10 Key Digital Infrastructure Considerations

Cognizant 20-20 Insights

April 2020

Digital Systems & Technology

10 Key Digital Infrastructure

Considerations

As digital becomes ever-more essential to revenue growth and market

relevance, its underlying infrastructure must be made as ecient as possible

if digital is to realize its true potential. By prioritizing foundational technology

modernization and simpliﬁcation, organizations can accelerate their

transformation into the digital era.

Executive Summary

For businesses gearing up to embrace digital

transformation, applying traditional infrastructure designs

or patterns can prove detrimental. Any well-architected

application architecture needs to carefully consider

advancements in the infrastructure space and leverage

them to be truly eective.

While there are numerous issues to work through, what

follows are 10 key infrastructure considerations for digital

transformation projects. Please note that while this

white paper focuses on Amazon Web Services (AWS),

organizations can apply similar services provided by cloud

service providers such as Microsoft or Google based on

the cloud platform of their choice.

2 / 10 Key Digital Infrastructure Considerations

1 Continuous improvement is key

As the delivery of new iterations of applications

becomes increasingly crucial, applying the DevOps

construct of continuous delivery (CD) needs to be at

the heart of the application design. CD determines

the speed at which organizations can respond to

threats, risks and opportunities.

For more, read our white paper, “Continuous

Integration and Continuous Delivery to Facilitate

Web Service Testing.”

AWS services such as CodeBuild, CodePipeline,

Elastic Beanstalk and CloudFormation can play

a pivotal role in ensuring faster, more consistent

delivery of the application.

2 Consider being serverless

Wherever possible, consider using serverless

architectures in application design. Leveraging

content delivery network services such as Amazon

CloudFront helps in delivering content (static and

dynamic) to end users worldwide with minimal latency.

Utilizing a combination of AWS services such as

Simple Storage Service (S3), API Gateway, Lambda

and DynamoDB/Aurora to host completely serverless

web applications on the cloud can reduce costs

and eorts while providing excellent availability and

durability. Compared to the traditional approach,

using services such as S3, CloudFront and Lambda

can reduce the eort (and thereby costs) needed to

build and manage multiple app/web servers.

3 Advocate loose coupling

Adopt loose coupling in the application architecture

to ensure that dependencies between the application

tiers/components are minimal. Achieving loose

coupling will enable dierent tiers/components to

scale independently based on the demand. Simple

queue services (SQS) makes it easy and cost-eective

to decouple application components.

When loosely coupled applications (such as web tiers,

Hadoop, Stateless applications, etc.) leverage Spot

instances, it improves the application’s robustness

while also reducing costs signiﬁcantly. As a best

practice, one can have a script that will run every

minute or so to check for the two-minute-warning

received for Spot instances and remove the instance

from elastic load balancers (ELB) accordingly. Using

batching with SQS will signiﬁcantly reduce costs while

improving throughput.

Thinking about failure while architecting the application will result in

the consideration and inclusion of resilience and recovery strategies

in the design, bringing about a much more stable application.

Cognizant 20-20 Insights

3 / 10 Key Digital Infrastructure Considerations

4 Think about failure

Thinking about failure while architecting the

application will result in the consideration and inclusion

of resilience and recovery strategies in the design,

bringing about a much more stable application. For

example, consider using multiple availability zones or

even multiple regions if required.

Using Elastic IPs will allow the application to failover

gracefully. Compared to traditional databases, fully

managed databases such as DynamoDB and Aurora

can enhance availability, durability, throughput and

cost savings.

5 Prepare to let go

Consider the various platform-as-a-service (PaaS)

and software-as-a-service (SaaS) oerings from the

application/cloud hosting vendors.

This can lead to performance optimization or make

it the least of your concerns. Using services such

as DynamoDB and ElastiCache in the application

design eliminates the need for dedicated server

setup and conﬁguration.

Also, using services such as Amazon Relational

Database Service (for horizontally scaling the

database tier) and Elastic Load Balancing will go

a long way toward achieving the desired level

of scalability while satisfying other operational

requirements.

6 Monitoring drives performance & availability

Continuous monitoring of applications can have a

profound impact on the performance and availability

of applications. AWS Conﬁg enables IT organizations

to assess, audit and evaluate the conﬁgurations of

the resources. If any of the Conﬁg rules are triggered,

AWS Conﬁg invokes the rule’s Lambda function

deﬁned to simplify compliance auditing, security

analysis, change management and operational

troubleshooting.

Integrating monitoring (CloudWatch) with services

such as SQS, simple notiﬁcation services (SNS) and

Lambda helps identify and remediate issues at a

very early stage, preventing failures, breaches or

downtime.

Cognizant 20-20 Insights

Consider granting access by roles instead of individual

users. Along with securing data at rest, architect the

application to secure data in transit, thereby

moving toward end-to-end security.

4 / 10 Key Digital Infrastructure Considerations

Cognizant 20-20 Insights

Consider using tools such as cost calculators, detailed billing reports

and trusted advisor recommendations to understand cost savings

and stay on top of spending.

As application logs can often hold sensitive information, it is crucial

that they be stored in a secure location with access restricted to

auditing/incident response teams. Consider storing logs in an S3

bucket with access allowed through IAM roles for auditing accounts.

7 Security is sacrosanct

Block access by default and implement defense in

depth. Consider granting access by roles instead of

individual users. Along with securing data at rest,

architect the application to secure data in transit,

thereby moving toward end-to-end security.

Avoid using access keys and never create access

keys for the root account. If the organization uses

access keys — public key and private key — consider

designing the application such that these values

can be passed as parameters while accessing the

application through an application programming

interface rather than storing the private key as a

part of the application’s source code repository.

Incorporating multifactor authentication can provide

an additional layer of security. Deﬁne a process to

change access keys on a regular basis and delete

unused ones.

8 Logging to improve compliance

Logging can provide organizations with actionable

intelligence when responding to requests or even

attacks. At times, logging can come in handy when

responding to regulators. Although logging is

predominantly used for troubleshooting errors or

performance issues, logs have evolved to become

the primary source of information about events

related to application security.

As application logs can often hold sensitive

information, it is crucial that they be stored in a

secure location with access restricted to auditing/

incident response teams. Consider storing logs in

an S3 bucket with access allowed through identity

and access management (IAM) roles for auditing

accounts.

5 / 10 Key Digital Infrastructure Considerations

9 Prioritize cost optimization

Identify and eliminate costs where possible. Cloud

platforms are best suited for exploratory approaches

because organizations only pay for what is used.

Hosting the development/test/proof of concept

environments on a pay-as-you-go model lowers

costs. Features such as autoscaling can help scale

optimally based on performance and increase the

number of users per application.

For workloads (such as web servers and test

servers), which do not often need to use the full CPU

consistently, use burstable performance instances

(T2) because they could deliver signiﬁcant savings

while providing the capability to burst occasionally

with any simultaneous spikes in usage. Consider

using tools such as cost calculators, detailed billing

reports and trusted advisor recommendations to

understand cost savings and stay on top of spending.

10 Load balance wisely

Achieve segmentation while reducing the number

of ELBs by using application load balancers (ALBs).

NGINX or NGINX Plus can come to the rescue if

caching or multiple load balancing methods are

required (as ELB/ALB only supports AWS’s Round-

Robin). A combination of ELB and NGINX can also

be used where ELB is primarily internet-facing

and handles secure socket layer termination while

multiple NGINX nodes handle caching and routing

requests to the application servers.

Cognizant 20-20 Insights

6 / 10 Key Digital Infrastructure Considerations

Cognizant 20-20 Insights

Looking forward

Having an IT infrastructure that supports the

business’s digital transformation journey will require

adequate foresight, planning, investment and

innovation. Cloud oerings have been disruptive

in transforming IT from being a cost center to a

business enabler. Addressing the aforementioned

considerations will help organizations avoid many

typical pitfalls or anti-patterns that have undermined

previous digital journeys.

While infrastructure-as-a-service cloud oerings

for compute, storage and database operations can

seem like a good ﬁt in traditional tiered/layered

application architectures, utilizing various PaaS and

SaaS cloud oerings can help organizations deploy

applications based on event-driven or microkernel-

or microservices-based architectures cost-eectively —

and with additional beneﬁts such as agility,

scalability and robustness. As always, evaluate before

committing completely.

About the author

Sudharson Aravamudhan

Senior Infrastructure Architect, Cognizant Infrastructure Services

Sudharson Aravamudhan is a Senior Infrastructure Architect with Cognizant Infrastructure Services. He has

over 14 years of experience in the IT industry and has consulting experience at several leading companies

across numerous industries, focusing predominantly on infrastructure consulting, data center migration,

cloud and architecture. He holds a master’s degree in human resource management from Pondicherry

University and a bachelor’s degree in electronics and communication from Madurai Kamaraj University.

Sudharson can be reached at Sudharson.[email protected]om.

photocopying, recording, or otherwise, without the express written permission from Cognizant. The information contained herein is subject to change without notice. All other trademarks mentioned

herein are the property of their respective owners.

Codex 3520.02

About Cognizant

Cognizant (Nasdaq-100: CTSH) is one of the world’s leading professional services companies, transforming clients’ business, operating and technology

models for the digital era. Our unique industry-based, consultative approach helps clients envision, build and run more innovative and ecient businesses.

Headquartered in the U.S., Cognizant is ranked 193 on the Fortune 500 and is consistently listed among the most admired companies in the world. Learn

how Cognizant helps clients lead with digital at www.cognizant.com or follow us @Cognizant.

World Headquarters

500 Frank W. Burr Blvd.

Teaneck, NJ 07666 USA

Phone: +1 201 801 0233

Fax: +1 201 801 0243

Toll Free: +1 888 937 3277

European Headquarters

1 Kingdom Street

Paddington Central

London W2 6BD England

Phone: +44 (0) 20 7297 7600

Fax: +44 (0) 20 7121 0102

India Operations Headquarters

#5/535 Old Mahabalipuram Road

Okkiyam Pettai, Thoraipakkam

Chennai, 600 096 India

Phone: +91 (0) 44 4209 6000

Fax: +91 (0) 44 4209 6060

APAC Headquarters

1 Changi Business Park Crescent,

Plaza 8@CBP # 07-04/05/06,

Tower A, Singapore 486025

Phone: + 65 6812 4051

Fax: + 65 6324 4051