Unified architecture and cloud-native zero-trust platform to modernize legacy systems for leading Air Transport Association

About the customer

A major trade group for airlines. they support a variety of aviation-related activities, including  

Passenger experiences

Payments & Distribution

Security in aviation

Infrastructure & Airline Operations

On important aviation concerns, they also assist in developing industry policy standards

Business Problem

The customer's existing tariff and traffic tracking platform had an outdated application stack. Numerous components needed to be rebuilt frequently in order to construct new enterprise applications, which complicated the integration of connectors, protocols, and components to build future solutions. In order to make it simple to create and manage apps, they intended to create a zero-trust cloud-native platform with a unified infrastructure

Challenges Faced

Building digital platforms is complex. It goes without saying that the foundations, which encompass every component, must be set correctly.

Below is a list of prerequisite components and tools.

A complete transfer of the whole legacy system, including all its components and services, to the AWS public cloud, including Kubernetes and DataOps. 
Integrating these services to achieve the greatest possible benefit from moving to the cloud
Scalable data lakes and an event-based philosophy were required for the data architecture to ensure that data adds insights to the customer and customer’s customer. 
Implementation of zero trust security to ensure authorization amongst all tiers of the stack. Further enabling tiers to use appropriate proxies and load balancers ensuring properly sanitized traffic


Putting an end to reinventing the wheel

With a plan to modernize more than 10 preexisting applications that the client already had. Standardization of the service creation protocols underlined under a foundation layer was a priority to enhance reusability. Future improvements to the applications might also be transformed into reusable components to ensure uniformity, taking reusability to the next level. 
After conducting 3 rigorous workshops to strategize a uniform foundation for the platform. The solution was broken down into a 7-layer architecture of interacting containers that serve as the foundation for the solution's operation. 

Going a level deeper with every container 


Step one before building frontends is to freeze the design standards, which were implemented using Atomic Design Principal, a bespoke Design system language to provide standardized experience across all platforms. 
Utilizing Micro frontend architecture, which breaks down monoliths into manageable chunks, and frontend web development best practices in terms of reuse, scalability, and maintainability to boost the effectiveness of teams working on frontend code. 
The platform's core elements, such as the reporting, map, and charts, were powered with reusability because it was heavily focused on being analytics-powered. 

Authentication and Access Management (IAM) 

Without a system to control identity and access, true data security cannot be achieved. IAM solutions can enhance staff productivity by enabling access to data across many applications, locations, and devices when properly integrated. 
The solution was enabled with a one-of-a-kind system that is built to differentiate. Using role-based attributes to control access and authorization for each user. 
Powered by centralized access management, which allows for externalized authorization at the administrative, application, and data levels. To better understand, the system distinguishes between external and internal users and grants access based on predefined attributes. 

Access management elements 

Data Lakes 

Data serves as the client's primary playground. The goal was to make the platform robust enough to extract actionable insights for the client and its users. With a comprehensive data modernization plan based on serverless components. Further dissection of the data lake components was made to enable data cleansing, normalization, standardization, merging, and enrichment steps particular to products or consumers. 
Through a range of operations and refresh rates (such as batch, mini-batch, and stream), data processing engines, data storage layers, and pipelines, the container also supports a number of use cases.  
DevSecOps Enabled automated CI/CD pipeline orchestration through the use of bespoke infrastructure that has been configured to prevent manual component setup, installation, or maintenance. 

Data Lakes Components Breakdown 

Backend supported by Common services 

Microservices-based architecture was proposed with the goal of making it easier to build and maintain applications. With the primary purpose of encouraging the reuse and consumption of existing services rather than the creation of new ones.  
Every microservice is designed and built to be loosely connected and deployed separately utilizing automated CI/CD workflows capable of being developed by small teams. 
Supporting the Microservices based architecture is a common services component, a collection of commonly used core components that are mostly made up of existing components and services about which we have information and expertise, hence encouraging re-use. 

Access management elements 

Adding a layer of security with zero trust. 

Zero trust security was incorporated into the solution to safeguard enterprise data and resources by restricting their accessibility and allowing it only when necessary. 
A secure perimeter is the foundation of traditional network security; everything inside the perimeter is trusted, but anything outside is not. To lessen the possibility of unauthorized access to critical information and corporate data, a zero-trust network continuously assesses all actions and resources.
Implementation of Zero trust security was not only extended to services, but also to infrastructure, network, pipeline, and application layers.

A rundown of the best practices used to construct the overall solution 

End Impact

With the ultimate goal of allowing the client to focus solely on the business logic of their future solutions, the unified platform with a solid base will allow them to quit spinning the wheel over and over again and enable the following business implications

Reusable components save 42% on costs. 

2X enhanced better time to market that is directly proportionate to cost

End users now have access to a uniform, auto-scalable experience

65% reduction in risks adverse to transactions and user login. 

Assured quality using tried and verified components that allow you to concentrate on business logic

Read More