In connection with the start-up of a completely new business and product project, OnRobot decided to orchestrate a new cloud environment in AWS to develop and operate it. To be sure of having the right foundation, it was initiated with the establishment of the AWS Control Tower.
CHALLENGE
The development of the new product and associated business area already had a great deal of attention and prioritization at the start of the project, both internally and in collaboration with an external partner. This led to a certain pressure for quick execution, but the focus was nevertheless kept very sharp on avoiding hasty decisions or establishing structures that would subsequently deliver inefficiently and require corrections. In key areas such as IAM, governance and compliance, it was especially essential to get it right from the start.
OnRobot used a cloud infrastructure in Azure for its other operations. The new AWS platform had to be integrated with this. To ensure maximum usability and minimal administrative workload with resulting delay of work processes, an AWS SSO (Single sign-on) with 2-factor validation had to be integrated with the existing Azure AD.
It was a priority that not only the establishment but also the subsequent ongoing operation should be cost-optimized.
SOLUTION
The project was carried out as part of AWS’ Jumpstart program with KeyCore as supplier. OnRobot and KeyCore had already been in an ongoing dialogue for some time, but the opportunity to implement as part of the program, where a large part of the funding comes from AWS, meant a shorter path from thought to action.
Specifically, the delivery included the establishment of new accounts, orchestration of Organizational Units (OU) and configuration of user permissions with AWS Control Tower.
AWS Control Tower provides access to one unified platform for management, control and monitoring of AWS multi-account infrastructures with the possibility of configuration and ongoing management of policies for governance and best-practice.
RESULT
From the first initial meeting until the solution was ready for launch, the project was completed in less than a month. At launch, the entire infrastructure was operational with full onboarding and integration of the existing profiles from Azure AD as well as configuration of basic policies.
With the partial funding through AWS Jumpstart, the set-up costs were limited, but benchmarking showed that no competing suppliers or clouds would be able to match the ongoing operating costs, partly due to AWS’s automated ongoing resource optimization.
At OnRobot, the internal IT team had worked closely with the project team from KeyCore and was thus prepared for ongoing handling. However, an agreement on subsequent association with a permanent KeyCore consultant was concluded, as it provides access to local Danish-speaking support from AWS experts with in-depth knowledge of the specific solution.