eCommerce Group Completes Major Infrastructure Migration
How our approach to radical transformation of customer-facing infrastructure caused no downtime and a successful Christmas trading season
Executive Summary
A major e-commerce group working with Threatplane combined competent project management, careful security engineering and staggered planned rollouts allowed key customer-facing infrastructure to be radically changed with no operational disruption, leading to a successful Christmas trading season.
Customer Profile
Company Overview
Industry: eCommerce Retail
Geography: UK-based with global operations
Company Type: Major Online Retailer
Project Scope
Properties: 279 Domains
Infrastructure: AWS
Downtime Tolerance: Zero
The Challenge
Our customer needed to migrate customer-facing infrastructure, hosting 279 unique DNS domains for multiple brands, TLDs and alternate names, from a legacy WAF to new WAF services in AWS. The criticality of the traffic to these domains and proximity to peak trading periods meant success was paramount.
Business-Critical Availability
As a pure online retailer, any website downtime directly impacts revenue. During peak seasons, even minutes of downtime could cost hundreds of thousands in lost sales.
Complex Domain Portfolio
279 distinct domain names across various brands and aliases, with two dozen domains carrying majority revenue concentration.
Solution Overview
Comprehensive Project Management
We worked closely with the customer to carefully plan every aspect of the migration.
- Full project plan agreed with customer at outset
- Each domain risk-assessed and prioritised accordingly
- Layered contingency strategy provided strong assurance of success and prompted careful, lean planning
- Testing and preparatory work front-loaded to anticipate and manage all delivery risks
Controlled Migration Sequence
Every step was carefully designed to fail fast and deliver safe outcomes for customers, even in the event of failures.
- Migration & validation process automated to ensure complete consistency and speed of cutover
- Sample of domains tested with baseline WAF rulesets and new rules crafted to resolve incompatibilities ahead of time
- Blue/Green approach to enable fast fallback in the event of issues
Security Capability
The customer gained a modern, performant, flexible WAF capability running on new AWS infrastructure at minimal cost uplift. We also added new features to the deployment, including:
- OpenSearch based SIEM platform to analyse and triage packets dropped from the WAF
- Efficient tiered storage solution to minimise use of hot storage while permitting queries against older data
- Processes to quickly disable or configure particular WAF rules in the event of disruption of legitimate traffic
Results & Impact
Zero Revenue Impact
Perfect availability throughout entire 279-domain migration process
- No downtime or revenue loss
Complete migration success
- Seasonal readiness
All migrations completed before peak periods
Enhanced Security Posture
Modern responsive controls and AWS WAF V2 significantly improved threat protection
- AWS WAF V2 early adopter
Advanced security capabilities
- Improved reliability
Better performance and stability
Operational Excellence
All deliverables completed on time and within budget despite complex requirements
- Testing infrastructure value
Ongoing operations benefit
- Process improvement
Infrastructure-as-code practices established
Customer Perspective
"Threatplane delivered exactly what we needed when we needed it most. Managing 279 domains with zero revenue impact required incredible expertise and planning. The testing infrastructure they built continues to be invaluable for our ongoing operations."
Chief Technology Officer, Major e-commerce group