By Thooyavan Arumugam, Senior Cloud Architect at Tech Mahindra
By Saurabh Shrivastava, Partner Solutions Architect at AWS
By Vivek Raju, Manager, Partner Solutions Architect at AWS
IBM Maximo is an Enterprise Asset Management (EAM) solution that helps organizations manage their assets, track operations, and perform preventive maintenance using predictive analysis and enterprise-ready features.
Maximo can be deployed in an on-premises environment, as well as on a public cloud or hybrid cloud environment.
As cloud computing is becoming the industry norm, Amazon Web Services (AWS) provides Infrastructure as a Service (IaaS) solutions and a broad range of services to deploy any enterprise-grade application in the cloud.
Businesses all around the world are using the breadth and depth of AWS to become more cloud-native. AWS fuels agility and scalability in your application environment by providing on-demand infrastructure instantly.
Fixing the non-performing environment becomes easy with AWS, as it offers the snapshot and image functionalities, which enable the instance to be rebuilt within a very reasonable timeframe with existing image or snapshot.
This post explores Boral Australia’s journey to the cloud and how Tech Mahindra, an AWS Partner Network (APN) Advanced Consulting Partner, helped the customer’s cloud migration to host IBM Maximo on AWS. Tech Mahindra is also a member of the AWS Managed Service Provider (MSP) Partner Program.
Boral Limited is headquartered in Sydney, with 16,000 employees working across 700 operational sites. They primarily deals with building products and construction materials.
Boral had their asset management platform hosted in a datacenter located in Sydney. The major trigger for this migration project was to upgrade the end of life (EOL) version of asset management product IBM Maximo.
The customer also faced the following challenges:
- Solution deployed in multiple sites, with each site working in silos and causing a lack of visibility into asset usage across sites.
- Older version of asset management product running in EOL stage.
- The solution did not allow for standardization of maintenance practices, effective utilization of resources across locations, and did not allow for digitization or technical growth.
- To support an asset management transformation and future-proof the solution, Boral chose to implement the most current version of Maximo in the cloud.
In this post, we’ll describe how Tech Mahindra helped Boral to migrate their asset management platform to AWS using cloud-native services.
Boral’s application has a three-tier architecture re-platformed in Amazon Elastic Compute Cloud (Amazon EC2) instances with the Windows 2012 R2 operating system.
Tech Mahindra established an on-premises integration to Oracle’s financial application using MuleSoft API. We used Tech Mahindra’s Migration of Application to Cloud (MAC) framework to migrate Boral’s database from on-premises to IBM DB2 hosted in Amazon EC2.
Tech Mahindra also set up a change management pipeline to automate the deployment of patches in a systematic way from non-production to production environments.
In the following sections, we’ll share details about the overall architecture and how Boral re-platformed and achieved cloud-native architecture on AWS.
The diagram in Figure 1 shows the application architecture after migrating to AWS.
Figure 1 – Architecture for Enterprise Asset Management system leveraging AWS.
This is a three-tier architecture hosting the following IBM Maximo components:
- IBM HTTP in Web Server Tier: Configure a separate, dedicated HTTP server to work with the J2EE application server. Users access the Maximo Asset Management applications by using a web browser, sending request to IBM HTTP web server.
- IBM WebSphere in Application Tier: Use IBM WebSphere Application Server software. Manages the Maximo Asset Management JavaServer Pages (JSPs), XML, and business logic components. Maximo Asset Management uses a commercial Java 2 Platform and J2EE application server.
- IBM DB2 in Database Tier: Stores all information about assets, such as their conditions, locations, and related records in any of the supported databases.
The following AWS services and features helped Tech Mahindra host components of Boral’s asset management solution (IBM Maximo) on AWS.
- AWS Virtual Private Network (VPN): Establishes a secure and private tunnel from the on-premises datacenter to the AWS global network.
- Amazon Route53: A Domain Name Server (DNS) that routes global traffic to the application using edge location in Amazon CloudFront.
- Amazon CloudFront: Routes user traffic to the application using worldwide edge locations to achieve low latency.
- AWS WAF: A web application firewall that’s applied on CloudFront distribution to protect against common exploits that could impact application availability, compromise security, or consume excessive resources.
- Amazon Virtual Private Cloud (VPC): Sets up a logically isolated, virtual network where the application can run securely.
- Elastic Load Balancing (ELB): Load balances HTTP/HTTPS applications.
- Amazon EC2: Provides compute capacity in the cloud. Amazon EC2 was used to host the web, application, and database server.
- AWS System Manager: Automates maintenance and deployment tasks on Amazon EC2 instances, while automatically applying patches, updates, and configuration changes across resource groups.
- Amazon CloudWatch: Monitors the entire assent management platform and store application logs for analysis.
- AWS Config: Assess, audit, and evaluate the configurations of AWS resources.
- AWS CloudTrail: Enables governance, compliance, operational auditing, and risk auditing of the AWS account. Log, continuously monitor, and retain account activity related to actions across AWS infrastructure.
- Amazon Simple Email Service (SES): A cloud-based email sending service that sends all of the application’s email.
- Amazon Simple Storage Service (Amazon S3): Highly scalable object storage used to store instance snapshot backup.
- Amazon Elastic Block Store (EBS): Provides persistent block storage volumes for use with Amazon EC2 instances. Used as block storage volume for the web, application, and database server.
- AWS Identity and Access Management (IAM): Manages access to AWS services and resources securely. Used to handle application access across AWS services.
- AWS Lambda: Runs code without provisioning or managing servers. Lambda is used to automate rules for AWS Config, AWS WAF, IAM, and the server snapshot pipeline.
Application Security and Encryption
To secure connectivity between the on-premises datacenter and AWS, Tech Mahindra set up VPN tunnels. Site-to-Site VPN extends the datacenter to the cloud, and VPN helps connect to a VPC while establishing secure and private sessions with IP security (IPsec) and Transport Layer Security (TLS) tunnels.
Amazon VPC is configured to provide isolated network boundaries to host the resources and restrict network access. The team created multiple private subnets to host applications with no open internet endpoint, and reduced the blast radius for any unforeseen security incidents.
VPC security groups were configured to restrict port and protocol access for corporate networks only at the instance level.
An additional layer of network security was added using network access control list (network ACL), which acts as a firewall for controlling traffic in and out at the subnet level. All the servers are hosted in private subnet and all outbound requests were routed through a NAT Gateway.
Tech Mahindra locked down ports, while IAM services were configured to provide access based on the principle of least privilege. We also had configured role-based access both for the resources and access.
Tech Mahindra additionally configured AWS CloudTrail and AWS Config to adhere to continuous audit and compliance of the environment.
SSL certificates are procured from the third-party vendor and managed using AWS Certificate Manager, where it’s integrated with CloudFront and the Elastic Load Balancer to secure the data in transit.
Amazon EBS volumes were encrypted to provide security for the data at rest. AWS WAF was leveraged to protect the web application from DDoS and SQL Injection attacks.
A Lambda function was used to update the AWS WAF rules dynamically, and for regular backup job execution. Tech Mahindra automated the instance resources monitoring report, which sends email to the customer everyday using Amazon SES.
Migration and Re-Platforming
Tech Mahindra’s MAC toolkit contains a proven and tested migration framework and methodology for accurate, predictable, and accelerated migrations to the cloud.
The framework consists of various cookbooks, tools, and automation libraries for repeatable and predictable migration execution. It’s supported with factory model implementation for repeatable and predictable performance.
MAC has a six-phase migration process with a well-defined set of artifacts used at each phase. Tech Mahindra uses in-house developed and industry tools to automate the migration phases so that enterprise application migration is done right the first time, every time.
As part of the discovery exercise for Boral, Tech Mahindra assessed and analyzed the customer’s existing environment and arrived at a migration approach that yielded the maximum benefit.
Post assessment, Tech Mahindra designed and built the target environment based on AWS best practices, which includes re-platformed OS and database components.
For this engagement, Tech Mahindra had to migrate three variants of application data that were handled through meticulous planning and execution.
The three variants of data were:
- Master Data (Production)
- Open Transaction Data (Production)
- History Transaction Data (Non-Production)
Boral had 20 million records of entries in their system, which Tech Mahindra migrated to AWS through an extensive data migration approach that included identifying the necessary data from the existing system, extracting data, cleansing it, and transforming the data through Maximo Integration Framework (MIF).
Access to the Application
Users will reach the asset management portal through Amazon Route53, with Amazon CloudFront used as content delivery network. CloudFront has an ELB origin that shares the load with attached frontend (web) servers.
If there was an impact in performance that required upgrading a server to a larger capacity, vertical scaling was done by detaching one server at a time from ELB and increasing the instance size and attaching it back, thus allowing resources to scale up without downtime.
IBM HTTP Server Web Tier handles the requests from users coming through the Load Balancer. The request travels to the application servers configured with IBM WebSphere, and the application server acts as WebSphere admin to control the other nodes in a cluster. The clustering configured at the app tier, in turn, takes care of load balancing between the servers.
IBM DB2 Application was used for the database, and was configured to run on Amazon EC2. Database replication was enabled between AZs and supported the application in active/passive methodology.
MuleSoft was used as a middleware hosted in another AWS account. It was an enabler for data communication between Maximo and Oracle financial applications hosted in the customer’s datacenter.
All emails triggered from the application were delivered through Amazon SES.
Operational Maintenance Pipeline
AWS Systems Manager was used to patch the OS periodically. Tech Mahindra also created the patch baselines and maintenance windows as per the standards set forth for patching on-going basis.
Patches were scheduled to update the non-production severs initially, followed by deployment to production servers as per the Tech Mahindra mCOPS (Managed Cloud Operations) standard management process.
Tech Mahindra mCOPS provides the following solution and services:
- Improved security at both infrastructure and application level.
- Content delivery network implementation.
- Cloud infrastructure monitoring.
- Serverless backup and recovery solution.
- Optimized cloud environment and capacity management.
Leveraging mCOPS, Boral can seamlessly manage a highly available and persistent cloud environment with optimized resource utilization and reduced cloud spend. Tech Mahindra manages more than 70,000 instances across private and public clouds using mCOPS.
Putting it All Together
Tech Mahindra helped Boral to maximize business benefit by hosting Maximo on AWS.
The new system delivered the following benefits:
- Migrate entire asset management system to AWS.
- Latest version of Maximo (188.8.131.52) has been implemented on AWS .
- Migrated 20+ years of multi-site data into a single data lake-style repository.
- Asset management was hosted on a physical server that had a long maintenance cycle and high mean time to repair. This was dramatically reduced when hosted on AWS, as the customer is to provision and replace servers quickly.
- Availability and reliability of the application significantly improved since the application was redesigned to use core AWS services such as ELB and caching technologies for content delivery.
- Due to the services and features provided by AWS, Tech Mahindra could provide application availability at 99.95% to the customer at the lowest cost.
- Improved user experience with Amazon CloudFront using edge locations, and the ability to lock down the coverage area using geo restriction features.
- Environments were secured using AWS best practices and recommendations incorporated with AWS WAF. Dynamic rules were updated using AWS Lambda along with IAM, AWS Config, and CloudTrail.
A business must continue evolving to improve its customer experience, both to satisfy customer needs and save on costs.
Customers get value for money and achieve agility by hosting enterprise applications in the cloud, where you only pay for what you use. Businesses don’t need to worry about high availability and scalability when going to the cloud.
In this post, we learned about different AWS components that can help you to host IBM Maximo on AWS. We explored how traffic flows from Amazon Route53 to applications through Elastic Load Balancing, which handles the load by distributing traffic across the server fleet.
We learned how to ensure network security using Amazon VPC and restrict access using security groups and network ACLs. For audit and monitoring, you can use CloudTrail, CloudWatch, and AWS Config. You also learned how to host enterprise software like IBM Maximo on AWS with a three-tier architecture.
Tech Mahindra – APN Partner Spotlight
Tech Mahindra is an AWS Managed Service Provider. They offer innovative and customer-centric IT services that connect across a number of technologies to deliver tangible business value and experiences to customers.
*Already worked with Tech Mahindra? Rate this Partner
*To review an APN Partner, you must be an AWS customer that has worked with them directly on a project.
from AWS Partner Network (APN) Blog