Success story: Trepup.com AG modernizes architecture to scale business on Amazon Web Services with CyberNX


Success story: Trepup.com AG modernizes architecture to scale business on Amazon Web Services with CyberNX
5 Minutes 22 Seconds | 2785 views

Listen This Case Study Now!


About Trepup.com:

Trepup.com is a secure, smart and easy-to-use ecommerce platform to start or grow your business. The platform allows the creation of an online store, buying or selling products worldwide, and staying connected with people and businesses. Trepup was founded by John Verbic on 1 May 2014 and is based in Baar, Switzerland. Its mission is to level the business playing field and make it universally inclusive and accessible.

The platform provides the following useful services for new and established businesses:

  • Trepup Store: Online store builder for new and established businesses to sell products and services directly to customers.
  • Trepup Marketplace: Ecommerce sales channel that brings together buyers and sellers and enables them to directly connect and carry out transactions.
  • Trepup Email: Email marketing service to help businesses manage and talk to their clients, customers and other interested parties.
  • Trepup Tools: Competitive intelligence tool that provides store traffic data, global rankings and other ecommerce analytics for stores.
  • Trepup Photos: One place for storing, editing and sharing photos or videos of the business storefront, products, and services to attract more customers.

The Challenge

Trepup has organically grown with a user base increasing across all 195 countries. With high registration of users and an increasing product catalogue over time, manageability and scalability became challenging with significant cost and administrative overhead. Having managed AWS SysOps with limited skills in-house and rising maintenance issues, Trepup was interested in concentrating on what it was experienced at and its core ecommerce business and platform enhancements.

Product release on the platform was an issue considering developers compiled code, built binaries and updated on servers manually with every release, and the development and production environment release process had multiple silos. Trepup realized that even though its product was hosted on a mature cloud platform known for ecommerce, it had not leveraged the full capability and features of the AWS platform services. In addition, Trepup had other challenges to keep up with security and compliance and to ensure that customer payment transactions were safe and complied with PCI-DSS standards.

Trepup approached CyberNX to offload the operational management task of the AWS platform. Within several weeks of doing operational support, CyberNX realized that the existing Trepup architecture was not agile, scalable and well designed to sustain the long-term growth ambitions of Trepup. CyberNX observed that Trepup’s security configuration was not as good as what was globally required and that it could be further optimized considering the compliance requirement of PCI-DSS. It was also observed that disaster recovery was not adequate for the Trepup production environment and resources that should have been duplicated and replicated to a different data center and geographical region were not far enough away from a potential source of disaster.

CyberNX proposed to Trepup a re-architecture in a consulting approach highlighting shortfalls in its existing architecture as compared to benefits Trepup could possibly gain from new architecture, which would be highly scalable, agile, secured and resilient.


Why did Trepup select CyberNX?

CyberNX is a cyber security consulting and advisory firm with beliefs in a security-first approach. With experience in cyber security and public cloud and being an AWS Partner, Trepup preferred CyberNX as its choice for a Managed Services Partner, which could not only manage Cloud IAAS but also support the overall strategy for Cloud Security and DevOps.

CyberNX has a separate division for Cloud Managed service named as MSP247, this team involves Solutions Architects, SysOps, Security Specialists and DevOps experts. The team was involved during multiple discussions with Trepup and its developers who wanted seamless release management and stable code deployment. Other issues that Trepup required and presented to CyberNX were the following:

  1. Stable code deployment with release approvals
  2. Highly secured and vigilant environment
  3. Auto-scaling to support spikes in traffic
  4. Ability to quickly restore from backup
  5. Bring up DR in another region
  6. Ability to secure all API / Secrets
  7. Transition from third-party video transcoders
  8. Image verification using AWS
  9. Third-party email subscription shifting to AWS native SES
  10. Secure inbound and outbound traffic

Clear goals were defined before the project was initiated. CyberNX leveraged its internal expertise and ensured safeguard from data breaches and boosted network security using AWS Security Tools such as AWS WAF, Guard duty, Security Hub and other Security best practices.


How CyberNX approached the solution on AWS

CyberNX formed a team of experts from different departments, including a special team of 3 experts, and new architecture was designed and presented to Trepup for final reviews.

Security was considered at each layer from IAAS, PAAS, Application & Database. Cloud Formation was used for deployment of VPC with subnet and for auto-scaling of EC2 instances. All EC2 instances were hardened as per CIS standards and tested for vulnerability assessment using the Nessus tool before baking into final images for auto-scaling.

CyberNX ensured that inbound traffic was protected by using AWS Cloud native WAF with OWASP Top 10 Protection, ensuring it was safeguarded from data breaches and boosted network security using AWS Security Tools such as AWS WAF, Guard duty, Security Hub and other security best practices.

Search being a key component for ecommerce, CyberNX migrated from single node Elastic Search to 3 Node Open Source Elastic Cluster and ensured data migration from an older version to new version.

AWS Account separation for Route 53, Logging, DR, Production, Non-Production was defined under AWS Organization.

Fortinet Firewall with IDS/IPS and was used to protect outbound traffic and enable Secure VPN from Trepup’s Head Office, all EC2 instance traffic was restricted to limited DNS and ports.

For Endpoint Security, Trend Micro Cloud Security with IDS/IPS capabilities were added.

Life Cycle of the Project was 5 months, which including testing from Non-Production to Production, and the testing of each component of the Trepup Platform. Trepup was also proactive and took the opportunity to leverage all cloud platform services, which included video transcoding, and image resizing and leveraged S3 bucket for storing product images, Cloud Front enablement ensured better response time across the globe considering the Trepup platform does business in all 195 countries. Post-deployment web page response time was compared and found significant improvement.


The Benefits

CyberNX was able to achieve re-architecture with DNS seamless cutover. The benefits for Trepup using AWS Native Services are listed below:

Issue

AWS Services Used

Benefit

Slow website performance

Cloud Front

Better response time

Key Management

AWS Parameter Store

Secured Key Management

Not able to scale

Auto-Scaling

Ability to Scale on demand

Single Instance per service

Single point of failure

High Availability

No protection for Layer 7

AWS WAF

Protected Web Traffic

Siloed release process

AWS Code Deploy/Code Commit

Stable and planned release process

High exposure over internet

EC2 instances in Private Subnet

Reduce attack surface

No Encryption

AWS KMS Service

Encryption at Rest

Cost for SSL certificate

AWS Certificate Manager

No cost for certificate

Security Patch Management

AWS System Manager

Less administrative overhead

Less backup frequency

AWS native EBS snapshot every 3 hours

On demand restore from snapshots

No Disaster Recovery

Cross region replication

Enabled DR in another Region

Less visibility on security Threat

AWS Guard Duty

Better visibility on anomaly and security threats

Higher cost workload

AWS AMD instance for EC2

30% Cost savings for workloads


Conclusion: A highly secured and scalable design to support the future growth of Trepup with security-first approach. CyberNX played a vital role from planning to deployment and continues to be a trusted advisor to Trepup.



Share this on:

Schedule A Call:

Captcha Image

By clicking on the 'Submit' button you agree that you have read, and accept the Terms Of Use and Privacy Policy.


Our Key Services


Blogs



Articles