Table of Contents
Open Gate Sangha, Inc. is a spiritual nonprofit, tax–exempt organization. Founded in 1996 in the San Francisco Bay area, Open Gate Sangha today reaches people around the world who are naturally drawn to the sincerity and depth of Adyashanti and Mukti’s message. Open Gate Sangha’s staff and many dedicated volunteers work together to bring these teachings forward through In-Person and Online-Programs, Publications, Broadcasts, and Media.
While serving a community of over 30,000 worldwide users, Open Gate Sangha and its companion websites provide teachings and product sales in the form of text, pdf audio and video files. The organization provides extensive free and purchased audio and video streaming services in both ‘Live’ and archived formats while managing high-concurrency visitation. Open Gate Sangha’s site architecture includes managing user profiles, event registration, donations, scholarships, content management and provisioning, accounting, reporting and other community related services.
Open Gate Sangha’s infrastructure was hosted early on through various shared and dedicated servers located Lunar Pages (now Host Papa) in Los Angeles, CA. This infrastructure was initially operating reasonably well until membership started increasing, both domestically and internationally while serving many new users worldwide. Naturally, as the organization grew, additional resources were needed answer this new demand as visitation began to overburden available servers. They went from moderate loading to serving visitation the high thousands, especially during online programs where thousands of members would join concurrently from across the globe. It became very difficult to predict and provision the required infrastructure to serve such a content rich experience globally while mitigating such heavy traffic and spikes
This activity provided a great opportunity to modernize the client’s infrastructure stack, abstract critical services for regional distribution, adopt an elastic and tunable cloud services model with load balancing and move up to the Amazon Web Services (AWS) Cloud platform.
The new AWS Cloud infrastructure would offer highly available and underlying services as improved security and compliance model. Open Gate Sangha would be able to scale according to current load conditions while utilizing continuous integration and continuous delivery (CI/CD) automation for deployments. The new infrastructure would additionally provide separate environments for deployments, QA, staging, and production.
The IndaPoint team started working with Open Gate Sangha to analyze and identify critical areas and bottlenecks requiring improvement. With our experience and knowledge of their systems and operations with over 15 years of IT/development management we were well versed of their business requirements and software dependencies. We then began designing a new AWS Cloud-based architecture which would offer high availability removing any single points of failure.
The new architecture was planned in two phases. The first phase began by taking care of scaling, performance and security while in second phase we implemented the structure for CI and CD. The current architecture employs standard load-balanced design and features auto-scaled groups of application instances spread across multiple Availability Zones.
At the database tier, we leveraged the Amazon Relational Database Service (RDS) and AWS ElastiCache in multi-AZ configurations. RDS allows database encryption using keys managed through the AWS Key Management Service (KMS).
Utilizing AWS ElastiCache, we integrated the service to allow easy deployment, operation, and scaling an in-memory data store or cache in the cloud. As demand increases or decreases based on pre-set determinate levels, the system auto-adjusts for balanced front-end availability.
We also employed AWS S3 is used to store all user data, images and other content heavy resources. Its multi-node architecture caches assets regionally reducing latency to the end-user. We also use AWS S3 as a ready-to-deploy code snapshot for ‘at-once’ provisioning of mirrored codes across all front-end web servers.
AWS CloudWatch services are utilized to monitor performance and failures notifications allowing early action and mitigation.
To ensure high availability, ElastiCache was used to launch Memcached, the distributed memory object caching system, in at least two Availability Zones per region.
The Amazon Virtual Private Cloud (VPC) is a virtual network dedicated to the AWS account, and was also deployed. This provides logic isolation from other virtual networks in the AWS Cloud as another layer of security
All internet-facing web applications run behind the AWS Elastic Load Balancer. In the new infrastructure, AWS ELB is configured to route all site traffic, including dynamic pages across an array of frontline webservers. Open Gate Sangha’s web applications are additionally protected by CloudFlare (https://www.cloudflare.com/l) WAF (proxy security and DDOS protection service) which provides control over which traffic to allowed or blocked by defining customizable web security rules.
For CI/CD, we have we have also utilized AWS CodePipeLine and AWS CodeDeploy to deploy and configure applications on Amazon Elastic Compute Cloud (EC2) instances. AWS EC2 is a web service that provides secure, resizable web-scale cloud computing. CodeDeploy is tightly integrated with AWS Auto Scaling to eliminate delays between starting new nodes and deploying applications.
While working in concert with the Open Gate Sangha team, all client applications in the new AWS environment were tested and adjusted as necessary, while managing any additional requirements. Finally, full comprehensive documentation was created, covering all aspects of each environment’s automation, provisioning, and handling.
After successful migration to the new AWS environment, Open Gate Sangha has realized many benefits.
- The infrastructure is now distributed across multiple Availability Zones; single points of failure no longer exist. They are seeing zero failures during their online events/retreats where thousands of members join concurrently from various countries and they stream online video.
- The system expands and contracts based upon demand so the customer is not paying for continued expensive high-scale servers only needed during peak loading. This has allowed the company to stay away for capital expense and pay a variable expense.
- Content rich assets are cached and delivered regionally significant reducing latency for their end user.
- Server-side memory caching is utilized significant reducing latency for their end user.
- Improved security with multi-layered AWS abstracted credentials, and DDOS protection.
- Improved monitoring, with deep insight into the infrastructure’s health and current loading allowing early response to any issues.
- Increase speed and agility in deploying, decommissioning additional services
The company no longer is paying a flat rate for pre-provisioned contracted hardware, but now only pays for what it currently uses, within a modern virtual cloud environment saving on continued infrastructure management.