Lifting and shifting workloads at scale to AWS
Lifting and shifting workloads at scale to AWS
REGION
Middle-East
COMPANY TYPE
Group of Companies
INDUSTRY
Construction
CLOUD SOLUTION
When we embarked on our digital transformation initiative, we wanted a local partner with international experience. Working with Bespin enabled us to modernize our infrastructure to take advantage of the cloud’s increased efficiencies. Despite the complexity of our environment, Bespin consultants worked closely with our internal team and AWS to meet each of our planned milestones. By optimizing our costs, we’ve been able to invest the savings in new, high-value projects. However, digital transformation isn’t a one-time initiative. It’s continuous improvement, and we’re just getting started.
THE CUSTOMER
Bukhatir Group is one of the largest and most diversified conglomerates in the United Arab Emirates (UAE). Founded in 1974, the group expanded rapidly into 23 business units serving nine sectors: construction, education, healthcare, industrial, information technology, oil and gas, real estate, shopping and retail, and sports and leisure sectors. The group’s geographical business domain spans over half the world, including North America, North Africa, and South and West Asia. With over 46 years of experience, the group has more than 5,000 employees and an average annual turnover of over AED 3 billion.
THE CHALLENGE
“The Bukhatir Group brought us in to help with their digital transformation,” says Wael Al Aaraj, VP of Technology at Bespin Global MEA. “As with most large organizations running their own data centers, they needed to modernize their infrastructure to take advantage of the scale, cost, and availability benefits that migrating to the cloud offers.”
Infrastructure modernization encompasses a range of activities to enable business agility and optimize costs, investing in high-value innovation and transformational technologies rather than maintaining monolithic legacy environments. It includes replacing legacy hardware and software solutions, consolidating and rationalizing the infrastructure footprint, migrating to cloud-native systems, and building in automation, orchestration, and telemetry.
“Based on years of experience across different industry sectors, Bespin Global’s digital transformation consultants leverage proven best practices to help customers identify where and how they can make meaningful digital changes to their business,” explains Al Aaraj. “Designed to enable and empower our customers, Bespin’s broad portfolio of digital transformation services incorporates the full-service lifecycle from discovery and strategy to architecture and implementation—complemented by project management, knowledge sharing, and coaching.”
THE SOLUTION
“Bukhatir’s environment was quite complex,” says Hamzeh Shaghlil, Technical Account Manager at Bespin Global MEA, “with a lot of legacy applications. If we have the time and budget, we usually identify the optimal migration strategy for each workload, which might entail rehosting, refactoring, revising, rebuilding, or retiring and replacing applications based on a structured approach. However, Bukhatir wanted us to migrate all of their applications to the cloud as quickly and seamlessly as possible, after which they would assess and optimize the environment.”
Choosing the Right Strategy
After evaluating Bukhatir’s environment using Bespin’s proven cloud readiness assessment, the team decided to leverage AWS’s lift and shift migration methodology, CloudEndure Migration (now called AWS Application Migration Service), due to the number and variety of applications.
Automatically converting any application running on a supported operating system, CloudEndure simplifies, expedites, and automates migrations from physical, virtual, and cloud-based infrastructure to AWS, enabling full functionality while eliminating compatibility issues. During the replication process, applications continue to run with minimal downtime and no performance impact while non-disruptive tests occur in the new environment. After a relatively short cutover window, migrated workloads can run natively on AWS.
Ensuring Connectivity
“While using CloudEndure to migrate workloads with sounds relatively simple and straightforward, it’s not,” says Shaghlil. “Bukhatir’s environment encompasses many branches spanning different locations and industries. Our challenge was to migrate all of the applications and ensure fast, stable connectivity between AWS and the branches.”
A further complication was that not all AWS regions support CloudEndure, so the Bespin team had to choose one that best covered the sphere of Bukhatir’s operations, especially considering that CloudEndure’s control plane is hosted in northern Virginia on the east coast of the USA. In the end, they migrated the environment to the Europe (Ireland) region which offered the best balance between availability and performance, with the option to replicate to other regions if required.
Facilitating secure connectivity via VPNs from remote branches and data centers, Bespin set up a shared services cloud incorporating multiple private and public subnets spanning availability zones for maximum availability and security. Simplifying access to Amazon EC2 instances and supporting many AWS services and third-party applications, AWS Active Directory (AD) was implemented to provide a cost-effective and highly-available primary directory in the AWS cloud for managing users, groups, and devices.
Maximizing Availability
One of the first things Bespin did was split Bukhatir’s infrastructure into two—production and user acceptance testing (UAT)—using Amazon Virtual Private Cloud (VPC) spanning multiple subnets separating Bukhatir’s private, internal applications and Microsoft SQL databases from publicly-accessible applications. VPC is an AWS service enabling users to define logically-isolated virtual networks for complete control over resource placement, connectivity, and security.
Once VPC was set up through the AWS service console, Bespin added Amazon Elastic Compute Cloud (EC2) and Amazon Simple Storage Service (Amazon S3) resources, providing Bukhatir with a reliable platform matching the demands of the workload—including industry-leading data availability and performance. The Bespin team also implemented AWS Transit Gateway to connect VPCs, AWS accounts, and on-premises networks via a single, scalable central hub, simplifying the network and eliminating the need for complex peering relationships.
Enhancing Security
Ensuring data protection for Bukhatir’s business, customers, and employees, Bespin secured the environment with AWS Certificate Manager (ACM) and AWS Key Management Service (KMS). ACM eliminates the time-consuming and error-prone manual certificate acquisition process by simplifying the provisioning, deployment, and management of SSL/TLS certificates across applications and websites. KMS delivers a single control point for managing keys and defining consistent policies spanning integrated AWS services and in-house applications. In addition, KMS is integrated with AWS CloudTrail to provide an audit log of key usage.
With Bukhatir’s content delivery network (CDN) vulnerable to DDoS attacks, Bespin implemented AWS Web Application Firewall (WAF) to protect the environment, providing control over which traffic is allowed or blocked according to clearly-defined security rules. In addition, AWS WAF protects web applications and APIs against common web exploits and bots that may compromise security or consume excessive resources, impacting availability.
Bespin also implemented AWS Control Tower, Amazon GuardDuty, and AWS Security Hub for increased protection and visibility. Control Tower offers an easy way to set up and govern a secure, multi-account AWS environment using best practices. GuardDuty is a threat detection service continuously monitoring AWS accounts, workloads, and data stored in Amazon S3s for malicious activity and unauthorized behavior. At the same time, Security Hub is a powerful security tool for aggregating, organizing, and prioritizing security alerts across multiple AWS services.
Maximizing Observability
Aligned with the overall AWS strategy and offering simplified operational analysis and troubleshooting of both applications and infrastructure, Bespin replaced Bukhatir’s legacy monitoring tools with AWS CloudTrail, AWS CloudWatch, and Amazon Inspector. Monitoring and recording user activity and API usage, CloudTrail helps to meet compliance obligations and improve the organization’s security posture, while CloudWatch collects monitoring and operational data for on-premises environments and more than 70 AWS services.
The data and actionable insights collected allow Bukhatir’s IT team to monitor applications, detect anomalous behavior, respond to system-wide performance changes, and optimize resource utilization. In addition, an automated vulnerability management service, Amazon Inspector, continually scans Bukhatir’s AWS workloads for software vulnerabilities and unintended network exposure.
Optimizing Costs
“Bespin’s initial mandate was to ensure availability, connectivity, and reliability irrespective of cost,” explains Shaghlil. “Once that was accomplished, we looked for ways to optimize costs—especially for Amazon EC2—and reallocate the savings to other areas.”
Leveraging the powerful machine-learning insights of AWS Compute Optimizer, Bespin’s consultants identified optimal compute resources across Bukhatir’s EC2 instances, including those allocated to Amazon EC2 Auto Scaling groups. The team also disabled several unused services and optimized costs at the infrastructure level using AWS Saving Plans, a flexible pricing model offering savings of up to 72% on AWS compute in exchange for a specific usage commitment over either a one- or three-year term.
RESULTS & BENEFITS
“We initially undertook the migration with a certain amount of trepidation owing to the number of applications and complexity of Bukhatir’s environment,” states Al Aaraj. “However, looking back, I’m amazed at how smoothly everything went. The combined team of AWS, Bespin, and Bukhatir experts worked hard to create a plan that met the project’s goals—on time and within budget.”
Moreover, with a highly-available, scalable infrastructure with separate staging and production environments alleviating operational headaches, Bukhatir’s IT team enjoys the flexibility of provisioning applications on-demand, speeding up the time to value for the business. In addition, by optimizing their costs, they have more money to invest in innovative, high-value projects.
“We’re not done yet. Our cloud readiness assessment identified several workloads that could be optimized with rehosting, refactoring, rebuilding, or retiring and replacing, resulting in significant long-term savings and business benefits for the Bukhatir Group.”
– Hamzeh Shaghlil, Technical Account Manager at Bespin Global MEA
About Bespin Global, an e& enterprise company:
An AWS Premier Tier Services Partner and AWS Managed Service Partner, BESPIN GLOBAL MEA (Middle East and Africa) is a leading provider of automated cloud solutions and consulting services, including cloud adoption, strategy, migration, implementation, Managed Services, DevOps, FinOps and Data & Analytics. Bespin is positioned as a Leader in Gartner’s 2020 Magic Quadrant for Public Cloud Infrastructure Professional and Managed Services, as well as a “Visionary” in Gartner’s 2022 Magic Quadrant for IT Transformation Services.
In late 2022, Bespin Global MEA and e& enterprise formed a joint venture with the aim to assist enterprises in their digital transformation journey and eventually become the largest pure-play public cloud-managed and professional services provider in the Middle East, Turkey, Africa, and Pakistan.
Bespin’s cloud FinOps management platform, OpsNow offers an automated end-to-end solution for customers to effectively manage cloud assets and costs, optimize cloud expenses, and automate the implementation of cloud governance policies across multi-cloud environments.
Email: info@bespinglobal.ae
Address: The Offices 4, #138-139, One Central, Dubai World Trade Center (DWTC)
Telephone: 800 BESPIN (237746)
P.O. Box: 340729
