AWS Partner Network (APN) Blog

Agile Transformation of an Automotive Dealer Application for Scalability and Availability with AWS

By Karthikeyan Rathinasami, Solutions Architect – Tech Mahindra
By Harish Sidenur, Enterprise Architect – Tech Mahindra
By Nitin Chahar, Sr. Partner Solutions Architect – AWS

Tech Mahindra-AWS-Partners
Tech Mahindra
Connect with Tech Mahindra-2

Companies in the automotive dealer business have been challenged by the lack of effective ways to manage dealer networks. This is a result of outdated technology, rigid contracts, and high costs, which lead to inefficient processes, lack of visibility, and non-existent reporting.

There is a growing need for automotive dealers to adopt innovative technology to transition into the digital era smoothly.

Today, companies are looking for a platform that is customizable and scalable from simple to complex solutions or small to large enterprises. One that fits with most public and private cloud infrastructure and deployment requirements. In summary, a flexible, responsive solution that delivers a better experience for employees and customers.

One study (2021 DMS Dealer Sentiment Survey) shows customers leaning towards secure, cloud-native solutions with modern features that are backed by superior support. A cloud-native solution provides dealers with digital security, flexibility, and efficiency to meet today’s rapidly changing market.

In this post, we highlight how Tech Mahindra transformed a monolithic application into a resilient and reliable solution to support expanding dealer networks. To build this cloud-native transformation approach, Tech Mahindra used Amazon Web Services (AWS) and a microservices-based API-first architecture.

Tech Mahindra is an AWS Premier Tier Services Partner and Managed Service Provider (MSP) specializing in digital transformation, consulting, and business re-engineering solutions. Tech Mahindra works with diverse customers across industries, such as telecommunication, automotive, retail, financial services, and more.

Solution Overview

Tech Mahindra proposed a cloud-native auto dealership system. A requirement of the solution is that it should be able to support a network of territory-based dealerships and have a central database of dealer information, customer information, and inventory.

Additionally, the solution should incorporate the modern design principles that customers expect, including:

  • Simple and seamless REST service access through multiple channels.
  • Innovative and agile.
  • Domain-driven design.
  • Microservices architecture hosted in the AWS cloud.
  • Automation using DevOps.

Considering the preceding requirements, Tech Mahindra followed its refactoring process of domain-driven decomposition (Figure 1) to identify the microservices and endpoints. This results in modularity and extensibility to allow for future changes required in the business process.

Tech Mahindra recommended using AWS for the application’s business and presentation layers. AWS was selected as it provides services to build reliable, scalable, fault tolerant, and highly available systems in the cloud.

Figure 1 – Approach to domain-driven decomposition.

Dealer Application Solution Details

The dealer application needed to address three key industry use cases: the ability to scale to accommodate new dealership locations as the business expands, accessibility, and capital investment. As part of the dealer management transformation solution, Tech Mahindra developed a solution that would extend the dealer network across regions and provide uninterrupted ‘anytime, anywhere’ access to all the functionalities.

The transformation would result in a modern, highly scalable, and resilient solution—leveraging the best-in-class design and cloud architectural patterns.

Critical to sales and incentives, the dealer application should provide a consistent view of the service offered, regardless of access channel, while ensuring that existing security mechanisms are maintained at all times.

To achieve this, Tech Mahindra adhered to the following tenets:

  • Adopt AWS for its highly available infrastructure, flexibility, and broad regional coverage.
  • Omnichannel experience for increased productivity of sales team and to drive administrative efficiency.
  • Use microservices-based API-first architecture to be flexible and agile by design.
  • Use of centralized API Gateway to provide a central connection point for third-party applications as well as central point to monitor.

The solution is designed to be implemented as a unified and flexible application for clients supporting various markets. It is designed in such a way that common functionality resides in core microservices and zone-specific functionality will reside in zonal specific microservices.

The architecture shown in Figure 2 below leverages the native AWS services with the core business services being deployed as containers on AWS Fargate.

Figure 2 – Application architecture.

Availability and Scalability

Amazon API Gateway is used as a single-entry point to expose APIs externally in a secure and highly scalable manner. The need was to have data transfer in a variety of formats; hence the use of REST API (representative state transfer) to expose the endpoints as they are lightweight and flexible. Edge optimized endpoints were implemented based on the clients being globally dispersed. The APIs are configured to be authenticated through a Lambda authorizer.

The microservices are connected to the Amazon API Gateway through Network Load Balancer (NLB), configured for AWS Fargate and Amazon Virtual Private Cloud (Amazon VPC).

The application components run in an Auto Scaling group, which is used by AWS Fargate. Auto Scaling groups allow the applications to scale in or out based on the memory and CPU threshold defined in the Auto Scaling group’s configuration.

Additionally, Amazon DynamoDB is used, with options to backup, restore, and secure data.

Speed and Performance

Amazon Elastic Compute Cloud (Amazon EC2) is used for the application to avoid a delay in start time. Amazon EC2 is also used to host Jenkins and Nexus Artifactory as a container for the continuous integration and delivery (CI/CD) pipeline.

To avoid complexity and encourage modularity, Tech Mahindra proposed the use of a serverless stack. AWS supports serverless computing design patterns with services for running code, managing data, and integrating applications, all without managing servers.

Tech Mahindra used many of these serverless functions chained together to have a highly flexible, efficient process. The serverless functions included AWS Lambda, AWS Step Functions, Amazon Simple Notification Service (Amazon SNS), and Amazon Simple Queue Service (Amazon SQS).

AWS Lambda is used to handle and process the core data flows for the system; for example, sending emails and storing/fetching mail metrics. In addition, Lambda authorization is used to validate the token (JSON web token or an OAuth token).

For all static query implementation, Amazon ElastiCache for Redis was used, in order to avoid a database hit for every request. Data is loaded from the in-memory cache, which increases response time and performance.

Containerization

The microservices are containerized using a serverless model with AWS Fargate, which can run Docker containers without having to manage servers or clusters.

AWS Fargate uses automatic scaling to achieve elasticity and scale resources in or out as per the workload characteristics. Some microservices are configured to scale up to three replicas while others can scale up to five. This is based on each service’s unique requirements. The scaling is based on the API usage.

Tech Mahindra set the memory utilization threshold to enable horizontal scaling of Docker containers and scaling down automatically to remove the corresponding resources gracefully as part of the load balancing group.

Security and Compliance

For authentication and authorization, Tech Mahindra used WSO2 Identity Server. The identity provider (IdP) is integrated with the corporate Microsoft Active Directory to enable single sign-on (SSO) for users.

The WSO2 IdP, a third-party identity provider, issues cryptographically signed tokens to users containing information about the user identity and their permissions. Custom authorization codes are written for use by these non-AWS tokens to control resource access within API Gateway. These Lambda functions are defined to “map” token characteristics to API Gateway resources and permissions.

The Lambda authorizer additionally allows for customization of authorization logic, beyond validation and inspection of tokens.

Figure 3 – Authentication/authorization using AWS Lambda.

AWS Secrets Manager is used to store database connections securely to avoid them being saved in the application settings in plain text. An Amazon EC2 instance is configured with an AWS Identity and Access Management (IAM) role, which grants it permissions to read the secrets from Secrets Manager using AWS SDK for Java.

AWS Key Management Service (AWS KMS) is used to easily create and control the encryption keys used to encrypt or digitally sign your data. It is also integrated with AWS CloudTrail for auditing purposes.

AWS WAF, a web application firewall, is provisioned to protect against SQL injection and cross-origin resource sharing (CORS) is configured to allow only specific domains.

Storage

The solution uses different AWS services and products to cater to its storage needs, including the following:

  • Oracle Cloud Infrastructure (OCI): Oracle database running in OCI can be connected through AWS Direct Connect. The Tech Mahindra solutions team leveraged the existing database structure, since there could be several upstream and downstream systems using it.
  • Amazon DynamoDB: To store email metrics such as sends, rejects, deliveries, opens, clicks, bounces, and subscriptions.
  • Amazon Simple Storage Service (Amazon S3): To store images and templates. Access to delete the content is restricted while enabling versioning to prevent data loss.
  • Amazon Elastic File System (Amazon EFS): To store customer related PDF files. The data has been encrypted at rest to protect from unauthorized file storage access.
  • AWS Secrets Manager: To store sensitive information, like user ID, password, and API keys from the property file the existing system would be using.

Monitoring

Amazon CloudWatch is a monitoring and management service used to provide data and actionable insights. CloudWatch collects monitoring and operational data in the form of logs (API Gateway logs and container logs), metrics (memory and CPU utilization), and events (to trigger mail to support team whenever there is an exception logged in).

Using the collected data, CloudWatch visualizes it in a dashboard to provide the user with actionable insights. The dashboard is configured to find API metrics, like count, average time, minimum time, maximum time, and so on.

Additionally, AWS X-Ray is used to monitor application traces (API traces), including the performance of calls to other downstream components or services. Insights are configured to analyze the trace data and identify emergent issues in the applications.

When fault rates exceed the expected range, it creates an insight that records the issue and tracks its impact until resolved.

Resource Provisioning

While multiple environments—like development, quality assurance, and production—need the required resources and configurations, recreating them is time-consuming and prone to errors.

AWS addresses this challenge with AWS CloudFormation, which manages a collection of AWS resources by automating the creation and termination of infrastructure, services, and applications.

Tech Mahindra created CloudFormation templates for the different services to be used in the application architecture. As an alternative, AWS Cloud Development Kit (AWS CDK), provides quick and reliable provisioning of the services or “stacks” in different environments.

Separate templates were created for each resource, instead of a consolidated template, for ease of maintenance. This approach allows developers to easily update or replicate the stacks as needed, allowing for automatic rollbacks, automated state management, and management of resources across accounts and regions.

The swagger deployment is automated. If any new endpoints are added, developers can add the endpoints in the swagger and deploy.

Deployment Automation

The challenge of deploying a large number of microservices is addressed by a CI/CD pipeline using Jenkins. An Amazon EC2 instance is used for installing tools required for DevOps, Maven for build activities, and an Amazon Elastic Container Registry (Amazon ECR) is used for storing Docker images.

CI/CD for Java

Automation and continuous monitoring through CI/CD pipeline are achieved through the use of different tools, as shown in Figure 4. Failure in each and every stage triggers a notification which the engineer can address quickly.

For the use case discussed in this post, we used the following:

  • Sonarqube for code review of Java source and NodeJs source.
  • JUnit for unit testing the Java code.
  • Mochachai for NodeJS.
  • Cobertura to check the code coverage percentage for Java.
  • Istanbul to check the code coverage percentage for NodeJs.
  • Amazon S3 to store the NodeJS files.
  • Nexus for storing Java binary files.

Figure 4 – CI/CD for Java.

Results

The transformation approach outlined in this post helped build a resilient and reliable solution that addresses the key challenges of expanding the dealer network across the automotive industry.

It also addressed pain points, like scalability and availability of core and territorial systems, while ensuring increased performance and seamless issue resolution through automation. The outcome of the transformation included the following:

  • Agility in application development: An automated CI pipeline using third-party DevOps services and continuous deployments on AWS led to faster delivery.
  • Infrastructure as code (IaC) for rapid provisioning: The creation of AWS CloudFormation templates for different services automated the creation of environments (development, QA, and production).
  • Integration of third-party tools: Tools such as JUnit, Mockito, SonarQube, and Postman, are integrated in the pipeline for seamless quality delivery.
  • Scalable and reliable applications: Designed for auto scaling. Infrastructure provisioning in such a way that based on the load, the system will scale up or down. AWS Auto Scaling ensures that applications are automatically scaled to maintain steady, predictable performance. This greatly improves application availability and reliability.
  • Performance and cost: In addition to auto scaling, the use of serverless functions not only improved the performance, but also reduced the cost. This resulted in significant performance improvement, as the application is designed to use load balancing and caching techniques.
  • Security: Tech Mahindra ensures the code adheres to the Open Web Application Security Project (OWASP) security standards. Tech Mahindra also performed penetration testing.

Conclusion

As the dealer network expands, automotive companies want to adapt to their growing business needs while leveraging their existing systems. Tech Mahindra’s dealer application solution allows manufacturers to manage their business from a single platform.

Tech Mahindra’s agile approach to digital transforming, using AWS as the core technology and framework module, helps not only rapidly onboard dealers, but also seamlessly manage global operations.

As we have seen in this post, using a cloud-based dealership solution provides an effective and collaborative way for departments to communicate, interact, and stay informed of the transactions happening across the dealership. This not only saves money, but improves the efficiency of business operations, as well as the customer experience.

Additionally, state-of-the-art cloud-native technology, such as AWS services, helps modernize the start-to-end auto stakeholder experience by connecting users, like clients and dealers. It achieves the scalability in terms of accommodating more dealers, customers, types of users, and business requirements. Flexibility and agility are achieved through the microservices-based API-first architecture.

While serverless architecture, DevOps, and auto scaling addresses cost and resilience, security on-access and security on-data applied at different levels provides protection against misuse.

It’s important to have a solution that is secure, cost-effective, and efficient to ensure business continuity even during turbulent or unexpected times. Companies should invest in creating a platform ecosystem by integrating systems to create dealerships of the future.

To learn more about Tech Mahindra, visit the website.

.
Tech Mahindra-APN-Blog-Connect-1
.

Tech Mahindra – AWS Partner Spotlight

Tech Mahindra is an AWS Premier Tier Services Partner and MSP that specializes in digital transformation, consulting, and business re-engineering solutions.

Contact Tech Mahindra | Partner Overview

*Already worked with Tech Mahindra? Rate the Partner

*To review an AWS Partner, you must be a customer that has worked with them directly on a project.