Modernizing Government Infrastructure with HAProxy Enterprise & Kubernetes
About Booz Allen Hamilton
Booz Allen Hamilton is a management and IT consulting firm employing more than 27,000 people in offices around the globe. Their expertise in digital transformation, cybersecurity, and advanced analytics and artificial intelligence is sought by the U.S. government, with high-profile projects for agencies including the Department of Defense, the Department of Homeland Security, and NASA. They also serve a diverse group of commercial clients in industries such as financial services, energy, healthcare, and manufacturing.
In 2017, the federal government contracted Booz Allen to revamp its Recreation.gov website. Recreation.gov is a true inter-agency collaboration, bringing together 12 federal entities, including the U.S. Forest Service, Bureau of Land Management, the National Park Service, and the U.S. Army Corp of Engineers, to provide a public platform for booking campsites, reserving tours, and getting park permits. With access to nearly 4,000 facilities and activities, and over 103,000 individual reservable sites and activities across the United States, Recreation.gov seeks to be the “one-stop-shop” for all the tools, services, and information needed to take advantage of the nation’s public lands and waterways.
With all of the services available on the website, Booz Allen needed a way to modernize the platform while making it flexible for future changes. In the case of Recreation.gov, they were also dealing with cyclical traffic spikes, which occurred monthly, and required a more robust and scalable load balancing tier. That tier could potentially consolidate the expensive hardware load balancers and web application firewall appliances they’d used in the past, reducing costs.
Booz Allen decided that redesigning the site with a microservices approach would work best for ensuring optimal user experience. The load balancing tier would be a critical component, responsible for tying all of the services together and ensuring secure and speedy delivery of the website to users. The solution would need to work well in the public cloud since the team would utilize Amazon Web Services to host the platform. Therefore, it would have to be software-based, rather than hardware-based, to support running in a virtual environment and to allow for dynamic scalability.
We deployed the HAProxy Enterprise Kubernetes Ingress Controller to further simplify our application delivery while also staying compliant with federal regulations.
They also wanted to leverage Kubernetes and Docker containers, which would allow them to deploy changes more rapidly. Kubernetes would give them the agility to respond quickly to facility needs or changes and improve the site with a fast turnaround. They would need a load balancer that integrates with Kubernetes and supports the sometimes frequent addition of new microservices.
Booz Allen also wanted the load balancing tier to provide security measures that could protect all of the microservices behind it, which would immediately reduce the complexity that would come with building those same security measures into the microservices themselves. Ensuring the stability and safety of government websites was paramount.
The team chose HAProxy Enterprise as a turnkey, software-based solution that fit well into the cloud-based architecture. They could scale the load balancing tier up as needed and rely on its integrated Web Application Firewall (WAF) for protecting the upstream microservices. The team vetted the WAF through performance tests and it outperformed other products they had been testing. This translated into immediate cost savings since they could now combine their load balancing and WAF solutions into one.
There were also advantages of using the HAProxy Enterprise Kubernetes Ingress Controller to route traffic into the Kubernetes cluster. While HAProxy Enterprise provided the ability to collapse two layers of the architecture into one—load balancer and WAF—the ingress controller gave them a simple, but powerful, way to connect to the running containers. Booz Allen trusted the experts at HAProxy Technologies for architecture guidance and 24×7 support, which was deemed critical for success on such a high-profile use case.
By partnering with HAProxy Enterprise and the HAProxy Enterprise Kubernetes Ingress Controller, Booz Allen was able to deliver a scalable and secure Recreation.gov while modernizing the platform’s architecture. Migrating away from legacy hardware load balancing appliances and WAFs, while maximizing for dynamic scaling, they generated significant cost savings, agility, and confidence in the platform. For more information about the Recreation.gov project, read the full case study from Booz Allen.
“HAProxy Enterprise allowed us to combine our software load balancer and web application firewall layers, which simplified the architecture, improved performance, and reduced costs,” says Martin Folkoff, Chief Technologist at Booz Allen Hamilton. “We deployed the HAProxy Enterprise Kubernetes Ingress Controller to further simplify our application delivery while also staying compliant with federal regulations.”
Interested to learn more about HAProxy use cases? Explore our Success Stories page.