About the Client

NFER is the UK research organisation dedicated to improving education through evidence. Its public-facing websites and bespoke applications underpin engagement with schools, researchers, and policymakers, demanding strong security, consistent performance, and always-on availability.

Client Challenge

NFER sought to harden internet-facing access, ensure high availability across failures, and streamline operations for a Microsoft-centric stack—Active Directory, IIS, and SQL Server—while maintaining robust monitoring and audit trails. The team also required reliable outbound email for transactional workflows and a unified approach to patching, configuration, and secure administration.

Partner Solution

We implemented a layered, multi-AZ architecture on Amazon EC2 for Microsoft Windows Server. Public access terminates at CloudFront and enters the VPC via an Internet Gateway before reaching an Application Load Balancer that provides TLS termination, health checks, and high-availability routing to IIS web application instances. Web workloads are deployed as two EC2 pairs distributed across Availability Zones to maintain service continuity under failure. The data layer comprises a SQL Server pair—one live and one failover node—located in different AZs for resilience. Identity services are provided by redundant Active Directory domain controllers, likewise split across AZs and integrated with Azure Active Directory to enable hybrid single sign-on and centralised policy.

Outbound connectivity is controlled through redundant NAT Gateways for secure, predictable egress. Transactional emails are delivered via Amazon Simple Email Service to support user flows across the web applications. Operations are unified with AWS Systems Manager—Inventory, Compliance, Patch Manager, Run Command, Session Manager, and Fleet Manager—with all activity logged to CloudTrail and metrics/alerts surfaced via CloudWatch. Every EC2 instance uses Amazon EBS for low-latency, encrypted block storage, and EBS Snapshots provide incremental backups governed by policy and monitored for anomalies.

Results and Benefits

NFER’s public services now follow an edge-to-origin path that enforces encryption and controlled ingress, while ALB-backed, multi-AZ EC2 pairs keep applications available through instance or AZ disruption. SQL and Active Directory redundancy protect critical data and identity services, and redundant NAT Gateways ensure dependable outbound connectivity. With Systems Manager automating patching, configuration compliance, and secure RDP-less administration, operational effort is lower and auditability is stronger. Centralised metrics, logs, and alerts accelerate troubleshooting and support proactive operations, while EBS snapshot policies improve backup reliability and recovery readiness.

About the Partner

Dudobi is a forward-thinking technology solutions provider specialising in cloud-based solutions for businesses across various industries. With expertise in AWS services, Dudobi helps clients automate and optimise their infrastructure and workflows, delivering scalable, secure, and cost-efficient solutions. Our team of AWS-certified experts works closely with clients to drive innovation and improve operational efficiency, empowering them to achieve their business goals and improve customer experiences.