Kainos Smart is a Software-as-a-Service automated testing product implemented specifically to make Workday testing easier and quicker. Kainos Smart has been a major success and is delivering huge value to our customers on a daily basis. The growth and success of the product would not have been possible without the foundations of a strong cloud infrastructure provider.
In the early days of Kainos Smart, we decided that we could not compromise on performance and scalability of our product. However, even more important to us was the security and privacy of the data processed and stored within the product. Before making any design decisions, we listed key non-functional requirements that Kainos Smart must meet. These were:
- Security – All data uploaded to Kainos Smart must be kept secret, rigorously protected at the both application level and infrastructure level, our cloud provider must have a very good security reputation.
- Resiliency & High Availability – All Kainos Smart servers must have redundancy and be actively monitored for failures. Should a failure occur it was essential that the cloud provider must automatically start a new server without manual intervention of Kainos Smart DevOps team.
- Scaling Out & Cloud Bursting – Kainos Smart must respond to increased load and react automatically to ensure that a consistent, high level of service to all our customers.
Kainos Smart was required to handle thousands of test runs at on a regular basis, and much higher volumes at peak regression test periods when Workday release major updates.
- Multi-tenancy, Data Segregation, and Data Governance – All Kainos Smart customers must use the same version on the product, on shared infrastructure. Multi-tenancy meant that data would need to be segregated at the database and file storage level.
In addition, Kainos Smart customers would need to be able to select a data jurisdiction in which they wish to have their tenant running, therefore our cloud provider would need to provide data centres in the US and EU regions, at a minimum and both regions must have exactly same features, follow same standards, and implement same security mechanisms.
During the rigorous assessment of cloud providers, our cloud architects concluded that Amazon Web Services (AWS) ticked all the boxes. AWS is a market-leading, global cloud provider. Kainos Smart has been operating for two years on AWS infrastructure and have never had any doubts that AWS was the right choice for us. Let’s explore how AWS met our non-functional requirements.
Security & environment management
We were pleased to see that AWS took security as seriously as we do. The AWS security credentials are very strong (including numerous accreditations including SOC2, HIPAA and PCI). We regularly review the AWS SOC2 reports to ensure that our high security expectations continue to be met.
Kainos Smart utilises AWS Virtual Private Clouds (VPC). Using AWS features, we were able to restrict access to VPCs using a number of measure including IP address restrictions and multi-factor authentication.
In addition to physical security provided by AWS, Kainos Smart uses the latest enterprise security standards. For example we have implemented sophisticated encryption algorithms to secure data in both transit and at rest.
It should be also noted that Kainos Smart undergoes rigorous external security audits on a frequent basis, targeting application and infrastructure security.
Data governance, multi-tenancy, and data segregation
Kainos Smart currently offers our customers the choice of deployments in two regions, United States and European Union, with AWS VPCs in each region.
All Kainos Smart customers (within a region) are all using the same version of the product on shared infrastructure. Kainos Smart is designed and implemented to be tenant-aware.
Data segregation is implemented at a database schema level and at file storage, which is implemented using Amazon S3 features. In addition data is encrypted using tenant-dedicated encryption keys.
Resiliency & high availability
Inside our VPCs, all our servers are configured to use Auto Scaling Groups (ASG). This ensures that all Kainos Smart servers are redundant and actively monitored for failures. If a failure occur, AWS automatically starts a new server. An example of this in operation is the Kainos Smart Web Application servers. These are all registered behind an Elastic Load Balancer (ELB) which, in a round-robin fashion, forwards user requests to the web application servers. When a malfunctioning web application server is detected, all traffic is automatically redirected to a redundant server without losing any user sessions. At the same time, our Auto Scaling Group (ASG) will start a new web application server to replace the malfunctioning server. This ability to react automatically helps us meet our availability SLAs.
Scaling & Cloud bursting
Another advantage of using Auto Scaling Groups is, as the name indicates, the possibility to scale out (add) and scale in (remove) servers based on system load. This is achieved by using Auto Scaling Groups with specifically fine-tuned system usage metrics. Thanks to this, Kainos Smart is fully reactive system and responds to load accordingly. All the scaling activities happen transparently to the end users, meaning we can seamlessly handle peaks in our customers testing activity, particularly around major Workday releases. Use of ASG not only allows us to provide better experience for our customers, but also reduces cloud infrastructure costs.
Kainos Smart environments require very little management thanks to the use of Amazon Cloud Formation. Amazon Cloud Formation is a service which allows one to define a complete Amazon cloud infrastructure in an executable template. Thanks to using Amazon Cloud Formation, provisioning the Kainos Smart cloud environment is fully automated, repeatable, reliable, and fully monitored.
Kainos Smart is a true SaaS solution with a very strong focus on security, resiliency, high availability, scaling & cloud bursting, multi-tenancy & data governance at the heart of the product. These features are key to providing a product that our customers can trust, that continually delivers a high quality service. All this is possible because we have expert cloud architects utilising the best features of AWS.