Google cloud partner transparant

The journey of Sara Harper: Safeguarding UrbanBox Enterprise Software Security and Performance

Megan in server room
Ronald Haantjes

Ronald Haantjes - Commercial Director Americas

In our prior blog posts chronicling the journey of Sara Harper – the visionary CIO of UrbanBox – we were introduced to her strategic decision to follow Gartner’s advice on Enterprise Modernization. Supported by the UrbanBox Board of Directors, Sara championed an architecture of ‘Composable Applications’ over the conventional monolithic nature of traditional ERP systems.

Sara understood and recognized that UrbanBox is not in the business of running Enterprise Applications. Instead of allocating a significant portion of her IT budget and resources to managing a local hardware and software infrastructure for new enterprise applications, she can add more value to UrbanBox by allocating her IT budget to value-added functionality and application integrations.

Sara successfully rolled out a new Warranty Management module on the Google Cloud Platform (GCP) with the help of Vanenburg. It demonstrated the ease of use, performance, security benefits, and predictable costs of a cloud-first strategy for enterprise applications. Looking ahead to future projects, Sara instructs two of her IT resources – senior developer Rob and infrastructure/IT specialist Meghan – to complete a Google training path for certification as a Cloud Engineer.

After successfully completing the training and obtaining valuable certifications as Google Cloud engineers, Sara tasks Rob and Meghan with creating an internal guide with policies and steps to safeguard and ensure application performance and security for UrbanBox cloud applications. With rich supporting information available from Google, Rob and Meghan create an internal guide addressing the following aspects:

1. Plan and create a Landing Zone
A landing zone is the ‘administrative aspect’ of a deployed cloud environment, consisting of all the preconfigured and connected resources required for running a business application. With Sara’s chosen path toward a composable architecture, landing zones will play a key role in efficiently spinning up and managing newly created and deployed applications.

After creating a landing zone, Rob and Meghan can configure specific aspects such as identity and access management for any apps deployed in the landing zone and security, governance, and compliance policies.

The Journey of Sara Harper: Plan and create a landing Zone
Click image to enlarge

2. Configure Identity and Access Management (IAM)
Before giving employees access to one or more applications deployed in a landing zone, they must first identify themselves with proper credentials. With Sara’s approval, Meghan configures a password policy that enforces the use of complex passwords, integrated with UrbanBox’s existing investment in keycard technology. Keycards ensure easy employee identification and access to the various workstations on production floors and in office settings. For external users – such as the third-party workforce accessing the Work Order Management application – Meghan implements the use of two-factor identification using the Google Authenticator mobile app.

3. Configure Networking
Aware of the risks associated with networked environments, Sara instructs Meghan to implement stringent access controls around internal versus external network traffic. In addition, Meghan configures network segmentation and routing rules to create a separation between cloud and on-prem applications for sales, production, and customer support, given that each serves a different audience.

Megan en pryanka

4. Security Controls
In concert with configuring Identity Access Management, Meghan implements robust security controls, including encryption of data in-transit and at-rest, and documented compliance policies for UrbanBox personnel.

5. Policy and Governance
As a certified Google Cloud specialist, Meghan has established centralized governance and resource management using Google Cloud’s native tools. Given Meghan’s training and background, Sara instructs Meghan to document the UrbanBox policies around network and resource access and usage, for easy reference via UrbanBox’s internal document management system.

6. Deployment Automation
Meghan works with Rob to set up dedicated CI/CD pipelines for any new internal development projects, with separate environments for development, functional & integration testing, user acceptance, and production. Rob configures the CI/CD pipelines of Rappit Developer development projects (hosted in Vanenburg’s cloud) to securely integrate with UrbanBox’s dedicated cloud environments.

7. Scalability and Resilience
Following Sara’s directives, Meghan configures new apps deployed in Google Cloud to offer automated scaling, making sure that application performance and response times remain consistent and independent of usage. In addition, she configures a high resilience mode for the Work Order management application to ensure maximum availability for the external mobile workforce, allowing Sara’s team to provide standby support after hours instead of requiring 24×7 staffing.

8. Cost Management
Sara is pleased that the cloud deployment of the new composable applications enables detailed tracking of usage statistics and costs. First, she managed to keep the development cost down by using Vanenburg’s Rappit Developer for fast and efficient development of the apps with around 70% generation of the required code. Now, she can also provide detailed reports on the ongoing costs to run these applications compared to the benefits they deliver.

GCP dashboard
Click to enlarge

9. Monitoring and Maintenance
With input from Priyanka, Meghan defines and implements a monitoring dashboard with automated alerts to monitor the health and performance of the Landing Zones for the Work Order Management and Warranty Management applications deployed on Google Cloud. The dashboards provide valuable information on usage statistics for each region in UrbanBox’s global customer base. After monitoring these statistics for 3 months, Sara instructs her team to optimize the landing zone by fine-tuning the scaling options based on regional usage patterns. By separating availability across time zone regions, Sara and her team can deploy application maintenance and update rollouts staggered by region, with minimal disruption during local office/work hours.

Sara’s decision to support her composable application strategy with dedicated landing zones in the Google Cloud Platform has led to reliable uptime and scalability, with a 10% increase in availability/uptime. It also enabled Sara to create a detailed cost-benefit analysis and perform ongoing monitoring of each deployed application component.

In the next blog post in this series, Sara will tackle the challenge of replacing custom shopfloor functionality in the ERP Production Module with a cloud-based alternative. Now that Sara and her team have successfully demonstrated their ability to migrate application functionality to the cloud, can she bring the required shopfloor functionality to the Systems of Innovation layer? Will she take the opportunity to innovate and enable easy access for mobile inventory replenishment operators? Stay tuned!

Do you have any questions or do you need professional advice? We’re happy to help you!