Success story: Trepup.com AG modernizes architecture to scale business on Amazon Web Services with CyberNX

Company Profile:

Country: Switzerland

Industry: E-Commerce

About Trepup.com:

Trepup.com is a secure, smart and easy-to-use ecommerce platform to start or grow your business. The platform allows the creation of an online store, buying or selling products worldwide, and staying connected with people and businesses. Trepup was founded by John Verbic on 1 May 2014 and is based in Baar, Switzerland. Its mission is to level the business playing field and make it universally inclusive and accessible.

The platform provides the following useful services for new and established businesses:

The Challenge

Trepup has organically grown with a user base increasing across all 195 countries. With high registration of users and an increasing product catalogue over time, manageability and scalability became challenging with significant cost and administrative overhead. Having managed AWS SysOps with limited skills in-house and rising maintenance issues, Trepup was interested in concentrating on what it was experienced at and its core ecommerce business and platform enhancements.

Product release on the platform was an issue considering developers compiled code, built binaries and updated on servers manually with every release, and the development and production environment release process had multiple silos. Trepup realized that even though its product was hosted on a mature cloud platform known for ecommerce, it had not leveraged the full capability and features of the AWS platform services. In addition, Trepup had other challenges to keep up with security and compliance and to ensure that customer payment transactions were safe and complied with PCI-DSS standards.

Trepup approached CyberNX to offload the operational management task of the AWS platform. Within several weeks of doing operational support, CyberNX realized that the existing Trepup architecture was not agile, scalable and well designed to sustain the long-term growth ambitions of Trepup. CyberNX observed that Trepup’s security configuration was not as good as what was globally required and that it could be further optimized considering the compliance requirement of PCI-DSS. It was also observed that disaster recovery was not adequate for the Trepup production environment and resources that should have been duplicated and replicated to a different data center and geographical region were not far enough away from a potential source of disaster.

CyberNX proposed to Trepup a re-architecture in a consulting approach highlighting shortfalls in its existing architecture as compared to benefits Trepup could possibly gain from new architecture, which would be highly scalable, agile, secured and resilient.

Why did Trepup select CyberNX?

CyberNX is a cyber security consulting and advisory firm with beliefs in a security-first approach. With experience in cyber security and public cloud and being an AWS Partner, Trepup preferred CyberNX as its choice for a Managed Services Partner, which could not only manage Cloud IAAS but also support the overall strategy for Cloud Security and DevOps.

CyberNX has a separate division for Cloud Managed service named as MSP247, this team involves Solutions Architects, SysOps, Security Specialists and DevOps experts. The team was involved during multiple discussions with Trepup and its developers who wanted seamless release management and stable code deployment. Other issues that Trepup required and presented to CyberNX were the following:

Clear goals were defined before the project was initiated. CyberNX leveraged its internal expertise and ensured safeguard from data breaches and boosted network security using AWS Security Tools such as AWS WAF, Guard duty, Security Hub and other Security best practices.

How CyberNX approached the solution on AWS

CyberNX formed a team of experts from different departments, including a special team of 3 experts, and new architecture was designed and presented to Trepup for final reviews.

Security was considered at each layer from IAAS, PAAS, Application & Database. Cloud Formation was used for deployment of VPC with subnet and for auto-scaling of EC2 instances. All EC2 instances were hardened as per CIS standards and tested for vulnerability assessment using the Nessus tool before baking into final images for auto-scaling.

CyberNX ensured that inbound traffic was protected by using AWS Cloud native WAF with OWASP Top 10 Protection, ensuring it was safeguarded from data breaches and boosted network security using AWS Security Tools such as AWS WAF, Guard duty, Security Hub and other security best practices.

Search being a key component for ecommerce, CyberNX migrated from single node Elastic Search to 3 Node Open Source Elastic Cluster and ensured data migration from an older version to new version.

AWS Account separation for Route 53, Logging, DR, Production, Non-Production was defined under AWS Organization.

Fortinet Firewall with IDS/IPS and was used to protect outbound traffic and enable Secure VPN from Trepup’s Head Office, all EC2 instance traffic was restricted to limited DNS and ports.

For Endpoint Security, Trend Micro Cloud Security with IDS/IPS capabilities were added.

Life Cycle of the Project was 5 months, which including testing from Non-Production to Production, and the testing of each component of the Trepup Platform. Trepup was also proactive and took the opportunity to leverage all cloud platform services, which included video transcoding, and image resizing and leveraged S3 bucket for storing product images, Cloud Front enablement ensured better response time across the globe considering the Trepup platform does business in all 195 countries. Post-deployment web page response time was compared and found significant improvement.

The Benefits

CyberNX was able to achieve re-architecture with DNS seamless cutover. The benefits for Trepup using AWS Native Services are listed below:

Conclusion: A highly secured and scalable design to support the future growth of Trepup with security-first approach. CyberNX played a vital role from planning to deployment and continues to be a trusted advisor to Trepup.

• Trepup Store: Online store builder for new and established businesses to sell products and services directly to customers.
• Trepup Marketplace: Ecommerce sales channel that brings together buyers and sellers and enables them to directly connect and carry out transactions.
• Trepup Email: Email marketing service to help businesses manage and talk to their clients, customers and other interested parties.
• Trepup Tools: Competitive intelligence tool that provides store traffic data, global rankings and other ecommerce analytics for stores.
• Trepup Photos: One place for storing, editing and sharing photos or videos of the business storefront, products, and services to attract more customers.

1. Stable code deployment with release approvals
2. Highly secured and vigilant environment
3. Auto-scaling to support spikes in traffic
4. Ability to quickly restore from backup
5. Bring up DR in another region
6. Ability to secure all API / Secrets
7. Transition from third-party video transcoders
8. Image verification using AWS
9. Third-party email subscription shifting to AWS native SES
10. Secure inbound and outbound traffic