cms.teleglobals.com

10 Engineering Simulation Instances Deployed on a Secure AWS Foundation

Executive Summary 

The client is an automotive engineering company that uses MATLAB and SolidWorks to design, simulate, and validate vehicle systems. Their simulation workloads were running on local hardware, limiting collaboration across teams and creating bottlenecks when multiple engineers needed compute capacity at the same time. 

10 Engineering Simulation Instances Deployed on a Secure AWS Foundation

Teleglobal deployed a production-ready AWS environment in the Asia Pacific (Mumbai) region. The infrastructure includes 10 dedicated simulation instances (5 for MATLAB, 5 for SolidWorks), a 3-tier VPC with public, private application, and private data subnets, a real-time data pipeline using Kinesis and Glue, and a SageMaker environment for ML model training. The full stack covers 20+ AWS services across compute, networking, storage, database, analytics, machine learning, IoT, and security. 

Project Snapshot 

Metric Detail 
Compute Instances 10 EC2 instances: 5 MATLAB + 5 SolidWorks, hosted in private subnets 
Deployment Region Asia Pacific (Mumbai), ap-south-1 
AWS Services Deployed 20+ services across compute, storage, networking, analytics, ML, IoT, and security 
Subnet Architecture 3-tier VPC: public, private application, private data 
Database Amazon RDS for PostgreSQL with automatic failover and backup retention 
CI/CD Pipeline GitHub Actions to Amazon ECR to EC2 deployment 

The Challenge 

Simulation workloads that outgrew local hardware 

Running multiple MATLAB and SolidWorks instances on local servers created capacity bottlenecks during peak design cycles. The cloud environment needed secure VPN access while keeping workloads isolated from the internet. 

Security from day one 

The company works with proprietary vehicle designs and simulation data. Encryption, role-based access control, compliance monitoring, and threat detection all had to be active before any workload went live. 

Real-time data ingestion for IoT and analytics 

The platform collects telemetry from connected vehicle devices that needs to flow into a data lake, get transformed, and feed ML models in real time. This pipeline had to run alongside simulations without competing for compute. 

Automated deployment without manual intervention 

Getting a code commit from GitHub to a running EC2 instance required a controlled CI/CD pipeline through Amazon ECR with IAM guardrails, removing manual SSH and file transfers from the process. 

The Solution 

Teleglobal delivered this infrastructure in four phases: architecture design, environment setup, execution, and cutover with handover. Each layer was built to address a specific constraint from the requirements. 

10 Engineering Simulation Instances Deployed on a Secure AWS Foundation

Network architecture 

A 3-tier VPC was provisioned in ap-south-1. The public subnet hosts the ALB, NAT Gateway, and OpenVPN. The private application subnet holds 10 simulation instances (5 MATLAB, 5 SolidWorks). The private data subnet isolates RDS PostgreSQL with zero internet exposure. Engineers access simulation instances only through VPN. 

Compute and container delivery 

GitHub Actions triggers builds, pushes container images to ECR, and deploys to EC2 automatically with no manual steps. RDS PostgreSQL handles application data with automatic failover and backup retention. 

Real-time data pipeline 

Kinesis ingests IoT and application telemetry into S3. Glue transforms the data and registers it in the Data Catalog. Athena runs serverless queries against S3, and SageMaker trains ML models from the same data lake. Lambda handles event-driven automation. 

IoT device connectivity 

AWS IoT Core keeps device traffic separated from application traffic so telemetry flows into Kinesis without touching the simulation compute layer. 

Security 

IAM follows least-privilege principles with service-specific roles. KMS manages encryption, and Secrets Manager stores credentials. WAF protects the ALB, GuardDuty handles threat detection, and AWS Config monitors compliance. CloudWatch provides logs, metrics, and alerting. Everything was validated before production cuto 

AWS Services Deployed 

AWS Service Role in This Deployment 
Amazon VPC + NAT Gateway 3 tier network with public, private application, and private data subnets 
Amazon EC2 10 instances, 5 MATLAB and 5 SolidWorks in private subnets 
Application Load Balancer + WAF Traffic routing and web application protection 
Amazon RDS (PostgreSQL) Managed database with automatic failover and backup 
Kinesis + Glue + Athena Real time data ingestion, ETL, and serverless analytics 
Amazon SageMaker ML model training and deployment 
ECR + GitHub Actions Automated CI/CD pipeline 
AWS IoT Core Secure device connectivity 
IAM + KMS + GuardDuty + CloudWatch Access control, encryption, threat detection, and monitoring 

Roles and Responsibilities 

Activity Responsibility 
Infrastructure setup (VPC, EC2, IAM, S3, security) Teleglobal 
Testing and validation Teleglobal and Client jointly 
Documentation and handover Teleglobal 
Application integration Client 

Results 

Outcome Detail 
10 simulation instances live 5 MATLAB and 5 SolidWorks instances running in private subnets with VPN access for engineers 
3-tier network isolation Public, private application, and private data subnets with zero direct internet exposure to compute or database 
CI/CD pipeline operational GitHub Actions to ECR to EC2, fully automated with no manual deployment steps 
Real-time analytics pipeline Kinesis ingestion to S3 to Glue ETL to Athena queries, validated from ingestion to query output 
ML environment ready SageMaker provisioned and validated for model training and deployment against S3 data lake 
Security stack active at handover IAM least-privilege, KMS encryption, WAF, GuardDuty, Config, and CloudWatch all validated before cutover 

The architWhat Comes Next ecture gives the client’s engineering team on-demand access to 10 simulation instances that were previously bottlenecked on local hardware. Each MATLAB and SolidWorks environment sits in an isolated private subnet, reachable only through the VPN, and backed by a PostgreSQL database with automatic failover. 

The data pipeline and ML infrastructure are decoupled from the simulation workloads. The analytics tier scales independently: adding new IoT data sources does not require changes to the VPC, security configuration, or compute layer. SageMaker can train models against the S3 data lake without consuming simulation compute capacity. 

What Comes Next 

The architecture is designed for the workloads to grow. Additional MATLAB or SolidWorks instances can be added to the private application subnet without modifying the VPC or security configuration. The Kinesis and Glue pipeline can absorb new IoT data sources. The SageMaker environment supports additional model pipelines. The CI/CD path through ECR can extend to new EC2 target groups as the application scales across availability zones. 

Teleglobal International is an AWS Partner delivering cloud infrastructure, analytics, and ML deployments across the Asia Pacific region from its delivery centre in Pune, India.