We successfully implemented a solution for a company providing ERP software for public entities. Our client delivers specialized software to businesses across Poland. Their ERP solution is a sophisticated, desktop-based application designed for Windows systems.
Streamlining infrastructure: embracing cloud solutions for seamless database connectivity
For the client’s application to function properly, it required a connection to a PostgreSQL database. However, for many companies, this meant maintaining additional hardware. On the other hand, the software provider faced the challenge of providing remote assistance and configuring hardware from a distance. The need for cloud solutions arose from end customers who desired the ability to leverage a ready-made solution without the need for installation and maintenance of databases on their own premises.
Setting the objective: building a highly available infrastructure for secure and cost-effective connectivity
The objective of the project was to establish a highly available infrastructure that could efficiently and securely handle connections from multiple clients while maintaining optimal cost-effectiveness. The final solution evolved through ongoing discussions and the collection of project requirements. The initial architecture provided by the client fell short of meeting all the requirements. Working collaboratively with the client, we delved into designing the ultimate solution architecture while the client verified the feasibility of the proposed solutions within their application.
Understanding the Client’s needs: collecting requirements and mapping software specifications
At the outset, we conducted in-depth discussions to fully comprehend the client’s needs and gather all their requirements. Subsequently, we proceeded to define the software specifications that would align seamlessly with the infrastructure and accommodate potential changes in the software under development. We showcased the available options and demonstrated their implementation within the codebase.
Challenge: balancing client requirements in the face of software and support upgrades
The application initially operated on a version of PostgreSQL that was nearing the end of its support by the cloud provider. After thorough testing, the client confirmed its compatibility with a newer version. Hence, we opted for PostgreSQL 14.7.
The greatest challenge lay in reconciling the various client requirements, which often posed conflicting demands, including:
- High availability
Finding the optimal balance among these requirements proved to be a significant undertaking.
Cost-effective efficiency: embracing shared clusters for reduced overhead
In light of cost considerations, we determined that a shared cluster was the optimal solution. This approach significantly reduces expenses, both in terms of cloud resources and the time required for configuration and maintenance. However, it introduces security challenges, such as ensuring data segregation among different clients and managing resource contention for high availability.
We decided to use:
- AWS Aurora Serverless v2 – Database Engine Provider
- GitHub – Documentation and Configuration Repository Provider
- Terraform – Infrastructure Provisioning and Client Configuration Tool
Achieving high availability and cost efficiency with AWS Aurora Serverless v2
To address the requirements of high availability and cost optimization, we leveraged AWS Aurora Serverless v2 with automatic scaling. This successfully resolved the challenges associated with maintaining both high availability and cost-effectiveness.
Securing such a solution posed the greatest challenge, demanding thorough configuration efforts spanning both the PostgreSQL engine and AWS infrastructure.
Each client obtains access through a unique set of credentials linked to an AWS IAM account, which is associated with their respective PostgreSQL account. These accounts have access only to their designated databases from specified IP addresses.
Given the complexity of this configuration, there remained a risk that a minor error during database or account creation could result in access rules not being properly enforced, potentially granting unintended access to other databases. To mitigate this risk, we employed Terraform. This approach empowers clients to create identical configurations for each client without room for error, ensuring a reliable and secure setup.
Great success: seamlessly managing infrastructure and clients with Terraform-based tools
In addition to delivering a complete solution, we developed a set of Terraform-based tools that enable swift and error-free management of infrastructure and client configurations. Adding a new client to the existing setup simply involves adding their name to a variable list, which automatically generates the necessary accounts, databases, and permissions. Moreover, authentication relies on AWS IAM identities and tokens, ensuring secure login and the ability to implement additional restrictions, such as client-specific IP address limitations.
Client benefits: streamlined onboarding and IT hardware-free operations for swift start
With a configuration process taking less than 15 minutes, our client can begin working on the same day of signing the agreement. The absence of hardware-related concerns proves advantageous for both clients lacking dedicated IT departments and software providers.