Background
Joplin is a widely respected free, open-source note-taking and to-do application that enables users to handle numerous notes efficiently, organised into notebooks. Its features include tagging, copying, modifying notes, and synchronisation across devices.
To support its 3500 active users and ensure a seamless, secure, and reliable experience, Joplin required a robust cloud infrastructure capable of scaling with user demand and protecting sensitive user data.
Problem Statement
Joplin Cloud faced significant challenges in two main areas:
These challenges created risks for operational stability, cost inefficiencies, and data security vulnerabilities.
Proposed solution
Epitechnic performed a comprehensive AWS Well-Architected Review of Joplin’s production environment. The proposed solution included:
- Infrastructure Improvements:
- Amazon CloudWatch: Deployed to monitor utilisation and set alerts when usage or costs exceed thresholds. ($5/month)
- Elastic Load Balancer (ELB): Implemented for traffic distribution and improved application scalability.
- Auto Scaling Groups (ASG): Enabled to ensure the application scales dynamically based on demand.
- Amazon Elastic Cache: Suggested to enhance performance by caching frequently accessed data.
- Amazon S3: Recommended adding VPC endpoints for S3 to improve file transfer performance within the AWS network.
- Reliability Enhancements:
- Multiple Availability Zones (AZs): Configured for redundancy and fault tolerance, improving reliability and uptime.
- Future plans for multi-region setup to support user growth.
- Cost Optimisation:
- AWS Cost Calculator: Introduced to evaluate costs of new services and improve budget planning.
- Cost-management education provided to the client’s team.
- CloudWatch alerts set for spending thresholds.
- Security Enhancements:
- AWS GuardDuty: Deployed to monitor threats and detect malicious activity. ($5/month)
- AWS Systems Manager: Implemented for EC2 management and operational security. ($10/month)
- TLS Encryption: Enforced for all traffic in transit.
- AWS Key Management Service (KMS): Used for encryption at rest with AWS-managed keys.
- Security Groups: Configured to restrict network access and allow only essential ports.
- Operational Excellence:
- Provided education on AWS Secrets Manager, which will be implemented in the future to manage secure credentials.
- A roadmap created for achieving a stateless application model to enhance scalability.
Metrics for success
The success of the solution was measured using the following metrics:
- Operational Metrics: Increased uptime and system availability across multiple AZs.
- Cost Metrics: Reduction in monthly AWS costs due to better utilisation tracking and alerts.
- Security Metrics: Implementation of TLS encryption and reduced attack surface through tightened security group policies.
Lessons learned / outcomes
- Improved Scalability: Joplin’s infrastructure can now support growing user demands with ELB and ASG, providing a foundation for future multi-region expansion.
- Cost Transparency: Proactive cost monitoring has led to predictable monthly expenses, enabling better financial planning.
- Enhanced Security: The adoption of encryption at rest and in transit, combined with restricted access controls, significantly mitigates security risks.
- Knowledge Sharing: Joplin’s team is now equipped to use AWS tools like Systems Manager, GuardDuty, and the Cost Calculator effectively, reducing their reliance on external support.
Customer feedback
Conclusion
The AWS Well-Architected Review conducted by Epitechnic successfully addressed Joplin’s key challenges, delivering a more robust, secure, and cost-effective AWS environment.
This collaboration has laid the groundwork for Joplin Cloud to scale confidently while maintaining operational excellence and security.
