Business needs
Vercara (formerly Neustar Security Services), a leading provider of security solutions for 60+ Fortune 100 companies, sought to upgrade to a next-generation, scalable, managed Domain Name System (DNS) service with the following key objectives:
- Increase domain hosting capacity
- Improve DNS resolution capacity
- Enhance analytics capabilities to elevate customer service
- Ensure protection against Distributed Denial-of-service (DDoS) attacks
- Improve the service of its DNS server queries in under a millisecond (excluding network latency)
- Drive double-digit revenue growth
Achieved sub-millisecond latency for 99.95% of queries, positioning Vercara as one of the world’s fastest DNS service providers
Solution
The Impetus team re-engineered Vercara’s existing legacy monolithic system, transitioning it to a scalable, microservices-based architecture on AWS. We identified reusable components across both customer-facing and internal systems and transformed them into microservices.
Additionally, the client’s large Oracle database was decomposed into smaller, purpose-driven data stores based on data types, and each was refactored to align with the new microservices architecture.
Solution highlights
- Scaled resolution nodes from 18 to 64, enhancing resolution capacity by 10x to manage up to 800 billion DNS queries per day
- Increased domain hosting capacity from 2.5 million to 50 million zones by rearchitecting the data store and implementing hash partitioning
- Replaced Oracle with AWS Aurora PostgreSQL to significantly reduce Oracle licensing costs
- Enabled single-click, automated deployment of application releases using Ansible, Jenkins, and Terraform, reducing deployment time
- Consolidated Top-Level Domain (TLD) and Second-Level Domain (SLD) DNS platforms, eliminating code base and infrastructure redundancies
- Implemented Privileged Access Management (PAM) using CyberArk to enhance security controls
- Enabled AWS CIS Security compliance across the Vercara account, maintaining ~99-100% compliance every month
- Applied identity security best practices, including SSO-based access using Microsoft Azure AD, and features like AWS Secrets Manager and least privilege access policies
- Applied Cloud Cost Governance best practices to optimize cloud resources, resulting in a ~30% reduction in recurring monthly bills
AWS technologies used
Amazon EC2, Amazon S3, Amazon DynamoDB, Amazon VPC, Amazon ElastiCache, Elastic Load Balancing (ELB), Auto Scaling Groups, Amazon CloudWatch, AWS CloudTrail, Amazon CloudFront, Amazon Relational Database Service (RDS), AWS WAF, SSM, AWS Lambda, Amazon SNS, Amazon Athena, and AWS Identity and Access Management (IAM)
Impact
Migrating to a scalable, microservices-based system on AWS allowed Vercara to significantly enhance its operational efficiency and performance. The transformation not only reduced costs but also improved capacity and security, positioning Vercara as one of the fastest DNS service providers globally.
Here are the key business benefits realized from the transformation:
- Reduced annual licensing costs by ~$4M by eliminating Oracle-related expenses
- Increased DNS resolution capacity by 10x, enabling the management of up to 800 billion queries per day
- Enhanced domain hosting capacity by 20x, accommodating up to 100 million unique domains
- Achieved sub-millisecond latency for 99.95% of queries, positioning Vercara as one of the world’s fastest DNS service providers
- Reduced release cycle from 3 days to 15 minutes through the implementation of CI/CD pipelines
- Achieved ~30% savings in recurring monthly bills by optimizing all cloud resources through Cloud Cost Governance best practices
- Strengthened platform security with built-in protection to minimize security vulnerabilities, threats, and malicious activities
