Ferreira Costa Home Center
About Ferreira Costa Home Center
Ferreira Costa is a Brazilian network of building materials, finishing, decoration, gardening and DIY stores, founded in Garanhuns (Pernambuco) in 1884 by Portuguese immigrant João Ferreira da Costa. The company has six large stores, two in Recife (Imbiribeira and Tamarineira districts), one in Salvador on Avenida Paralela (Bahia), one in the city of its foundation, Garanhuns, another in Aracaju, near the viaduct of the District Industrial de Aracaju, inaugurated in December 2015 and lastly one in João Pessoa, founded in 2019 on Cabedelo road, in the Aeroclube neighborhood. Ferreira Costa's store in the Tamarineira neighborhood of Recife is considered the largest "home center" in the Northeast region of Brazil, with 60 thousand square meters of built-up area.
Ferreira Costa is a local retail lider having more than 5 stores across Brazil. They are also listed as one of Brazil's biggest retail brands related to Home and Services.
The Challenge:
The project was defined as a migration of a SAP environment to AWS. Among others this environment also had an e-commerce solution to be migrated, more than just migrated the customer also complained about monitoring and performance issues to be resolved.
SAP customers with global operations are generally interested in enabling their entire workforce access SAP applications at any time, from any device, and from anywhere. Access at any time is easy to achieve, by making the services to be accessed, available around the clock. Access from any device is a key feature of SAP Fiori, with SAPUI5 capabilities. However, access from anywhere is where the complexity lies, and customers need to consider organizational security policies, performance requirements, existing network connectivity (including its bandwidth and latency characteristics) from branch locations, users mobility, and other considerations.
In this project, we've considered a scenario where the customer is running their SAP workloads on AWS and is interested in providing direct access to SAP applications without significant investments in dedicated network connectivity. We've provided options to address performance challenges for globally accessible SAP Fiori workloads on AWS, and highlight the potential improvements that can be achieved.
What was proposed:
The Ferreira Costa was divided in two phases:
In The first one an assessment was conducted in the specific context of the project, followed by a first implementation. The second improvements and tuning were developed in the project.
- Map and model the entire technology architecture;
- Propose technical migration scenarios;
- Conduct a capacity planning and infrastructure dimensioning study;
- Optimize systems architectures;
- Performance in your application's response time;
- Increased security through encryption in transit;
- Anti DDoS protection;
- Provide specialized support in cloud computing architecture and technology operation.
Technical enablement
Amazon Cloudfront adoption was developed in order to enhance aspects initially related to performance guaranteeing a more fluid use of Ferreira Costa e-commerce. Even though performance was the initial target, after the adoption of CloudFront reliability and Availability were also positively impacted. Other AWS services were integrated into the solution:
- SAP Fiori launchpad accelerated by Amazon CloudFront.
- Acceleration of the SAP OData API calls with AWS Global Accelerator;
- The Application Load balancer (ALB) acted as reverse proxy to SAP S/4HANA. To improve the security posture, we've installed SAP S/4HANA with embedded Fiori in a private subnet, and setup an SAP Web dispatcher in a public subnet;
- AWS Certificate Manager were used to manage the wildcard SSL certificate for CloudFront and Application Load balancer;
- Amazon Route 53 managed the DNS entries required to support the solutions.
- AWS EC2: We are currently running 64 EC2 instances, That are:
- 15 instances are PROD instances running SAP, 4/15 SAP instances are dedicated to the e-commerce;
- 12 instances are QAs instances;
- 17 instances are DEV instances;
- Another 20 instances are used to several other purposes like VPN, Bastionhost and staging;
- AWS CloudWatch: CloudWatch service is enabled to provide infrastructure and services monitoring throughout dashboards and also, events alerts;
- AWS GuardDuty: GuardDuty service is also enabled to support monitoring processes;
- AWS Lambda: Lambda are implemented in order to automate creation of snapshots.
The Outcome and Benefits
AWS Services deployed:
- Amazon EC2, Amazon S3, Amazon CloudWatch, Amazon GuarDuty, AWS CloudTrail, AWS Lambda, Amazon CloudFront.
Customer issues and concerns that have been overcome:
1. Operational excellence
1. Implementation of continuous monitoring with Amazon CloudWatch.
2. Integrated connectivity with high available multi zone (Multi-AZ).
2. Security
1. Implementation of Amazon GuardDuty for intelligent monitoring of infrastructure perimeter.
2. Restriction of external access to the environment, with segregation between private and public subnets for back and front end, respectively.
3. Access to the AWS environment for VPN-only administration.
4. Encryption of data at rest.
5. Encryption of data in transit with Amazon Cloudfront.
3. Reliability
1. Multiple instance nodes, making it possible to balance reading and writing operations.
2. Minimal failover between nodes.
3. Using Amazon Data Lifecycle Manager to implement snapshot-level backups.
4. Automatic backups of the database layer.
4. Excellence in performance
1. Calculation of expected environment demand for rightsizing.
5. Cost optimization
1. The monitored environment, with a continuous flow of monitoring for rightsizing.
Third-party solutions applied:
- Hashicorp Terraform: Infrasctructure as Code;
- Hashicorp Vault: Secrets and key management service.
Key Results:
- AWS managed infrastructure service.
- Professional managed services provided.
- 99.97% availability of the environment.
- 29% increase in response time with Amazon Cloudfront.
- Encryption in transit of sensitive data.
- Protection against DDoS attacks.
Lessons learned:
- The implementation of AWS services, allowed us to focus more on the business aspects of the project.
- Although the planning of projects like this is important, the need for experimentation on the part of the client proved to be fundamental. In this sense, the use of AWS enables a rapid prototyping of architectures.
- Using the AWS Well-Architected framework as a reference helps us to make clear to the customer the value of a good service partner.
Architecture Diagram
About EPI-USE Services for AWS
EPI-USE Services for AWS, recognized as a Next-Gen Managed Services Provider (MSP), offers comprehensive and scalable hosting solutions tailored to the dynamic landscape of AWS. Our team specializes in an array of managed and consulting services that encompass assessment, development, migration, management, and optimization of AWS environments. Our approach to cloud migration is adaptable and client-centric, enabling businesses to transition from traditional server environments to AWS seamlessly and efficiently, with minimal impact on their existing operations.
Our Capabilities and Competencies:
- Managed Services Provider (MSP): As a recognized MSP, we offer comprehensive management and optimization of AWS environments, ensuring operational efficiency and strategic cloud utilization.
- Migration Consulting Competency: We specialize in strategic migration planning, streamlined transitions, and ongoing post-migration support for optimal performance.
- SAP Consulting Competency: Recognized for our excellence in SAP solutions, we streamline business processes using SAP and continually advance our expertise in SAP technologies.
By integrating these competencies, we enable our clients to focus on their core business, ensuring a seamless, secure, and effective digital transformation journey with AWS.
