About the Company
The company is focused on providing incarcerated learners with the digital tools they need to succeed.
The U.S. incarcerates more people than any other nation in the world. Despite spending more on corrections than the GNP of most countries, it fails to help them lead a better life. They fill the gap of corrections administrators struggle to find effective options they can afford and trust.
The company used legacy method of provisioning users into their systems and multiple partner systems. As the customers grew, the number of hits to the application grew, and user set up time started increasing. Manual provisioning required more hours to complete the work and often delayed due to technical errors.
Considering this growing facility issues, and the ability to serve its growing customer base, the company decided to move to an efficient solution which would be faster, secure, low downtime, and most importantly cost effective.
Kapstone proposed and implemented a solution using Amazon Web Service (AWS) which would meet all the needs of the company. Created custom services hosted on AWS ECS – Elastic Container Service which will take new/existing user data from facility admins. Also made use of AWS SQS- Simple Queue Service to hold data for all user creation/update messages for various applications like salesforce, in house databases (hosted on AWS RDS) , third party learning portal etc. Invoked SCIM services hosted on AWS lambda and trigger them based on every SQS message received. To achieve security, used AWS Secrets Manager to hold all endpoints, username and password for third party applications in a secured way.
Set up a monitoring using AWS cloudwatch which helps in investigating through services logs in case of issues. For setting up single sign on, use open source sso options like simpleSAMLphp and host it on AWS EC2 instance and accessed via ELB – Elastic load balancer. Use AWS EBS – Elastic block storage to store log data from EC2 instance to track user login attempts. Set up autoscaling on the EC2 instances which helps in bringing up IDP instances in real time manner and also helps in load balancing.
As a result, Automated user provisioning process and reduce manual workload for operations team. The process of provisioning 100 users takes hardly 5 minutes in comparison to almost a day with previous manual work. Implemented serverless and independent services architecture with robust and scalable solution to handle bulk load for new user data.