We recently enabled a successful cloud application migration for one of the largest online pharmacies. The customer had struggled with how to roll out new microservice applications in a phased manner, but prevent individual visitors from flipping back and forth between the old and new experience. This real-world example demonstrates how a complex cloud migration exercise looks from an application delivery perspective – including the high-level plans involved, complex dependencies, and how Instart helped this customer execute this activity in a seamless way with zero downtime.
This move was part of the organization’s broader digital transformation and innovation initiatives where all site functionality was to be delivered through microservices. The current application undertook a significant update to run on a public cloud, with modern frameworks like React used throughout. The concurrent activity of application rewrites and cloud migration meant a significant number of changes that had to be carefully managed.
The migration strategy involved enabling the new application stack experience in phases for specific visitors groups, rather than enable new applications globally or per geography, by moving entire visitor sessions from the older stack to the new stack. Visitors were picked by the application teams based on specific business constraints and the Instart platform facilitated migrating every session from each visitor across all devices and browsers to the newer application stack. This ensured a single visitor would have the same experience each time they loaded the application, even if they switched devices or locations.
We implemented a migration strategy that was focused on three dimensions:
- Consumer experience: Ensure that the consumer experience of the web application would not be impacted due to the changes.
- Security: Migrate availability and security functions from the traditional appliance-based security model which is not portable to the public cloud.
- Agility and operability: Roll out new services and adjust the delivery rules and policies in an agile DevOps manner.
Consumer experience focused delivery and optimization
The key to this migration was to enable new capabilities across different visitor groups, including devices and geographies, gradually. Instart provided a programmatic configuration system along with awareness of visitors and their endpoints to build sophisticated routing rules. The migration would not have been possible without Instart’s APIs that allowed them to express the complex logic in their routing rules. More generally, we used the edge and browser as control points to effectively shape traffic requests based on various constraints and policies. The end result was that all new features and services were validated one visitor group at a time and rolled out across the entire consumer base with complete control over the consumer experience.
Security and app delivery functions that traditionally resided on on-premises infrastructures, like ADCs for a data center hosted application, needed to be ported over to the cloud. In addition, the cloud brought in new challenges including emerging threats from sophisticated botnets and other browser-centric attacks. Instart’s complete web app and API protection platform enabled customers to consolidate all of their application security rules into a unified rules engine, which was integrated with edge-based delivery and scaled out to address the global needs. This resulted in a comprehensive and centralized consolidation of security policies in the cloud via a single pane of glass and was further augmented to protect against sophisticated browser-based and automated botnet attacks.
Agility and operability designed for DevOps
Complete visitor session migration from the old stack to the new stack gets very complicated with the new stack as the modern day application stack uses a lot of third-party components that get assembled directly at the browser. Also, the applications and services are continually changing using CI/CD processes. Coordinating application cookies across multiple third parties domains is essential to route complete visitor sessions. Instart offered APIs to the DevOps teams to quickly define and rollout visitor session rules and policies that sync the visitor context (cookies) across multiple third party domains and route the entire visitor session altogether. This enabled agile and CI/CD development methodologies while having control over visitor session rules for both experience and security.
Application migration from a data center to a public cloud warrant handing complex use cases, but can be managed when using the right platform. Instart client-cloud architecture provides end-to-end control points across the entire delivery stack giving our customers cloud-native security, DevOps friendly agility, and a simple way to control user experience migration, to handle critical cloud migrations smoothly.
*** This is a Security Bloggers Network syndicated blog from Instart blog RSS authored by Hariharan Kolam. Read the original post at: https://www.instart.com/blog/instart-cloud-application-migration