Leveraging AWS for Highly Available and Geographically Distributed Solutions
- Maxime VANHAMME
In today's dynamic digital landscape, businesses rely on highly available and geographically distributed solutions to meet customer demands. AREMIS, in collaboration with Amazon Web Services (AWS), offers robust and scalable solutions across multiple regions. This article explores how AREMIS effectively leverages AWS components to deliver highly available solutions on the network side and implement geographically distributed architectures while ensuring compliance with data protection regulations.
Geographically Distributed Solutions
AREMIS harnesses the global infrastructure of AWS, which spans multiple regions, to implement geographically distributed solutions. By strategically deploying resources in different regions, AREMIS ensures seamless access to their services for customers, regardless of their location. Geographically distributed solutions enable AREMIS to achieve high availability, low latency, and disaster recovery capabilities.
AWS Cloud infrastructure is built around Regions, which are physical locations worldwide with multiple Availability Zones (AZs). Availability Zones consist of separate data centers, each equipped with redundant power, networking, and connectivity. They enable applications to operate with superior availability, fault tolerance, and scalability compared to single data center setups. Availability Zones are interconnected through high-speed, private fiber-optic networking, facilitating seamless failover between zones without interruptions.
AREMIS leverages these AZs in the Frankfurt, Ireland, and Zurich regions to distribute resources across multiple data centers.
Highly Available Solutions on the Network Side
AREMIS takes advantage of AWS services and features such as AWS WAF, Elastic Load Balancing, Virtual Private Cloud, Auto-scaling groups and cross-AZ replication to design highly available network architectures.
The utilization of Amazon VPC allows AREMIS to establish dedicated, secure, and isolated virtual networks in the cloud. Through the deployment of dedicated VPCs, AREMIS enhances network security for customer instances, providing an additional layer of protection. This involves the creation of private subnets, ensuring isolation, and offering the flexibility to establish VPN tunnels between the customer's internal network and the VPC environment.
AREMIS ensures that each customer has exclusive infrastructure, including their own databases and application instances per environment, which are completely isolated from other customers. This dedicated virtual private cloud facilitates the hosting of all instances within public or private subnet zones, ensuring optimal security and performance for each customer's environment.
Secure by design
AREMIS is committed to maintaining a high level of network availability across multiple regions. Our infrastructure architecture is designed with stringent security measures to ensure the integrity, confidentiality, and availability of client data. We prioritize secured access by enforcing HTTPS for client interactions, establishing secure communication sessions over SSL/TLS. With network firewalls integrated into Amazon VPC and the robust web application firewall capabilities of AWS WAF, we create private networks with fine-grained control over access to instances and applications.
Data encryption plays a crucial role in safeguarding client information. We enforce encryption in transit with TLS across all services, utilizing server certificates countersigned by the trusted CA "SECTIGO" (formerly COMODO CA) and generated from a strong 2048-bit bi-key. User-generated data is encrypted at rest, employing volume encryption compliant with the FIPS 140-2 standard and employing XTS-AES-256 encryption.
With this comprehensive network availability documentation, AREMIS ensures that IT operations are meticulously operated across regions. We prioritize the protection of client data, utilizing secured access protocols, encryption mechanisms, and fine-grained control over network access. By adhering to these principles, we maintain a robust and highly available network infrastructure that supports our clients' operations and safeguards their valuable information.