Sela. | Cloud Better.

Egged

Egged Transportation Ltd. is Israel’s largest transit bus company, with subsidiaries operating in Poland and the Netherlands. The company’s bus routes reach most Israeli cities and towns, as it provides nearly 35% of Israel’s public transport system. Egged transports about 900,000 passengers daily, employs approximately 6,500 people and operates a fleet of 2,950 buses.

Israel suffers from the worst traffic congestion in the OECD. As a result, public and municipal transportation authorities are open to innovative transportation solutions.

Multiple micro-mobility companies, including Bird, Lime, Wind, and Mobile, have successfully implemented their mobility solutions in Israel. While micro-mobility companies have successfully reduced congestion in the “4 KM radius,” these solutions have not impacted the motorized 4 KM radius and above. This is due to Israeli’s preference to drive private cars rather than take expensive taxis or ride in buses that don’t reach their exact destination. Israel’s Ministry of Transportation (MOT) issued an RFP to transportation companies looking for a solution to this problem.

Egged’s Conceptual Solution

Egged responded to the MOT’s RFP with a revolutionary solution built on a real-time collective ridesharing application. Nicknamed TikTak, the Egged proposal allowed users to enter their current location and destination details into a secure mobile app.
The app processes the request using a complex algorithm, factoring in real-time requests from other commuters in the same geographical area and time frame. The app segregates users based on geographical area and timeframe and builds a dynamic route that will meet all the passengers' needs.
Once set, a van is dispatched. It picks up commuters at their location, drives them on the common, dynamic route, and leaves each passenger at their destination.

The challenge

Egged turned to the Sela Group to design the architecture and implement their proposed TikTak system. Sela recognized several challenges that needed to be resolved quickly to develop this complex, high-demand system.

Since it is a greenfield project and lacks any service experience and data, it would be difficult to predict customer demand for the system, particularly during the early months of the project. The system would require a highly scalable, extremely flexible, and secure environment.
The system would also require zero downtime due to the nature of the service. The data volume is expected to expand unpredictably and requires scaling infrastructure. Finally, the system must interface with technology partners like VIA and Moovit.

The solution

Sela architects based their design on guidelines presented in AWS’ Well-Architected framework.

The TikTak system was built in three layers.

The infrastructure layer ran the solution logic components hosted in Elastic Kubernetes Service (EKS). Those components were designed to achieve maximum flexibility and be dynamically scalable.
Components were designed as docker-based microservices, which allowed them to achieve maximum flexibility and scalability. The microservices were hosted on the Kubernetes cluster managed by EKS.

The cluster nodes were segregated into a secured virtual private cloud (VPC), and spanned across multiple availability zones to achieve both high availability and scalability. This allowed for meeting the company’s SLA agreement. Horizontal auto-scaling was also used to ensure immediate autoscaling and downscaling scenarios.

Sela incorporated a rolling update deployment strategy to meet the zero-downtime policy without impacting the user experience. As the data can expand exponentially in just minutes, MongoDB Atlas (a holistic, rapid-expansion No-SQL AWS-hosted service) was integrated into the infrastructure, preserving database performance and high availability at all times. Integrating MongoDB Atlas into the architecture was crucial for the overall security as was a VPC peering, which kept data within the AWS cloud realm, minimizing external exposure and ensuring a high level of security.

API Gateway implementation acted as the service “front door” and provided API protection and managed tenant and third-party broker requests. The internal services layer contains Network Load Balancing (NLB), which was used as the sole gateway to the Kubernetes cluster. Simple Queue Service (SQS) decoupled requests, managing them in a queue that triggered Lambda functions and converted them into a service request.

The layer also contains an elaborate stack of performance monitoring, alert, and visualization tools, including TICK stack, Slack integration for alerts, Prometheus-operator, Grafana, FluentD, and AWS Elasticsearch. Those stacks covered performance, errors, debugging, scale, and auditing metrics, ensuring maximum system observability. On the external perimeter, we placed a Web Application Firewall. This ensured a tenant isolation boundary and buffered the environment to protect against DDoS attacks and prevent malicious traffic. Cognito implementation was also added to deal with external identity providers and the application authorization requirements. IAM roles were used for cross-tenant prevention of access to unauthorized components.

The results

Egged launched a pilot program in Haifa and was very satisfied with the results. The service was then launched in Jerusalem and is expected to add additional cities in the near future.