Cutco Cutlery Corp. is a privately held organization headquartered in Olean, NY. The cutlery and kitchen accessories company’s roots date back to 1949. Its high-quality products are made exclusively in America and guaranteed for life.
Cutco’s business is seasonal with peaks during summer months when its subsidiary, Vector Marketing, recruits and employs college-age sales representatives. These sales representatives are recruited from around the United States and Canada to direct-sell Cutco knives and other kitchen products to consumers.
Cutco enables their sales teams to perform direct sales using applications hosted in Cutco’s traditional data centers. The existing infrastructure was built by hand in a manual fashion and is relatively static, relying on VMware, Java, and IBM WebSphere technologies. A managed services provider handles day-to-day maintenance of this infrastructure and its applications.
There is significant cost to maintaining this infrastructure as it is provisioned for peak demand all year round, including off-season months. In the event that a sales representative does not have internet connectivity during a sale, customer and sales information must be recorded manually for input into the application later. The aged, monolithic web-based primary order application has challenges that are impacting the business in terms of low sales representative satisfaction and employee churn. Software is deployed manually with limited testing using the Rolling Deployment strategy. In addition, Cutco’s order application processes card payments and is subject to PCI DSS compliance regulations.
With Sirius’ help, Cutco is migrating to a modern infrastructure with Amazon Web Services (AWS) as the cornerstone for a user-friendly, cross-platform, mobile-based application. The foundation for this application utilizes an AWS Landing Zone, which provides the foundation for rapid application development and deployment using native security services. Sirius deployed the AWS Landing Zone with Infrastructure-as-Code using AWS CloudFormation, making expansion and repeatability simple. The Landing Zone consists of six AWS accounts, including a Master account, and takes advantage of these AWS technologies/offerings:
- CloudFormation is used for Infrastructure-as-Code that enables the easy, repeatable and versioned deployment of AWS Accounts, Virtual Private Clouds (VPC), AWS Config Rules and Networks
- AWS Single Sign On (SSO) for central management of multiple AWS Accounts through a Master account
- Seven VPCs tied together using Transit Gateway
o VPC CIDRs are tailored to individual VPC needs (for example, Prod VPC is a /18 whereas NonProd is /19). Each VPC looks similar, with three subnets in three availability zones totaling nine subnets.
- VPN connectivity to Cutco’s primary data center and a colocation facility
- AWS Config for control-plane tracking and logging
- AWS CloudTrail for API and console action logging for governance, compliance, operational auditing and risk auditing of the AWS account
- AWS Managed AD (located in Shared Services VPC) for authentication to the console
- Granular, least-privileged, role-based access control built into various Amazon IAM roles and groups for both cloud brokers and cloud consumers, including MFA for the root user
- AWS CodeCommit for infrastructure code and application code storage
- AWS SSO Security Token Service integrated with Command Line Interface (CLI) and SDK for programmatic access to CodeCommit
- Route 53 for public and private DNS
Following the tenets of the PCI DSS compliance checklist (found in AWS Artifact), a standalone account and VPC are used to separate PCI-compliant applications from non-PCI-compliant applications, reducing the scope during an audit. In addition, granular security groups in each VPC handle network segmentation while AWS Config monitors the changing state of each account, and AWS Config Rules alert for seven of the most common findings such as password complexity, SSH open to the world, S3 public access, encryption and more.
Sirius’s FiveOut Digital Team (https://www.fiveout.com/) is leading the development effort for the Sales Representative Application and it is being treated as a product, not a project. Sirius also introduced a pipeline for code to be integrated and deployed using AWS and open-source technologies.
The application is written using Amplify, which is used to manage the Serverless Framework and allow Cutco to leverage AWS native services everywhere without the need for servers. Those AWS services/technologies include:
- CodeCommit for code storage
- CloudFormation to deploy all Lambda functions and API Gateway
- Amplify as the CLI Development Tool
- S3 for image storage
- Cognito for true centralized user identity storage
- AppSync for GraphQL API and offline capability with the mobile app
- Lambda handles all backend processing from API gateway and acts as a notification mechanism to various slack channels
- Lambda@Edge for image resizing on the fly following Blogpost
- API Gateway acts as the public front end for the mobile app using custom domain names
- DynamoDB for content and index storage
- Certificate Manager for HTTPS certificates bound to API Gateway Edge-optimized CloudFront endpoints
The code was built using Jenkins hosted on the Cutco premises. This was chosen due to existing investment and skillsets in Jenkins. Jenkins can also be maintained at a consistent version due to the fragility of mobile app development and versions of the Apple iOS Xcode IDE and Android IDEs. The Serverless framework (serverless.com) is used by developers to help maintain Lambda functions as if they were a single application.
Cutco is using CloudCheckr as an AWS optimization and cost-awareness platform to maintain awareness of spend and enable continuous optimization recommendations.
Previously, the legacy ordering app was owned entirely by one developer, had limited testing, and used a manual Rolling Deployment strategy to two persistent nodes using custom scripts. This resulted in infrequent deployments that require careful planning, manual orchestration and minor outages.
DevOps principles are baked into AWS Services, which has allowed Cutco to realize more rapid development, faster testing and rollback and flexibility to perform simple blue/green or Canary deployments when new code ships. Apache JMeter and Protractor were introduced to perform automated end-to-end testing after the build and deployment stages. The microservice architecture of the new sales representatives’ application embraces decentralized governance, allowing for independent code releases per service and therefore faster deployments with no downtime.
- Amplify assists in the testing process by automatically taking screenshots on multiple devices as a way of smoke-testing to ensure correctness across form factors.
- One significant challenge in mobile application development is the building and signing of mobile profiles. The use of Jenkins and CodeCommit assists with this by maintaining build scripts in a centralized location and launched from Jenkins during build stages. Provisioning profiles are also housed in CodeCommit, and appropriate profiles are pulled down during the build stage, which reduces time and frustration during the software development life cycle.
- Integrating Lambda with slack ensures developers and Cutco cloud administrators are made aware when repository events occur (pull/push/merge), especially on the main branch.
- The use of Cognito is a modern IAM solution, an improvement over storing users in multiple directories.
These new architectural patterns and microservices, combined with the serverless platform, provide Cutco with benefits such as:
- The ability to pay for what they use
- Decoupled nature
- Rapid code change and deployment
- Automated and improved scalability and elasticity
- Cost savings due to the elastic nature of the architecture
By adopting DevOps principles and deploying this application to a production pilot group, independent sales reps now have a modern experience with Cutco during their sales period, improving their experience and satisfaction and therefore improving revenue per representative. Cutco has also realized cost savings due to the elastic, pay-as-you-go nature of the AWS technologies. As a result, there are potential future application migrations beyond this mobile app that can take advantage of elastic options and the opportunity to eliminate the need to own or maintain a data center.
Sirius, an AWS 100 Certified partner, provides enterprise-class cloud services to organizations. Our highly skilled, certified cloud experts provide a practical, agnostic approach and proven methodologies to help clients achieve their cloud goals. Call Sirius today at 800-460-1237 to schedule a discussion of your cloud needs.