Mohamed Sadawy Abdelrahman, Group Head of IT & Business Transformation Leader at Bukhatir Group.
“The Bukhatir Group brought us in to help with their digital transformation,” says Wael Al Aaraj, VP of Technology at Bespin Global MEA. “As with most large organizations running their own data centers, they needed to modernize their infrastructure to take advantage of the scale, cost, and availability benefits that migrating to the cloud offers.”
Infrastructure modernization encompasses a range of activities to enable business agility and optimize costs, investing in high-value innovation and transformational technologies rather than maintaining monolithic legacy environments. It includes replacing legacy hardware and software solutions, consolidating and rationalizing the infrastructure footprint, migrating to cloud-native systems, and building in automation, orchestration, and telemetry.
“Based on years of experience across different industry sectors, Bespin Global’s digital transformation consultants leverage proven best practices to help customers identify where and how they can make meaningful digital changes to their business,” explains Al Aaraj. “Designed to enable and empower our customers, Bespin’s broad portfolio of digital transformation services incorporates the full-service lifecycle from discovery and strategy to architecture and implementation—complemented by project management, knowledge sharing, and coaching.”
“Bukhatir’s environment was quite complex,” says Hamzeh Shaghlil, Technical Account Manager at Bespin Global MEA, “with a lot of legacy applications. If we have the time and budget, we usually identify the optimal migration strategy for each workload, which might entail rehosting, refactoring, revising, rebuilding, or retiring and replacing applications based on a structured approach. However, Bukhatir wanted us to migrate all of their applications to the cloud as quickly and seamlessly as possible, after which they would assess and optimize the environment.”
Choosing the Right Strategy
After evaluating Bukhatir’s environment using Bespin’s proven cloud readiness assessment, the team decided to leverage AWS’s lift and shift migration methodology, CloudEndure Migration (now called AWS Application Migration Service), due to the number and variety of applications.
Automatically converting any application running on a supported operating system, CloudEndure simplifies, expedites, and automates migrations from physical, virtual, and cloud-based infrastructure to AWS, enabling full functionality while eliminating compatibility issues. During the replication process, applications continue to run with minimal downtime and no performance impact while non-disruptive tests occur in the new environment. After a relatively short cutover window, migrated workloads can run natively on AWS.
“While using CloudEndure to migrate workloads with sounds relatively simple and straightforward, it’s not,” says Shaghlil. “Bukhatir’s environment encompasses many branches spanning different locations and industries. Our challenge was to migrate all of the applications and ensure fast, stable connectivity between AWS and the branches.”
A further complication was that not all AWS regions support CloudEndure, so the Bespin team had to choose one that best covered the sphere of Bukhatir’s operations, especially considering that CloudEndure’s control plane is hosted in northern Virginia on the east coast of the USA. In the end, they migrated the environment to the Europe (Ireland) region which offered the best balance between availability and performance, with the option to replicate to other regions if required.
Facilitating secure connectivity via VPNs from remote branches and data centers, Bespin set up a shared services cloud incorporating multiple private and public subnets spanning availability zones for maximum availability and security. Simplifying access to Amazon EC2 instances and supporting many AWS services and third-party applications, AWS Active Directory (AD) was implemented to provide a cost-effective and highly-available primary directory in the AWS cloud for managing users, groups, and devices.
One of the first things Bespin did was split Bukhatir’s infrastructure into two—production and user acceptance testing (UAT)—using Amazon Virtual Private Cloud (VPC) spanning multiple subnets separating Bukhatir’s private, internal applications and Microsoft SQL databases from publicly-accessible applications. VPC is an AWS service enabling users to define logically-isolated virtual networks for complete control over resource placement, connectivity, and security.
Once VPC was set up through the AWS service console, Bespin added Amazon Elastic Compute Cloud (EC2) and Amazon Simple Storage Service (Amazon S3) resources, providing Bukhatir with a reliable platform matching the demands of the workload—including industry-leading data availability and performance. The Bespin team also implemented AWS Transit Gateway to connect VPCs, AWS accounts, and on-premises networks via a single, scalable central hub, simplifying the network and eliminating the need for complex peering relationships.
Ensuring data protection for Bukhatir’s business, customers, and employees, Bespin secured the environment with AWS Certificate Manager (ACM) and AWS Key Management Service (KMS). ACM eliminates the time-consuming and error-prone manual certificate acquisition process by simplifying the provisioning, deployment, and management of SSL/TLS certificates across applications and websites. KMS delivers a single control point for managing keys and defining consistent policies spanning integrated AWS services and in-house applications. In addition, KMS is integrated with AWS CloudTrail to provide an audit log of key usage.
With Bukhatir’s content delivery network (CDN) vulnerable to DDoS attacks, Bespin implemented AWS Web Application Firewall (WAF) to protect the environment, providing control over which traffic is allowed or blocked according to clearly-defined security rules. In addition, AWS WAF protects web applications and APIs against common web exploits and bots that may compromise security or consume excessive resources, impacting availability.
Bespin also implemented AWS Control Tower, Amazon GuardDuty, and AWS Security Hub for increased protection and visibility. Control Tower offers an easy way to set up and govern a secure, multi-account AWS environment using best practices. GuardDuty is a threat detection service continuously monitoring AWS accounts, workloads, and data stored in Amazon S3s for malicious activity and unauthorized behavior. At the same time, Security Hub is a powerful security tool for aggregating, organizing, and prioritizing security alerts across multiple AWS services.
Aligned with the overall AWS strategy and offering simplified operational analysis and troubleshooting of both applications and infrastructure, Bespin replaced Bukhatir’s legacy monitoring tools with AWS CloudTrail, AWS CloudWatch, and Amazon Inspector. Monitoring and recording user activity and API usage, CloudTrail helps to meet compliance obligations and improve the organization’s security posture, while CloudWatch collects monitoring and operational data for on-premises environments and more than 70 AWS services.
The data and actionable insights collected allow Bukhatir’s IT team to monitor applications, detect anomalous behavior, respond to system-wide performance changes, and optimize resource utilization. In addition, an automated vulnerability management service, Amazon Inspector, continually scans Bukhatir’s AWS workloads for software vulnerabilities and unintended network exposure.
“Bespin’s initial mandate was to ensure availability, connectivity, and reliability irrespective of cost,” explains Shaghlil. “Once that was accomplished, we looked for ways to optimize costs—especially for Amazon EC2—and reallocate the savings to other areas.”
Leveraging the powerful machine-learning insights of AWS Compute Optimizer, Bespin’s consultants identified optimal compute resources across Bukhatir’s EC2 instances, including those allocated to Amazon EC2 Auto Scaling groups. The team also disabled several unused services and optimized costs at the infrastructure level using AWS Saving Plans, a flexible pricing model offering savings of up to 72% on AWS compute in exchange for a specific usage commitment over either a one- or three-year term.
RESULTS & BENEFITS
“We initially undertook the migration with a certain amount of trepidation owing to the number of applications and complexity of Bukhatir’s environment,” states Al Aaraj. “However, looking back, I’m amazed at how smoothly everything went. The combined team of AWS, Bespin, and Bukhatir experts worked hard to create a plan that met the project’s goals—on time and within budget.”
Moreover, with a highly-available, scalable infrastructure with separate staging and production environments alleviating operational headaches, Bukhatir’s IT team enjoys the flexibility of provisioning applications on-demand, speeding up the time to value for the business. In addition, by optimizing their costs, they have more money to invest in innovative, high-value projects.
“We’re not done yet. Our cloud readiness assessment identified several workloads that could be optimized with rehosting, refactoring, rebuilding, or retiring and replacing, resulting in significant long-term savings and business benefits for the Bukhatir Group.” Hamzeh Shaghlil, Technical Account Manager at Bespin Global MEA
About Bespin Global:
Bespin Global helps businesses accelerate cloud adoption with industry leading solutions and consulting expertise, delivering service-level-driven outcomes across all the major public cloud technologies.
Serving more than 3000 customers throughout our offices located around the world, Bespin rely on the large number of skilled, highly certified cloud experts and their in-depth experience in the industry to help organizations thrive on innovation and technology.
Bespin’s services include cloud strategy, migration, implementation, Big Data, DevOps, and FinOps for a range of Cloud Services Providers (CSPs) such as Alibaba, Amazon Web Services (AWS), Google Cloud, G42, Huawei and Microsoft Azure.
Listed since 2016 in Gartner’s Magic Quadrant for Public Cloud infrastructure for four years in a row, Bespin is now recognized as a “Niche Player” in 2021 Gartner’s Magic Quadrant for IT transformation services. Bespin Global has also developed its own monitoring tool called “OpsNow” to support businesses in controlling their cloud costs and manage multi-cloud environments.
Address: The Offices 4, #138-139, One Central, Dubai World Trade Center (DWTC)
Telephone: 800 BESPIN (237746)
P.O. Box: 340729