Trek10 Helps the Gemological Institute of America Provide Fast and Secure Delivery of Diamond Grading Reports Using AWS
Gemological Institute of America (GIA) uses a serverless solution on AWS for its online report-delivery service, providing its global client base with quick and secure access to its reports on the quality of diamonds and other gemstones. Trek10, an AWS Premier Consulting Partner, built a serverless environment based on AWS AppSync and AWS Lambda, with Amazon DynamoDB for the backend, to deliver a secure and easily searchable website that can seamlessly and quickly handle 25,000 simultaneous queries per second.
GIA Outgrows Its On-Premises Environment
For GIA, maintaining public trust is key. From online retailers, bricks-and-mortar shops, and large jewelry firms to consumers throughout the world, businesses and individuals depend on GIA’s reports to independently evaluate the quality of diamonds, pearls, and colored gems, such as rubies and emeralds. These reports are essential in upholding GIA’s mission to protect customers and help ensure the public trust in gems and jewelry.
For over a decade, the system for delivering the electronic version of GIA’s reports had been sitting on an on-premises monolith of an application that was serving all of the institute’s needs, such as grading gemstones, calculating finances, and serving APIs for its reporting system. However, the on-premises environment had its limitations and was causing unfavorable effects downstream. For example, GIA wanted to offer new online services to its clients, but it could not scale in the on-premises environment. Additionally, an issue with one service would affect the performance of the others, causing the vital online report-delivery service to experience periodic downtime and performance issues. These limitations were making it difficult for GIA’s clients to move gems and jewelry to customers through the global supply chain.
“The commitment to excellence and the ability to develop procedures for grading that can be evenly applied across all types of stones definitely builds a public trust. This is why we chose AWS, to help us build and maintain that trust.”
- Sean Mare, Application Architect, GIA
A Serverless Solution, with Help from Trek10
To address this challenge, GIA decided to move its report-delivery service to a secure, serverless platform based on AWS, and calling on Trek10 to help was a natural next step. A member of the AWS Public Sector Partner Program and an AWS Premier Consulting Partner, Trek10 specializes in AWS serverless solutions and focuses exclusively on the AWS Cloud.
In addition to security, GIA had four requirements for Trek10’s serverless solution: high availability, high performance, flexibility, and data quality.
A Report-Delivery System Built for Security and Availability
Security is very important to GIA because the information that it distributes is private to the customer. This is why the serverless solution needed to include restrictions regarding the information that customers could access. To apply these restrictions, Trek10 utilized the built-in functionality of services like Amazon API Gateway, where the institute could implement API keys that act as tokens for customers to authenticate their identity when they accessed the site.
To ensure that the information on the reports stay accurate and secure, Trek10 put several constraints in place to ensure that the API served the reports that GIA generates and no other data. Trek10 utilized AWS AppSync and the query language GraphQL to encapsulate data, providing users with a predefined set of information to query against. This way, customers are not able to see private information that pertains to other clients.
This exacting approach to security proved to be successful. GIA hired a third party to perform penetration testing on its API and was given the highest grade that can be assigned to a client. No significant vulnerabilities were found during the audit—a testament to the robustness of the system and the security and protocols surrounding it.
To ensure that the serverless solution continuously meets AWS security best practices, Trek10 provides 24/7 support via a continuously occurring security scan. “This ensures that the GIA team is immediately informed if something is not meeting AWS standards, without the need for dedicated support engineers,” says Charlie Guse, Senior DevOps Engineer at Trek10.
To ensure high availability for its global client base, Trek10 designed a cloud-based solution from the ground up with active-active clustering in the US West (Oregon) and Asia Pacific (Singapore) AWS Regions. This setup enables GIA to make production releases without an interruption in service because those two regions mirror each other. If one region does not respond, requests are routed to the other region. During deployment, the GIA team deploys to one region at a time, enabling the institute to maintain 100 percent uptime.
Building and Maintaining Trust with AWS
The serverless solution was built with speed and performance in mind. With Amazon DynamoDB as the backend database and GraphQL as the query language, the API response time went from 10–30 seconds down to .3 seconds.
As a nonprofit organization, GIA wanted to recoup the costs of delivering the report-delivery system and ensure it had the resources to maintain it. “As part of our mission, we wanted to deliver a great solution that was sustainable. We did this by developing a fee structure based on usage,” says Sean Mare, Application Architect at GIA. “If a client uses the service to look up 100 reports, they pay only for those 100 reports. The fee structure is based on the number of actual lookups the user makes.”
A validation framework was also implemented to ensure accuracy. GIA’s monolithic system was built over a number of years and worked on by a number of different people, sometimes resulting in discrepancies between the data shown on the screen and the data in the printed report. The AWS serverless solution was built with the goal of reconciling those discrepancies and preventing them from reoccurring.
On the backend, reports generated by gemologists are entered into GIA’s monolithic application. When those reports are complete, the application puts the report data on an Amazon Kinesis stream, and this data is validated using AWS Lambda functions. Once the data is validated, it is put on a second Kinesis stream, at which point another Lambda function commits the data to DynamoDB. This framework ensures that the reports have met all of the required rules for displaying the information that the client is seeking, and that it is accurate and up to date.
“The accuracy of our reports helps build public trust,” says Mare. “And public trust is the foundation of GIA’s long and storied history. The commitment to excellence and the ability to develop procedures for grading that can be evenly applied across all types of stones definitely builds a public trust. This is why we chose AWS, to help us build and maintain that trust.”
The Gemological Institute of America (GIA), a nonprofit institute based in Carlsbad, California, is a leader in gemological research. GIA sets and maintains the standards for evaluating gemstone quality and provides education in the field of gemology and jewelry arts.
Trek10, an AWS Premier Consulting Partner, is a consulting and managed services company specializing in serverless, Internet of Things (IoT), and cloud-native architecture. The company focuses exclusively on AWS and provides services in designing, building, and supporting AWS workloads.
Published March 2021