Classroom in the Cloud: Brickfields Asia College Optimises its Cloud Environment with Maxis-led Migration to AWS
Over the years, the education industry has come a long way. Today, learners are always connected – whether they are on or off campus grounds. One of the technologies that drive innovation for the education industry is cloud computing, which enables institutions to quickly launch and scale their virtual learning platforms to better serve remote learners.
Brickfields Asia College (BAC) – part of BAC Education Group in Malaysia – took its first step towards digital transformation when it migrated to the cloud in early 2019. Comprising over 25 entities, the group empowers students through a 360° learning ecosystem.
However, reaping the transformative benefits of cloud technology was a challenge for the group. Like 93% of Malaysian organisations surveyed in a 2020 IDC study commissioned by Maxis, BAC struggled to fully optimise its cloud infrastructure.
“We had limited knowledge, with limited resources to recruit an in-house cloud specialist. We knew we needed to enhance our cloud environment, but we simply didn’t know how,” explains Kogilan Yezhuaralai, head of software development at Brickfields Asia College.
Migrating 50 web and mobile applications in two months
BAC realised that our team of cloud experts could step in to fill in the gaps and offer the knowledge and skills required. Several consultations in, we identified BAC’s areas of focus and performed a cloud-to-cloud migration to Amazon Web Services (AWS). Our goal: increasing automation, tightening security, and optimising costs on the best-fit infrastructure.
In two months, BAC migrated about 50 web and mobile applications for online learning and student management systems to AWS, with over 30 applications managed by Maxis and the remainder by BAC.
“With Maxis’ help, we achieved our cloud-to-cloud migration in just two months, with the right security configurations in place. Plus, we gained a good understanding of how our infrastructure works in that timeframe. When we were managing our previous cloud infrastructure, we were still trying to solve issues with our configuration even after a year from migration,” says Kogilan.
Security a persistent digital priority
Security remains a top concern for Malaysian organisations, with only 8% of companies surveyed in the same IDC study employing an end-to-end security solution. BAC was battling a barrage of malware attacks on its main domain – bac.edu.my – which unfortunately, with only three letters in the domain name, is an easy target for hackers.
BAC’s IT team consists mostly of developers who specialise in creating applications rather than building a security perimeter in the cloud. Kogilan and his team appreciated how the security setup process was less complicated on AWS. “The ease of use was a big advantage to help our development team level up their security skills,’ he shares, ‘and Maxis taught us how to build a security system around our particular applications.”
To secure the BAC domain, we introduced AWS Web Application Firewall (AWS WAF) filters and set rules for what type of access is allowed to each page on the BAC sites. We prevented external networks from accessing BAC’s internal network using Amazon Virtual Private Cloud (Amazon VPC) and AWS Virtual Private Network (AWS VPN) solutions. Plus, for an additional layer of security, we also set up cloud-native security groups at the subnet level as well as a network access control list (ACL) to provide network protection at both server and network subnet levels.
We also introduced Amazon CloudFront as a secure content delivery network (CDN) for BAC sites. The CDN includes out-of-the-box defence against DDoS attacks while enabling a smoother web browsing experience, thanks to an added web content caching layer. Since beginning the migration journey to AWS, BAC has experienced 70% fewer brute force attacks on its sites. DDoS attacks have fallen from 190 per month in the quarter prior to migration to zero in the current quarter (Q2 2021).
Increasing automation saves resources
Before consulting our team, BAC was building its own tools and writing many custom scripts to execute tasks on its backend system. A focus area of the migration was boosting automation to reduce manual efforts required for backups, monitoring, patching, and system administration.
With our guidance, BAC created a versatile template for its 43 virtual machines that it can launch based on task-specific instructions. BAC estimates it is saving at least one full-time headcount with all the automation in place. Its IT team of seven includes just one AWS cloud engineer to manage all 43 active virtual machines.
BAC is using AWS Config and AWS Systems Manager to connect to their centralised AWS Console and execute automation scripts. The IT team used to have to access each server to maintain scripts and schedule maintenance jobs, whereas now they have a single pane of glass for administration, recording, and automation.
Backups are no longer a pain point and have increased in frequency on AWS. We recommended BAC perform backups of images every four days rather than once a month, which was the practice the team was following with their previous cloud provider. BAC also now benefits from two rather than one layer of backup, including a layer to automatically extract key files for more frequent backup. Retention policies are set and automatically executed using AWS Backup.
Adjusting server specifications to boost utilisation rates
In evaluating BAC’s AWS cloud architecture, we found that many servers were only being used at 20–30% of capacity, which was driving up cost unnecessarily. Together with BAC, we adjusted the server specifications to improve utilisation rates. Key to this was balancing compute-heavy versus memory-heavy instance types according to workload demand.
“With our previous provider, we were overprovisioning servers to get the speed and performance required. When we moved to AWS, we reset the instance sizes and saved cost for the same performance by tuning the virtual machines to our particular application needs,” says Kogilan. BAC is saving 62% on its monthly cloud bill as a result of the optimisation exercise.
And because we are an AWS partner, BAC benefits from direct billing from Maxis that consolidates its cloud, networking, internet, and mobile charges each month. Bills are issued in local currency, which adds convenience and streamlines the monthly reconciliation process for BAC Group’s finance division.
Instilling confidence in cloud operations
On one occasion, BAC hit a wall when a development server shut down right before a major ad campaign. “Maxis was on the phone with us at 12.30 a.m. providing their guidance. With their advice, our servers were up and running within 24 hours and we launched our campaign successfully,” says Kogilan.
While the team at BAC can count on us anytime, we worked to ensure BAC’s team has the confidence and skills required to manage their cloud infrastructure independently. We provided documentation that is regularly updated as a cloud-operations manual that developers and engineers can reference at any stage.
“Maxis was the technology catalyst that pushed us forward, enabling our team to sprint faster. We have greater peace of mind knowing that our technology backbone is secure and optimised,” says Kogilan.