Productivity, Security, and Cost Optimization: GeoX’s AWS Cloud Migration with Profisea
Founded in 2018, GeoX is an Israeli company revolutionizing the geospatial property data industry, a crucial foundation for underwriting and claims processes in the insurance sectors of the USA and Europe. GeoX’s 3-dimensional extraction technology provides comprehensive insights into each property’s characteristics by automatically generating 3D building datasets from aerial imagery. The integration of innovative digital models with aerial imagery empowers insurance companies to assess properties without physical site visits.
After initially adopting a Google Cloud Platform (GCP) environment, GeoX engineers identified some design gaps and collaborated with Profisea to establish a well-structured architecture on the Amazon Web Services (AWS) platform. The strategic partnership between GeoX and Profisea aimed to achieve the following objectives:
- Seamlessly migrate GeoX’s infrastructure to AWS so as to leverage its extensive range of managed services.
- Establish enhanced operations, consistency, and efficiency through the adoption of Infrastructure as Code (IaC) methodologies.
- Strengthen cloud security by implementing distinct network layers, utilizing AWS’s security features, and implementing proactive access management.
- Ensure system reliability during migration by utilizing AWS’s inherent mechanisms for seamless scalability.
- Implement a comprehensive cost optimization strategy with innovative tools such as Uniskai by Profisea Labs for cloud expense monitoring, management, and cost reduction.
AWS offers a wide range of cloud services, from computing and storage to databases, analytics, and AI/Machine Learning (ML), to build a complete infrastructure stack, optimize costs, and automate IaC implementation. Cloud services are highly configurable, providing an extensive set of APIs, SDKs, and tools to create a scalable and flexible infrastructure. Also, AWS delivers a wide range of security features and services to define your security policies, access controls, and network configurations.
The project made use of various AWS services, including AWS Identity and Access Management (IAM), AWS Command Line Interface (AWS CLI), AWS Certificate Manager, AWS Key Management Service (AWS KMS), Amazon Virtual Private Cloud (VPC), Amazon Route 53, Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Block Store (AWS EBS), AWS CloudFormation, Amazon Simple Storage Service (Amazon S3), AWS CloudTrail, AWS CloudWatch, AWS Pricing Calculator, AWS Lambda, Amazon Simple Queue Service (SQS), Amazon Relational Database Service (Amazon RDS), Amazon Aurora PostgreSQL, AWS Database Migration Service (DMS), Amazon Kubernetes (Amazon EKS), Amazon Elastic Container Registry (Amazon ECR).
Cloud Migration Approach
The migration methodology followed the AWS Well-Architected Framework, carefully identifying and addressing infrastructure issues.
This cloud journey encompassed several key phases, including Infrastructure as Code (IaC) implementation, application migration, CI/CD pipeline establishment, data migration, and a switchover phase. Collaborative efforts between GeoX and Profisea resulted in a seamless transition and post-migration support.
- Operational Excellence. At the core of GeoX’s migration strategy was the adoption of IaC practices, utilizing HashiCorp Terraform and ensuring consistency across various architectural layers:
- Networking (including all Amazon VPC configurations).
- Data (encompassing Amazon RDS, Amazon S3, and other data stores).
- Applications (with separate AWS Auto Scaling Groups for each application).
Each layer was represented by a distinct Terraform state, with identical code across different environments, with varying variables and backend configurations stored in an Amazon S3 bucket.
The GitHub Actions pipeline was used to execute the Terraform code, providing a standardized and simplified experience for the customer.
Architectural adjustments were made during migration for critical system components:
- Migration from a self-hosted Postgres server to a managed Amazon RDS for PostgreSQL.
- Enhancement of API Gateway by integrating Lambda functions for extended serverless capabilities.
- Implementation of Amazon SQS as a message bus for batch processing.
Metrics were collected from Amazon EC2 and Amazon RDS instances using AWS CloudWatch, with plans to adopt AWS Managed Prometheus distribution in the future. Also, for the new serverless components, the adoption of the AWS Serverless Application Model (SAM) for development and AWS X-Ray for debugging was recommended.
2. Security. GeoX’s cloud architecture was fortified with security measures. This involved the stratification of distinct VPCs and customized security groups for different environments, ensuring isolation and secure communication:
- Public subnets housing AWS-managed services, Application Load Balancers, Internet Gateways, and NAT Gateways.
- Private Application subnets accommodating multiple Auto Scaling Groups, each with dedicated security groups regulating incoming connections.
- Database Private subnet (Amazon RDS) with a security group permitting access from specific source security groups.
AWS Client VPN with certificates provided access to EC2 instances in Private subnets, with plans to transition to AWS SSO for simplified user management. Encryption through KMS keys was applied to RDS databases, while CloudTrail was enabled across regions.
3. Reliability. High availability was a paramount consideration, realized through multi-Availability Zone (AZ) support and redundancy mechanisms for various services. Client-facing APIs were served through Application Load Balancers (ALBs), which employed health checks to reroute traffic during AZ or instance failures. Amazon RDS was configured in high availability mode, safeguarding applications against AZ outages. Critical components such as Amazon S3 and Amazon SQS were managed by AWS.
Contingency planning was devised for AWS region failures:
- Monitoring systems would trigger alerts.
- Engineers would initiate Terraform scripts to set up infrastructure and applications in another region.
- Database backups would be uploaded to restore operations.
4. Performance Efficiency. While performance metrics from the previous GCP environment were unavailable, GeoX did not encounter performance issues during batch processing. New migration plans included integrating AWS Managed Prometheus and Grafana to gather internal and system metrics.
5. Cost Optimization. Cost Optimization. Before migration, a manual cost estimation was conducted using the AWS cost calculator, selecting Amazon EC2 instances similar to existing GCP instances. The actual post-migration bill exceeded estimates by 10%. To optimize costs, Profisea’s Uniskai FinOps platform was employed, offering cost tracking, spot instance recommendations, rightsizing, and waste management functionalities.
The partnership between GeoX and Profisea has given GeoX the following significant outcomes:
- Migration to AWS means that GeoX can now utilize managed services and industry-leading practices.
- Infrastructure as Code (IaC) implementation optimizes operations and efficiency.
- Its cloud architecture now benefits from robust security measures, including isolated VPCs and security groups.
- Multi-AZ support and redundancy strategies give GeoX enhanced resilience and scalability.
- Precise cost monitoring and optimization techniques enable effective cost management.
By embracing AWS and fully optimizing its infrastructure, GeoX has added the value of operational excellence, security, and scalability in transformative cloud journeys to its impressive track record in aerial imagery analytics.
Profisea: Your Trusted Partner for AWS DevOps Services and Cloud Migration
Profisea is an Israeli boutique DevOps and cloud company providing a full spectrum of cloud management services, from smart customization of existing cloud infrastructures to end-to-end cloud infrastructure design and optimization that meets the unique business requirements of each of its customers.
For close to a decade Profisea’s DevOps engineers have been implementing top practices of GitOps, DevSecOps, and FinOps, and providing Kubernetes-based infrastructure services to help businesses of all sizes – SMB, SME, or large enterprises transform their organizational mindsets, increase productivity, boost performance and keep their cloud costs under control.
If you are looking for optimized infrastructure and enhanced delivery processes, contact us to learn how we can transform your cloud journey.