A Mortgage Company Relies on Lightstream to Design and Build Its Hybrid Cloud Infrastructure in Azure

Company builds infrastructure in Microsoft Azure that will support its IT modernization initiatives and position it for the future.

Business Challenge

Driving profitability in the mortgage servicing industry is a constant challenge. To be successful, companies must find ways of growing business in a competitive, regulation-driven industry while at the same time reducing operational costs. And technology plays an important role.

For one California-based company, finding economies of scale and competitive advantages through new technology meant modernizing its IT infrastructure. The company had two geographically separated data centers, one in the east and one in the west, and remote offices connected via a wide-area network. The organization’s leaders realized that to position the organization for the future the company needed to adopt a cloud-first strategy for new applications and to move other legacy apps into the cloud. But to carry out that strategy, they first needed to build a secure cloud infrastructure.

Solution

When Lightstream spoke to the company’s CIO, the organization was in the early stages of designing a cloud environment. His technical team, however, had limited experience with cloud computing, and they were open about their questions and concerns, especially around the best way to implement security in the cloud.

As the technical team began envisioning the company’s new infrastructure, several requirements were identified. First, since the existing wide-area network and security implementation was based on Palo Alto Networks’ platform, the team wanted to continue using the Palo Alto platform in the cloud. Second, the existing network design had caused intermittent problems with authentication. As a result, the company wanted to implement a different network design for authentication, with the cloud serving as the primary domain controller for authentication services and an existing data center serving as its backup.

To address the company’s needs, Lightstream conducted a Cloud Foundation Framework engagement coupled with guided implementation services for Microsoft Azure and Palo Alto Networks Next-Gen Firewall (NGFW).

The first step was to understand the company’s legacy environment. Lightstream experts reviewed the company’s business requirements, infrastructure, data services, security landscape, application portfolio, operations tools, and processes to gain a clear understanding of the company’s operating environment.

Next, the team conducted whiteboard design sessions. Using information about the company’s existing environment, its cloud infrastructure functional requirements, and optimal cloud design practices, the Lightstream team developed the company’s hybrid cloud infrastructure design, including core cloud configurations, standards and governance, identity and access management (IAM), network interconnectivity, security, and operational processes.

Included in the design step was a review of the company’s network design and Palo Alto Networks configuration. The team then redesigned the network into a hybrid configuration using a hub and spoke topology based on Palo Alto’s VM-Series NGFW (next-generation firewall).

The last step was to implement the Azure environment along with the new network design. This effort involved building two Azure environments (one for production and one for development to support analytics) and included the core infrastructure configurations, virtual networks and subnets, and native security services, as well as deploying the Palo Alto NGFW in a redundant configuration to ensure high availability.

Business Outcomes

Highly Available Hybrid Network Design

From the beginning, the company planned to move as much to the cloud as possible, but the leadership team understood that some applications would need to remain in a legacy data center. As a result, the network design had to ensure high availability for both cloud apps and on-premises services.

The new network design utilizes redundant Palo Alto firewalls to ensure high availability. Also, by moving the domain controller for authentication to the cloud, remote locations now have two connection points for authentication instead of one. Therefore, if one link is down, users are automatically routed to the backup site for authentication, thereby eliminating the chance of a network outage causing a disruption of services.

Secure Platform for IT Modernization

With the implementation of an Azure landing zone, the company now has a secure cloud environment that will support its IT modernization strategy. The company can deploy new applications with confidence, knowing the environment has been designed and implemented with proper security and availability features, and begin to move legacy apps to the new environment as its business will allow.

Faster Cloud Deployment

Because the company’s technical team had limited experience with cloud computing, designing and building a cloud environment was both time-consuming and challenging. And there was a lot of uncertainty on the best way to accomplish the company’s objectives.

Working with Lightstream experts, however, alleviated a lot of concerns, and the company was able to deploy a cloud infrastructure faster and more confidently than it could have done on its own.

Contact Information

To learn more about how Lightstream Managed Services can help you architect, implement, and manage a cloud environment that meets your business needs, visit Lightstream.tech.

Software Company Achieves International Growth and Ongoing Innovation with Help from Lightstream and AWS

Lightstream Cloud Managed Services gives Entrata the tools to successfully migrate to the cloud and optimize the operational, security and financial aspects of its environment

Business Challenge

Since its inception in 2003, Entrata has prided itself on developing innovative solutions for the property management industry. That innovation is what allows the company to deliver on its pledge to make life easier for property owners, managers and residents. From property management software that simplifies accounting and purchasing to complete automation that enables remote lighting, locks, thermostats, Entrata’s suite of products is as comprehensive as it is state of the art.

Entrata first connected with Lightstream in 2011 as the company’s IT leaders sought to upgrade network connectivity and performance while reducing costs. In the years that followed, Entrata’s IT team came to rely on Lightstream for help overcoming technological challenges and improving the efficiency, reliability and security of their IT operations. As the company expanded and technology evolved, it became evident that moving certain applications and resources to the cloud would be beneficial to the organization and its customers. Migrating from on-premises to the cloud would allow the company to innovate faster and at a global scale.

Once again, Entrata turned to long-time partner Lightstream for assistance with this migration. After selecting AWS as its cloud service provider (CSP), the next step was ensuring that the best practices, tools, expertise, financial incentives and partner ecosystem offered by AWS were implemented to make cloud adoption easier. Lightstream’s extensive experience with the AWS Migration Acceleration Program (MAP) – a comprehensive and proven cloud migration program – enabled its engineers to provide Entrata with expert guidance through the often-complicated process. MAP consists of a three-phase journey that helps customers leverage the performance, security and reliability of the cloud while reducing complexity and costs.

The migration was a success, and Entrata quickly saw the enhanced innovation, elevated customer experience and digital transformation possible within the cloud. Before long Entrata’s director of engineering knew the time was right to migrate even more applications and resources to the cloud. Upon discussing this with his Lightstream representatives, he also understood that there was an opportunity to optimize the financial, technical, security and operational aspects of their current environment.

Solution

As a platinum-level Lightstream Cloud Managed Services customer, Entrata began taking advantage of the tools that ensure the ideal management and optimization of its cloud environment. This comprehensive advisory service also lifts some of the burden off of the internal IT department, as Lightstream’s partnership with AWS and its AWS Advance Consulting certification assists the organization in determining the ideal migration path for its additional infrastructure and applications.

To maximize Entrata’s savings with AWS, Lightstream assisted with the negotiation and management of the company’s contracting for AWS Enterprise Discount Plan (EDP). Additionally, Lightstream adjusted Entrata’s Elastic Block Store (EBS) Provisioned IOPS and EBS-Optimized instances to optimize its storage within Amazon EC2. Provisioned IOPS are an EBS volume type designed to deliver predictable, high performance for I/O intensive workloads, such as database applications, that rely on consistent and fast response times. Ongoing management assures that the IOPS are periodically adjusted according to the organization’s actual needs and avoids overprovisioning.

Business Outcomes

The ongoing optimization of the operational, security and financial aspects of Entrata’s cloud environment is currently saving the company approximately 20% of their total AWS spend per month. Quarterly meetings between Lightstream and Entrata allow the teams to come together to review infrastructure performance and provides the company with ongoing recommendations on what actions can be taken to continue to save money and enhance efficiency and security.

Entrata has steadily grown from a software development startup to a successful user experience organization offering a full suite of services that takes the complexity out of property management. Throughout the years, the company’s relationship with Lightstream has evolved from that of a basic vendor/client exchange to a true technology partnership.

Entrata is currently expanding into international territories, a growth strategy that has been made possible due to its cloud infrastructure. Despite the economic downturn of 2020-2021, Entrata has continued to flourish and increase business. One opportunity the organization may want to consider in the near future is to migrate its gp2 volumes to Amazon’s new gp3 volumes, which are the next-generation general purpose SSD volumes for EBS that would enable Entrata to provision performance independent of storage capacity and take advantage of up to 20% lower price-point per GB than its existing gp2 volumes. As the organization moves forward in its cloud journey, Lightstream is standing by to help the company achieve continued innovation and growth.

Award-Winning California School District Provides Students and Families with Continuous Access to School Resources in Azure

Lightstream helps Twin Rivers Unified School District implement the power of Azure cloud computing for its parent portal

Business Challenge

Twin Rivers Unified School District is the 27th largest public K-12 school system in California, serving nearly 27,000 students in northern Sacramento County at 52 school sites. With a long list of honors and accomplishments for its students, teachers, staff, schools and programs, Twin Rivers prides itself on an unwavering commitment to its community.

One of the primary methods of communication between the district and the families it serves is its parent portal. The Aeries Parent Portal is a website and app where parents and guardians can track student assignments, see grades, exchange information and messages with their student’s teachers and school, and make payments to their child’s in-school meal account. Parents need access to this portal on a daily basis, but when internet access or power went down at Twin Rivers’ main site, portal access would also be suspended.

The administrators at Twin Rivers understood that they had to find a way to ensure uninterrupted portal access to families. The district’s manager of network and systems operations knew the answer was in the cloud, so he attended Microsoft Azure’s Cloud Foundation Workshop hosted by Lightstream engineers and architects. There he gained a fundamental understanding and best practices for deploying and managing applications and services in the cloud as well as insight into the valuable solutions and tool sets available to Twin Rivers.

Solution

Lightstream’s extensive experience providing educational institutions with the tools they need to keep their systems up, running and secure regardless of external factors proved valuable to Twin Rivers. The district held follow-up consultations with their Lightstream team to discuss the deployment of Active Directory Federation Servers (AD FS) within Microsoft Azure. AD FS provides simplified, secured identity federation and Web single sign-on (SSO) capabilities. A global load balancing service could seamlessly reroute portal traffic through MS Azure in any instances where traffic is not able to pass through on-premises servers.

This would enable users of the parent portal to login using on-premises credentials and access all resources in cloud – even if power or internet access is lost at Twin Rivers’ main site.

Business Outcomes

Since early 2020, Twin Rivers’ highly available AD FS infrastructure has ensured uninterrupted access to portal resources and services both on-premises and in the cloud. The solution is easily scalable, so should Twin Rivers require additional performance, it can migrate to more powerful machines with just a few clicks in Azure. Moreover, Azure’s simplified infrastructure management options provide the district’s manager of network and systems operations with an easy and hassle-free method for maintaining solution redundancy.

Twin Rivers is realizing the benefits of cloud computing and its ability to help the district deliver on its mission to facilitate effective and powerful communication practices that build trust and support for its students, families, teachers and staff. The AD FS cloud infrastructure offered a relatively easy solution to Twin Rivers’ portal access challenge, but as the K-12 industry is evolving to become more collaborative, student-centric and data-driven, the district may soon find itself in need of more extensive optimization of its IT systems and platforms.

As the district moves forward in an ever-evolving industry, Lightstream is prepared to draw on its broad educational technology expertise to ensure that Twin Rivers doesn’t just survive but thrives with the support it needs for future innovation and transformation.

Contact Information

To learn more about how Lightstream can help you identify, understand and implement the optimal solutions you need to modernize operations and build your institution’s roadmap to the future, visit www.lightstream.tech.

 

A Large Design-Build Construction Company Saves Azure Cloud Migration with Help from Lightstream

Security gaps threatened the company’s cloud migration, but crisis was averted with services from Lightstream.

Business Challenge

A desire to stay innovative, modern, and operationally effective—three critical attributes in today’s competitive construction industry—led a large design-build construction company in the Midwest to explore the cloud. The company’s IT leadership team chose Microsoft Azure as their platform and purchased Prisma Cloud, a multi-cloud security offering from Palo Alto Networks, to provide added security protection for their cloud environments.

Once its Azure environment was implemented, the company began migrating applications. The team’s goal was to move as many applications as possible to the cloud, knowing some applications would have to remain on-premises, and their operating environment would result in a hybrid configuration.

After months of moving applications and deploying them into production, however, the company discovered problems. A security assessment revealed there were serious security gaps in the way Azure and Prisma Cloud had been implemented. If not addressed, the gaps would allow external entities to gain access to their environment, leaving the company’s systems vulnerable to breaches. This forced the company to stop its cloud migration and move applications back into its own data center.

Solution

With its cloud migration on hold, the company looked for a solution to solve its security problems and contacted Lightstream for help.

Once engaged, Lightstream Azure Cloud experts began gathering information. They reviewed the company’s business requirements, technology environment (infrastructure, data services, security landscape, application portfolio, and operations tools), and processes to gain a clear understanding of the company’s operating environment.

Next, the team evaluated the company’s existing Azure environment. They reviewed the company’s core cloud configurations, standards and governance, identity and access management (IAM), network interconnectivity, security, and monitoring, provided recommendations for changes to address issues, and then created an operational run-book with as-built documentation.

The next step was to review the Palo Alto Networks NGFW (next-generation firewall) configuration. The team reviewed the overall design of the appliances, assessed the Azure routing configurations, network placement, and connectivity, and recommended changes to remediate issues and ensure high availability.

The last step was to address the Palo Alto Networks Prisma Cloud implementation. The team evaluated the existing deployment, including policies and settings for resource configurations, user activities, network traffic, and host vulnerabilities, and made changes to resolve problems and ensure the environment operated correctly.

Business Outcomes

Remediation of Security Gaps and Reduced Business Risk

After completing the project with Lightstream, the company was able to eliminate its security gaps. External entities were no longer able to gain access to the company’s Azure environment through the known security vulnerabilities. This increased the confidence in the company’s cloud platform and lowered the risk of security breaches to the organization.

Secure Azure Environment with Next-Generation Firewalls

The company gained a secure Azure environment protected by Palo Alto Networks NGFWs in a high availability configuration. This enabled the company to resume migrating applications safely to the cloud and ensured its firewalls would be resilient.

Successful Prisma Cloud Implementation

With help from Lightstream experts, the company was able to overcome its initial problems and successfully implement Palo Alto Networks Prisma Cloud in its environment. This provided added security protection for the company’s cloud infrastructure and cloud-native applications.

A Large Dairy Co-operative Turns to Lightstream to Help Save Its ERP Migration in Azure

Microsoft Azure and Palo Alto Networks NGFW design and implementation services from Lightstream help the company overcome edge security issues and deploy ERP in the cloud.

Business Challenge

Dairy is a complex, regulated industry. Since the 1930s, the U.S. government has regulated milk prices. Minimum prices are set for fluid milk (based on several factors, including the price of butter, cheese, nonfat dry milk, and dry whey), and all processors must pay it. Different prices are set for milk used as an ingredient in dairy products, though the process is the same: the government sets the price, and processors pay it.

In addition, milk is a perishable product. As a result, the government sets strict standards on its use. Processors are unable to stockpile product to meet fluctuating consumer demand, which in recent years has been shifting to dairy alternatives like oat and soy milk.

These market realities put pressure on dairy processors. To address these challenges, a large dairy co-operative in the Pacific Northwest decided to expand its operations beyond its regional customer base with the goal of becoming a national brand. But to do that, the company first needed to modernize its systems by moving away from its on-premise legacy enterprise resource planning (ERP) system to Microsoft Dynamics 365 to establish a more flexible operating platform.

Midway through the project, however, the company ran into security problems. It turned out the company didn’t fully understand how to implement native cloud security controls available in Microsoft Azure and did not have proper edge security protection in place to satisfy governance and compliance regulations. After months of trying to correct the problem with the help of a 3rd -party firm, the company was unable to deploy its ERP solution and was faced with either seeking additional help or shutting down the project.

Solution

Prior to contacting Lightstream, the company had attempted to implement Palo Alto Networks NGFW (next-generation firewall) in Azure to provide edge security for its users. The company’s IT team was committed to the solution and its capabilities, but they had struggled with the implementation.

Once engaged, the Lightstream team reviewed the company’s requirements. They evaluated the existing Palo Alto NGFW configuration, executed an ingress and egress assessment, developed a security plan for implementing the company’s ERP system in the cloud using Azure native controls and Palo Alto NGFW as the edge inspection point, and architected the design to ensure high availability and resiliency. This was done by performing a customized Cloud Foundation Framework engagement.

After the design was completed, Lightstream built the Azure environment per the design blueprint, including VNets, network security groups, platform logging, and all native security controls. Then, the team implemented the Palo Alto NGFWs in a high availability configuration.

The final step was testing and validation. Lightstream’s Azure Cloud engineering experts helped test traffic flow, routing, and connectivity, as well as security functionality to ensure the solution provided the edge security protection the company needed.

Business Outcomes

Next-Generation Edge Security Protection

The company now has next-generation security to protect its systems. This includes IPS (intrusion prevention system) that examines network traffic to prevent vulnerability exploits, APT (advanced persistent threat) intelligence and detection, and other security capabilities that help keep data safe from cyber attacks.

Successful Migration to Microsoft Dynamics 365

With edge security in place, the company was able to move forward with its ERP project. Now, the company has replaced its legacy ERP solution with Microsoft Dynamics 365, providing the enhanced computing platform the company needs to expand its operation.

Worldwide Medical Corporation Achieves Significant Growth, Advances in Technology and Cost Savings in AWS

Lightstream becomes an extension of the IT team, delivering ongoing support, savings and optimization of its AWS cloud environment

Business Challenge

This medical corporation is a global developer and marketer of medical devices and software solutions that help advance emergency care and save lives, while increasing clinical and operational efficiencies. At the core of the company’s mission is the commitment to grow by remaining focused, building on their technology leadership and providing unique high-quality products through worldwide distribution.

The company’s IT leadership became aware in 2015 that migrating to a cloud environment would give them the agility and innovation they needed to carry out that mission well into the future. So, they partnered with Lightstream to design and implement their first AWS infrastructure. Soon thereafter the company designated Lightstream as its AWS reseller in order to take advantage of additional discounts the provider was able to obtain for them. For the next four years the company relied on Lightstream to perform quarterly analyses of the company’s cloud performance and provide advice on its technical optimization strategy.

By early 2020, the company’s IT team had become overburdened with the day-to-day management of its cloud environment. Their hands-on approach had become cumbersome and was pulling the team’s focus away from their core mission to build on their technology leadership. On top of that, cloud spending had become exorbitant and they lacked the internal resources to uncover and remedy inefficiencies. The IT management team knew it was time for a change, so they once again turned to Lightstream for help finding ways to overcome these challenges.

Solution

Lightstream’s first recommendation was to enter into to an AWS Enterprise Discount Program (EDP) contract to allow the company to take advantage of additional savings. The next step would be to start utilizing Lightstream’s Cloud Managed Services (CMS) to capitalize on the ongoing optimization of the financial, security, technological and operational aspects of its cloud environment. Entrusting Lightstream to procure cloud services on its behalf and relying on the provider to do some of the heavy lifting in terms of engineering and professional services would free up the IT team to focus on its core competencies. And the recommended Platinum service level contract would essentially add a certified Lightstream cloud engineer to the company’s workforce.

Lightstream created and manages the company’s cloud environment using best practices provided by AWS Control Tower. This ensures a well-architected multi-account environment and the tools to govern AWS workloads with rules for security, operations and internal compliance. Lightstream works with AWS to ensure that the company receives the ideal storage performance and cost, which is currently EC2 Amazon Elastic Compute Cloud – a level that gives the company the ability to rent virtual computers on which to run apps.

Lightstream’s CMS ensures maintenance of cloud-native security controls and provides guidance on overall security as well as comprehensive visibility across its cloud infrastructure. This enables protection for state and activity monitoring, turning insight to action while meeting compliance demands.

Business Outcomes

Ongoing Cloud Optimization

The company’s procurement of Lightstream CMS has allowed it to return its focus back to advancing the company’s technology leadership. Weekly meetings between the company’s IT professionals and its dedicated Lightstream team provide insight into the ongoing optimization of the financial, technical and operational aspects of its cloud environment.

Cloud Cost Savings and GP3 Migration

By entering into an AWS EDP contract, the company saved nearly $200,000.00 in cloud expenses in 2020. Lightstream is currently working with the company to iron out the terms of its upcoming contract renewal, which promises even greater savings for the medical device company in the coming months and years. Lightstream is also upgrading the company to Amazon’s newly introduced GP3 storage volume in order to take advantage of higher volumes at a 20% lower cost.

Supporting Business Growth

The company has achieved exponential growth in the last several years, most recently expanding into Europe and Asia. As it continues to build on its technology leadership and accomplish worldwide distribution of its life-saving products, Lightstream will be there to support the company every step of the way.

A Bank Securely Supports a New LOB in Azure

Industry:  Banking

A regional bank holding company is the Western U.S. with just under 3,000 employees offers its clients a wide range of banking products and services, including transaction and savings deposits, commercial, consumer, and real estate loans, and mortgage origination services.

Business Problem:

  • Avoid cost of purchasing additional hardware while integrating a new 3rd-party SaaS application Koney Customer Service Management on Azure SQL Managed Instance
  • Adhere to security and regulatory compliance
  • Improve business continuity and ensure continual compliance

Solution:

  • Lightstream Rapid Risk Profile and guided Cloud Foundation Framework helped securely extend the customer’s on-premise infrastructure into Azure
  • Custom integration that enabled a 3rd-party provider to securely access line-of-business application in Azure
  • Refactored SQL databases in Azure to support a SaaS solution
  • Lightstream Cloud Managed Services for ongoing Azure management and optimization of financial, technical, security and operational aspects of environment.

Business Outcomes:

  • Enabled bank operations to support new customer-facing line-of-business application while providing visibility for operational and security teams
  • Improved overall ability to meet business technology needs while enabling customer recovery capabilities

Lightstream Rescues Fortune 1000 Company from Security Disaster and Facilitates Digital Transformation in Azure

Organization is Future-Proofed with Cloud Managed Services to Promote Financial, Security, Operational and Technological Health

 Business Challenge

A Fortune 1000 company sought a digital transformation. A new chief marketing officer was hired, and the first order of business was to have a new website created. In order to save time, this rather large undertaking was outsourced to a third-party development agency instead of having the company’s internal IT department handle it. The multi-location developer expedited the design and construction of a new customer-facing website with a completely transformed customer interface.

Unfortunately, the development shop failed to communicate with the company’s internal IT team during the process of building the website. Two weeks before the site was scheduled to go live, the IT team performed an assessment and determined that live customer data had been transferred to the cloud without any security controls having been installed. The absence of security features made organizational assets and critical customer data vulnerable to attacks and theft. Frustrated and in need of skillful mitigation of this huge risk, the IT department quickly shut the site down and contacted Lightstream for help remedying the security breach.

Solution

The experts at Lightstream brought the two opposing parties together in order to discover exactly what was done. This all-in approach allowed them to devise a plan that everyone was on board with in order to make the application work within the company’s security environment.

Eight months later, the new website went live with strict security measures in place to protect customer and company data. While Lightstream was initially engaged to put out the fire of the unsecure website, the relationship grew and the provider now manages the company’s cloud environment. Their environment is optimized through Lightstream’s partnerships with Microsoft Azure and Palo Alto Networks, delivering consistent, automated protections with a variety of value-added resources. Moreover, the security, financial, technology and operational expertise offered by Lightstream’s Cloud Managed Services (CMS) solution is helping the manufacturer to improve the day-to-day administration and management of its cloud infrastructure.

Business Outcomes

The company now has a modern, customer-friendly website operating within a highly secure cloud environment. When new applications are desired, they can be implemented quickly and safely.

Previously, the company had its own data center which was fully managed by its internal IT department. Several months into the relationship with the web developer, huge inefficiencies were discovered which had caused the company’s invoice to increase by $40,000. With no security or financial controls in place, the company incurred significant budget and resource drains. Lightstream’s CMS now ensures that expensive mistakes like this will be avoided as cost variations will be detected early on.

Ongoing monitoring and monthly reports on the financial, security, operational and technological health of the environment provide full transparency to company executives. By exposing minor but frequently occurring inefficiencies, Lightstream consistently helps to keep costs down.

With its current cloud expenditures being nearly cost neutral, the company is looking to expand into Lightstream’s network services. A continuously growing depth and breadth of business-optimizing solutions ensures that Lightstream will be there to support the organization well into the future.

Customer Quote:

“In my 30 years in the technology industry, Lightstream has been one of the best partners I’ve ever worked with. Their ability to sit on the same side of the desk as us, partnering with us to develop customized solutions to our problems has been a game changer.”

– Director of IT at Fortune 1000 company