Next Level DevOps: Using Automation to Build Integrated Solutions
One of the challenges of implementing new technology is integrating these new systems with existing systems. Infiniti’s goal is to keep an open dialogue between our team and our clients' teams to support the needs of each specific organization. By understanding and adhering to project requirements, along with leveraging the decades of technical knowledge garnered by our experts, Infiniti is capable of providing clients a custom DevOps experience to meet the needs of their specific organization. Infiniti’s development of the AWS Account Creation Portal is a strong testament to our DevOps capabilities.
In 2017, California State University (CSUN) decided that it was time to begin migrating their systems to the AWS Cloud and requested that Infiniti facilitate this process. As a best practice, each of these systems was to be separated into discrete accounts within AWS. While from the outside this may seem like a simple process, an educational organization such as CSUN has several moving parts that must each work together to ensure that students, staff, and technical administrators are able to get tasks done and access information.
To simplify this process on the front end, CSUN utilizes a Single Sign On (SSO) protocol which allows staff to log into separate systems with the same login credentials rather than having to create new credentials for each system. Infiniti was to integrate this SSO protocol with the AWS account creation process to automate the process for staff members based on their SSO credentials. This streamlined automation process allows staff to save the time and expertise required to manually create and setup new AWS accounts every time they need one.
By utilizing their SSO, CSUN staff are now able to automatically create AWS accounts through the AWS Account Creation Portal which, on the backend, allows users to use their existing campus accounts without the need for separate AWS Admin accounts. Users are able to use their existing campus accounts both to use the portal to create the AWS account and then to access the AWS account which will allow department staff to provision their AWS services (compute, storage, networking, etc.). In this architecture, Infiniti has taken DevOps automation and infrastructure as code to the next level: we are using automation scripts to build new AWS Accounts with SSO integrated.
The person creating the account enters a purchase order number and subsequently chooses their own name for the account. The Portal creates accounts using a flat structure in AWS Organizations. Each account is tied to a PO number. The logic will also automatically add the accounts into the AWS Organization so that group policies (if desired) can be applied and billing information can be consolidated (if required). AWS Organizations provides functionality for large organizations that have organizational hierarchies which is the case with CSUN.
Two AWS servers with LAMP stacks (Linux, Apache, MySQL, and PHP/Python/Perl) were provisioned; one to host OpenConf app and the other to host the Universal Design Online Content Inspection Tool. These environments were setup with automation scripts created by Infiniti which can then be reused to create additional LAMP environments.
By leveraging the experience of our DevOps experts, Infiniti was able to successfully facilitate the migration of CSUN’s systems to the AWS Cloud where they can take advantage of AWS’s security and back-up/restore capabilities and also integrate with CSUN’s critical SSO protocol.
AWS Services utilized within project:
• Route 53
• Multiple AZ’s
• Trusted Advisor
• Data Pipeline
3rd Party products/tools:
• Microsoft Team Foundation Server
• Palo Alto Networks
• AWS SDK
• Microsoft AD
• Microsoft Windows