A StormIT client, a healthcare organization, contacted us in search of an AWS specialist to enhance their cloud operations. With a commitment to AWS best practices, we comprehensively optimized their AWS infrastructure and operations costs using the AWS Well-Architected Framework.
General challenges and our approach
The healthcare industry demands uncompromising security, reliability, and performance. Our client faced several challenges:
- High costs and resource management: Lack of dedicated ownership and inefficient resource allocation. Many instances were not utilized enough or at all.
- Security vulnerabilities: Multiple instances exposed to the Internet posed significant security risks.
- Performance efficiency: Suboptimal performance during data analysis spikes, coupled with underutilized resources, highlighting the need for optimization and scalability.
Our approach to solving these challenges was based on the AWS Well-Architected Framework, a set of best practices designed to optimize cloud architectures for security, reliability, performance efficiency, cost optimization, and operational excellence.
Technical outcomes of the Well-Architected review with a healthcare industry client
Summary
- Infrastructure Optimization: Leveraged EC2 Spot Instances and AWS Lambda to optimize computing resources and reduce operational costs. Used AWS Batch for analysis.
- Data Management: Deployed AWS Glue for efficient data preparation and transformation, enhancing data management capabilities. Selected correct S3 storage classes for specific use cases.
- Monitoring and Management: Utilized AWS CloudWatch and Trusted Advisor to proactively monitor AWS resources and optimize performance.
Operation Excellence
- Resource Ownership: Assigned dedicated owners to each resource, ensuring accountability and effective change control.
- Account Monitoring: Implemented robust monitoring frameworks to gain insights into AWS resource usage and performance.
Security
- Layered Security: Established and suggested usage of network layers and traffic controls to mitigate unauthorized access risks and protect sensitive data.
- Access Restriction: Implemented Elastic Load Balancing to restrict public access to EC2 instances, ensuring secure and controlled access.
Reliability
- Redundant connectivity: Implemented AWS Direct Connect and VPN tunnels to establish redundant connections between cloud and on-premises environments, ensuring high availability and reliability.
Performance efficiency
- Storage Optimization: Educated the client on Amazon S3 storage class optimization strategies, implemented access logs, and leveraged Athena for in-depth usage analysis and optimization.
- Auto-Scaling and Load Balancing: Implemented AWS Auto-Scaling and Elastic Load Balancing to ensure high availability and efficient resource utilization, dynamically scaling resources based on demand.
- AWS Batch implementation: The EKS cluster, where the customer analyzed a lot of data from their machines, sometimes spiked and this sometimes also led to downtime. After analyzing, we determined it was best to leverage AWS Batch to better prepare for spikes with better as well as cost-optimized performance.
Cost optimization
- Decommissioning: We identified many underutilized EC2 and RDS instances, unused elastic IPs, and idle load balancers across various regions and accounts using Trusted Advisor. This led to substantial cost savings.
- Athena and Cost and Usage report: We implemented a solution with Amazon Athena and cost and usage reports to enhance the customer's cost visibility within their AWS accounts. This system, integrated with third-party software, provided a clearer overview, precise costs, and improved control over expenses.
- AWS WorkSpace: For AWS Workspaces, we developed a solution via AWS CLI to analyze usage based on the last time and frequency of usage, leading to the decommissioning of unused instances and substantial cost savings.
Conclusion
We successfully transformed our healthcare industry client's AWS environment and we continue to do so. By optimizing costs, security, reliability, and performance, we are helping them to navigate the complexities of the AWS Cloud with confidence and efficiency.