A global travel company’s e-commerce platform is supported by one of the industry’s largest AWS IaaS deployments. The customer needed to improve security and availability of the platform in a cost-effective manner.
The customer purchased a Palo Alto Networks Enterprise License Agreement (ELA) to recognize greater cost savings for its security investment. However, the standard design templates would not support the expected throughput.
Palo Alto engaged Lightstream to architect a custom design to achieve the necessary throughput. Lightstream successfully architected, deployed, and demonstrated the Palo Alto VM-300 Firewall solution, providing the customer confidence to move forward with a large-scale VM-Series ELA deployment.
Lightstream also deployed additional security controls into the environment by designing a Palo Alto Networks health check using AWS Lambda. AWS Lambda Is a serverless compute service that runs code in response to events and automatically manages the underlying compute resource.
The goal was to continuously check if the customer’s outbound traffic was egressing the primary Palo Alto firewall, and if not, to update the network routing to ensure that the traffic was sent to the backup firewall.
Lightstream first created two “Lambda functions” to automatically run the code that checked appropriate network routing to the primary and secondary firewalls. Lambda functions are “stateless” with no affinity to the underlying
infrastructure so that they can rapidly launch and scale to the rate of incoming events. The Lambda functions were further secured with AWS Identity and Access Management (IAM) to control user authentication and access by the customer’s IT staff.
Lightstream also configured AWS CloudWatch, a monitoring service for AWS cloud resources and applications running on AWS. CloudWatch is utilized for continuous monitoring of the Lambda functions.
CloudWatch metrics were used to create a user-friendly dashboard for improved visibility and reporting.
Because Lightstream was able to resolve the throughput limitations that enabled the customer to proceed with the deployment, the company recognized considerable savings through its ELA.
The fully integrated Palo Alto VM-300 firewalls, AWS Lambda, and AWS CloudWatch solution provide continuous security health-check monitoring and remediation to increase security and availability of the customer’s e-commerce platform
The solution’s dashboard offers easy-to-use metrics, visibility, and reporting that simplifies the customer’s IT security protocol.
As an APN Advanced Consulting Partner, Lightstream helps organizations address, design, and managing AWS cloud migration and security plans. Our team of experts provide a full portfolio of services ranging from AWS Analytics to AWS Cloud Optimization and Containment Services, AWS Consolidated Billing Services, AWS Chatbot Solutions, AWS Direct Connect, and AWS CloudFront.