Helping create an enhanced client experience.
Changes in security and governance requirements provided Sysco the opportunity to accelerate future development and create an enhanced client experience.
With the help of 2nd Watch, Sysco successfully migrated its MyFreshPoint application from its previous architecture to the ECS platform, running on AWS
As a result of this project, Sysco is considering further changes to the MyfreshPoint application, including moving off MySQL and onto Redis for session data, and adding unit and integration tests to decrease development cycles, move to QA faster, and improve the quality of their software releases
About the Business
Sysco, a $52 billion dollar corporation, is the global leader in selling, marketing, and distributing food products to restaurants, healthcare and educational facilities, lodging establishments and other customers who prepare meals away from home. Its family of products also includes equipment and supplies for the foodservice and hospitality industries. With more than 57,000 associates, the company operates 326 distribution facilities worldwide and serves more than 625,000 customer locations.
The Business Challenges
PRIMARY DRIVER: Changes in security and governance requirements provided Sysco the opportunity to accelerate future development and create an enhanced client experience.
When Sysco Foods was required to move its resources out of legacy AWS accounts into a tightly regulated and managed enterprise governed account structure frameworks, they capitalized on the opportunity to move MyFreshPoint, an application essential to Sysco’s business, to infrastructure that was approved by the company, tightly managed, and highly stable. The MyFreshPoint application serves as the ordering website where all Sysco customers order produce, allowing them to list what they’re purchasing and dictate when to have it delivered. The site ran in Java with two database backends— AS400, which already had an API abstraction on top of it and needed no updates, and MySQL for session data.
Refactoring applications has previously proved too time-consuming in Sysco’s experience, so they were hesitant to refactor the MyFreshPoint application along with a migration. The company also had new security requirements from its cyber security team, including SAST and DAST scanning requirements. These had previously been soft requirements but were now necessary for key applications like MyFreshPoint. Not abiding by these requirements could have resulted in cross- site scripting vulnerabilities and other security risks. With limited internal development cycles to comply, Sysco couldn’t add new features or changes to the application with the new requirements.
After completing an application assessment, 2nd Watch identified Sysco’s MyFreshPoint application as the perfect candidate for legacy containerization. Sysco was already interested in moving to containers, but didn’t know how or what strategy fit best. Additionally, outside of slight configuration changes, 2nd Watch determined that minimal changes to the existing application were required to run it in a stateless manner.
Some of their key development pain points would be alleviated by containerizing their Java application and moving it into their managed Amazon Elastic Container Services (Amazon ECS) offering with CI/CD functionality. The ECS platform provided numerous beneficial features including optimized CI/CD for Sysco applications using GoCD, native Signal Sciences WAF integration to meet cyber security mandates, the ability to run and test the application in dynamic environments that closely resembled production, and improved testing options as the application was rolled out from source control to the production environment.
With the help of 2nd Watch, Sysco successfully migrated its MyFreshPoint application from its previous architecture to the ECS platform, running on AWS.
Sysco was already using a managed container platform, so the first step was determining what it would look like to run the application in a container and assist Sysco’s developers in learning how to use Docker. Once the application was running in the container, 2nd Watch provisioned a development instance of the container platform and developed the end-to-end CI/CD pipeline for the application. 2nd Watch then repeated the process in a QA environment, staging, and finally in the production environment. Since the application was nearly stateless initially, the migration could be performed side-by-side with existing development and production instances in an iterative fashion.
The application’s new architecture includes improved features like an official Java Tomcat container on ECS, GoCD for CI/CD, Signal Sciences WAF front-end, AWS Application Load Balancer, Sysco Telcom-managed TLS certificates and vanity URLs, and AWS Certificate Manager for end-to-end encryption inside the ECS platform.
The Business Benefits
With 2nd Watch serving as Sysco’s trusted advisor, training Sysco’s development team on best practices, the process of migrating and containerizing its legacy application saved the Sysco team nearly a year of efforts to learn basic Docker, understand how to separate their configuration into environment variables, and learn basic differences between running sticky-session load balanced Amazon EC2 instances and running in Amazon Elastic Container Service (ECS). Now the MyFreshPoint application is more performant, loading faster in the containerized environment. Sysco can focus on feature releases and quickly push changes out through a pipeline process rather than a manual process, reducing time to production from weeks to days.
As a result of this project, Sysco is considering further changes to the MyfreshPoint application, including moving off MySQL and onto Redis for session data, and adding unit and integration tests to decrease development cycles, move to QA faster, and improve the quality of their software releases.