- [Narrator] Legal Advisory International has been running an online digital service, www.expertiseplease.com, for a number of years. The Expertise Please service is used by customers to view and update legal documents that are scanned and stored in digital format. The service attracts a number of customers who find Expertise Please an easy way to have a lawyer amend a legal document. The service also provides some collaborative features such as joint signatures. However, it has fallen behind the competition in this area and the CEO recognizes that expertiseplease.com needs to make it easy for groups of people to collaborate on contracts to grow market share. In its current form, the viability of Expertise Please is in question and the CEO has advised that significant changes are required within 18 months to improve service reliability, cost efficiency, and deliver new features. He's approached you to understand how a shift to AWS can help. Our brief is to deliver the following, a target architecture which addresses the challenges described by the customer, a migration plan detailing how to move the service to AWS with minimal interruption, a recommendation on how to approach DR to achieve RPO of 24 hours and RTO of four hours, an application optimization plan with a proposed enhancement roadmap. The CEO needs the transformation to complete within 18 months in order to be able to continue the www.expertiseplease.com service. Expertise Please provides a website, www.expertiseplease.com, that customers use to manage their accounts and view their documents. The digital legal documents are sourced in two ways. The customer grants Expertise Please the right to scan and digitize their paper-based court documents. This is a highly automated process that only requires human intervention in scanning files. Digitized documents are stored in the Expertise Please service. Original documents are archived by a legal processing agency on behalf of the customer. External third party companies send contracts as PDFs directly to Expertise Please customers. PDF files are uploaded via sFTP and processed in batches during off-peak hours. Third party companies can also log in to view contracts and to check on the status of batch uploads. Most of the documents being stored within the application are sensitive so there are stringent requirements that must be adhered to including security, documents can only be viewed by the end customer to whom they are addressed. Data must be encrypted in transit and at rest. The www.expertiseplease.com service manages subscribers' personal information and irregularly audited for security vulnerabilities and must adhere to industry standards, e.g. ISO27001, ISO27018. Durability, digital documents are retained for an unlimited period of time or until the customer deletes the document or closes the account. However, expertiseplease.com has observed that less than 2% of documents older than six months are viewed. Expertise Please has to provide highly durable storage of documents. They rely heavily on redundant storage within the data center and tape backups stored in DR location. Availability, end consumers access the application at any time. Current target www.expertiseplease.com availability SLA is 99.5%. They target to increase to 99.9%. Third parties can deliver digital documents at any time. A 24-hour processing SLA exists. Performance, customer response time to render documents is less than two seconds. Current SLA is 99.5% of transactions to meet this target time. The current architecture is a three-tier web application comprising of Apache Web Server, JBoss Application Server, and Oracle Database. Connectivity, provided by a colocation provider, peak capacity 500 megabits per second. DNS, hosted on DNS servers within the same data center. CDN, no CDN is used today. Firewall, clustered firewall appliances. IDS, monitoring of traffic, manual implementation of firewall rules to block and measures traffic. Load balancing, front-end, providing SSL offload. Web service, Apache T.2 provides static content and routing to application clusters. Application clusters, JBoss 7.1, two clusters providing different functions, session replication via Multicast. sFTP server, receive documents from external third party companies and acts as batch submission gateway to the application service. Database cluster, Oracle Database 11g with three nodes, active, standby, and DR target using Oracle Data Guard. Virtual cluster IP using Multicast technology. NAS storage, NetApp appliance with 150 terabytes of stored documents replicated within DC, off-site tape backup to DR DC. Storage usage increasing at five terabytes per month with 35 terabyte storage remaining. Hardware security module. SafeNet HSM manages and stores encryption master keys for a database, Oracle TDE, Transparent Data Encryption, and file-level encryption. Scanning devices and digitizers. Scanning devices are located in the legal support center. Each scanning device is configured with the IP address of both digitizers. Scanning devices communicate with digitizers over a private network to a DC using a custom TCP protocol. Digitizers communicate with the digitizer application module via HTTPS. Expertise Please application is a classic three-tier model, originally custom developed by an external third party, but now maintained in-house. It consists of static web content, Java modules, and a data access service to communicate to a database and underlying file storage. The Java modules run on two different application clusters, external-facing modules on cluster one and internal modules on cluster two, providing the following functions. Registration, registers new subscribers and setup unique subscriber encryption keys. Subscribers sign in using their email address. Password is encrypted and stored in a database. Login, subscribers or a third party company use a login. Payment, processing module for subscriptions, integrates with third party digital wallet providers via internet API. No credit card data is handled within this service. Doc Manger, manages and renders digital documents, encrypts and decrypts documents using file encryption keys. Presentation, delivers rendered content to subscriber devices. Core, central business processing logic for the application for both subscribers and third party companies. Batch processing, conversion of third party company templates and delivery of documents to subscribers. Encryption, interface to HSM to provide access to data encryption keys for file encryption. Administration, backend portal for application administration and reporting. Digitizer, ingestion processing workflow module, executes similar functionality as batch processing module. Data access service, abstraction layer for database and document storage access. The server and network hardware has reached end of life and the storage capacity requires an urgent upgrade. The data center contract for production facility is due for renewal in nine months. CAPEX costs are driving concerns over the long-term service viability based on the current business model. They're looking for a more cost efficient approach. Achieving the current availability SLA is challenging due to a number of operational pain points and maintenance exclusions for data center and connectivity provider. Expertiseplease.com needs to increase the availability SLA to 99.9% as their customers complain about service availability. The infrastructure is unable to meet peak demand, affecting the ability to meet performance SLA.