Merge Validates Well-Architected AWS Infrastructure and Strengthens Security Posture by Turning to Avahi

Case Studies >
Merge Validates Well-Architected AWS Infrastructure and Strengthens Security Posture by Turning to Avahi

About Client

Merge

Merge offers unified application programming interfaces (APIs) that authenticate, normalize, and sync data across API providers so SaaS companies can easily offer multiple integrations to their customers. Developers can integrate once with Merge to offer a full category of integrations and easily maintain integration health. The Merge solution set focuses on integrating applications for human resources, payroll, directory systems, applicant tracking, accounting, project management, help desk, and CRM.

Taking on a New IT Project with Limited Internal Resources

As Merge was about to launch a new service to help customers search for data by migrating the application from development to Amazon Web Services, the company also wanted to find ways to reduce the cost of its cloud environment. As a first step, the senior leadership team decided to take advantage of the AWS Migration Acceleration Program (MAP), which is based on the experiences of thousands of AWS customers who have migrated applications to the cloud.

Completing MAP was important for Merge since the program provides tools that accelerate migrations and reduces AWS costs. AWS also offers credit incentives for completing the program. A key requirement for customers involves validating that their cloud infrastructures conform to the six pillars of the AWS Well-Architected Framework—encompassing design principles and best practices relating to operations, security, reliability, performance, costoptimization, and sustainability.

“Having managed our AWS environment for nearly two years, we knew our architecture was in good shape, and we have the skills to take on a project like MAP on our own,” says Mark Hinkle, a DevOps Engineer for Merge. “However, AWS technologies are not our core focus. We prioritize how we use our resources and focus our developers and system engineers on other IT projects.”

As Merge planned the migration of the data search application and how to achieve the requirements of MAP, Hinkle knew infrastructure security would also be a challenge. “Our APIs connect to applications handling client data, and much of that data is sensitive,” says Hinkle. “We need to make sure access is limited to authorized users only.”

Avahi Demonstrates Patience and Adaptability

For help in completing the AWS Migration Acceleration Program and ensuring the security of its cloud infrastructure, Hinkle first turned to AWS. AWS recommended Avahi Technologies as a partner with vast experience in working through the nuances of MAP and the six pillars of a Well-Architected Framework.

“We were immediately impressed—not only with Avahi’s ability to understand and present a game plan for solving our challenges, but also their ability to establish a strong rapport with our team,” says Hinkle. “They gave us confidence with their general coding and AWS expertise, and we could tell they had the patience to adapt to our unique needs and deliver what we needed.”

An example of the patience Avahi demonstrated emerged when working through the issue of how to secure the Merge AWS environment. “There were permissions issues for each of our clients,” Hinkle explains. “Avahi dived right in and diligently worked their way through, setting up the precise access that was required to protect customer data.”

On Track to Achieve a Well-Architected Framework

Avahi verified that the Merge AWS environment was designed and deployed correctly and capable of providing a highly-available service that can scale as customer demand increases. The Avahi team then advised on configuration changes to build a multi-tenant environment infrastructure that meets defined security standards and best practices to protect personal information.

These efforts set Merge on a course to conform to the six pillars of the AWS Well-Architected Framework. “The framework imposes a lot of requirements that can be difficult to meet, but Avahi provided excellent advice to follow on how to get through everything,” Hinkle says. “We were able to confirm that the coding in our environment is in good shape before our infrastructure becomes more complex as our company grows and the compute resources we require increase.”

Avahi also refactored the code base and reorganized the infrastructure-as-code set-up so applications can run in modular containers. This makes it easier to manage the application and improve app components faster, such as APIs. “We’re also able to apply a higher granularity of security controls, Hinkle adds.”

Another area in which Avahi assisted was identifying a resolution for a hierarchy arrangement issue involving the Merge organization root account—the top-level parent node that contains every Merge AWS account. Hinkle was already aware of the issue, but with Avahi’s help, Merge imported the workload account into the root account.

Simplified Environment Requires Less Time to Manage

“By separating the code into manageable modules, it makes it easier for us to work on and deploy updates to our search application,” says Hinkle. “We also have the ability to version the code so we can deploy different versions to different environments and not be forced into an all-or-nothing type of deployment situation.”

Modularizing the code also facilitates compliance with privacy policies and regulations because it allows Merge to implement security scanning on the code. The modular pieces can be automatically scanned during development and testing anytime that a code change occurs, and then the scanner can surface issues before the code is deployed into production. “This would be difficult if all the code was maintained in a central repository and mixed in with other pieces of code,” Hinkle explains. “It’s much easier to scan small code modules.”

With the infrastructure aligning to the AWS Well-Architected Framework standards, Merge can efficiently monitor compute resources and adjust them according to what the application workload needs over time. Merge has also established a performance baseline, and depending on how much the environment grows from that baseline and reaches projected minimums, AWS offers additional discounts for compute usage beyond those minimums. This will give Merge additional cost-optimization measures. Hinkle adds that it will also now require less time for the internal team to manage the AWS environment. “That’s because the infrastructure is less complex,”

Hinkle says. “By separating our accounts into multiple siloed accounts, it’s easier to apply security rules and manage who has access to resources because they’re more clearly defined. This feature will be a key benefit to our customers.”

A Partner Who Focuses on Solving Issues Rather Than the Bottom Line

In assessing the value Avahi delivered on this project, Hinkle says he’s been in situations where partner resources have been much less patient. “They tend to be bottom-line oriented, and any minute that they aren’t billing is a problem,” Hinkle says. “But Avahi is a refreshing change. They care more so about solving the issues we are facing.”

Hinkle also points out that the company’s efforts are a bit forward-looking in that the AWS environment is still in its early stages. Having previously worked in much larger AWS environments, Hinkle knows it can take a lot of time to manage the infrastructure—if the IT team does not establish a solid foundation early on that functions efficiently.

“Avahi has helped us achieve our goal to prevent our cloud infrastructure from taking up too much of our time as can happen when environments grow quickly without the proper standards in place,” Hinkle says. “Organizations can also spend a lot of time working around exceptions to the norm that are allowed to creep in within an environment with less well-defined boundaries. We want to prevent that from becoming an issue, and Avahi has provided a big assist in making sure we are on the right path.”

Key Challenges

  • Reduce cloud platform costs.
  • Validate cloud environment meets the requirements of the AWS Well-Architected Framework.
  • Ensure sensitive customer data remains secure.
  • Keep internal resources free to focus on other IT initiatives.

Key Results

  • Confirms infrastructure follows best practices for operations, security, reliability, performance, cost-optimization, and sustainability.
  • Verifies infrastructure will maintain and scale performance as the company grows.
  • Streamlines application code updates.
  • Limits access to customer data to authorized users only.
  • Enables the company to take advantage of AWS credit incentives.

Architecture Diagram

Merge
San Francisco, California
Software, API Integrations.
AWS EKS