At FiNAO, we have grown from hosting a small set of users on single instances to providing enterprise-grade infrastructure solutions for host services that provide clients with high transactional throughput to meet their specific business requirements. While we are still using the same basic stack as we did 8 years, we have developed and progressed to where we are now - Using the full arsenal of AWS capabilities to provide all or our service needs. We partner with AWS to ensure we provide enterprise-grade solutions (and the associated benefits) to all of our clients.
Our journey to providing highly scalable services has been centred around three main concepts:
- High availability
The cornerstone of our scalability is our transition to making our monolithic application stateless (this is simpler than it sounds!). By moving out primary framework functionality to external services, the monolith breaks its bonds from one server to literally thousands in mere moments.
User sessions: We have moved our user session state store from PHP sessions on disk to 'in memory stores' using AWS ElastiCache. This is highly beneficial to the end users by providing high performance and beneficial to us by providing cross-server persistence.
Uploaded files: Our uploaded files use to be on a local disk. This causes a few problems. Firstly, it's not scalable - AWS EBS (The virtual hard drives) have limits and would constantly require scaling and server shut down to meet user demands. To manage this AWS S3 provides all the storage space our users could ever need. By linking AWS S3 directly into our virtual networks (via VPC endpoints), we still maintain the network level security, performance, and cost optimisation by not having our users' file upload traffic moving back through the public internet.
Primary database: Our primary database holds most of our users' information. It is therefore critical that it is maintained to be secure, optimised and always available - AWS RDS provides the perfect solution. By utilising RDS, AWS has taken the headaches out of maintaining our databases completely. Scheduled backups, direct VPC attachments and much more fit the ticket on our journey to fully scalable infrastructure
To maintain the highest SLA's possible, FiNAO must utilise more than just one data centre. We span our applications across a minimum of 2 availability zones here in Sydney. If for whatever reason, one of the availability zones goes down, the end user will only notice a minor blip as AWS seamlessly shifts all traffic to one of the other availability zones. By our migration to stateless application instances, we are already covered with high availability (using S3); S3 has a >99% (but < 100%) durability, our ElastiCache clusters being of at least 2 nodes spanning at least 2 availability zones and our hot failover provided by our HA AWS RDS configuration.
An all-in-one server causes a massive attack surface. An attacker simply has to gain access to the server and then it is too late, having access to ALL types of data, be that user sessions, files or database rows. By splitting up our infrastructure (separation of duty), the attack surface of the single instance is greatly diminished.
By utilising AWS ALB's (Application Load balancers), we now only ever expose our application front-end to the public internet. Our S3 buckets are secured by access policies to servers only requiring access and our RDS instances are secured by network-level access controls.
Our AWS console itself is hardly used as our journey continues into infrastructure-as-code provided by AWS Cloudformation. Cloudformation allows us to document any changes to the infrastructure (including revision history) ensuring that any change to the infrastructure is recorded and documented in an audible fashion.
By applying these 3 core concepts, FiNAO has achieved an infrastructure that scales with our clients, headache and worry free!