Case study on Adobe !!

Adobe Inc.(limited liability company) is an American multinational computer software company. Incorporated in Delaware and headquartered in San Jose, California, it has historically focused upon the creation of multimedia and creativity software products, with a more recent foray towards digital marketing software

“Creativity is in our DNA. Our game-changing innovations are redefining the possibilities of digital experiences. We connect content and data and introduce new technologies that democratize creativity, shape the next generation of storytelling and inspire entirely new categories of business.”

Adobe Products

Adobe offers a line of products and services used by creative professionals, marketers, knowledge workers, application developers, enterprises and consumers for creating, managing, delivering, measuring and engaging with content and experiences across multiple operating systems, devices and media.

Deploy and manage your multiprotocol media streaming easily and affordably. Adobe’s partnership with AWS simplifies the deployment of interactive media applications using peer-assisted networking. Start creating multiuser experiences with high-quality streaming for both live and on-demand content quickly and easily. Deliver to a wide variety of platforms and devices with minimal up-front commitment or investment.

“Adobe is named a Leader in the Gartner Magic Quadrant for web content management report”

Adobe Experience Manager (AEM) is a leader in digital experience delivery. It is a powerful, enterprise-ready solution that provides businesses with an easy way to deliver immersive web experiences, build a brand, drive demand, and extend reach to audiences across the globe. Amazon Web Services (AWS) is a leader in cloud services and infrastructure providing a flexible, cost effective, and easy-to-use computing platform. Combining AEM and AWS can be an effective method to deliver personalized digital experiences to your customers.

Benefits:

Here I have mentioned some of the main benefits and described some best practices that should be applied when deploying AEM on AWS.

Delivering a fast, secure, and seamless experience is essential in today’s digital marketing environment. The need to reach a broader audience across all devices is essential. A shorter time to market can be a differentiator from competitors. Companies are turning to cloud-based solutions to boost business agility, harness new opportunities, and gain cost efficiencies.

Key benefits of using AEM on AWS

Here I have summarized some of the key benefits of using AEM on AWS, and highlights how Advanced AWS Partner Network (APN) Consulting Partner Razorfish uses AEM on AWS.

Why Use AEM on AWS?

AEM, as a Web Experience Manager (WEM) platform, can take advantage of some the benefits of the AWS platform, including global capacity, security, reliability, fault tolerance, programmability, and usability. This section discusses several ways in which deploying AEM on AWS is different from deploying it to an on-premises infrastructure.

Flexible Capacity :

• One of the benefits of using the AWS Cloud is the ability to scale up and down as needed. When using AEM, you have full freedom to scale all your environments quickly and cost effectively, giving you opportunities to establish new development, quality assurance (QA), and performance testing environments.
• AEM is frequently used in scenarios that have unknown or significant variations in traffic volumes. The on-demand nature of the AWS platform allows you to scale your workloads to support your unique traffic peaks during key events, such as Great Indian Sale or the Amazon Diwali sale.
• Flexible capacity also streamlines upgrades. At this point, many AEM clients are upgrading from AEM 5.x to AEM 6.1. AWS makes it very easy to set up a parallel environment, so you can migrate and test your application and content in a production-like environment. Performing the actual production upgrade itself can then be as simple as the change of a domain name system (DNS) entry

Broad Set of Capabilities :

• As a leading web content management system solution, customers often use AEM as the foundation of their digital marketing platform. Running AEM on AWS provides customers with the benefits of easily integrating third-party solutions for auxiliary experiences such as blogs, and provide additional tools for supporting mobile delivery, analytics, and big data management. You can integrate the open and extensible APIs of both AWS and AEM to create powerful new combinations for your firm. Razorfish uses AEM on AWS with their turnkey digital marketing platform, Fluent, to help organizations market across multiple channels in the areas of analytics, targeting and experience management.
• With solutions like Amazon Simple Notification Service (SNS), Amazon Simple Queue Service (SQS), and AWS Lambda, AEM functionality can easily be integrated with other third-party functionality in a decoupled fashion.
• AWS can also provide a clean, manageable, and auditable approach to decoupled integration with backend systems such as customer relationship management (CRM) and commerce systems. Figure 3 shows an Enterprise Systems Integration scenario.
• Leveraging AEM on AWS enables the creation of a digital marketing foundation that not only delivers the full set of capabilities, but also does so using a scalable, de-coupled, and micro services-based solution.

Adobe Experience Manager (AEM) has a broad set of capabilities for digital experience delivery. Some of the key use cases for AEM are content management, experience management and personalization, digital asset management, communities, mobile applications, and in-store digital experiences.

AEM Screens architecture resembles a traditional AEM Sites architecture. Content is authored on an AEM author instance and then forward-replicated to multiple publish instances. AEM Screens devices can now connect to an AEM publish farm via load balancer. Multiple AEM publish instances can be added to continue to scale the publish farm.

AEM Architecture

Repositories :

Within AEM, everything is content and stored in the underlying repository. AEM’s repository is called CRX, and it implements the Content Repository API for Java (JCR), and is based on Apache Jackrabbit Oak. The Oak storage layer provides an abstraction layer for the actual storage of the content.

Currently, there are two primary1 storage implementations available in AEM6: Tar Storage and MongoDB Storage-

MongoDB

The MongoDB storage leverages MongoDB for sharding and clustering. The repository tree is kept in one MongoDB database where each node is a separate document.

Tar Storage

The Tar storage uses tar files. It stores the content as various types of records within larger segments. Journals are used to track the latest state of the repository.

AEM Implementation on AWS :

A first design decision for any implementation on AWS is to determine the Amazon Virtual Private Cloud (VPC) layout. For simplicity, we will assume a basic setup with one author and two publish AEM instances.

In this architecture, all AEM components are deployed in public subnets. The publish instances are spread across two AWS Availability Zones. Each of the AEM components has its own security group (and uses Auto Scaling, if applicable).

The following diagram shows the key components of the configuration for this scenario.

Solution with Public Subnets

The configuration for this scenario includes the following:

• A VPC with a size /16 IPv4 CIDR block (example: 10.0.0.0/16). This provides 65,536 private IPv4 addresses.
• A public subnet with a size /24 IPv4 CIDR block (example: 10.0.0.0/24). This provides 256 private IPv4 addresses. A public subnet is a subnet that’s associated with a route table that has a route to an Internet gateway.
• A private subnet with a size /24 IPv4 CIDR block (example: 10.0.1.0/24). This provides 256 private IPv4 addresses.
• An Internet gateway. This connects the VPC to the Internet and to other AWS services.
• Instances with private IPv4 addresses in the subnet range (examples: 10.0.0.5, 10.0.1.5). This enables them to communicate with each other and other instances in the VPC.
• Instances in the public subnet with Elastic IPv4 addresses (example: 198.51.100.1), which are public IPv4 addresses that enable them to be reached from the Internet. The instances can have public IP addresses assigned at launch instead of Elastic IP addresses. Instances in the private subnet are back-end servers that don’t need to accept incoming traffic from the Internet and therefore do not have public IP addresses; however, they can send requests to the Internet using the NAT gateway (see the next bullet).
• A NAT gateway with its own Elastic IPv4 address. Instances in the private subnet can send requests to the Internet through the NAT gateway over IPv4 (for example, for software updates).
• A custom route table associated with the public subnet. This route table contains an entry that enables instances in the subnet to communicate with other instances in the VPC over IPv4, and an entry that enables instances in the subnet to communicate directly with the Internet over IPv4.
• The main route table associated with the private subnet. The route table contains an entry that enables instances in the subnet to communicate with other instances in the VPC over IPv4, and an entry that enables instances in the subnet to communicate with the Internet through the NAT gateway over IPv4.

Security :

Security is an important first consideration in any web-hosting environment. The security of the AEM hosting environment can be broken down into two areas: application security and infrastructure security. A crucial first step for application security is to follow the security checklist for AEM and the dispatcher. You want to prevent Denial of Service (DoS) attacks, and for that the mod_rewrite module in Apache Web Server is often used to prevent the request passing through to the dispatcher or publish instance. In addition, the Apache mod_security module can provide additional security against XSS attacks.

From an infrastructure level, AWS provides many tools to lock down your environment. One of the core components of network security is Amazon VPC13. This service provides multiple layers of network security for your application such as public and private subnets, security groups, and network access control lists for subnets.

Amazon CloudFront can be used to provide some crucial security benefits: 1) you can offload direct access to your backend infrastructure, and 2) using the web application firewall (WAF) provided by the AWS WAFservice, you can apply rules to prevent the application from getting compromised by scripted attacks. The same rules that are encoded in Apache mod_security on the dispatcher can be moved or replicated in AWS WAF. Because AWS WAF integrates with Amazon CloudFront CDN, this enables earlier detection, minimizing overall traffic and impact. Additionally, AWS WAF provides centralized control, automated administration, and real-time metrics.

AWS also provides audit tools such as AWS Trusted Advisor. AWS Trusted Advisor inspects your AWS environment and makes recommendations for saving money, improving system performance and reliability, and security. We also recommend that you consider tools such as Amazon Inspector. Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for vulnerabilities or deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed report with prioritized steps for remediation. This can support system management and gives security professionals the necessary visibility into vulnerabilities that need to be fixed. In addition to Amazon Inspector, other third-party products such as Burp Suite or Qualys SSL Test (for certificate validation) can be used.

Finally, having an audit log of all API actions and configuration changes can be useful in determining what changed and by whom. AWS CloudTrail and AWS Config provide you the capability to capture extensive audit logs. We recommend that you enable these services in your hosting environment.

Automated Deployment :

AWS provides API access to all AWS services, and Adobe does this for AEM as well. Many of the various commands to deploy code or content, or to create backups, can be invoked through an HTTP service interface. This allows for a very clean organization of the continuous integration and deployment process with the use of Jenkins as a central hub, invoking AEM functionality through CURL or similar commands.

Jenkins can support manual, scheduled, and triggered deployments, and can be the central point for your AEM on AWS deployment. If necessary, additional automation can be enabled using the Jenkins AWS CloudFormation plugin, enabling the creation of a complete environment from the Jenkins console.

Example CI Setup for an AEM Jenkins Architecture

Jenkins can be installed on an Amazon EC2 instance, pulling code from AWS CodeCommit or an alternative code management solution.

Automated Operations :

One of the key benefits of running AEM on AWS is the streamlined AEM Operations process.

To provision instances, AWS CloudFormation or AWS OpsWorks can be leveraged to fully automate the deployment process, from setting up the architecture to provisioning the necessary instances. Using the AWS CloudFormation embedded stacks functionality, scr ipts can be organized to support the different architectures outlined in the earlier sections. When using AEM’s Tar Storage, repository content is stored on the file system. To create an AEM backup, a file system snapshot must be made. This is done easily on AWS through Amazon EBS snapshots. To ensure a consistent backup, use tools such as fsfreeze to suspend file system I/O. With MongoDB storage, backing up the MongoDB database will create the backup. If the data store is configured outside the main repository, this will need to be backed up separately.

Conclusion :

Using Adobe Experience Manager on AWS can provide you with a great platform and foundation for delivering digital experiences. As you look to deploy AEM on AWS, we recommend that you consider the best practices and guidance outlined in this document, and consult the additional references outlined in the Further Reading section that follows.

Thanks for Reading …