LaiZy by TC2: A fully managed, Modular AWS Landing zone solution for enterprises
01 - The challenge
01
The challenge
The public cloud, including the market leader AWS, offers a variation of innovative solutions at a low cost and easily accessible on its platform. Companies, whether small startups or leading multinational enterprises, can consider promising cloud use cases.
However, there are common fears that hinder or completely suppress the realization of these ideas and initiatives. Typically, the two main concerns are: can we provide adequate security and compliance guarantees for solutions running in the cloud without risking our business? The other concern is usually about costs incurred in the cloud: can we properly oversee them, are they predictable, and do we have sufficient control over cost elements?
How to maintain proper control in our AWS environment while leaving enough freedom for users? What tools and processes need to be in place to achieve this optimal setup?
In response to these challenges, TC2 has created the LaiZy modular AWS platform solution, utilizing feedback and experience from nearly a decade of project and long-term operational support, working closely with AWS experts.
02 - The solution
02
The solution
Automation: Automated deployment of all AWS resources, components, and configurations from software code Infrastructure as Code (IaC), and any subsequent changes also made from software code. These software codes are versioned, with change requests implemented through an approval process to ensure that the built systems operate with maximum security.
Platform architecture: scalable AWS environment setup, customizable for the client according to organizational units, their roles, and interactions. TC2 takes an active role in designing this together with the client.
Identity and access management: groups and roles, Single Sign-On system, and identity provider integration design and setup.
Security: built-in “security by design” basic security settings in the software modules to minimize accidental configuration errors. Our recommended settings are based on standards tested and applied in enterprise banking environments.
Network design: The established network infrastructure is prepared for hybrid solutions with segmented network and subnet zones, implemented with firewall component set up for layer 3-7 filtering between segments, which is capable of fitting into a zero trust architecture solution, and can connect in a scalable and secure way with other on-premise locations and cloud providers.
Support: Setup of security and operational monitoring tools to support the live operation of business application systems established in or migrated into LaiZy, events to be monitored, and standard action responses (runbooks) for these. TC2 can provide level 1 or level 2 operational support in collaboration with the client’s professional team. Changes are made to the IaC software configurations as part of the operational support.
Operation and managed service: TC2 can also provide the LaiZy solution to its clients at a fully managed level, where maintenance, updating, fine-tuning, and if needed, modification of AWS components, updating and maintaining the IaC code all happen as part of the service, in a transparent, easily understandable form.
Other solutions
24/7 Managed Services
Although AWS platform offers a wide range of managed services, the level of responsibility for operating each of the services varies, based on the AWS Shared Responsibility model.
Migration Acceleration Program
The use of cloud computing and digitalization is a prerequisite for improving the efficiency of business operations, the ability to adapt to market changes, the development of elasticity agility and optimal cost structures.
SAP on AWS
SAP systems play a key role in the everyday processes of many companies worldwide. They require special hardware and extremely high availability being business-critical systems. With the introduction of the SAP HANA database and the retirement of SAP support for alternative databases, it will be essential for hundreds of companies to switch platforms in the next 5-10 years. However, this can be a risky project in a traditional environment because of the magnitude of hardware estimation, acquisition, and lifecycle tracking.