Seamless Windchill migration to AWS Cloud: Enhanced security and geographical resilience
The challenge
The client, a leading provider of industrial automation and electrification technologies in Central Europe, has over 100,000 employees and is dedicated to driving innovations that accelerate industrial transformations. The client was using Windchill as their enterprise PLM system, hosted on PTC Cloud and encountered several challenges:
- Restricted access to the underlying IAM configurations of the SaaS hosted solution
- Difficulty enforcing organization-wide security policies or monitoring user activity in real time
- Delayed access for new users due to administrative and logistical challenges
- Limited access to detailed logs or integration with SIEM tools and difficulty in meeting compliance requirements
- A lack of transparency regarding the underlying infrastructure, performance metrics and operational procedures, making it challenging to access system health, performance and security details, which impacted decision-making, issue forecasting and capacity planning
- No proven geographical resiliency for the Windchill application
The objective
The client aimed to migrate Windchill from the PTC Cloud to AWS while addressing critical security and identity management challenges. The key objectives were:
- Gain complete visibility, access and control over IAM configuration, infrastructure, operational procedures, system management and application logs and configurations
- Achieve compliance requirements with complete access to application logs and integration to SIEM tools
- Design a highly available and geographically resilient architecture for the Windchill application, considering its large user base and critical operations
The solution
HCLTech developed and executed a comprehensive migration strategy to transition the Windchill application from PTC Cloud to AWS Cloud, focusing on improved control, performance and availability. Key steps included:
- Identity and access management: Centralized authentication and authorization using AWS IAM with granular policies and role-based access, ensuring only authorized users can access PLM and related systems
- Network security: Designed an Amazon VPC with private subnets, security groups and NACLs to isolate workloads and enforce least privilege access
- Data protection: Implemented AWS KMS for encryption of data at rest and in transit, ensuring sensitive product information remained secure
- Monitoring and compliance: Used Amazon CloudWatch for monitoring and AWS CloudTrail for logging all API activity, providing complete visibility and auditability
- Resilience and disaster recovery: Implemented backup and restore strategies using AWS Backup, enabling compliance with RPO requirements
- Infrastructure as Code (IaC): Automated infrastructure provisioning with AWS CloudFormation, reducing human error and ensuring consistent security configurations across environments
The impact
- Complete control over identity and access management, quick rollout of organization-wide policies, quick user onboarding, monitor user access, centralized IAM policies
- Achieved 20% cost savings while maintaining high application availability and performance
- Delivered a highly available and geographically resilient architecture for Windchill on AWS, ensuring business continuity
- The client gained complete control and transparency over operations and infrastructure, eliminating the challenges of limited visibility
- AWS provided a scalable and flexible infrastructure, enabling the client to meet growing business demands effectively
AWS services used:
- Amazon EC2
- Amazon S3
- Amazon EBS
- Amazon RDS
- AWS Datasync
- Amazon CloudWatch
- Amazon VPC
- AWS Backup
- AWS IAM
- AWS CloudFormation
- AWS Systems Manager
