nClouds Client Story Fond

How nClouds helped Fond optimize and automate their cloud infrastructure to improve app usability, reliability, resilience, and security.

About Fond

Fond (fond.co) is a SaaS platform that seamlessly consolidates employee rewards and recognition processes into one easy-to-use solution. With Fond, employees and managers can recognize each other, redeem rewards, access exclusive corporate discounts, and measure success so HR departments spend less time managing programs and more time driving results.

Industry

Rewards and Recognition, Corporate Discounts, Human Resources

Location

San Francisco, California, Portland, Oregon

Challenge

Fond needed an optimized, automated cloud infrastructure to improve app usability, reliability, resilience, and security.

Featured Services

AWS Well-Architected Review, containerization, infrastructure automation (AWS CloudFormation, Amazon CloudWatch, AWS Application Load Balancer), nOps cloud management

Just as Fond helps forward-thinking companies implement and manage rewards and recognition programs, nClouds engaged with Fond as an extension of our team to attain our shared goals. Our first priority was establishing a well-architected infrastructure on AWS to increase delivery speed and improve usability.”
Shirley A. Foster,

VP of Engineering, Fond

Challenge

Challenge: Fond needed an optimized, automated cloud infrastructure to improve app usability, reliability, resilience, and security

Fond needed more automation for their cloud infrastructure. They wanted to use containerization to improve scalability, simplify, and enhance deployment speed and efficiency. Fond needed a repeatable, reliable, and improved process to streamline their delivery pipeline and enhance usability. They also wanted to easily bring up new environments, such as launching new Amazon Web Services (AWS) regions when needed, or adjusting capacity to maintain steady, predictable performance.

Why AWS and nClouds

An AWS account manager asked nClouds, an AWS Well-Architected Partner and AWS Premier Consulting Partner, to propose an AWS Well-Architected Review for Fond. The objective was to compare their architecture to industry best practices to help Fond get the most from their AWS environment.

An AWS Well-Architected Review uses the AWS Well-Architected Framework to provide a consistent approach to evaluate and remediate systems, based on best practices for designing and operating reliable, secure, efficient, cost-optimized, and operationally excellent systems for the cloud.

During the Review, nClouds worked with a cross-section of Fond’s internal stakeholders to perform a deep-dive on a critical workload and audit their operations for compliance with the five pillars of the Well-Architected Framework. nClouds augmented the deep-dive with nOps, a SaaS cloud management tool that provides comprehensive, automated discovery and continuous compliance insights for AWS environments, aligned directly with the AWS Well-Architected Framework for cost, security, compliance, and more.

Following the Review, nClouds made recommendations based on the business implications of their workload design decisions and provided Fond with a prioritized roadmap of short-, medium-, and long-term goals.

“The (AWS Well-Architected) Review led by nClouds was a valuable process that gave us actionable benchmarks across our infrastructure. From that, we created an action plan. nClouds immediately implemented containerization to improve app scalability and reliability, an essential step forward in supporting our rapid growth.”

- Shirley A. Foster, VP of Engineering, Fond

Fond leveraged several Amazon Web Services:

    AWS Partner
  • Amazon CloudWatch - Monitors applications, responds to system-wide performance changes, optimizes resource utilization, and provides a unified view of operational health.
  • Amazon Elastic Container Registry (Amazon ECR) - A fully-managed Docker container registry integrated with Amazon ECS that makes it easy for Fond to store, manage, and deploy Docker container images.
  • Amazon Elastic Container Service (Amazon ECS) - Enables Fond to run and scale containerized applications on AWS easily.
  • Amazon Route 53 - A highly available and scalable cloud Domain Name System (DNS) web service, to provide a reliable and cost-effective way to route Fond’s end users to Internet applications.
  • Amazon S3 - A flexible way to store and retrieve data, providing Fond with cost optimization, access control, and compliance.
  • Amazon Virtual Private Cloud (Amazon VPC) - Enables Fond to provision a logically isolated section of the AWS Cloud where they can launch AWS resources in a virtual network that they define.
  • AWS Application Load Balancer - Integrated with Amazon ECS in each subnet to support content-based routing and applications that run in containers.
  • AWS Certificate Manager - Provisions, manages and deploys public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates to secure network communications and establish the identity of websites over the Internet as well as resources on private networks.
  • AWS CloudFormation - Allows Fond to treat its infrastructure as code, to automate operations and bring up new environments.
  • AWS Fargate - Enables Fond to run containers without having to manage servers or clusters.
  • AWS Identity and Access Management (AWS IAM) - To control users' access to AWS services.
  • AWS Key Management Service (KMS) - A managed service that makes it easy for Fond to create and control the encryption keys used to encrypt their data.
  • AWS Systems Manager Parameter Store - Provides Fond with secure, hierarchical storage for configuration data management and secrets management.
  • AWS Auto Scaling groups - To monitor Fond’s applications and automatically adjust capacity to maintain steady, predictable performance at the lowest possible cost.
  • AWS Secrets Manager - Enables Fond to protect secrets needed to access their applications, services, and IT resources.

Fond’s solution stack includes additional essential tools and services:

  • CircleCI - A continuous integration and delivery platform (CI/CD) that makes it easy for Fond to rapidly build and release quality software at scale.
  • Docker Hub - A centralized resource for container image discovery, distribution and change management, user and team collaboration, and workflow automation throughout the development pipeline.
  • GitHub - A development platform to host and review code, manage projects, and build software.
  • HashiCorp Terraform - An open source tool that codifies APIs into declarative configuration files to enable Fond to safely and predictably create, change, and improve infrastructure.
  • nOps - A SaaS cloud management platform for AWS that facilitates AWS Well-Architected Reviews and enables Fond to optimize cost and manage security and compliance for their AWS resources continuously, post-Review.
  • Oracle MySQL - A high performance, scalable, open source database.
  • Redis - An open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker.

nClouds' Solution Architecture for Fond

The AWS Well-Architected Review that nClouds performed with Fond identified areas for enhancement in their operational excellence, reliability, and security pillars. Fond initially considered executing the remediations themselves, but the AWS account manager recommended that they engage nClouds to accelerate the container journey and build the future infrastructure. Fond agreed to move forward, having nClouds implement the recommendations while they focused on managing their current infrastructure.

To start, an Amazon Virtual Private Cloud (Amazon VPC) was provisioned in a logically isolated section of the AWS Cloud. AWS resources are launched in a virtual network, providing Fond with complete control over their virtual networking environment including the selection of their IP address range, creation of subnets, and configuration of route tables and network gateways. The Amazon VPC is composed of a public subnet and a private subnet. Each subnet has AWS Application Load Balancer integrated with Amazon ECS to support content-based routing and applications that run in containers. Six Oracle MySQL databases and three Redis open source in-memory data structure stores reside in the private subnet.

In support of the operational excellence pillar of the Well-Architected Framework, nClouds implemented AWS CloudFormation to automate operations and bring up new environments, and AWS Fargate to help reduce the operational overhead involved in managing Amazon ECS clusters.

The reliability pillar of the AWS Well-Architected Framework requires a well-planned foundation with monitoring in place and scalability to handle changes in demand or requirements. nClouds worked with Fond to improve the scalability of their architecture by including several services: AWS Auto Scaling groups (to automatically adjust capacity to maintain steady, predictable performance at the lowest possible cost), Amazon CloudWatch (to monitor and respond to system-wide performance changes), and Amazon ECS (to run and scale containerized applications on AWS).

The security pillar of the AWS Well-Architected Framework relies on an architecture that protects data and systems, controls access, and responds automatically to security events. The new architecture includes AWS Secrets Manager (to protect secrets needed to access Fond’s applications, services, and IT resources), AWS Systems Manager Parameter Store (for secure, hierarchical storage for configuration data management and secrets management), and AWS KMS (a managed service that makes it easy for Fond to create and control the encryption keys used to encrypt their data). AWS IAM was implemented to control users' access to AWS services. AWS Certificate Manager secures network communications and establishes the identity of websites over the Internet as well as resources on private networks.

The new architecture is containerized for more flexible development and faster delivery of new features. There is a Docker Hub account for container image discovery, distribution and change management, user and team collaboration, and workflow automation throughout the development pipeline. Within the Hub account, CircleCI continuous integration and delivery (CI/CD) platform is integrated with the GitHub development platform. With an automated testing and build process, Fond can now rapidly build and release quality software at scale.


Solution Architecture

The Benefits

Teaming with nClouds, Fond moved to an optimized, automated cloud infrastructure on AWS cloud. The project has yielded numerous benefits:

icon

Streamlined delivery pipeline

With a containerized and automated infrastructure, Fond now has a streamlined continuous integration and delivery (CI/CD) pipeline that enables more flexible development and faster delivery of new features.

icon

Process improvement to improve usability and security

A core tenet of CI/CD is the application of automation to streamline processes. Automating infrastructure provisioning, configuration management, continuous code delivery, and container management has improved usability. The automated processes have delivered improved security by protecting data and systems, controlling access, reducing human error, and enabling automated response to security events.

icon

Enhanced infrastructure resilience and reliability

With monitoring in place to automatically respond to system-wide performance changes, and improved scalability to handle changes in demand or requirements, Fonds’ new architecture has enhanced resilience and reliability.

Contact Us Now

You can also email us directly at sales@nclouds.com for your inquiries or use the form below