EROAD is a New Zealand technology and road services business that sells hardware and software that can monitor commercial vehicles and collect road-user charges electronically, replacing paper-based systems. The fleet tolling system comprises a secure on-board unit for vehicles and a secure web transaction gateway to collect road user charges and provide value-added services such as fleet and fuel management, messaging and off-road reports. Figure 1 below shows how the service works.
Figure 1. EROAD Road Service
In 2009, EROAD became the first company to implement a road user charging platform based on a global positioning system and a cellular network across an entire country. The Auckland-based company has 120 employees in offices in New Zealand, North America and Australia and is now a global technology player.
EROAD’s operated its IT environment in a co-location data center in New Zealand. Expanding into Australia and North America soon outstripped hardware capacity and prompted the company to review its infrastructure options. EROAD considered purchasing more hardware, but that option would require annual hardware purchases and infrastructure upgrades at considerable capital and operational cost. “Minimally, it would require an initial investment of about $20,000, rise quickly to $120,000 to support the number of customers and vehicles using the system by the end of the first year, and increase to $250,000 by the end of the third year,” says Jarred Clayton, Engineering Manager. “These costs would also have increased well in advance of revenue and created a cash flow impact.”
EROAD’s customers rely on the continuity of the company’s core business systems to manage their fleets and pay government taxes and charges. However, establishing a co-located disaster recovery environment over multiple locations would be prohibitively expensive and time-consuming for EROAD to maintain.
To support growth in new and existing markets and keep costs as low as possible, EROAD decided to use a cloud service provider with a global infrastructure that didn’t apply minimum usage charges. “When developing our plans, we established detailed cost benchmarks around our infrastructure on a per-subscriber, per-month basis, and we needed a provider that enabled us to meet these,” says Clayton. The cloud solution provider would also have to support EROAD’s need to comply with the international standards governing information management security and quality assurance as well as audits from prospective state government clients in the United States.
Why Amazon Web Services
For EROAD, Amazon Web Services (AWS) provided a superior service, operated in more countries, and had a culture of innovation, rapid development and continuous release of new features and functions. “We will enter multiple markets over the next five years, so we need an infrastructure provider with global reach,” Clayton says. “We were extremely happy with the way AWS supported enterprise customers with services such as Amazon RDS Provisioned IOPS (input/output operations per second) for enterprise databases and rich data warehouses such as Amazon Redshift.”
EROAD first deployed on AWS in North America in early 2013 to conduct a pilot tolling and fleet tracking service for the Oregon highway use tax. The service later moved into full production following an independent audit of its Weight-Mile Tax solution by the Oregon Secretary of State Audits Division.
In Australia, EROAD won a contract with a large security firm and deployed its system on AWS in Australia in July 2013. At that point, the organization then decided to move its entire environment to AWS. EROAD moved its New Zealand business onto the AWS Asia-Pacific (Sydney) Region in July 2014 and is now running all its systems in the AWS Cloud.
“An AWS solution architect validated our designs and solution ideas and helped us understand the AWS roadmap,” says Clayton. “That helped us obtain the greatest value possible from our AWS Cloud environment.”
EROAD operates its core business systems in three Amazon Virtual Private Clouds (Amazon VPCs) in the Asia Pacific (Sydney), US West (Oregon) and US East (Northern Virginia) Regions. Within each Amazon VPC, the company uses 20 to 40 Amazon Elastic Compute Cloud (Amazon EC2) instances running in a high-availability cluster with an Active-Active failover configuration across two Availability Zones. Elastic Load Balancing automatically distributes traffic across the Amazon EC2 instances to ensure no single instance is overused. Amazon Route 53 manages public-facing domain name services records and ensures the services backing them are operating properly.
EROAD uses server side encryption for data at rest in Amazon Simple Storage Service (Amazon S3) storage and relies on Elastic Load Balancing using Secure Socket Layer (SSL) configuration to negotiate SSL connections between clients and load balancers. EROAD uses Amazon VPC helps to control all elements of its virtual network, including placing its internal databases and application servers in private subnets not accessible from the internet. The firm uses network access control lists and security groups to control access to individual Amazon EC2 instances, and running virtual private networks from its AWS environments to partners such as Vodafone.
EROAD’s environment is made up of a Java 2 Platform Enterprise Edition middle tier, Tomcat web tier, and PostgreSQL database cluster. EROAD scales up and down daily to meet demand. “Our business in each region is mostly 6 a.m. to 6 p.m. daily, so the ability to scale our cloud environment down outside those times delivers us considerable cost savings,” says Clayton. “We use predictive scaling to increase the number of application server Amazon EC2 instances we use from two during the night to eight instances during the day to deal with a sevenfold increase in traffic.”
Amazon CloudFront powers EROAD’s corporate website, www.eroad.com, and customer support sites to deliver content quickly to locations around the world. The firm has also pulled a large number of data sources into the Amazon Redshift managed data warehouse service with Amazon S3 as the basis of a Tableau analytics visualization service for its customers. “We’re one of the few AWS users offering analytics as a service to our own customers,” says Clayton. “This is massively exciting for them to be able to extract unique insights from their own data, rather than merely apply standard fixed reporting.”
EROAD combines Amazon CloudFormation and the Chef configuration management tool to automate building individual environments, using the same templates for development, testing, staging and production. If a change is required, EROAD can adjust the stack template or Chef recipe to roll it out through the environments using its standard release pipeline. The company uses a combination of Amazon CloudWatch, the Sensu open source monitoring framework, the Graphite storage engine and the Grafana dashboard and graph editor for monitoring.
By running its system within the AWS Cloud, EROAD has been able to align its costs closely to revenue. “We certainly would have struggled to manage three data centers globally from New Zealand with the very small team we’ve got here,” says Clayton. “Based on the organization’s modelling, running co-located equipment in two data centers in the United States and Australia would be at least two-and-a-half times more expensive than deploying it in the AWS Cloud. We can enter a new market or country in minutes, depending on legislative requirements,” says Clayton.
AWS also enables EROAD to deliver page loading times of about 1.2 seconds across its entire system and support thousands of vehicle location updates per second. The cloud also supports responses to each update such as checking whether the vehicle is subject to a road user charge or tax, or needs a service.
“We’re really comfortable with the security of our system on the AWS Cloud,” says Clayton. “Building our solution on AWS helps us meet our requirements for accreditation to ISO 27000 information security and ISO 9000 quality assurance standards, and the Common Criteria and Federal Information Processing Standards, which are critical to our business. EROAD’s last annual security audit by a third-party confirmed that there were no issues with the company’s production infrastructure on AWS.
The AWS Cloud delivered 99.99 percent availability for the service, ahead of its internal target of 99.9 percent or 44 minutes downtime per month. “We’re well within our requirements,” says Clayton.