Kochi Metrol Rail Limited (KMRL)

Customer Profile

Name:  Kochi Metro Rail Limited


OS: Red Hat Linux 7.6 for SAP Landscape Systems, Microsoft Windows Server 2012(SOLMAN & ZETA HRMS Hosting)

Customer’s Challenges

  1. Orient has to study the utilization of the current IT Infrastructure and propose cloud infra required to achieve desired SLA.
  2. Orient to prepare Migration Plan with minimum downtime.
  3. Orient to showcase working on cloud and build environment that can be verified before the migration process is carried out.
  4. Orient to build Project Plan with timelines.
  5. Data to be tiered to Archival storage based on timelines
  6. Orient has proposed a VPC in Mumbai Region with the following design
  7. Administrators will have access to relevant EC2 and S3 Buckets
  8. All DATA at rest will be encrypted using EBS and S3 Encryption
  9. The Backup will be managed by Snapshots and taken using Lambda Service at 12 hour intervals
  10. The DR drill will be done once every 6 months
  11. Migrate SAP Systems & HRMS System using Cloud Endure
  12. Orient will migrate SAP SYBASE database and SAP applications to Cloud

Orient Solution

Orient as part of the proposal has considered-

E-Mail and Communication Infrastructure be suitably replaced to reduce the total infra and license cost. Business Applications, HRMS Server and other required Application Servers be replaced with similar infrastructure on AWS.

Requirements for Critical Services:

  1. Backup will be automated and be done on Backup Storage every 12 Hours
  2. VM Uptime guaranteed for 99.9% uptime.
  3. Data Loss in case of a disaster will not exceed 12 Hours.
  4. Virtual Machine – Recovery Time will not exceed 24 Hours in case of disaster.
  5. Dedicated Technical Account Manager will be assigned for any escalations.
  6. Data Migration and Migration of the applications to be taken care of within 30 days.
  7. Optimization will be done once the infrastructure becomes stable and will be an ongoing activity every quarter.
  8. Data will remain in encrypted format at Rest in Cloud.


Orient as a part of the proposal considered and delivered the below list of AWS Service:

  1. AWS Elastic Compute Cloud (EC2) with Redhat Linux Mapio 7.6 and Windows Server 2012(SOLMAN), Database- Sybase.
  2. AWS Lambda
  3. AWS Virtual Private Cloud (VPC)
  4. Identity and Access Management (IAM)
  5. Fortinet Firewall and SSL VPN
  6. Cloud Endure Migration

We have used the AWS EC2 instance for Application Server and Database Server.

AWS Lambda is used for automating the backup process. We created functions using python for automating the backup and deletion of backed up AMI.

AWS VPC is the service that provides a virtual private cloud network that functions similar to the traditional Datacenter network. It was used for deployment of database in the private subnet which making it not accessible over public internet. Applications deployed in public subnet inside VPC.

Fortinet Firewall  is a highly secured and reliable firewall service via AWS . It was used for stringent firewall rules and SSL VPN access to multiple servers of SAP and non-SAP servers via secured connectivity of KMRL employees from anywhere to KMRL AWS Private Cloud.

IAM was used to manage the user’s access and identity management, by giving rights at the granular level. Using IAM two separate roles was created for Admin and Billing access.

Cloud Endure Migration was used to migrate the SAP Workloads from on premises DC to AWS Cloud without any hurdles or issues smoothly. It took 2 days for each SAP DB and APP servers to be deployed in KMRL AWS Server farm respectively.

Solution Description and Implementation:

  1. KMRL has multiple in house users connecting to their applications via Web access and SSH using SSL VPN credentials provided to them. Users with role “Admin” help to do the deployment and development activities
  2. An EC2 instance with windows 2012 SAP Sybase Database and Solution Manager Application for SLD(SAP System & Landscape Directory).
  3. The cloud endpoint was secured with a Fortinet Firewall. The EBS storage was used with Encryption.
  4. The security of an environment ensured using Security groups.

Result Achieved

  1. EC2 with SAP Workloads removed the lock-in of sticking to the existing environment, as there will be no commitment on AWS.
  2. The system could be scaled when required to increase processing and user loads during planned intervals. Auto scaling was not required as KMRL Technologies only had planned workloads intervals.
  3. Time for any query (irrespective of complexity or data requested) execution was significantly reduced by 15-20% if compared with earlier step.
  4. EC2-AMI snapshots (backup) in the encrypted format was completed within few minutes.
  5. Additionally backuped AMI Restoration to a new EC2 instance demonstrated to the customer.
  6. Service level agreement met as demanded i.e 30 Mintues for Business-critical incidents which lead highly availble environment in AWS with as uptime increased to 50% .

Accumulated Experience

  1. Daily mundane activity of backup was automated using the Lambda function.
  2. Security of the environment based on AWS best practices helped to build the secured environment.
  3. KMRL being public sector government based service to the customers, they wanted fully compliant data center which AWS already adheres too.

Leave a Comment

Your email address will not be published. Required fields are marked *