Modern Hire is an amalgamation of three organizations offering recruiting and assessment technologies: Shaker International, Montage, and its most recent acquisition, Ireland’s Sonru. The organization serves clients in more than 200 countries and territories from offices across North America, the UK and Europe, and the Asia Pacific region. As part of its growth, Modern Hire needed to migrate its disparate SaaS technology platforms into one modern, unified, and fully cloud based solution while still providing security backed by a hardware security module (HSM) for customers who required it.
“Describe a challenge you successfully overcame.” Jason McMinn, infrastructure architect and senior DevOps engineer for Modern Hire, could tackle this classic job interview question with aplomb. While leading the company’s migration to the cloud, he realized that migration could not proceed until he found a cloud based way to meet the needs of a customer in the financial services industry that required SSL offloading backed by an HSM to meet FIPS 140-3 compliance standards.
“As a SaaS platform moving to a completely cloud based world, having a piece of hardware to handle security is very complicated,” McMinn explains.
The difficulty was that Modern Hire’s digital interview and assessment platforms both run on Windows Internet Information Services (IIS) Server 2019, which its cloud provider’s HSM services didn’t support. Nor did the cloud provider support direct integration between its HSM and load balancing services—services Modern Hire depends on. That meant that to maintain compliance with SOC 2 and other security standards, Modern Hire either had to maintain a costly legacy data center for a single customer and downgrade to Windows Server 2016, or find an alternate solution that can interface with the cloud provider’s HSM.
“The thought of downgrading to meet a security requirement hurt my soul,” recalls McMinn. “It didn’t make sense. So I had to find a way to offload SSL before we hit the Windows IIS servers. I knew I could do it with Apache, but Apache is clunky and old, and I didn’t feel safe putting it in front of an enterprise workload. When it blows up in the middle of the night, who can I call to fix it? I want more support than just my own devices and what someone says on Reddit.”
With a little research, McMinn realized he could solve the problem with F5 NGINX Plus and F5 NGINX App Protect, a modern app security solution that folds seamlessly into a DevOps environment. With the solution in place, McMinn integrated with the cloud provider’s HSM service to deliver the SSL offloading and load balancing required, at the same time acquiring web application firewall (WAF) capabilities to replace the WAF functionality in the cloud provider’s load balancing service. Most importantly, the solution is backed by full F5 support.
A mere five months later, Modern Hire’s financial services customer was getting the compliant cloud HSM security it needed, enabling the platform unification to proceed. The on premises data center has been closed, reducing the complexity of Modern Hire’s application delivery infrastructure. Although it’s still early in the ongoing implementation process, McMinn’s team has begun planning how to further implement the F5 NGINX solution across its unified platform and all digital services as they also work to integrate the systems of the company’s most recent acquisition.
McMinn credits NGINX and F5 for what he called “a breakneck pace” of implementation. “It speaks pretty highly of NGINX and F5,” he explains. “I’ve gotten great support, and we would not be anywhere near where we are without it. It’s really shown how the right technology can save you a lot of heartache.”
The right technology is helping the company move forward, too. Modern Hire recently earned its ISO 27001 Certification thanks to its improved security posture.
In addition to helping Modern Hire close a legacy data center and proceed on its cloud migration and systems integration, the NGINX solution also simplified life for McMinn’s team by providing one answer to multiple problems. These included an immediate challenge related to Modern Hire’s efforts to integrate two different methods it was using to handle URL redirects. In the midst of that work and before the NGINX implementation had even begun, McMinn and the other four members of his small DevOps team found they couldn’t get the necessary access to their cloud provider’s load balancers. Without that access, they couldn’t properly redirect traffic for their digital interview applications, putting their entire platform unification at risk.
Fortunately, McMinn realized NGINX could solve this issue, too. About six hours later, with help from the F5 support team, “I literally saved the digital interview migration by switching to NGINX. We’d been an F5 client for a week, and the team jumped into action. I’ve been very thankful for that.”
He expects to draw on other NGINX capabilities in the future as his company modernizes some applications as well as its infrastructure. “Although our platform was built for the cloud, some of our application architecture is not modernized; it has older code and is hard to containerize, for instance,” he explains. “That will take some changes at the software architecture layer, not just the infrastructure layer. Quite frankly, we’re not there yet. We’re still on the ground floor with NGINX, but I feel like it’s going to change a lot of workflows.”
Modern Hire is using NGINX Controller [now F5 NGINX Management Suite] which manages NGINX Plus instances, primarily for its analytics and telemetry. McMinn praises Controller for the finer grained insight it provides compared to his team’s previous monitoring tools—into load balancer performance, HTTPS requests, WAF violations, and other metrics.
“With Controller, I can see data for the entire cluster, I can see into each environment, I can build dashboards,” McMinn says. “Being able to program F5 NGINX App Protect through NGINX Controller will also be amazing, because right now it’s all done with config files.”
He notes that the NGINX clusters have nearly the same response times as the cloud provider’s load balancing service, which ensures invisible transitions that have no impact on customers. “When we do flip that trigger to move more environments to NGINX, or we have to replace a server or upgrade infrastructure, we have that flexibility to jump between the cloud provider’s or our own infrastructure. If we do it right, with zero downtime, the client’s not going to know.”