Empowering Child Speech Development with AI/ML
Improving Infrastructure Scalability and Reliability for Child Development Tracking Solutions on AWS
Babbly is an up-and-coming software start-up that is building an AI powered platform to help parents track their children’s speech development from birth to two years of age. The platform uses a hybrid combination of machine learning as well as expertise from pediatricians and language therapists to provide recommendations to parents on how they can play and interact with their babies to improve their development at the infantile stages.
Develop and manage a stable and future-proof Kubernetes infrastructure to support application release with automated security and application deployment, CI/CD efficiency improvements as well as future HIPAA compliance capabilities.
Services & Tech
AWS, Amazon Certificate Manager, Amazon EKS, Amazon RDS, Amazon CloudWatch Container Insights and Amazon Route 53
Babbly’s application was built on an infrastructure that was still in development stages. They were utilizing Kubernetes clusters on Amazon Web Services (AWS) and had implemented a development pipeline using BitBucket for development planning and management.
With a team of 2 developers, Babbly found themselves fully engaged in the development of their unique application, with no time and resources to allocate towards developing and managing a solid foundational infrastructure. Basic deployment processes existed but more comprehensive automated pipelines were needed to manage infrastructure deployments in addition to their application. Monitoring and logging solutions were needed to support a production workload.
Babbly’s team was in search of a partner who could help with the development and management of a stable and future proof infrastructure while continuing to focus on making improvements to their application and adding features and capabilities that would generate a better customer experience.
The company was already utilizing AWS for their infrastructure and was well aware of the breadth of AWS services available. They sought a partner with deep expertise in the AWS platform who could help them identify the particular services they needed to use, as well as execute on the implementation. Babbly chose Onica, an AWS Partner Network (APN) Premier Consulting Partner, due to their deep expertise with DevOps and AWS services to get their application ready for marketplace launch, enhance their operations and maximize efficiency.
“We were looking for an experienced partner that can help us achieve our desired production ready infrastructure within a very short timeframe,” said Carla Margalef Bentabol, CTO and Co-Founder at Babbly. “Onica came on-board matching the high standards the Babbly team embodies and worked closely with us so we could release our application on schedule”.
Onica’s team worked closely with Babbly’s development team to ensure that their requirements and pain points were well understood before commencing the project. One such requirement was an upcoming deadline for submitting the application to a closed beta before it was made live on the Google Play store. A major requirement was to implement a production ready Kubernetes cluster under the timeframe necessary to meet the application launch. Onica’s team implemented an Amazon Elastic Kubernetes Service (Amazon EKS) infrastructure, with Amazon RDS for database management. The infrastructure was built utilizing a multiple stage pipeline for development to production allowing for improved QA testing.
Security and encryption were paramount to Babbly’s design and end-to-end encryption was architected from the beginning. Amazon Certificate Manager’s native integration with the Elastic Load Balancer service made it simple to secure public endpoints hosted on Amazon Route 53. The Amazon Web Application Firewall service integrates with the Elastic Load Balancing service to provide protection against common web exploits and attacks, such as SQL injection and cross-site scripting. The recently released AWS WAFv2 service also allows for attaching AWS Managed Rules that support many OWASP Top 10 security risks.
With the understanding that HIPAA compliance was a goal of the solution, intra-cluster encryption was achieved by deploying a security-first service mesh Linkerd. Linkerd adds critical security, observability, and reliability features to your Kubernetes stack with no application code changes required making this a great option to secure pod communication.
Within the Kubernetes stack, the team utilized the ALB Ingress controller and external DNS module to seamlessly modify Amazon Route 53 records as new services are provisioned. To enable these services to function, the Onica team utilized the pod level permissions of the Amazon EKS service. This enables industry standard ‘least permissive’ access by granting the exact needs to only that container. Bitbucket pipelines were utilized for deployment and AWS CloudFormation was utilized for standing up all the infrastructure as code.
Monitoring and metrics of the babbly application stack are provided by the Amazon CloudWatch Container Insights offering. This allows the team to see the current logs and performance information of their application from a single view with no modification to their application. All logs are shipped to Amazon CloudWatch log groups which are critical for auditability and compliance requirements.
Onica’s team also moved them from using the eksctl CLI tools meant for creating Amazon EKS clusters to a managed infrastructure as code approach so that they could achieve higher flexibility, institute better compliance checkpoints, and have more control over deploying Amazon RDS and the VPC, as well as the overall cluster. Having this level of flexibility and control provides Babbly with a strong foundation to build upon as they work to achieve HIPAA compliance.
A production ready Kubernetes architecture for Babbly’s applications was stood up within just 6 weeks and was handed over in time to meet the application launch deadlines. This represents a significant acceleration in Kubernetes architecture deployment, a process that typically takes several months or more. The team was able to achieve this pace by utilizing Onica’s own open source development tools, such as Runway, that was built based on experience with other customers, to coordinate and accelerate infrastructure as code deployments. Onica’s Runway utility also includes native support for Kustomize, allowing for easy deployment of Kubernetes manifests.
Security and monitoring enhancements were added all across the board with encrypted file systems & SSL. Amazon CloudWatch and Container Insights were set up to facilitate troubleshooting down to the container level. These efforts have helped make the infrastructure suited for Babbly’s goal to achieve HIPAA compliance.
The infrastructure was built with automated scalability capabilities so that future growing demand can be met comfortably. The CI/CD efficiency improvements, as well as an automated application deployment pipeline, will allow the development team to ideate, iterate, and implement updates and feature deployments rapidly.
Throughout the process, Onica’s team held working sessions with Babbly’s DevOps engineer and provided ample documentation to educate them on implemented enhancements and how they could operate the new infrastructure independently.
From a customer centric standpoint, the overall customer experience was improved in terms of reliability, uptime, and quality. The infrastructure lives in different availability zones and automated database backups ensure that a reliable end user experience is maintained during problematic situations.
Onica is one of the largest and fastest-growing Amazon Web Services (AWS) Premier Consulting Partners in the world, helping companies enable, operate, and innovate in the cloud. From migration strategy to operational excellence and immersive transformation, Onica is a full spectrum AWS integrator. Learn more at www.onica.com.