Bukhatir Group
lifting & shifting orkloads at scale to AWS
Bukhatir Group
lifting & shifting orkloads at scale to AWS
region
UNITED ARAB EMIRATES
COMPANY Type
Group of Comapnies
industry
Construction
no.of employees
5,000 – 10,000+
website
About Bukhatir Group
Bukhatir Group is one of the largest and most diversified conglomerates in the United Arab Emirates (UAE). Founded in 1974, the group expanded rapidly into 23 business units serving nine sectors: construction, education, healthcare, industrial, information technology, oil and gas, real estate, shopping and retail, and sports & leisure sectors. The group’s geographical business domain spans over half the world, including North America, North Africa, and South and West Asia. With over 46 years of experience, the group has more than 5,000 employees and an average annual turnover of over AED 3 billion.
The Challenge
“The Bukhatir Group brought us in to help with their digital transformation. As with most large organizations running their own data centers, they needed to modernize their infrastructure to take advantage of the scale, cost, and availability benefits that migrating to the cloud offers.”
-Wael Al Aaraj, VP of Technology at Bespin Global MEA
Infrastructure modernization encompasses a range of activities to enable business agility and optimize costs, investing in high-value innovation and transformational technologies rather than maintaining monolithic legacy environments. It includes replacing legacy hardware and software solutions, consolidating and rationalizing the infrastructure footprint, migrating to cloud-native systems, and building in automation, orchestration, and telemetry.
“Based on years of experience across different industry sectors, Bespin Global’s digital transformation consultants leverage proven best practices to help customers identify where and how they can make meaningful digital changes to their business. Designed to enable and empower our customers, Bespin’s broad portfolio of digital transformation services incorporates the full-service lifecycle from discovery and strategy to architecture and implementation—complemented by project management, knowledge sharing, and coaching.”
-Wael Al Aaraj, VP of Technology at Bespin Global MEA
The Solution
“Bukhatir’s environment was quite complex, with a lot of legacy applications. If we have the time and budget, we usually identify the optimal migration strategy for each workload, which might entail rehosting, refactoring, revising, rebuilding, or retiring & replacing applications based on a structured approach. However, Bukhatir wanted us to migrate all of their applications to the cloud as quickly and seamlessly as possible, after which they would assess & optimize the environment.”
–Hamzeh Shaghlil, AWS Solutions Lead at Bespin Global MEA
1- Selecting the Right Straegy
After evaluating Bukhatir’s environment using Bespin’s proven cloud readiness assessment, the team decided to leverage AWS’s lift and shift migration methodology, CloudEndure Migration (now called AWS Application Migration Service), due to the number and variety of applications.
Automatically converting any application running on a supported operating system, CloudEndure simplifies, expedites, and automates migrations from physical, virtual, and cloud-based infrastructure to AWS, enabling full functionality while eliminating compatibility issues. During the replication process, applications continue to run with minimal downtime and no performance impact while non-disruptive tests occur in the new environment. After a relatively short cutover window, migrated workloads can run natively on AWS.
2- Ensuring Connectivity
“While using CloudEndure to migrate workloads with sounds relatively simple and straightforward, it’s not, Bukhatir’s environment encompasses many branches spanning different locations and industries. Our challenge was to migrate all of the applications and ensure fast, stable connectivity between AWS and the branches.”
-Hamzeh Shaghill, AWS Solutions Lead at Bespin Global MEA
A further complication was that not all AWS regions support CloudEndure, so the Bespin team had to choose one that best covered the sphere of Bukhatir’s operations, especially considering that CloudEndure’s control plane is hosted in northern Virginia on the east coast of the USA. In the end, they migrated the environment to the Europe (Ireland) region which offered the best balance between availability and performance, with the option to replicate to other regions if required.
Facilitating secure connectivity via VPNs from remote branches and data centers, Bespin set up a shared services cloud incorporating multiple private and public subnets spanning availability zones for maximum availability and security. Simplifying access to Amazon EC2 instances and supporting many AWS services and third-party applications, AWS Active Directory (AD) was implemented to provide a cost-effective and highly-available primary directory in the AWS cloud for managing users, groups, and devices.
3- Amplify Availability
One of the first things Bespin did was split Bukhatir’s infrastructure into two—production and user acceptance testing (UAT)—using Amazon Virtual Private Cloud (VPC) spanning multiple subnets separating Bukhatir’s private, internal applications and Microsoft SQL databases from publicly-accessible applications. VPC is an AWS service enabling users to define logically-isolated virtual networks for complete control over resource placement, connectivity, and security.
Once VPC was set up through the AWS service console, Bespin added Amazon Elastic Compute Cloud (EC2) and Amazon Simple Storage Service (Amazon S3) resources, providing Bukhatir with a reliable platform matching the demands of the workload—including industry-leading data availability and performance. The Bespin team also implemented AWS Transit Gateway to connect VPCs, AWS accounts, and on-premises networks via a single, scalable central hub, simplifying the network and eliminating the need for complex peering relationships.
4- Strengthening Security
Ensuring data protection for Bukhatir’s business, customers, and employees, Bespin secured the environment with AWS Certificate Manager (ACM) and AWS Key Management Service (KMS). ACM eliminates the time-consuming and error-prone manual certificate acquisition process by simplifying the provisioning, deployment, and management of SSL/TLS certificates across applications and websites. KMS delivers a single control point for managing keys and defining consistent policies spanning integrated AWS services and in-house applications. In addition, KMS is integrated with AWS CloudTrail to provide an audit log of key usage.
With Bukhatir’s content delivery network (CDN) vulnerable to DDoS attacks, Bespin implemented AWS Web Application Firewall (WAF) to protect the environment, providing control over which traffic is allowed or blocked according to clearly-defined security rules. In addition, AWS WAF protects web applications and APIs against common web exploits and bots that may compromise security or consume excessive resources, impacting availability.
Bespin also implemented AWS Control Tower, Amazon GuardDuty, and AWS Security Hub for increased protection and visibility. Control Tower offers an easy way to set up and govern a secure, multi-account AWS environment using best practices. GuardDuty is a threat detection service continuously monitoring AWS accounts, workloads, and data stored in Amazon S3s for malicious activity and unauthorized behavior. At the same time, Security Hub is a powerful security tool for aggregating, organizing, and prioritizing security alerts across multiple AWS services.
5- Maximizing Observability
Aligned with the overall AWS strategy and offering simplified operational analysis and troubleshooting of both applications and infrastructure, Bespin replaced Bukhatir’s legacy monitoring tools with AWS CloudTrail, AWS CloudWatch, and Amazon Inspector. Monitoring and recording user activity and API usage, CloudTrail helps to meet compliance obligations and improve the organization’s security posture, while CloudWatch collects monitoring and operational data for on-premises environments and more than 70 AWS services.
The data and actionable insights collected allow Bukhatir’s IT team to monitor applications, detect anomalous behavior, respond to system-wide performance changes, and optimize resource utilization. In addition, an automated vulnerability management service, Amazon Inspector, continually scans Bukhatir’s AWS workloads for software vulnerabilities and unintended network exposure.
6- Optimizing Costs
“Bespin’s initial mandate was to ensure availability, connectivity, and reliability irrespective of cost, once that was accomplished, we looked for ways to optimize costs—especially for Amazon EC2—and reallocate the savings to other areas.”
-Hamzeh Shaghill, AWS Solutions Lead at Bespin Global MEA
Leveraging the powerful machine-learning insights of AWS Compute Optimizer, Bespin’s consultants identified optimal compute resources across Bukhatir’s EC2 instances, including those allocated to Amazon EC2 Auto Scaling groups. The team also disabled several unused services and optimized costs at the infrastructure level using AWS Saving Plans, a flexible pricing model offering savings of up to 72% on AWS compute in exchange for a specific usage commitment over either a one- or three-year term.
End Result
“We initially undertook the migration with a certain amount of trepidation owing to the number of applications and complexity of Bukhatir’s environment. However, looking back, I’m amazed at how smoothly everything went. The combined team of AWS, Bespin, and Bukhatir worked hard to create a plan that met the project’s goals—on time and within budget.”
-Wael Al Aaraj, VP of Technology at Bespin Global MEA
Moreover, with a highly-available, scalable infrastructure with separate staging and production environments alleviating operational headaches, Bukhatir’s IT team enjoys the flexibility of provisioning applications on-demand, speeding up the time to value for the business. In addition, by optimizing their costs, they have more money to invest in innovative, high-value projects.
“We’re not done yet. Our cloud readiness assessment identified several workloads that could be optimized with rehosting, refactoring, rebuilding, or retiring and replacing, resulting in significant long-term savings and business benefits for the Bukhatir Group.”
-Hamzeh Shaghill, AWS Solutions Lead at Bespin Global MEA
About BESPIN GLOBAL
A recognized global leader, appearing in Gartner’s Magic Quadrant for Public Cloud Infrastructure Professional and Managed Services – 2020, Bespin Global MEA is an AWS Premier Consulting and Managed Service Partner, providing state-of-the-art automated cloud solutions & consulting services to businesses in the Middle East and Africa. Helping clients adopt cloud throughout their journey, Bespin Global has the capabilities and experience to assist clients at any stage be it Cloud Strategy & Migration or DevOps & Big Data. Also offering the industry’s most automated and end-to-end cloud management platform in OpsNow, we enable customers to manage their multi-cloud environments through a single comprehensive and insightful platform, providing automated and actionable insights that reduce costs by 30% or more.
- post tags: Amazon Cloudfront, Amazon EC2 Auto Scaling, Amazon Elastic Compute Cloud (EC2), Amazon GuardDuty, Amazon Route 53, Amazon Simple Storage Service (Amazon S3), Amazon Virtual Private Cloud (VPC), AWS Active Directory (AD), AWS Certificate Manager (ACM), AWS CloudTrail, AWS CloudWatch, AWS Control Tower, AWS Key Management Service (KMS), AWS Savings Plans, AWS Security Hub, AWS Transit Gateway, AWS Web Application Firewall (WAF), CloudEndure Migration