AWS Architecture and Networking Proof of Concept
About Alpine Testing Solutions, Inc.
Alpine Testing Solutions, Inc. (Alpine) is a professional services organization that provides test development, psychometrics, and candidate credentialing and exam data management for certification, professional credentialing, licensure, and education programs. Alpine recognizes the importance of engaging with and contributing to the professional community and is proud to be affiliated with several organizations, including the Association of Test Publishers (ATP) and The Institute for Credentialing Excellence (ICE), National Council for Measurement in Education (NCME), International Test Commission (ITC), and the Northern Rocky Mountain Educational Research Association (NRMERA).
Prior to March of 2020, Alpine’s candidate management solution, CertMetrics™, predominantly managed credentials for in-person testing. The CertMetrics team had already been working to support increased remote, proctored testing needs. But as COVID-19 emerged, the possibility of in-person testing diminished overnight and demand for remote testing soared.
This rapid shift to predominantly remote testing placed additional importance on the CertMetrics system and made uptime and reliability even more critically important. When in-person testing occurs, there’s more “give” in the system to compensate for unexpected downtime. With a remote testing model, a dependable system is absolutely necessary; if the system goes down, people are not able to take exams and obtain needed credentials, which can directly affect their careers. In addition, Alpine was planning on a huge influx of customers with the launch of a new offering in 2021, and its systems were not set up to handle the potential added demand. Alpine recognized the immediate need to leverage the scalability and reliability of the cloud, so it researched cloud providers and prepared to move to the Amazon Web Services (AWS) cloud.
Why Amazon Web Services
Amazon Web Services already utilized Alpine for its certification management, so it only seemed natural to build on that existing relationship. Through the research process, Alpine realized that moving the CertMetrics workload to AWS offered several benefits; in addition to reliability, Alpine was interested in the potential scalability, flexibility, security, redundancy, and cost efficiency. Alpine was also drawn to the benefits that Infrastructure as Code in the cloud could offer (version control, repeatability, etc.), plus additional tools and services like analytics, machine learning, and data visualization. Alpine turned to 1Strategy, an AWS Partner Network (APN) Premier partner, for guidance and education through the migration process.
Since Alpine was new to AWS, there were three main project goals: establish an AWS foundation (account/organization structure, governance, security, networking) to support growth, get a proof-of-concept of CertMetrics up and running, and equip the Alpine team with the skills needed to confidently manage its AWS environment.
The first step of the foundation was an AWS account strategy to support easy isolation and management of different workloads and environments (e.g., dev, test, production). To achieve this, the team architected an organizational structure aligning with current best practices, then implemented those accounts and organizational units (OUs) via AWS Control Tower. Control Tower gave Alpine a “one-stop shop” for account management and simplified single sign-on and the implementation of core security services and guardrails in all accounts.
Once Control Tower’s “out-of-the-box” guardrails were in place, the security and governance work continued. First up were additional, custom guardrails focused on security controls and cost mitigation. From there, the team focused on designing permission sets in AWS Single Sign-On (SSO); these permission sets, when combined with the isolation-focused account strategy, made it straightforward to govern access to infrastructure with fine-grained, role-based access control. Finally, Alpine and 1Strategy utilized AWS Key Management Solution (KMS) and AWS Certificate Manager to simplify encryption of data at rest and in transit.
The remaining piece of the foundation was hybrid networking and DNS to support connectivity between AWS and Alpine’s on-premises environment. This was accomplished via a hub-and-spoke architecture utilizing AWS Transit Gateway, a site-to-site VPN, and various VPCs, all maintained in (and shared from) a single account. The result was a resilient, easy-to-use network architecture that also protected critical infrastructure—the network resources—in an isolated account. By leveraging Route 53 for DNS management (via inbound/outbound resolvers, resolver rules, and private hosted zones), Alpine was able to seamlessly manage connectivity between resources across environments and domains.
Finally, the combined team architected and implemented the Windows-based CertMetrics application on top of this new foundation. To support high availability and automatic scaling in response to load, the web servers were implemented as an autoscaling group fronted by an application load balancer. These web servers utilized an FSx filesystem, which in turn leveraged AWS Managed Microsoft Active Directory to govern access. An EC2-based SQL Server setup using availability groups provided the right blend of support for database customizations, as well as high availability for the database tier. The result was that the CertMetrics app could now realize the benefits of AWS: stability, high availability (HA), automatic scaling, and ease of management.
Just as important as what was accomplished was how it was accomplished: in partnership, with 1Strategy mentoring Alpine every step of the way. Since Alpine was new to AWS, it was critical for the team to become comfortable with working in the cloud. Both teams committed significant time and energy to this effort, and the Alpine team proved to be adept learners. Through regular teaching sessions, pair- and mob-architecting, guided practice with Infrastructure as Code, and thorough documentation, the team quickly got “AWS ready.”
“I think it was awesome to get our hands dirty and go through the process. It helped us understand the structure, procedure, and purpose—then it all started to come together at the end,” said Jim Phay, Alpine System Administrator. “We can not only talk the talk, but also walk the walk. We know where we’re strong and where there is room for improvement.”
As a result, the Alpine team is now well-positioned to take CertMetrics forward into production on AWS and is already contemplating the next steps in their cloud journey. “I’m extremely thrilled with the way this went and the progress that was made. We’re ready to move things forward,” said Blair Harris, Vice President, Technology Solutions at Alpine. “It’s fantastic! Working with 1Strategy on migrating to the AWS cloud has been invaluable for our team. We’ve learned a lot, and we’re ready to take the next steps.”
Alpine is committed to providing an enterprise-level candidate, credential, and exam data management experience. Moving to the cloud is the next step in this evolution. The AWS cloud gives Alpine the ability to meet client requirements and SLAs while freeing up critical resources to focus on expanding product capabilities. 1Strategy’s expertise and training enabled Alpine to rapidly educate its staff on cloud technologies and establish the framework needed to migrate to the AWS Cloud.
As an AWS Premier Consulting Partner, 1Strategy focuses exclusively on Amazon Web Services (AWS) to help businesses architect, migrate, and optimize their workloads on AWS, creating scalable, cost-effective, secure, and reliable solutions. 1Strategy also helps customers get real value from their data using comprehensive machine learning models and artificial intelligence. 1Strategy holds the AWS DevOps, Migration, Data and Analytics, Machine Learning Operations, and Security Competencies, and is a partner of the AWS Well-Architected and the AWS Public Sector Programs. With experts having deployed AWS solutions since 2007, 1Strategy is a leader in custom training—providing customers with the knowledge, tools, and best practices to manage those solutions over time. 1Strategy is a TEKsystems Global Services company with teams in Seattle and Salt Lake City, supporting customers throughout the US and across every vertical.
For more information about how 1Strategy can assist your company migrate to AWS, optimize AWS solutions including security and backup strategies, and receive custom training, visit 1Strategy.com.
To read about other companies we’ve helped in their AWS journey, CLICK HERE.