Solution Accelerator

Media publishing Digital Platform Transformation

From Fragile Legacy Windows Servers to Unbreakable Cloud-Native AWS Architecture

The Breaking Point

Media publishing platform, one of India’s largest and most trusted news organizations, was minutes away from disaster every time breaking news hit.

Their digital platform served millions daily — but the backend was crumbling:

  • ECS clusters choking during election results and live events
  • A 15-year-old on-premise Windows Server running the entire print-to-digital OCR pipeline — unpatched, single-point-of-failure, taking 4+ hours per edition
  • Monthly AWS bill hitting $9,000 with zero predictability
  • Manual deployments, self-managed databases, and open RDP ports everywhere

When the next national election cycle loomed, HT knew: the old world wouldn’t survive another traffic surge.

The Harsh Reality We Uncovered
  • ECS unable to scale beyond modest traffic
  • Legacy Windows 2008 server running ABBYY FineReader, in-house .NET editorial tools, and SQL Server 2012 — never patched, never backed up properly
  • Zero automation: every deployment was a 3-hour fire drill
  • Security posture that would make any auditor cry
  • $9,000/month being burned on over-provisioned VMs and forgotten resources
The New Foundation: Full-Stack Windows-Integrated, Cloud-Native AWS Architecture

We rebuilt HT’s entire digital and editorial stack in under 14 weeks — keeping the Microsoft DNA their teams loved while delivering true cloud-native scale, security, and automation.

Core Platform — Now Truly Scalable

  • 100% migration from ECS → Amazon EKS (managed Kubernetes)
  • Horizontal Pod Autoscaler + KEDA event-driven scaling
  • Proven live: 138,000+ concurrent users with <10-second end-to-end latency during peak events
Deep Microsoft Windows & Enterprise Integration (The Real “Windows Part” That Saved Editorial Sanity)

Legacy Windows Workloads — Modernized, Not Replaced

  • Entire 15-year-old print-to-digital pipeline lifted-and-shifted then modernized on Windows Server 2025 EC2 fleet (t3a.medium + m5.large)
  • ABBYY FineReader OCR, .NET Framework 4.8 editorial dashboards, internal SQL Server 2022 databases — all running natively
  • Shared Amazon EFS for cross-instance file access (PDFs, images, archives)
  • Daily immutable golden AMIs + Auto Scaling groups
  • OCR processing time slashed from 4–6 hours → under 45 minutes with 100% uptime
AWS Systems Manager — Windows Becomes First-Class Cloud Citizen
  • Automated Windows patching via Patch Manager (100% compliance, zero manual RDP)
  • Session Manager + RDP Gateway for secure, audited, bastion-less admin access (port 3389 never exposed)
  • Run Command executes PowerShell fixes across the entire Windows fleet in seconds
  • Inventory & State Manager enforce configuration compliance
Microsoft SQL Server — Still There When Needed
  • Legacy editorial databases requiring SQL Server-specific features remain on EC2 SQL Server 2022 with synchronous Multi-AZ mirroring
  • New workloads use Amazon RDS PostgreSQL Multi-AZ + read replicas
  • Full compatibility path preserved — no forced rewrite
Active Directory & PowerShell Governance
  • AWS Managed Microsoft AD as the single source of truth
  • All journalists, editors, and DevOps team members use existing corporate AD credentials for AWS Console and tool access
  • PowerShell + AWS Tools for PowerShell scripts deeply embedded in CI/CD and daily operations
GitOps-Powered Automation (Linux & Windows Treated Equally)
  • ArgoCD manages declarative state for both EKS pods and Windows EC2 Auto Scaling groups from the same Git repos
  • Drift detection, self-healing, and one-click rollback — even for Windows configurations
  • Jenkins + Helm + Bitbucket pipeline with full testing and blue-green deployments
Security & Compliance (Now Enterprise-Grade)
  • AWS WAF + Shield Advanced + GuardDuty
  • Secrets Manager with 90-day auto-rotation (injected into Windows services and EKS pods)
  • TLS everywhere, KMS encryption at rest, CloudTrail + quarterly IAM/AD reviews
  • Zero high/critical security findings post-launch



Monitoring That Actually Works

  • CloudWatch + Prometheus + Grafana + OpenSearch
  • Custom alerts for OCR queue length, Windows disk pressure, WAF blocks — all pushed to Slack
  • One-pane-of-glass visibility across Linux containers and Windows instances

Disaster Recovery That’s Actually Tested

  • Full stack (EKS + Windows EC2 + RDS) rebuildable in secondary region in <30 minutes
  • Quarterly DR drills using ArgoCD + Jenkins — passed every time
  • RTO <5 minutes | RPO <30 seconds

Zero-Downtime Cutover

  • Parallel run of old and new stacks for 72 hours
  • DNS flip via Akamai → zero user impact
  • Windows OCR pipeline failed over with Session Manager live migration — not a single newspaper edition delayed

Launch Day & Beyond: The Platform Didn’t Flinch

  • Handled 138,000+ concurrent users during live election coverage
  • OCR pipeline processed >2,500 pages/hour without breaking a sweat
  • Windows fleet patched automatically mid-campaign — zero downtime
  • End-to-end latency: <10 seconds even at peak
  • Uptime: 99.999%+

The Wins No One Expected

  • Monthly cost: $9,000 → $6,000 (33% reduction, $36,000/year saved)
  • Incident response time cut by >50%
  • Editorial teams now focus 100% on journalism — infrastructure just works
  • Windows admins went from firefighting to automating
  • First time in 15 years the print-to-digital pipeline has zero single points of failure

Architecture Diagram