Version 1 Delivers PCI Compliance and AWS EKS Excellence

Introduction
The customer has been a Version 1 AWS Managed Services customer since 2021 availing our full lifecycle managed services and support from our experienced AWS Cloud platform team. As part of our strategy for customers to leverage our end-to-end AWS Managed Services expertise, customers rely on us to:

• Plan and Design
• Build and Migrate
• Run and Operate
• Optimise

Challenge 

The customer was approaching their annual PCI audit and required urgent remediation of their End Of Life (EOL) Rancher 1.6 container orchestration software. To remain compliant, the customer required  migration to an in-support technology. Rancher is a comprehensive Kubernetes management platform which is used for orchestrating containerised applications.

The existing solution had customer environments running on Rancher 1.6 Cattle, which is no longer in extended support and is now EOL. To satisfy Payment Card Industry (PCI) compliance, a migration to an in-support Kubernetes platform was needed.

In this case, that meant a migration to Amazon Elastic Kubernetes Service (EKS). This work had to be carried out without any downtime or significant impact on the running of the company and in a timely fashion to satisfy the audit requirements. Should this work not have been carried out, the customer would be at risk of not passing their annual PCI audit and therefore unable to trade. Solution

Solution

For this project, multiple new EKS clusters were created for the customer and for their Dev, Pre-Prod and Production environments. We worked closely with AWS Solution Architects to develop a Cloud Reference architecture which aligns with AWS Well-Architected Framework best practises to provide high availability and fault tolerance. Numerous EKS add-ins were used to replicate the functions available in the existing Rancher environment, such as cluster autoscaler, cluster load balancer and haproxy ingress controller.

At the core of this architecture are repeatable EKS Cluster Infrastructure as Code (IaC) template designed with scalability, security, and resiliency to the fore. Utilising version controlled IaC templates to deploy AWS infrastructure and resources provides consistent and predictable environments to support applications.

A Combination of Terraform and AWS CloudFormation were used to deploy the IaC templates to build the environments, with a collection of templates unique to each environment. In addition, application continuity was assured with a multi container deployment for each service over multiple nodes across 2 availability zones in each Node Group.

Transitioning to EKS offered a modern, secure and scalable Kubernetes environment with managed infrastructure, seamless integration with AWS services and regular updates. EKS has reduced operational complexity, has enhanced security and provides access to the latest Kubernetes features ensuring that the Travelport containerised workloads are running as a robust and future-proof environment. This solution now forms part of the customers end to end Managed Services agreement with us making it in scope of their support

Benefits and Outcomes 

Version 1  migrated the environments to an AWS native service to adhere to AWS Best practices and PCI standards. We successfully remediated the companies gaps to be compliant against a PCI audit in straightforward and timely manner, establishing us as a company that is easy to do business with. This meant that the customer was able to pass their audit with zero downtime or impact to their day to day functioning. This proactive approach also saved the customer time, money and resources mitigating the need to reapply for a PCI audit which could cost in excess of £30,000. Any organisation that handles credit card data but fails to comply with PCI audit requirements are also at risk of a number of financial and reputational consequences such as fines and damage to reputation.

About Version 1’s Aspire Managed Services 

Partnering with a full-stack and multi-disciplinary Managed Services Partner eliminates the headache of managing your day-to-day support and maintenance requirements internally. Through our comprehensive ASPIRE Managed Services offering, we take ownership of the tasks that distract you from what really matters; driving your business objectives and strategic initiatives.

Automate
The new cluster deployments deployment is configured via Infrastructure as Code (Iac) to ensure consistency, minimise human risk and increase productivity through automation for future additions to the environment.
Automated 90% of future cluster builds.

Simplify
Features and benefits of a public cloud service but with added layers of security and agility decreasing the percentage of high and medium risk AWS Well Architected Review items.

Protect
A Well- Architected environment re-examined as part of the migration
Version 1’s New Relic monitoring utilised to allow the support team to proactively identify issues with the various components of the solution. Innovate – The project used a repeatable IaC template for maximum security, scalability and

Innovate
The project used a repeatable IaC template for maximum security, scalability and resiliency. These version-controlled templates allowed the team to provide predictable application environments.

Realise
Multiple standalone resources both AWS native and 3rd party were all migrated to one EKS cluster solution with autoscaling, load-balancing and haproxy add ins, allowing all tiers of each application to be hosted in one AWS service.

Evolve
Next-gen Managed Service approach