Current Situation and Needs

To sustain its growth and enhance competitiveness in the market, TinTin JSC set a goal to build a new IT infrastructure to serve end users. To achieve this, the company's IT team researched and chose an approach through developing a new infrastructure based on modern Microservices architecture and implementing it through Kubernetes deployment.

However, deploying this system on traditional on-premises infrastructure is not straightforward due to high operating costs, limited scalability, and the need for maintaining high availability, which requires a significant amount of resources in terms of time, personnel, and costs. Additionally, self-managing services like MQ, Redis, and ElasticSearch on on-premises infrastructure also demands expertise and consumes considerable specialized resources.

Faced with these challenges, TinTin JSC turned to CMC Telecom – a high-level service partner of AWS in Vietnam. Through consultation and evaluation, CMC Telecom introduced AWS as an ideal Cloud infrastructure solution. It not only helps reduce the Total Cost of Ownership (TCO) burden but also provides flexible scalability, maintains high availability, ensures security, and eases the deployment and operation of infrastructure for TinTin's IT team.

Together with TinTin's team, CMC Telecom embarked on a journey to address the challenges posed.

Solution to handle?

After years of consulting and deployment, leveraging practical experience, the CMC Telecom expert team has built an information technology platform for TinTin by combining managed services from AWS such as Amazon EKS, Amazon S3, Amazon CloudFront, Amazon MQ, etc. Particularly, TinTin's applications will be packaged into containers and deployed and managed with Kubernetes on AWS using Amazon EKS. This is a solution where AWS helps customers deploy and manage the control plane components in Kubernetes, reducing the management workload and risks associated with installing security features for the Kubernetes control plane. Additionally, CMC Telecom uses EKS Blueprint to deploy Amazon EKS to apply best practices when deploying EKS and helps TinTin easily integrate add-on solutions for auto-scaling, security, CI/CD to accelerate the deployment of its applications without worrying too much about installation and operation tasks. Alongside that, applications are deployed on infrastructure that applies advanced chip technology from AWS, such as Graviton. This is an ARM architecture chip developed by AWS, especially suitable for container applications, providing better performance and cost-effectiveness compared to x86 chips.

To optimize performance and user experience when accessing applications from different geographical regions, CMC Telecom has used Amazon CloudFront. This is a CDN service managed by AWS, and Amazon CloudFront will leverage AWS's global CDN infrastructure to cache frequently accessed data on servers. Consequently, users worldwide can easily access this content without worrying about network issues. Moreover, Amazon CloudFront is integrated with AWS Web Application Firewall (WAF) to enhance advanced security for the customer's application layer.

Regarding the connectivity between services within the application, CMC Telecom deployed Amazon MQ – the RabbitMQ service managed by AWS. This service provides reliable message queue capabilities. Additionally, Amazon ElasticCache for Redis is utilized to store data in cache memory to accelerate processing speed. Furthermore, the expert team also uses Amazon OpenSearch – the ElasticSearch service on AWS to manage search and data analysis, as well as AWS Elastic Load Balancer for load distribution.

For storage, CMC Telecom chose to use Amazon S3, an AWS object storage service with durability up to 99.999999999%Additionally, CMC Telecom connected MongoDB Atlas on AWS to the application's infrastructure. MongoDB Atlas is deployed on an independent VPC and connected to the application's VPC through VPC peering, providing a powerful and flexible data storage solution.

Finally, CMC Telecom integrates various other services from AWS, providing features such as certificate management, monitoring to create a comprehensive, efficient, and secure system.

Management of IT infrastructure

Infrastructure management is carried out using Terraform, along with GitLab CI/CD for automated infrastructure deployment. The Terraform code is stored in the GitLab repository, enabling automatic updates when changes occur, reducing errors from manual processes, and enhancing the effectiveness of change management.

The steps to implement this solution include: defining the infrastructure configuration through Terraform code; storing the code in the GitLab repository; creating and configuring GitLab CI to automatically deploy Terraform code when changes occur; checking the components on AWS after GitLab CI/CD completes the deployment.

CMC Telecom recommends that changes to the AWS infrastructure configuration be made through Terraform to allow GitLab CI/CD to automatically update, avoiding situations where the configuration is not synchronized when changes are made directly on the AWS console.

Backup and Data Recovery Plan 

Ensuring data backup and recovery in case of disasters is also a crucial requirement in this project. Considering TinTin's RTO and RPO requirements for the AWS infrastructure, CMC Telecom proposed an efficient backup and recovery solution based on AWS's disaster resilience capabilities. This involves hourly snapshots of Amazon OpenSearch's EBS volumes, storing them on Amazon S3. This ensures that OpenSearch data is consistently backed up and can be quickly restored when needed. For MongoDB Atlas, Cross-Region Replication is utilized to synchronize data across clusters.

Conclusion and Achieved Benefits

Through this project, CMC Telecom has helped TinTin clearly recognize the value of Cloud in general and AWS in particular for its business. By deploying TinTin's applications with EKS Blueprint and flexibly combining AWS solutions for CDN, security, CMC Telecom has enabled TinTin to easily deploy its microservices application with best practices, ensuring criteria for flexible scalability, easy operation, security, and high performance. Data is backed up and recoverable using suitable strategies and solutions. As a result, TinTin no longer needs to invest too many resources and time in researching, deploying, and operating the infrastructure for its applications. Instead, TinTin can now fully focus on addressing its business-related challenges.