Designing a Cutting-Edge Solution for Diebold Nixdorf

To support Diebold Nixdorf in their ambitions, CloudNation partnered up with them to make their organization more scalable and secure.

The Challenge

The Diebold Nixdorf team approached us with a specific task: designing a top-notch, scalable, and secure solution for their retail applications on Amazon Web Services (AWS). Previously, their applications were hosted on Virtual Machines within a private hosting environment. Our challenge was to migrate and modernize their infrastructure, simplifying it whenever feasible, while strictly adhering to contemporary security standards. We aimed to incorporate measures like vulnerability scanning for workloads to ensure optimal security. Additionally, it was crucial to guarantee that all loads were efficiently managed within the agreed Service Level Agreement (SLA) processing times.

The Tech

Our initial priority was to containerize the application. In order to ensure a reliable process for building containers and making them accessible on AWS (or Azure, if needed), we made the decision to utilize Harbor. This allowed us to build containers directly from the customer's code repository in Azure DevOps and seamlessly push them to an AWS ECR repository within the "Shared" Account.

Choosing Harbor to manage and push artifacts enables Diebold Nixdorf to remain cloud-agnostic with their container pipelines. The team can now deploy to different platforms in similar manners, which is perfect, given that Diebold Nixdorf hosts applications on both AWS and Azure.

To cater to other accounts requiring specific containers, we granted them access to the corresponding container repository. This ensured that we deployed the precise container to the TST environment initially, and subsequently to the Staging and Production environments based on specific tags. Whenever a new container image was pushed, an AWS CloudWatch Event was triggered, automatically initiating the deployment of the container to AWS ECS in the appropriate account and environment, as dictated by the attached tags.

AWS ECS was configured to use a range of families and types of EC2 spot instances as hosts, with CloudWatch alerting set to scale up and down automatically based on SQS Queue depth (yes, the application was decoupled! This made everyone’s life so much easier). All in all, the solution is robust while keeping costs limited, saves time in the day-to-day workload, and adheres to customer SLA’s, all while keeping track of the security of the environment and applications.

Security First

Maintaining a strong security posture was a paramount consideration throughout the design and implementation process. It was crucial for the Diebold Nixdorf team to have continuous visibility into any vulnerabilities within their containers and AWS Landing Zone, promptly receiving notifications whenever any anomalies arose. To ensure adherence to both current and future AWS and CIS best practices, we implemented AWS Security Hub and successfully onboarded the accounts within the organization.

For effective vulnerability management and threat detection, we chose to integrate Orca Security into the AWS Landing Zone. Subsequently, we configured both Orca Security and AWS Security Hub to send alerts to the Diebold Nixdorf team using PagerDuty. The advantage of PagerDuty lies in its ability to accommodate multi-team configurations, each with its own specific timeslot configuration. As a result, the team no longer needs to worry about incident response management, as the responsible team is automatically notified during their designated timeslots.

Diebold Nixdorf smoothly transitioned to AWS, gaining notable advantages such as enhanced resource management, enabling them to dedicate more time to development efforts and reducing the need for resource maintenance. Their overall security posture has significantly improved, resulting in quicker response times to incidents. Diebold Nixdorf and AWS are a great match, and it is evident that this partnership will continue to flourish in the years to come.