nClouds | AWS Case Studies Biotech Startup

How nClouds helped a fast-growing biotech build and maintain an AWS Well-Architected infrastructure.

About Biotech Startup

The company is a fast-growing biotech startup founded in 2019.

Industry

Biotechnology, Healthcare & Life Sciences

Location

United States

Challenge

Build and maintain an AWS Well-Architected infrastructure to improve scalability and availability, enhance governance and security, and optimize costs.

Featured Services

Managed DevOps Services, AWS Consolidated Billing, ShareSave Service by nClouds, nOps

Download case study

Benefits Summary

icon

Improved scalability and availability

icon

Enhanced governance and security

icon

Cost optimization

We were impressed with nClouds’ AWS and DevOps expertise, so we asked them to help us move quickly to build our infrastructure and support our company’s growth. We continue to rely on nClouds’ Managed DevOps Services to maintain and grow our AWS infrastructure so our development team can focus on innovation.”

IT Executive, Biotech Startup

Challenge

Challenge:

Build and maintain an AWS Well-Architected infrastructure to improve scalability and availability, enhance governance and security, and optimize costs.

The company was focused on the hypergrowth of its business and needed help building and maintaining its AWS infrastructure so its development team could focus on innovation.

Why AWS and nClouds

Since its founding, the company has been in hypergrowth mode. It had its biotech blueprint in place but was starting from scratch in terms of infrastructure buildout. It was looking to move quickly and needed a fully optimized infrastructure on AWS. The company sought an AWS partner to help build the infrastructure and maintain its AWS environments to support product innovation and development, testing, and production. An AWS Account Manager recommended nClouds to the company based on its deep AWS and DevOps expertise.

Biotech Startup leveraged several Amazon Web Services:

  • Amazon Aurora (Aurora) - Delivers the speed and reliability of high-end commercial databases simply and cost-effectively. It is a fully managed relational database engine that is part of the managed database service Amazon Relational Database Service (Amazon RDS).
  • Amazon CloudWatch (CloudWatch) - Monitors applications, responds to system-wide performance changes, optimizes resource utilization, and provides a unified view of operational health.
  • Amazon Elastic Compute Cloud (Amazon EC2) - A web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers. It provides complete control of computing resources and runs on Amazon's proven computing environment.
  • Amazon Elastic File System (Amazon EFS) - Provides the company with a simple, scalable, fully managed elastic network file system (NFS) for use with AWS services and on-premises resources.
  • Amazon GuardDuty - A managed threat detection service that provides the company with an accurate and easy way to continuously monitor and protect its AWS accounts and workloads.
AWS Partner
  • Amazon Relational Database Service (Amazon RDS) - Makes it easy for the company to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching, and backups.
  • Amazon Route 53 - A highly available and scalable cloud Domain Name System (DNS) web service that provides a reliable and cost-effective way to route the company’s end users to internet applications.
  • Amazon SageMaker - A fully managed service that covers the entire machine learning workflow to label and prepare the company’s data, choose an algorithm, train the algorithm, tune and optimize it for deployment, make predictions, and take action.
  • Amazon Simple Storage Service (Amazon S3) - A flexible way to store and retrieve data, providing the company with cost optimization, access control, and compliance.
  • Amazon Virtual Private Cloud (Amazon VPC) - Enables the company to provision a logically isolated section on AWS where they can launch AWS resources in a virtual network that they define.
  • Amazon WorkSpaces - A fully managed, Desktop-as-a-Service (DaaS) solution that provides either Windows or Linux desktops in just a few minutes, and can quickly scale to provide thousands of desktops to workers across the globe.
  • AWS Active Directory Connector (AD Connector) - A directory gateway that enables the company to redirect directory requests to their on-premises Microsoft Active Directory without caching any information in the cloud.
  • AWS Backup - A fully managed backup service that makes it easy for the company to centralize and automate the backup of data across AWS services.
  • AWS Biotech Blueprint Quick Start - Helps build the biotech infrastructure, configured for identity management, access control, encryption key management, network configuration, logging, alarms, partitioned environments, and built-in compliance auditing. 
  • AWS CloudFormation (CloudFormation) - Allows the company to treat its infrastructure as code, automate operations, and bring up new environments.
  • AWS CloudTrail (CloudTrail) - For governance, compliance, operational auditing, and risk auditing of the AWS account.
  • AWS Config - A service that enables the company to assess, audit, and evaluate the configurations of AWS resources.
  • AWS Control Tower - Automates the setup of a baseline environment, or landing zone, that is a secure, well-architected multi-account AWS environment.
  • AWS DataSync - An online data transfer service that simplifies, automates, and accelerates copying large amounts of data to and from AWS storage services over the internet or AWS Direct Connect.
  • AWS Identity and Access Management (IAM) - To control users' access to AWS services.
  • AWS Lambda (Lambda) - Enables the company to run code without provisioning or managing servers. Pay only for the compute time consumed - there is no charge when code is not running.
  • AWS Organizations - Provides policy-based management for multiple AWS accounts.
  • AWS ParallelCluster - An AWS-supported open-source cluster management tool that makes it easy for the company to deploy and manage High Performance Computing (HPC) clusters on AWS.
  • AWS Security Hub - Provides a comprehensive view of high-priority security alerts and security posture across the company’s AWS accounts, and continuously monitors the environment using automated security checks based on the AWS best practices and industry standards. It aggregates, organizes, and prioritizes security alerts or findings from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Identity and Access Management (IAM) Access Analyzer, and AWS Firewall Manager, as well as from AWS Partner solutions.
  • AWS Single Sign-On (SSO) - Makes it easy to centrally manage SSO access to multiple AWS accounts and business applications.
  • AWS Site-to-Site VPN - Creates encrypted tunnels between the company’s network and Amazon Virtual Private Clouds or AWS Transit Gateways.
  • Consolidated billing for AWS Organizations - A feature in AWS Organizations that enables the company to consolidate billing and payment for multiple AWS accounts. nClouds provides the consolidated bill to the company.

The company's solution stack also included additional, essential third-party tools:

  • nOps - A SaaS cloud management and intelligence platform that continuously optimizes cost, security, performance, reliability, and operational excellence, aligned with AWS Well-Architected Framework best practices.
  • OpenVPN Access Server - A full-featured SSL VPN software solution to provide fine-grained access control of the infrastructure.
  • ShareSave Service by nOps - A cost optimization program for AWS compute costs offered by nClouds with a shared-savings pricing model. This SaaS platform collects Amazon CloudWatch and AWS CloudTrail logs. It automatically reacts in real time by purchasing Amazon EC2 Reserved Instances (RIs) and/or AWS Savings Plans (SPs) upon an increase in compute usage and selling them upon a decrease in compute usage.

nClouds' Solution Architecture for Biotech Startup

nClouds’ team worked with the company to build environments using AWS Well-Architected best practices. The team included a Project Manager, a Solutions Architect, and DevOps Engineers. The company also asked nClouds to provide Managed DevOps Services to proactively identify and fix issues, support its development team, work on future DevOps improvement projects, and regularly communicate with product stakeholders.

nClouds built out the AWS infrastructure based upon the AWS Biotech Blueprint Quick Start that the company was using. The infrastructure includes a new multi-account setup with AWS best practices for security, configuring backups, and cross-regional snapshots. nClouds also migrated part of the company’s on-premises infrastructure to AWS. nClouds provided storage gateway links between on-premises and AWS via Amazon S3, syncing the Amazon S3 data and on-premises data. The company asked nClouds to create two proofs of concepts (PoCs): one for AWS ParallelCluster, and the other for using the AWS Active Directory Connector and an AWS Site-to-Site VPN connection with Amazon WorkSpaces.


The Benefits

Teaming with nClouds, the company now has a robust infrastructure aligned with AWS Well-Architected best practices and nClouds’ Managed DevOps Services to help maintain that alignment. The project has yielded numerous benefits:

icon

Improved scalability and availability

Amazon EC2, Amazon EFS, Amazon RDS, Amazon Route 53, Amazon S3, Amazon EFS, and Amazon VPC support the company's infrastructure scalability and high availability.

icon

Enhanced governance and security

nClouds built a centrally managed, secure, multi-account AWS environment. A transit account grants access to other AWS accounts. Data is controlled by using powerful AWS services and tools to determine where data is stored, how it is secured, and who has access to it. AWS Control Tower, AWS Organizations, and CloudTrail provide governance. Security monitoring is provided by AWS Security Hub, Amazon GuardDuty, and nOps. AWS IAM, AWS SSO and OpenVPN Access Server provide access control. AWS Site-to-Site VPN creates encrypted tunnels between the company’s network and Amazon Virtual Private Clouds or AWS Transit Gateways.

icon

Cost optimization

To help the company optimize its AWS costs, nClouds implemented consolidated billing for AWS Organizations. nClouds combines the usage from all the company's AWS accounts to deliver volume pricing discounts, manages AWS credits to optimize usage, and provides a monthly summary of top cost-drivers plus quarterly cost optimization assessments. nClouds provided a free subscription to nOps to manage cost optimization, billing statements, and chargeback capabilities. The company is also enrolled in ShareSave Service by nOps, enabling real-time, risk-free, hands-free automatic life-cycle management of Amazon EC2 commitments with a shared-savings pricing model.

Contact Us Now

You can also email us directly at sales@nclouds.com for your inquiries or use the form below