The Nepal Distillery Pvt. Ltd. (NDPL) is Nepal’s leading spirits company with a portfolio of premium brands such as Khukri Rum, Khukri Special, John Bull, Napoleon, Gaule and Old Reserve Whiskey out of which Khukri Rum is an absolute market leader.
The Nepal Distillery needed hierarchical access control on the users and the directory of the on premise servers of the company within their internal network along with secure and scalable object store for their logs and hierarchical information. Their engineering team realised that they had to run Active Directory service along with elastic object store in the cloud and AWS was the best choice for them.
Due to the high availability and scalability in the object store provided by AWS and flexibility of using private network access using Client VPN, The Nepal Distillery chose AWS for their infrastructure. From an architectural perspective, infrastructure, automation, and proximity to the customer were key factors to choose the AWS.
Being the one and only advanced AWS Partner located in Nepal, Genese Solutions was chosen for the AWS partner.
Genese Solutions with their certified and highly trained developers and solution architects has been making its name as Advanced AWS Partner of Nepal.
Incorporating a variety of products into the cloud computing platform, solution, as mentioned below, was created:
- Using EC2 for Windows in a VPC.
- Using Active Directory within the VPC for private and secure networking for access control(This setup is also done in a window server).
- Security groups and NACL were used as an additional security measure to restrict unauthorized access to the server.
- Using S3 for object-store and backup. S3 was set up with intelligent tiering which allowed optimizing storage costs automatically when data access patterns change. This feature from AWS comes without any operational overhead.
- Data on S3 was secured using S3 bucket policies. Policies gave access to specific folder access to specific dept and users.
- And using Site to Site VPN for accessing the AD and Servers within the VPC. AWS Site-to-Site Virtual Private Network allowed to enforce your security and compliance standards and enables you to establish tunnels without having to change timer settings on customer gateway devices and much other security.
- Using IIS as a web server in the internal network along with MS SQL server in the EC2 Server for local database store.
- MS SQL database to manage OwnCloud Server. Owncloud server is used to set the S3 permission for users. MS SQL is used to save the policy for the users.
Result And Benefits
In searching for a cost-effective cloud architecture solution, The Nepal Distillery was particularly drawn to several AWS features. Using the best practices the complete solution to the problem was provided using the Active Directory and other services to give them fully functional desired product. Using AWS services the overall cost of the product was reduced by 10% and was found to be more secure and effective in implementing the product in the cloud.