PayEasy (Chinese: 康迅數位整合股份有限公司) has established its presence in Taiwan on April 7, 2000, with registered capital of NTD$50 Million. At present, the main business is to provide enterprise electronic employee welfare platform services, enabling enterprises to implement employee welfare policies through online methods.
Looking at the corporate welfare market, the “PayEasy Welfare Network” with over 80% market share is unique. PayEasy, which started from B2C e-commerce, launched the welfare network in 2004 to help companies solve the welfare problem. After years of hard work, they have accumulated thousands of special stores, provided food and clothing exchanges, and successfully won hundreds of medium and large enterprises. Corporate customers are favored and the business scale is booming.
In the second half of 2017, PayEasy will assess the IT resources needed for expansion in the next 2-3 years. It is confirmed that at least NT$20 million to US$30 million must be budgeted for the purchase of physical machines, together with the subsequent manpower input. There is no small capital expenditure; therefore, it is a matter of heart and mind, to relocate the production environment of the operation to the cloud, reduce financial investment, and then focus resources on more valuable areas, such as seeking price concessions from suppliers, for members. Bring better shopping quality.
In response to business growth, PayEasy must continue to expand computing and storage resources to maintain a smooth and excellent shopping experience, support the implementation of various marketing activities, but also increase financial expenses and increase the load of maintenance. To this end, PayEasy decided to introduce eCloudvalley’s professional advisory services to help move the local operating environment to the Amazon AWS cloud service platform. The project was successfully completed on July 1 this year (2018).
PayEasy expects AWS could help to achieve:
- Due to the banking compliance, data transmission need to through encrypted channel, and the developed tools need to be tested before applying into the production environment for security reason.
- Migrate Oracle 10g to AWS RDS 12c with minimal downtime
- PayEasy has millions of image files stored in on-premise storage, So need to migrate to AWS S3
- The services with High Availability
- The provided tools need to be easy use with high stability.
Proposed Solution & Architecture
Originally using AWS as a DR Site, customers now want to move all systems from the IDC room to AWS. Therefore, it is first built on AWS with a standard three-tier HA architecture. The AWS environment and services are built according to the following phases. Finally, the application system and database will be migrated for testing. Then will be officially converted into a production environment after being tested.
- Establish a VPC and build a three-tier architecture in AWS Tokyo Region, including Public Subnet and Private Subnet, VPN.
- Launch EC2, RDS, ElastiCache, ELB and AutoScaling according to the requirements of the application system.
- The media file is stored in S3 , so help migrating the image files to S3.
- Launch CDN (AWS Cloudfront) to the web front end, and because EIP is required for B2B requirements, we must apply for ALB to have EIP.
- Assist in installing the AWS WAF + F5 Rule on ALB.
- Oracle DB Migration operation.
- Cloudwatch Report Tuning by week.
Based on PayEasy provided structure description, ECV designs the following structure diagram for meeting requirement:
Follows are the descriptions of
- IAM : AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.
- VPC：Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.
- Simple Storage Service：Amazon S3 is object storage built to store and retrieve any amount of data from anywhere – web sites and mobile apps, corporate applications, and data from IoT sensors or devices. It is designed to deliver 99.999999999% durability, and stores data for millions of applications used by market leaders in every industry. S3 provides comprehensive security and compliance capabilities that meet even the most stringent regulatory requirements. It gives customers flexibility in the way they manage data for cost optimization, access control, and compliance.
- Cloud Watch：Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources.
- VPN Connection：You can create an IPsec VPN connection between your VPC and your remote network. On the AWS side of the VPN connection, a virtual private gateway provides two VPN endpoints (tunnels) for automatic failover. You configure your customer gateway on the remote side of the VPN connection.
- EC2：Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers. Amazon EC2’s simple web service interface allows you to obtain and configure capacity with minimal friction. It provides you with complete control of your computing resources and lets you run on Amazon’s proven computing environment. Amazon EC2 reduces the time required to obtain and boot new server instances to minutes, allowing you to quickly scale capacity, both up and down, as your computing requirements change.
- WorkMail：Amazon WorkMail is a secure, managed business email and calendar service with support for existing desktop and mobile email client applications. Amazon WorkMail gives users the ability to seamlessly access their email, contacts, and calendars using the client application of their choice, including Microsoft Outlook, native iOS and Android email applications, any client application supporting the IMAP protocol, or directly through a web browser. You can integrate Amazon WorkMail with your existing corporate directory, use email journaling to meet compliance requirements, and control both the keys that encrypt your data and the location in which your data is stored. You can also set up interoperability with Microsoft Exchange Server, and programmatically manage users, groups, and resources using the Amazon WorkMail SDK.
- NAT Gateway：You can use a network address translation (NAT) gateway to enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances.
- CloudSearch：Amazon CloudSearch is a managed service in the AWS Cloud that makes it simple and cost-effective to set up, manage, and scale a search solution for your website or application.Amazon CloudSearch supports 34 languages and popular search features such as highlighting, autocomplete, and geospatial search.
- RDS：Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need. Amazon RDS is available on several database instance types – optimized for memory, performance or I/O – and provides you with six familiar database engines to choose from, including Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle Database, and SQL Server. You can use the AWS Database Migration Service to easily migrate or replicate your existing databases to Amazon RDS.
Outcomes of Project
The whole project schedule was completed within three months, including discussion on on-premise service mapping to Aws workflows, migrating progress planning, and ECV’s training on operation on AWS for reducing IT’s loading. To ensure the security of the whole development process, the real data transmitting to AWS need to proceed under private environment. The private environment is created through isolated VPC, VPC peering, S3 End point functions.
The database chosen was the RDS for Oracle. The RDS for Oracle helps reduce the reliance on on-premise servers. RDS also helps increase the security and the scalability of the service.
The designed architecture can help save time on their internal processing. The client used to clone Db through long and inefficient process. Fortunately, the client can now easily use RDS’s DB snapshot function to establish new DB with a couple simple clicks.
Moreover, reports can utilize the newly established DB to execute search functions.
- Migration and Upgrade of the old Oracle database to new Oracle database versionon AWS and continuous optimization.
- Cost savings: Shifting the cost of traditional physical machines and maintenance personnel to more business valuable application development
- Disaster Recovery: DR keeps operations running at all times