Case Study
Northern Kentucky University
Northern Kentucky University moved its decentralized web presence to a modern AWS platform with a new Cascade CMS publishing environment. eWay designed the multi-environment architecture, integrated enterprise SAML single sign-on, ran a large redirect migration to preserve SEO, hardened security, and led the go-live.
- Industry
- Higher Education
- Platform
- Cascade Website Hosting on AWS
- Services
- Managed WebOps + Cloud Operations
- Engagement
- Enterprise migration with ongoing support
Client Snapshot
About Northern Kentucky University
- Founded
- 1968
- Scale
- Public university serving thousands of students, faculty, and staff in the Greater Cincinnati region
- Website
- www.nku.edu
Northern Kentucky University is a public university in Highland Heights, Kentucky, serving students across the Greater Cincinnati metropolitan region. The institution supports student recruitment, academic program marketing, research initiatives, and alumni and donor engagement through a large public web presence.
That web presence is broad and decentralized. It spans institutional sites, academic departments, colleges, centers, faculty pages, and specialty web properties, all published through Cascade CMS by editors distributed across the university.
Given the volume and diversity of content, reliability, security, scalability, and governance were the defining requirements for any new hosting platform.
The Challenge
A large, decentralized web ecosystem that had to move without breaking.
NKU set out to migrate its public web presence to a modern hosting environment while keeping numerous sites and applications, all managed through Cascade CMS, running without interruption. The environment was complex: many websites, subdomains, departmental sites, vanity URLs, and faculty pages, each requiring individual validation and configuration.
University governance raised the bar further. NKU required integration with its institutional identity platform using SAML single sign-on, including protection of staging environments and restricted content areas. Traditional password-based authentication was not sufficient for the university's security requirements.
The migration also carried a large redirect inventory and a set of modern security controls that had to be deployed without disrupting publishing workflows, all coordinated carefully across DNS, SSL, CDN, and authentication during a single go-live.
What made it complex
A multi-site environment of departments, subdomains, vanity URLs, and faculty pages
Enterprise SAML single sign-on required for staging and restricted content
A large legacy redirect inventory that had to be audited and preserved
Modern security controls to deploy without disrupting publishing workflows
A coordinated go-live spanning DNS, SSL, CDN, and authentication cutovers
The Solution
A modern AWS platform for Cascade, with enterprise identity built in.
eWay designed and implemented a comprehensive AWS-hosted platform for NKU's enterprise web publishing. The work spanned multi-environment architecture, Cascade CMS deployment configuration, SAML single sign-on, a CDN layer, a full redirect migration, security hardening, and a structured go-live, followed by an extended period of post-launch support.
Multi-environment AWS architecture with staging, pre-production, and production tiers plus additional environments for departmental sites
Cascade CMS publishing enablement: transport and destination configuration, multi-site publishing, custom workflows, and server-side include support
Enterprise SAML single sign-on integrated with NKU's identity provider, protecting staging and restricted files and folders in place of basic authentication
Full redirect audit, cleanup, and migration covering vanity URLs, faculty paths, and subdomains to preserve legacy URLs and SEO value
Security hardening with wildcard and site-specific SSL, HTTPS enforcement, Content Security Policy, security headers, and pre- and post-launch vulnerability scanning
A CDN layer with file and JSON caching, plus Golden AMIs and launch templates for repeatable, automated deployments
Architecture
A glimpse of the stack
Application
Cascade Website Hosting (Cascade CMS publish target on AWS)
Cloud Infrastructure
AWS multi-environment: staging, pre-production, production
Identity
SAML single sign-on integrated with NKU's identity provider
Edge & Security
CDN with caching, wildcard SSL, CSP, and HTTPS enforcement
The Outcome
A secure, scalable platform launched without losing a URL.
A modernized hosting platform
NKU transitioned its enterprise web presence to a modern AWS environment built for scalability, security, and operational reliability, with monitoring, logging, and backups in place from day one.
Enterprise identity, not passwords
SAML single sign-on, integrated with the university's identity provider, now protects staging and restricted content. Reviewers use institutional credentials, and access is governed centrally rather than through shared passwords.
Legacy URLs that keep working
A full redirect audit and migration preserved vanity URLs, faculty paths, and subdomains. Visitors following old links land in the right place, and search engines see clean 301s instead of 404s, protecting rankings earned over years.
A stronger security posture
Wildcard and site-specific SSL, HTTPS enforcement, Content Security Policy, security headers, and pre- and post-launch scanning brought the platform in line with the university's security requirements.
The production launch was managed through a structured go-live with readiness reviews, coordinated DNS, SSL, and CDN cutovers, smoke testing, and live monitoring. eWay continued to support NKU through an extended hypercare period covering publishing fixes, redirect refinement, security updates, and additional site onboarding, working alongside multiple university stakeholders to keep the platform stable as it grew.
Common questions about this engagement
What buyers ask before engaging us on a project like Northern Kentucky University
How was enterprise authentication handled for staging and restricted content?
eWay replaced basic authentication with SAML single sign-on integrated with NKU's institutional identity provider. A custom authentication framework allowed SAML to protect specific files and folders in a manner similar to .htaccess-based access controls, while leveraging the university's existing identity services. Session management, authentication persistence, and certificate lifecycle were all part of the engagement so that reviewers could log in with institutional credentials and access was governed centrally.
How were legacy URLs and SEO protected during the migration?
Redirect management was one of the largest workstreams. eWay audited and consolidated a large inventory of legacy URLs from multiple sources, then implemented vanity URL publishing, path-based redirects, faculty URL redirects, and subdomain redirects. SEO scanning, link integrity testing, and crawl analysis validated the result so that inbound links kept working and accumulated search rankings carried forward to the new platform.
What did the AWS architecture include?
eWay deployed a multi-environment architecture with separate staging, pre-production, and production tiers, plus additional environments for departmental sites. A CDN layer with file and JSON caching improved performance and reduced origin load. Golden AMIs and launch templates established repeatable, automated deployments, and the production environment included infrastructure and application monitoring, log collection, and backups.
What security controls were put in place?
The platform was hardened with wildcard and site-specific SSL certificates, HTTPS enforcement, Content Security Policy, and security headers, with several rounds of CSP tuning to accommodate third-party services and university applications. Pre-launch and post-launch vulnerability scans validated the configuration before and after go-live, and SSL and SAML certificate lifecycle management keep the platform maintainable over time.
What does eWay actually own day-to-day?
eWay owns the AWS hosting platform end to end: infrastructure provisioning and monitoring, Cascade publishing configuration, SAML authentication and certificate lifecycle, redirect rule maintenance, security patching, and incident response. New requirements are scoped, built, and deployed through eWay rather than handed off to a separate vendor, which is what allowed the engagement to extend well beyond the original migration scope.
Related Case Studies
Other engagements you might want to see
Higher Education · Cascade · AWS
Pilot-Light Disaster Recovery for Cascade Website Hosting on AWS
Central Washington University's Cascade CMS website needed reliable high-availability hosting with disaster recovery and clean redirect management. eWay built an AWS environment with Auto Scaling, load balancing, and Pilot Light DR, and customized Apache redirection rules so legacy URLs continued to resolve cleanly through every migration and content change.
Higher Education · Cascade · AWS
Cloud-First Resilience for Cascade Website Hosting on AWS
Morehead State University's public-facing website is the front door for prospective students, families, alumni, and donors across eastern Kentucky. eWay rebuilt the platform on AWS with auto-scaling, CloudFront edge delivery, WAF protection, and disaster recovery built in. The architecture was tested in 2023 when a campus-wide cyber event hit MSU's broader systems. The public website kept operating without interruption.
Higher Education · Cascade · AWS
AWS Hosting Consolidation for 485 Cascade CMS Sites
Xavier University operates 485 Cascade CMS sites across academic departments, programs, athletics, and administrative units. eWay consolidated the platform onto a single modern AWS hosting environment with Multi-AZ resilience, Auto Scaling, Redis caching, Web Application Firewall protection, and eight CodePipelines delivering CI/CD across site clusters. The consolidation moved every one of the 485 sites onto the new environment without data loss or downtime.
Have a similar environment? Let's talk.
Let's scope a managed engagement for your platform.
Every engagement starts with a platform assessment. We review your current environment, document operational gaps, and recommend a managed operations model sized to your organization.