Cloud  Services
Professional cloud services delivered by experienced AWS experts
Consulting service for cloud architecture construction and migration
Cloud
Architecture Construction and migration
Resale service for cloud resource
Cloud security hardening service
Cloud Landing Zone Service
ABUIABAEGAAgnZmPqQYo4IDEswEwhAc4lQM
Hybrid Cloud Landing Zone Service
ABUIABAEGAAgmYWPqQYosb7_qwYwrBc45go
Cloud Containerization Service
ABUIABAEGAAg8tGSqQYogOTVDzCEBzjNAw
Cloud Security Hardening Service
ABUIABAEGAAgmYWPqQYo9ezjYzCKDTi2Bg
Case Study 1
ABUIABAEGAAgmYWPqQYo0PT7WDDjDTjtBg



Customer Profile

Shanghai Qingwei Business Consulting Firm,is focused on strategic consulting and management consulting, headquartered in Shanghai.

Their mission is to help companies succeed in an ever-changing business environment. Their consulting services cover a wide range of industries and sectors, including finance, energy, healthcare, technology, manufacturing, and more. The company team consists of a group of experienced consulting experts with rich industry knowledge and practical experience. The company's services cover strategic planning, organizational structure design, process optimization, project management, risk management and other aspects.


Challenges

Customers want to gradually optimize the integration of services and resources. The plan is to transform all traditional services into microservices, and use containerization technology to replace the traditional service operation mode. The integration of resources involves the expansion of content packages to the local IDC room resources and the resources of multiple cloud vendors.


Three business lines of HR system, data docking service and data flow service were selected to migrate to AWS cloud as the first phase of transformation.


The transformation involves two aspects, containerization transformation and the construction of basic security protection system on AWS cloud.


Solution

The upgrades involved :

1. Upgrade the existing AWS cloud environment

2. Security protection upgrade

3. Some existing services were containerized


Based on the current best practices on the AWS cloud and the security benchmark of Flyingnets, the current solution was determined after communication and discussion with the customer as follows:

1. Deploy the new infrastructure in the region specified by the customer

2. The new infrastructure needs to differentiate between UAT and PROD environments

3. Transform the existing services running on EC2 into containers, and run the services previously running on ec2 through containers. (The client needs to package the service as an image and push it to the image repository)

4. Since the enterprise has a web site, it needs to strengthen the protection of web attacks

5. Strengthen the management of security vulnerabilities and container image vulnerabilities

6. Strengthen terminal security management

7. Based on the best practices of AWS, build a basic security system to protect cloud resources

8. Clean up old resources after the project is complete


Benefit

Through the best practices on the AWS cloud and the experience of flying network, successfully completed the customer planning. The existing AWS cloud environment was upgraded in terms of architecture, security protection, and containerization of some existing services. Deeply customer trust and praise, Make the customer's business production more barrier.


Case Study 2
ABUIABAEGAAgmYWPqQYovK7inQIwpwo49QU



Customer Profile

Shanghai LiangDu Consulting Company


Challenges

The customers company provides theintroduction of various loan products to customers through the website, so asthe number of customers continues to increase, the number of visits to itswebsite increases significantly, which requires the website operation platformto have good security and scalability. Flyingnets chooses AWS cloud platform toreplace the customer's original way of deploying self-purchased servers in theIDC. After migrating the website to AWS, it needs to carry out comprehensivesecurity reinforcement.


Previously, customer's main services weredeployed on the AWS cloud platform, and some internal network services alsorelied on AWS. The AWS cloud services used include Amazon EC2, AmazonECS,RabbitMQ, EFS, Elastic Load Balancing, Auto Scaling, Amazon S3, Amazon RDS,Amazon CloudWatch, Amazon VPC, and so on.


AWS guarantees the security of theoperating system or network, but the customer is responsible for the securityof the application. At present, the customer's online application systemdevelopment personnel is not the same, and there are no two exactly the sameapplication system, the weakness of different application systems is notcommon, each application system is unique, unique, the weakness is also in linewith this characteristic. Some applications are developed by customersthemselves, and some applications/modules are developed by third parties, sothe development habits and components are different, so the weaknesses andvulnerabilities are also different. Therefore, there is a need for application-basedcustomized security.


Solution

The customer's system architecture on AWSconsists of three main components,Internet-facing web and API services, hostedby AWS EC2 and autoscaling group. App services such as "Flash-basedVirtual worlds" hosted by AWSEC2 and multiple autoscaling groups;Database, hosted by RDS, EC2 instance, ElastiCache, DynamoDB, etc.


With the expansion of data business and thedemand of overseas headquarters, a financial company urgently needed to buildan integrated solution based on AWS security best practices to ensure thesecurity of its online business on AWS.

The solution:

1. Account management and authoritymanagement

2. AWS infrastructure security

3. Protection of the data layer

4. Security incident monitoring andresponse

5. Network security protection


In addition to the existing system, anSOC security tracking system is attached, which uses the following resources:

1. ECS

2. RabbitMQ

3. Opensearch


Third-party application or solutionused:

The Commvault data management platform wasused to perform EC2 snapshots and copy them to other regions


Benefit

Through the implementation of the securityreinforcement of Flyingnets's SOC platform (ALL-SOC), the effective analysisand early warning of the front-end and back-end penetration attack from thepublic network can be realized, and about 90% of the Web-level attacks againstthe company's main website can be avoided, and the data loss of AWS platformcan be avoided. It greatly improves the data reliability of AWS platform.