At DNIF Hypercloud, a cybersecurity company processing millions of security events per second, data is at the core of everything we do. Our workloads are incredibly data-intensive, which means managing our data lake infrastructure on AWS is crucial for both performance and cost efficiency. This blog post shares the key insights and strategies that enabled us to re-architect our data lake and achieve an impressive 80% reduction in our data lake’s AWS cost.

Key Insights into Cost Reduction

Achieving such significant cost savings wasn’t about minor tweaks; it involved a fundamental shift in our architectural approach and operational practices. Here are the core insights that guided our transformation:

• Deep Dive into Data Usage: Understanding exactly how our data was being used, which analytics cases were most frequent, and the underlying raw data they consumed was paramount. This granular understanding allowed us to make informed decisions about data placement and access.
• Optimizing for Performance and Cost: We realized that reducing network latency and increasing compute efficiency could directly translate into lower costs. Less time spent waiting for data means less compute time consumed.
• Embracing Elasticity: Traditional fixed-capacity infrastructure often leads to over-provisioning and wasted resources. Shifting to an elastic, autoscaling model was key to aligning our infrastructure with actual demand.
• Leveraging Cloud-Native Features: AWS offers a vast array of services and pricing models. Intelligent utilization of these features, like spot instances, can unlock substantial savings.

High-Level Strategies for Cost Optimization

The following strategies were instrumental in realizing our 80% cost reduction. While the specific tools for our data lake storage and processing engine are not disclosed, the principles can be applied to various well-known tools in the market.

1. Reducing Network Latency Between Data Storage and Processing

We identified that a significant portion of our data analytics use cases frequently queried a specific subset of raw data. To address this, we implemented a caching layer:

• We grouped our data analytics use cases and identified the frequently queried data patterns.
• Based on these patterns, we cached several terabytes of this raw data closer to our data processing engine, utilizing a high-performance network file system local to a single Availability Zone (AZ).
• Approximately 75% of our data analytics use cases were served by this local cache.
• The remaining 25% of use cases continued to be powered by our multi-AZ, high-scale storage layer, which handles hundreds of terabytes of data.

This strategic caching reduced latency, lowered the compute load on our central storage, and significantly increased the compute efficiency at our data processing layer due to fewer I/O waits. As a result, our overall analytics performance improved by 58%, directly contributing to an approximately 28% reduction in our overall data lake cost.

2. Shifting to Kubernetes for Data Processing

Our data processing engine previously ran on a traditional fixed-count VM-based architecture. We transitioned this to pods on Kubernetes, enabling an autoscaling fashion powered by Keda. This shift offered several advantages:

• Dynamic Capacity Adjustment: Kubernetes allowed us to dynamically adjust our infrastructure and compute capacity based on actual load, eliminating the need for constant manual provisioning and de-provisioning.
• Reduced VM Baggage: Moving to a pod-based architecture reduced the overhead associated with managing traditional VMs.
• Resource Efficiency: Our pods became more resource-efficient, consuming only the necessary compute resources for their tasks.

This migration to Kubernetes and an autoscaling model resulted in an approximate 20% saving in our AWS costs.

3. Adopting a Mix of Spot and On-Demand Instances

To further optimize our compute costs, we made our data processing layer fault-tolerant through smart retries and robust error handling. This crucial groundwork allowed us to leverage AWS Spot Instances for our data processing engine running on Kubernetes.

• We implemented Karpenter, a flexible, high-performance Kubernetes cluster autoscaler, to dynamically provision the cheapest available Spot or On-Demand instances for our Kubernetes nodes based on a specified policy.
• This approach allowed us to take advantage of the significant cost savings offered by Spot Instances while ensuring resilience through our application-level fault tolerance.

By intelligently combining Spot and On-Demand instances, we achieved an impressive 33% saving on our overall data lake cost.

The Impact: Beyond Cost Savings

The rearchitecture of our data lake at DNIF Hypercloud yielded benefits far beyond just cost reduction:

• Improved Operational Efficiency: The automation and elasticity introduced by Kubernetes and dynamic instance provisioning streamlined our operations.
• Better Resource Utilization: We are now consuming only the resources we need, when we need them, minimizing waste.
• Enhanced Performance: The latency reduction and compute efficiency gains led to faster analytics performance, directly impacting our ability to respond to security threats.
• Enabling Further Innovation: The significant cost savings have freed up budget, allowing us to invest in further innovation and development within our cybersecurity platform.

Conclusion

Our journey at DNIF Hypercloud demonstrates that substantial cost reductions in AWS-hosted data lakes are achievable through strategic rearchitecture. By focusing on reducing network latency, embracing serverless and containerized approaches with Kubernetes, and intelligently leveraging AWS pricing models like Spot Instances, we were able to reduce our data lake costs by 80%. This transformation not only delivered significant financial savings but also improved the performance and efficiency of our critical data analytics capabilities. We encourage other data-intensive organizations to explore similar strategies to optimize their cloud data infrastructure.