cloudRacer
Elevate Your AWS Journey
Your automated AWS Control Hub: a secure, compliant,
customizable, and enterprise-ready landing zone.
Your automated AWS Control Hub: a secure, compliant,
customizable, and enterprise-ready landing zone
You should start your journey to the cloud with a secure and future-proof cloud environment from the very beginning. Few companies start without properly planning their data center, so why should you do it any differently for the cloud? cloudRacer allows you to centrally manage your AWS environment with your accounts and all associated services, and of course based on AWS best practices and our years of experience as an AWS Premier Tier Services Partner.
cloudRacer is our solution for you if you are looking for a well thought-out architecture for your cloud environment and want to automatically create new AWS accounts with predefined and linked services. Compliance and security best practices are always taken into account to continuously and optimally adapt to the latest developments. cloudRacer supports you in setting up different network architectures, of course also with connectivity to your data centers. Thus, you are perfectly prepared for an immediate migration of your workloads to the cloud.
However, cloudRacer is much more than just a software solution. Above all, it is brought to life by our consultants. They discuss with you all topics relevant to your cloud architecture, such as concepts for networks, security and identity & access management. We are happy to adapt our solution to your needs.
Benefits
Centralized control
By using a hierarchical account structure, access permissions and policies can be enforced globally across the organization. A dedicated security account consolidates security information and logs all relevant actions for auditing. Programmatic account provisioning automatically enforces centrally managed features across the customer organization.
Well proven security
By centralizing security and auditing, policies, security breaches can be managed and evaluated. The use of AWS native security features such as Security Hub, Config Rules according to AWS best practices and CIS derived practices enables the highest security standards. The centralized logging of configuration changes as well as accesses allows vulnerabilities to be quickly analyzed and remediated.
Flexible architecture
Depending on the customer size and the existing infrastructure, we can adapt the architecture of cloudRacer. Various forms of network design are already available from our side. The integration of various AWS security services such as Security Hub and AWS Config are available and cloudRacer can also be connected to the in-house identity provider in the IAM.
Well proven functionality
cloudRacer is already being used successfully by many customers. Not only FinTechs use our solution, but also companies from the energy sector and heavy industry rely on our platform. For this purpose, we continuously develop cloudRacer further by our developers together with our customers.
Our Solution
As a best practice, AWS recommends an environment with multiple AWS accounts. Therefore, we divide the accounts into different areas (organizational units):
- Root Account (black),
- “Management” accounts (green),
- Various project accounts (red, orange, yellow).
- Sandbox Accounts (blue).
*see figure
To better structure the multitude of AWS accounts, the AWS Organizations service is used in the root account. This service allows AWS accounts to be organized into organizational units (OUs), shown here as pink cubes. These organizational units allow greater control over the different requirements of individual environments and also provide a better overview with regard to the billing of the AWS costs incurred.
The accounts in the Management(green) organizational unit contain AWS accounts that contain key resources that are important to all other accounts in this multi-account setup. The Shared account contains services that are needed by most accounts in the organization and can therefore be shared through it. The Network account is the central network account, it shares the essential network resources for all AWS accounts. The AWS Audit account serves as the central collection point for relevant log and security data and to monitor the organization’s AWS accounts. If needed, additional management accounts can be created, such as a Monitoring AWS account, which can be used to provide centralized, project-specific monitoring and logging tools such as ElasticSearch (ELK stack), Prometheus, or Grafana.
The different project environments (red, orange, yellow), as well as the sandbox environments (blue) are only exemplified in this figure. The number and structuring of accounts in organizational units can be easily adapted later and do not have to be set up right at the beginning.
Here’s how we do it
Please feel free to contact us for a non-binding consultation. If you decide to use our cloudRacer solution, our tecRacer consulting team will be happy to contact you to arrange another appointment for a first kick-off meeting.
This kick-off meeting serves on the one hand to give our consultants an overview of your needs. On the other hand, the different possibilities cloudRacer offers you and your company will be highlighted and explained. Together you will clarify the organizational, network, security and IAM options that are needed to tailor your cloudRacer solution exactly to your requirements.
After assessing your needs and providing the necessary technical information for implementation, our tecRacer consultants work with you to build your personal cloudRacer solution.
During implementation, our consultants first set up all necessary accounts. Then they integrate security and compliance services in combination with identity and access management. In the final step, we roll out your chosen network architecture and – if desired – establish the connection to your data center.
A continuous feedback loop between the tecRacer consulting team and your technicians is an integral part of the process, ensuring that your cloudRacer solution perfectly fits your requirements and adapts to your changing needs.
Finally, the consultants hand over the cloudRacer solution to your operations team and provide all necessary documentation, as well as training on how to work with your new solution.
Alternatively, we offer to run your cloudRacer solution as a managed service, so you don’t even have to worry about maintenance.
In order to be well positioned not only for the first projects, but also for future applications in AWS, it is inevitable to establish a solid network concept right at the beginning. In doing so, it is not only important to consider the current state of the infrastructure, but also the future state and to make targeted decisions in this regard. Depending on the size of the customer and the number of projects, a wide variety of network concepts are available. There is a multitude of decisions to be made, in which we accompany you, for example regarding the connection of your local data center or the selection of network areas.
Furthermore, for larger organizations, the use of AWS Single Sign On is recommended to ensure central user management for all AWS accounts. This requires an existing Active Directory. This makes it possible to assign predefined roles to future users of the AWS environment according to best practices. Furthermore, it is recommended to set up a multifactor authentication to ensure the highest possible protection.
Besides the network aspects, solid security and compliance settings are basic requirements for any cloud deployment. Based on best practices and the business requirements, cloudRacer is configured to meet your specific requirements. This includes evaluating which encryption methods to use, which data to log, whether to restrict to individual AWS services, or whether to limit usage to individual regions, such as exclusive use within the EU. Of course, setting up security-relevant AWS services such as AWS GuardDuty, AWS Config or AWS SecurityHub is part of our security concept.
cloudRacer will be continuously improved. The platform is based on Infrastructure as Code per script language HCL and uses the open source software Terraform for this. This means that the manual effort is very low and errors can be avoided. In addition, further developments of cloudRacer can be integrated more easily.
-
Enersis Suisse AG
Andreas Jaus, CIO, Berne“Due to rapid growth in new customers and complex technical requirements for a digital twin, it was necessary to bring our gaia platform and the underlying cloud infrastructure to an automatable and scalable level. tecRacer supported us optimally in the project with know-how and understanding of our architecture requirements. The partnership with tecRacer was also an enrichment for our internal team, so that we can now also continue to work together in operations and benefit from their expertise.”