cloud. Sela’s team met with the customer’s Director of Engineering and engineering leadership and learned of their team’s skills and capabilities. They had a dedicated SRE, but cloud experience and bandwidth were both very limited. The executive team wanted to bring in an experienced partner with deep expertise and they required our experience to implement AWS best practices, as well as our supplemental capacity to get the migration done. 

 

Partner Solution 

Sela's experts began with evaluating the customer's existing environment, analyzing specific workloads, interdependencies between services, and source code.  

Software was refactored to a serverless and cloud native solution using Amazon API Gateway, AWS Lambda, Amazon Direct Connect, and purpose-built databases. Migration of databases from the customer’s on-premises data center using AWS DMS (Database Migration Service). Client applications were orchestrated with Amazon ECS (Elastic Container Service), and containerized apps were right sized in collaboration with the Revenera engineering team. The configurations were collected from the on-premises data center and used as a baseline for initial deployment. Various resource sizes were tested for each containerized service and serverless application to find the optimal configuration for best response times, while not over-allocating resources. CloudWatch metrics were used for ongoing monitoring of resource utilization.  

Workload stages were separated following the AWS multi account strategy, and a single VPC (Virtual Private Cloud) was created in each account. Those VPCs (virtual private clouds) housed two Availability Zones, each containing a private and public subnet. AWS Control Tower was used to provision new accounts and Terraform was used to complete the landing zone. All containerized and serverless applications were deployed in multiple availability zones.  

A Kong API gateway and Wallarm firewall are deployed to a separate VPC in ingress AWS account with EKS and ECS correspondingly. Traffic traverses a transit gateway in a central network account with shared egress NAT Gateways. All workloads, except the Ingress firewall, are deployed to private subnets. Security group rules are specified to enforce zero-trust security policies between components. Revenera’s engineers gain access to subnets via the company's Pulse VPN solution. 

The ECS services all use ELB (Elastic Load Balancer) health checking, so in the event of a failure, it is detected by the health check and traffic is routed to a container in a working AZ. Data is persisted to a set of highly available Aurora PostgreSQL databases, which are deployed to Amazon RDS (Relational Database Service). Kubernetes is deployed on Amazon EKS (Elastic Kubernetes Service) with an Amazon EC2 Auto Scaling Group, and health checks on pods were carried out by the control plane to ensure the Kong API gateway remains healthy.

All users accessing the Revenera environment were provided with identities federated from customer's third-party Okta IdP. Accounts were not shared by users. A dedicated security team managed access to all AWS accounts on an as-needed basis. The customer's root account is not used in day-to-day operations and is secured using a hardware MFA (Multi Factor Authentication) token. Permissions to services were granted using least access IAM (Identity and Access Management) roles provisioned by CI/CD pipelines with Terraform on a least-privilege basis. 

Operations and deployment practices were centered around GitOps. All changes to infrastructure, application deployments, and security configurations were managed through CI/CD pipelines. Changes were driven through Git Workflows. Once changes were ready for release, pull requests were opened and changes were deployed to staging and UAT environments, where the customer's QA team validated changes. All deployments were automated. 

 

Results and Benefits 

The migration of Revenera's workloads and automation of their build and deployment processes resulted in a higher velocity and more agile infrastructure and feature production. Revenera also realized cost savings due to right sizing of containerized applications and by leveraging the power of the AWS cloud to provision only the resources needed to deploy and maintain their platform.