Case Study
Tensoft Maintains Cloud Confidence with Lightedge
Industry: Software
Solutions: Managed Services
Platform
Tensoft is a leading SaaS operation, supply chain, and ERP solution provider for the semiconductor, high tech, and software industry. Tensoft was founded in 1996 with an initial focus on the custom development of web-based applications for technology companies in Silicon Valley. By 2000, Tensoft’s business leaders decided that developing commercial business applications would better serve their customers long-term. Today, Tensoft remains focused on serving the specialized needs of midmarket technology companies with innovative, end-to-end business management solutions for the semiconductor, high tech, and software/SaaS industries.
Tensoft first began offering its web-based business management solutions with Microsoft Dynamics via SaaS in 2006. At that time, they built out and managed their own hosting environment. After working with a few different initial providers, Tensoft’s business strategy required them to seek a more ERP-agnostic solution. They needed a hosting provider with broad expertise across various technologies; one who was responsive to their needs and could accommodate their customer service goals.
Tensoft launched a Managed Services Partner (MSP) selection process in 2017. Initially, Lightedge’s depth of expertise stood out and its security and compliance capabilities further confirmed Lightedge as Tensoft’s preferred MSP. Lightedge has since provided Tensoft with AWS managed services support.
Challenge
Tensoft initially leveraged Lightedge’s Cloud Management platform, TRiA, to monitor Security Compliance and AWS vulnerabilities. This provided visibility, insight, and access to information that other service providers simply couldn’t offer. The ERP solutions that Tensoft applications integrate into often handle credit card processing, so PCI compliance was a must.
Many of Tensoft’s customers are publicly held companies. Therefore, SOC Type 2 compliance became critical. Tensoft’s current primary challenge is focused on security. Their original environment had only one virtual private cloud (VPC) and a few subnets which needed to be reorganized and better secured.
Solution
The new environment, architected and delivered by Lightedge, separated production and pre-production into different AWS accounts. Each environment was built with AWS and security best practices utilizing Amazon native services wherever possible. This included the migration of DNS services over to Route53 and the migration of the MS SQL database from EC2 to RDS. VPC Peering was employed to securely connect the two environments while Lightedge worked with the Tensoft team to update the dynamic functionality of the application to make use of auto-scaling and load balancing. Lightedge is continuing to provide managed services and support for the environment.
Lightedge initially shifted from a strategy using Application Load Balancers (ALBs) and a Web Application Firewall (WAF) to leveraging Elastic Load Balancers (ELBs) in order to get the necessary authentication to work. Lightedge has fine-tuned security cyber suites on ELBs to make them more secure. We’re also terminating SSL on the ELBs and sending it back to the webheads, so all SSL is terminated on ELBs. Furthermore, we’re maintaining the compliance of their AWS environment by performing remediation on security vulnerabilities identified by the security group and ensuring patching is executed appropriately.
Lightedge ensures that Tensoft follows key architectural considerations for designing compliant AWS environments, the first of which is resource segregation with limits the scope of PHI and prevents leaks while developing. Many users, like Tensoft, begin an AWS journey with a single account. However, AWS recommends setting up multiple accounts as workloads grow in both size and complexity.
Lightedge split Tensoft’s AWS accounts down to one webhead and one database in the dev account. In the production account, Lightedge separated Tensoft’s account by leveraging subnets (which wasn’t the case before). Now, resources in their AWS cloud environment are segregated appropriately.
Due to internal restructuring and a focus on security within their environment, Tensoft requested that Lightedge rebuild the environment with industry and security best practices. The inherited environment had an Active Directory in this VPC/Subnet and presented the challenge of having Dev, Test, and Production in the same VPC with limited use of encryption. The application was two-tiered, with a Web tier feeding an MSSQL DB on EC2.
Results
Thanks to Lightedge, Tensoft is leveraging the cloud more. We rearchitected their environment and addressed security and compliance concerns around GDPR and SOC2. Lightedge’s Network Operations Center (NOC) actively notifies our team of opportunities to review environment and instance components.
“I love having Lightedge as our MSP Partner because of their deep expertise in cloud security and compliance. Their team is incredibly knowledgeable about key cloud components from networking to security, compliance, database hosting, and more! This enables our internal team to focus more on what we do best,” said Bob Scarborough, Tensoft CEO.