
Executive Summary
The client is an automotive engineering company that uses MATLAB and SolidWorks to design, simulate, and validate vehicle systems. Their simulation workloads were running on local hardware, limiting collaboration across teams and creating bottlenecks when multiple engineers needed compute capacity at the same time.

Teleglobal deployed a production-ready AWS environment in the Asia Pacific (Mumbai) region. The infrastructure includes 10 dedicated simulation instances (5 for MATLAB, 5 for SolidWorks), a 3-tier VPC with public, private application, and private data subnets, a real-time data pipeline using Kinesis and Glue, and a SageMaker environment for ML model training. The full stack covers 20+ AWS services across compute, networking, storage, database, analytics, machine learning, IoT, and security.
Project Snapshot
| Metric | Detail |
| Compute Instances | 10 EC2 instances: 5 MATLAB + 5 SolidWorks, hosted in private subnets |
| Deployment Region | Asia Pacific (Mumbai), ap-south-1 |
| AWS Services Deployed | 20+ services across compute, storage, networking, analytics, ML, IoT, and security |
| Subnet Architecture | 3-tier VPC: public, private application, private data |
| Database | Amazon RDS for PostgreSQL with automatic failover and backup retention |
| CI/CD Pipeline | GitHub Actions to Amazon ECR to EC2 deployment |
The Challenge
Simulation workloads that outgrew local hardware
Running multiple MATLAB and SolidWorks instances on local servers created capacity bottlenecks during peak design cycles. The cloud environment needed secure VPN access while keeping workloads isolated from the internet.
Security from day one
The company works with proprietary vehicle designs and simulation data. Encryption, role-based access control, compliance monitoring, and threat detection all had to be active before any workload went live.
Real-time data ingestion for IoT and analytics
The platform collects telemetry from connected vehicle devices that needs to flow into a data lake, get transformed, and feed ML models in real time. This pipeline had to run alongside simulations without competing for compute.
Automated deployment without manual intervention
Getting a code commit from GitHub to a running EC2 instance required a controlled CI/CD pipeline through Amazon ECR with IAM guardrails, removing manual SSH and file transfers from the process.
The Solution
Teleglobal delivered this infrastructure in four phases: architecture design, environment setup, execution, and cutover with handover. Each layer was built to address a specific constraint from the requirements.

Network architecture
A 3-tier VPC was provisioned in ap-south-1. The public subnet hosts the ALB, NAT Gateway, and OpenVPN. The private application subnet holds 10 simulation instances (5 MATLAB, 5 SolidWorks). The private data subnet isolates RDS PostgreSQL with zero internet exposure. Engineers access simulation instances only through VPN.
Compute and container delivery
GitHub Actions triggers builds, pushes container images to ECR, and deploys to EC2 automatically with no manual steps. RDS PostgreSQL handles application data with automatic failover and backup retention.
Real-time data pipeline
Kinesis ingests IoT and application telemetry into S3. Glue transforms the data and registers it in the Data Catalog. Athena runs serverless queries against S3, and SageMaker trains ML models from the same data lake. Lambda handles event-driven automation.
IoT device connectivity
AWS IoT Core keeps device traffic separated from application traffic so telemetry flows into Kinesis without touching the simulation compute layer.
Security
IAM follows least-privilege principles with service-specific roles. KMS manages encryption, and Secrets Manager stores credentials. WAF protects the ALB, GuardDuty handles threat detection, and AWS Config monitors compliance. CloudWatch provides logs, metrics, and alerting. Everything was validated before production cuto
AWS Services Deployed
| AWS Service | Role in This Deployment |
| Amazon VPC + NAT Gateway | 3 tier network with public, private application, and private data subnets |
| Amazon EC2 | 10 instances, 5 MATLAB and 5 SolidWorks in private subnets |
| Application Load Balancer + WAF | Traffic routing and web application protection |
| Amazon RDS (PostgreSQL) | Managed database with automatic failover and backup |
| Kinesis + Glue + Athena | Real time data ingestion, ETL, and serverless analytics |
| Amazon SageMaker | ML model training and deployment |
| ECR + GitHub Actions | Automated CI/CD pipeline |
| AWS IoT Core | Secure device connectivity |
| IAM + KMS + GuardDuty + CloudWatch | Access control, encryption, threat detection, and monitoring |
Roles and Responsibilities
| Activity | Responsibility |
| Infrastructure setup (VPC, EC2, IAM, S3, security) | Teleglobal |
| Testing and validation | Teleglobal and Client jointly |
| Documentation and handover | Teleglobal |
| Application integration | Client |
Results
| Outcome | Detail |
| 10 simulation instances live | 5 MATLAB and 5 SolidWorks instances running in private subnets with VPN access for engineers |
| 3-tier network isolation | Public, private application, and private data subnets with zero direct internet exposure to compute or database |
| CI/CD pipeline operational | GitHub Actions to ECR to EC2, fully automated with no manual deployment steps |
| Real-time analytics pipeline | Kinesis ingestion to S3 to Glue ETL to Athena queries, validated from ingestion to query output |
| ML environment ready | SageMaker provisioned and validated for model training and deployment against S3 data lake |
| Security stack active at handover | IAM least-privilege, KMS encryption, WAF, GuardDuty, Config, and CloudWatch all validated before cutover |
The architWhat Comes Next ecture gives the client’s engineering team on-demand access to 10 simulation instances that were previously bottlenecked on local hardware. Each MATLAB and SolidWorks environment sits in an isolated private subnet, reachable only through the VPN, and backed by a PostgreSQL database with automatic failover.
The data pipeline and ML infrastructure are decoupled from the simulation workloads. The analytics tier scales independently: adding new IoT data sources does not require changes to the VPC, security configuration, or compute layer. SageMaker can train models against the S3 data lake without consuming simulation compute capacity.
What Comes Next
The architecture is designed for the workloads to grow. Additional MATLAB or SolidWorks instances can be added to the private application subnet without modifying the VPC or security configuration. The Kinesis and Glue pipeline can absorb new IoT data sources. The SageMaker environment supports additional model pipelines. The CI/CD path through ECR can extend to new EC2 target groups as the application scales across availability zones.
Teleglobal International is an AWS Partner delivering cloud infrastructure, analytics, and ML deployments across the Asia Pacific region from its delivery centre in Pune, India.