Platform

AWS

Tensoft is a leading SaaS operation, supply chain, and ERP solution provider for the semiconductor, high tech, and software industry. Tensoft was founded in 1996 with an initial focus on the custom development of web-based applications for technology companies in Silicon Valley. By 2000, Tensoft’s business leaders decided that developing commercial business applications would better serve their customers long-term. Today, Tensoft remains focused on serving the specialized needs of midmarket technology companies with innovative, end-to-end business management solutions for the semiconductor, high tech, and software/SaaS industries.

Tensoft first began offering its web-based business management solutions with Microsoft Dynamics via SaaS in 2006. At that time, they built out and managed their own hosting environment. After working with a few different initial providers, Tensoft’s business strategy required them to seek a more ERP-agnostic solution. They needed a hosting provider with broad expertise across various technologies; one who was responsive to their needs and could accommodate their customer service goals.

Tensoft launched a Managed Services Partner (MSP) selection process in 2017. Initially, Connectria’s depth of expertise stood out and its security and compliance capabilities further confirmed Connectria as Tensoft’s preferred MSP. Connectria has since provided Tensoft with AWS managed services support.

Challenge

Tensoft initially leveraged Connectria’s Cloud Management platform, TRiA, to monitor Security Compliance and AWS vulnerabilities. This provided visibility, insight, and access to information that other service providers simply couldn’t offer. The ERP solutions that Tensoft applications integrate into often handle credit card processing, so PCI compliance was a must.

Many of Tensoft’s customers are publicly held companies. Therefore, SOC Type 2 compliance became critical. Tensoft’s current primary challenge is focused on security. Their original environment had only one virtual private cloud (VPC) and a few subnets which needed to be reorganized and better secured.

Solution

The new environment, architected and delivered by Connectria, separated production and pre-production into different AWS accounts. Each environment was built with AWS and security best practices utilizing Amazon native services wherever possible. This included the migration of DNS services over to Route53 and the migration of the MS SQL database from EC2 to RDS. VPC Peering was employed to securely connect the two environments while Connectria worked with the Tensoft team to update the dynamic functionality of the application to make use of auto-scaling and load balancing. Connectria is continuing to provide managed services and support for the environment.

Connectria initially shifted from a strategy using Application Load Balancers (ALBs) and a Web Application Firewall (WAF) to leveraging Elastic Load Balancers (ELBs) in order to get the necessary authentication to work. Connectria has fine-tuned security cyber suites on ELBs to make them more secure. We’re also terminating SSL on the ELBs and sending it back to the webheads, so all SSL is terminated on ELBs. Furthermore, we’re maintaining the compliance of their AWS environment by performing remediation on security vulnerabilities identified by the security group and ensuring patching is executed appropriately.

Connectria ensures that Tensoft follows key architectural considerations for designing compliant AWS environments, the first of which is resource segregation with limits the scope of PHI and prevents leaks while developing. Many users, like Tensoft, begin an AWS journey with a single account. However, AWS recommends setting up multiple accounts as workloads grow in both size and complexity.

Connectria split Tensoft’s AWS accounts down to one webhead and one database in the dev account. In the production account, Connectria separated Tensoft’s account by leveraging subnets (which wasn’t the case before). Now, resources in their AWS cloud environment are segregated appropriately.

Due to internal restructuring and a focus on security within their environment, Tensoft requested that Connectria rebuild the environment with industry and security best practices. The inherited environment had an Active Directory in this VPC/Subnet and presented the challenge of having Dev, Test, and Production in the same VPC with limited use of encryption. The application was two-tiered, with a Web tier feeding an MSSQL DB on EC2.

Results

Thanks to Connectria, Tensoft is leveraging the cloud more. We rearchitected their environment and addressed security and compliance concerns around GDPR and SOC2. Connectria’s Network Operations Center (NOC) actively notifies our team of opportunities to review environment and instance components.

“I love having Connectria as our MSP Partner because of their deep expertise in cloud security and compliance. Their team is incredibly knowledgeable about key cloud components from networking to security, compliance, database hosting, and more! This enables our internal team to focus more on what we do best,” said Bob Scarborough, Tensoft CEO.