Appvia expedites application delivery, whilst providing cost and security best practices

Appvia enabled Nominet to expedite their delivery timelines, increased their security to CIS standards, provided a continuous deployment solution as well as giving detailed cost insights to help identify cost saving opportunities.

Advanced

FinOps insights

1 hour

Environment creation

100 %

CIS compliance
Solution
Landing Zone
Cloud provider
AWS
Location
UK
Team size
300 people
Project duration
6 weeks

Challenge

Nominet is a world-leading domain name registry that run the ‘.UK’ domain, which is part of the UK's critical national infrastructure, as well as additional high-level domains  including .bbc, .wales and .bentley

Their experience in running one of the largest internet registries has enabled them to use their expertise to develop Protective DNS solutions that meet the needs of National Cyber Security Centre’s (NCSC) Protective DNS (PDNS), securing 6m users across the UK public sector.

Nominet was looking to deliver a major version of their product, with tight timescales and delivery targets to hit. They needed to create a new secure, integrated and scalable set of services to support the application. Due to time constraints and business demand, Nominet looked to outsource the implementation of a Landing zone, (the foundations of a well-architected Cloud that focuses on Security, Cost, Scale, Networking, Policy and more).

The adoption of AWS by Nominet had pre-dated the new Landing Zone approach and required a new way of working that could provide an improved operating model that would increase efficiency for application releases as well as drive operational benefits and cost reductions through simple automation and integration patterns.

How Appvia helped

Appvia provided a modular approach to the various problems, by providing the following:

Cloud Platform Assessment

Allowed us to provide an understanding of how well things were being done against the 6 Well-architected pillars with a roadmap of improvements.

Design workshop

To understand the challenges, requirements, current design patterns and opportunities to modernise and adopt new ways of working.

A multi-account landing zone

Provided the foundations for Security Oversight and Operations, Network Connectivity, Cost Control, Policy, Auditability, Identity and Access management across all of AWS.

Application deployment automation

Provided credential-less CI/CD integration, environment creation and automated release cycles to production. 

FinOps Solution

For Cloud Cost visibility, application insights, custom dashboards per service line, optimisation insights and budget controls.

On-going Landing Zone Support

Provided continual upgrades and service improvements including maintenance.

Cloud Platform Assessment

This focused on reviewing the current implementation and usage of the Cloud against the 6 pillars. We assessed against the following:

1. Operational excellence: how systems are monitored and managed to provide insights that give an understanding of improvements and a way to prioritise.

2. Security: security strategies adopted, security architectures that are in place, controls and reporting around access controls, data protection and continual monitoring.

3. Reliability: how recoverable services are and how they are designed, scalability to meet demand, ability to provide a highly available and uninterrupted service.

4. Performance efficiency: how infrastructure is utilised, design principles surrounding technology choices as well as the ability to scale and optimise through insights.

5. Cost optimisation: ability to reduce expenses, have insights, budgets and report, right-size infrastructure, optimise appropriately and drive down overall cloud costs.

6. Sustainability: an understanding of system design in regards to optimising energy efficiency, reducing waste and leveraging sustainable practices. 

Landing Zone

The landing zone implementation laid the foundations for Nominet to streamline workload isolation and best practices. It set out the structure and ways of working that helped them build and organise policies, networking, access controls, audit, cloud account topologies and compliance. The landing zone was tailored and prioritised in line with the findings from the Cloud Platform Assessment and the Design workshops. The solution leveraged the landing zone accelerator with additional capabilities added by Appvia, to give a more broader set of configurations.

Application Deployment Automation

In order to deliver the new version of the application repeatedly across tenants, Appvia provided a GitOps continuous deployment solution that leveraged Gitlab, Helm and Flux. This provided a repeatable but agnostic way to deliver their containerised applications across Kubernetes cluster environments. Additional security layers were added to ensure the software supply chain was not tampered with and that the application was meeting the security requirements of the business. Appvia built CI pipeline fragments (which are reusable steps within a CI pipeline), that covered building and pushing containers and helm charts to repositories, running tests in ephemeral environments, scanning docker images and ensuring the integrity of built images. Flux then pulled the updated components into the clusters for a fully declarative approach.

FinOps solution

Appvia provided a tightly integrated AWS billing solution, that leveraged live data and tagging information, (enforced by policy and implemented via the landing zone). To enable deep cost insights into the Cloud costs. Dashboards were provided to help organise the information into organisational views such as by application, by line of business, by service and more. This allowed for the relevant role-based access controls to be put in place, so relevant teams can keep track of their spend and use the data to drive down cost savings.

The Outcome

Appvia completed a well-architected review of their existing landing zone and Kubernetes infrastructure. To remediate all findings quickly Appvia built a new multi-account landing zone, all delivered using infrastructure as code with least privileged CI pipelines using GitLab.

In addition, Appvia provided a fully compliant, automated, application release lifecycle as well as detailed cost insights that enabled teams to understand their Cloud costs and opportunities for savings.

Overall, Nominet now has a 100% compliant secure and efficient way to manage its cloud infrastructure and products, which can be applied to the rest of its digital estate, significantly reducing the cost of delivering and operating using AWS.

Throughout the engagement, Appvia provided:

Cross-functional collaboration to define new principles, standards and approaches around

Modern software delivery to cloud native applications

Open pairing sessions with existing team members to limit the need for post-delivery knowledge transfer

Best Practices for code management and cloud automation

Continual support and documentation throughout

Nominet were also able to reduce their cloud spend through leveraging ephemeral environments and having deep insights into where their costs overall cloud spend. This enabled them to forecast more accurately, but identify opportunities for cost savings through reserved instances or right-sizing infrastructure.

Support

Appvia continues to provide support to Nominet in order to update, manage and operate the landing zone implementation and supporting services. From general improvements, engineering questions through to keeping everything delivered up-to-date and secure.  Appvia continues to provide the best level of service it can, in order to seamlessly meet Nominet’s business goals. 

More Case Studies

Browse All
bank of england

Bank of England smoothly migrates to cloud

This is a closely governed, extremely risk averse organisation whose reputation are top priority. They have high-level auditing controls and run primarily on a traditional data centre model.

transport exchange group

How TEG reduced deployment times from 1 week to 1 hour

Appvia enabled TEG to transform their cloud platform in just 5 weeks, accelerating feature delivery, enhancing security, and improving developer efficiency.

cgi

Manage Kubernetes securely across multiple clouds

Founded in 1976, CGI is among the largest IT and business consulting services firms in the world. CGI uses an insight-driven and outcome-based approach to help accelerate returns on IT and business investments.

Speak to an expert

Book a discovery call, see how Appvia can benefit your organisation.

Speak to us

Pricing

Appvia's Landing Zone will provide you with a foundational set of capabilities within a 2-3 week timeframe.

Learn more >

About us

Appvia is dedicated to providing solutions that make public cloud delivery simple and secure.

Learn more >

At the forefront of cloud technology

At the forefront of cloud technology

Product
WayfinderPricing
Cloud
Azure Landing ZoneAWS Landing ZoneLanding Zone Pricing
Open Source
TakoTerranetes
Docs
WayfinderTakoTerranetes
Community
Meetup
Speak to us