Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
P U B L I C S E C T O R
S U M M I T
SINGAPORE
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
How AsiaPac i...
Copyright © & Confidential
Copyright © & Confidential
An M1
company.
Since
Nov’18
EPPU
S/10
company
ISO
9001:2015
& Biz Safe
Level 3
certified
ICT
So...
Copyright © & Confidential
Self Service Management Portal
Government / Enterprise Customers Self Service &
Service
Management
Hybrid Cloud
Management...
VMware Cloud on AWS
Exclusive Launch Partner
Copyright © & Confidential
Governance in
Restricted Cloud
Environment
§ Controlled access reducing Security Risks
§ Ensuring regulatory compliance like HIPAA, PCI, MTSC Tier 3, ISO etc.
§ Cost...
Our Approach to CLOUD GOVERNANCE
Cloud
Governance
Data
Security
Resource
Tagging
Structured
DevOps
Solutions
Security and
...
Our Approach to CLOUD GOVERNANCE
Cloud
Governance
Environment
Templatization
Data Security
Resource
Tagging
Structured
Dev...
Our Approach to CLOUD GOVERNANCE
Cloud
Governance
Environment
Templatization
Data Security
Resource
Tagging
Structured
Dev...
Our Approach to CLOUD GOVERNANCE
Cloud
Governance
Environment
Templatization
Data Security
Resource
Tagging
Structured
Dev...
Our Approach to CLOUD GOVERNANCE
Cloud
Governance
Environment
Templatization
Data Security
Resource
Tagging
Structured
Dev...
How to Regain a Healthy Governance
§ current state of all cloud users and their access rights across
the enterprise?
“WITH...
ASIAPAC MANAGED INFRASTRUCTURE & CLOUD SERVICES
Increase in
AWS
Workloads
Growth in
AWS account
Management
Cost Control
Se...
Design
Architecture
AZ-A AZ-B
IGW
Direct Connect
Internet
Web 1
RDS Master
IDS1 IDS2Mgmt 1EVM1 Mgmt 2 EVM2
ELB
ELB
Cyber W...
VMware Cloud on AWS:
Jointly engineered Cloud Service
Service Overview:
§ VMware SDDC running on AWS bare metal
§ Delivere...
Cloud Motion:
Workload Mobility across Hybrid Clouds
Active Migrated VMs
CROSS-VERSION HYBRIDITY SECURITY
ON PREMISE CLOUD...
VMware Cloud on AWSOn-Premises Data Center
AWS Direct Connect
Compute
Storage
Network
Compute
Storage
Network
vSphere-base...
Leveraging Well Architected Framework on AWS
§ Expense Awareness
§ Cost-effective Resource
§ Match supply with
demand
§ Ar...
Copyright © & Confidential
Providing Cloud Best Practices through
EXPERIENCE.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
© 2019, Amazo...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R
S U M M I T
Thank you!
© ...
Nächste SlideShare
Wird geladen in …5
×

Innovate - How AsiaPac is helping Customers to Build a Restricted Cloud Environment on AWS

329 Aufrufe

Veröffentlicht am

Discover how AsiaPac is helping government, education and nonprofit organizations to architect and migrate their mission-critical applications onto AWS - with secure, high-performing, resilient, and efficient infrastructure. As more organizations move towards cloud, learn how best practices have been implemented on AsiaPac's full-lifecycle services - to provision, run, and support infrastructure, as well as managed services to reduce customer's operation overhead and risks.

  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Innovate - How AsiaPac is helping Customers to Build a Restricted Cloud Environment on AWS

  1. 1. P U B L I C S E C T O R S U M M I T SINGAPORE
  2. 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T How AsiaPac is helping Customers to build a Restricted Cloud Environment on AWS Sourav Ray Cloud Architect AsiaPac
  3. 3. Copyright © & Confidential
  4. 4. Copyright © & Confidential An M1 company. Since Nov’18 EPPU S/10 company ISO 9001:2015 & Biz Safe Level 3 certified ICT Solutions Provider Started 1990 Commercial, Enterprise, Education, Healthcare & Government
  5. 5. Copyright © & Confidential
  6. 6. Self Service Management Portal Government / Enterprise Customers Self Service & Service Management Hybrid Cloud Management System Leading Telecommunications Provider First telco to embark 5G live test in SG Direct Connect Local Loops SDWAN CMP Frameworks Blueprints Modernization • Bring workloads closer to AWS • Low latency connectivity • Orchestration Bring close to AWS Migrate to AWS or Migrate to AWS Outpost/ VMC Customer Self Manage Creating Business Ecosystem
  7. 7. VMware Cloud on AWS Exclusive Launch Partner
  8. 8. Copyright © & Confidential Governance in Restricted Cloud Environment
  9. 9. § Controlled access reducing Security Risks § Ensuring regulatory compliance like HIPAA, PCI, MTSC Tier 3, ISO etc. § Cost Optimization § Eliminate unnecessary IT and Cloud initiatives § DevOps process initiation and parameter definitions § Enhance management of Cloud resources The Disciplines of CLOUD GOVERNANCE Why is it important?
  10. 10. Our Approach to CLOUD GOVERNANCE Cloud Governance Data Security Resource Tagging Structured DevOps Solutions Security and Log Management Monthly Reports and Analytics Patch Management with Approval Process Infrastructure Monitoring Application Monitoring Internal Audits Cost Budgeting Environment Templatization Authentication & Authorization
  11. 11. Our Approach to CLOUD GOVERNANCE Cloud Governance Environment Templatization Data Security Resource Tagging Structured DevOps Solutions Security and Log Management Authentication and Authorization Monthly Reports and Analytics Patch Management with Approval process Application Monitoring Infrastructure Monitoring Internal Audits Cost Budgeting § Compliance Audit § Security Audit § User Audit § Data Privacy Audit § Penetration Testing
  12. 12. Our Approach to CLOUD GOVERNANCE Cloud Governance Environment Templatization Data Security Resource Tagging Structured DevOps Solutions Security and Log Management Authentication and Authorization Monthly Reports and Analytics Patch Management with Approval process Application Monitoring Infrastructure Monitoring Internal Audits Cost Budgeting § Enforcing MFA for AWS Management Console § Enforcing console login via on premise AD authentication using AWS SSO § Enforcing AWS Cognito for application level authentication § Enforcing privileged access using AWS IAM
  13. 13. Our Approach to CLOUD GOVERNANCE Cloud Governance Environment Templatization Data Security Resource Tagging Structured DevOps Solutions Security and Log Management Authentication and Authorization Monthly Reports and Analytics Patch Management with Approval process Application Monitoring Infrastructure Monitoring Internal Audits Cost Budgeting Continuous Integration Micro-Services Policy as Code and Automated Monitoring
  14. 14. Our Approach to CLOUD GOVERNANCE Cloud Governance Environment Templatization Data Security Resource Tagging Structured DevOps Solutions Security and Log Management Authentication and Authorization Monthly Reports and Analytics Patch Management with Approval process Application Monitoring Infrastructure Monitoring Internal Audits Cost Budgeting Launch Instance Create Tags Scan OS based on Patch Baseline Generate Missing Patch List SSM Document for Patch Scan Stop Instance Create Image Create Tags Terminate Instance SSM Document for Patch Install Launch Instance Update OS Software Generate Installed Patch List Update Parameter Store If approved
  15. 15. How to Regain a Healthy Governance § current state of all cloud users and their access rights across the enterprise? “WITHOUT REDUCING CLOUD AGILITY” MANAGE ENSURE § adherence to the overall costs to PAY PER USE model? § deployments and operations are in track with compliance regulations and policies? ENFORCE § security across all the environment workloads as well as User Management? Cloud Governance Pain Areas
  16. 16. ASIAPAC MANAGED INFRASTRUCTURE & CLOUD SERVICES Increase in AWS Workloads Growth in AWS account Management Cost Control Security & Compliance GOVERNANCE AT SCALE Solutions to Governance at Scale
  17. 17. Design Architecture AZ-A AZ-B IGW Direct Connect Internet Web 1 RDS Master IDS1 IDS2Mgmt 1EVM1 Mgmt 2 EVM2 ELB ELB Cyber Watch Center App1 App2 App3 App4 App5 App6 ELB App7 App8 App9 App10 App11 App12 Web 2 Tier 1 NGFW Tier 1 NGFW RDS Slave Tier 2 NGFW Tier 2 NGFW NAT Gateway NAT Gateway AD Server 1 AZ-A AD Server 2 Event Collector1 Event Collector2 Customer On Premise Dev Server Dev Server Bastion Host API Server Monitoring Collector AZ-B AsiaPac NOC VPC AsiaPac EM7 Database VPN Gateway2FA 2FA API Server On Premise SOC AsiaPac SysAdmin IPSEC VPN API Server Dev Server IGW Client VPN IPSEC VPN NAT Gateway AZ-A AZ-B App1 App2 App3 App4 App5 App6 ELB Web 1 Master DB Slave DB App7 App8 App9 App10 App11 App12 Web 2 VPN IGW Firewall ELB NAT Gateway NAT Gateway ELB Internet AD Server 1 AZ-A AD Server 2 Event Collector1 Customer Data Center Dev Server Bastion Host API Server DB Server AZ-B VPN Gateway2FA 2FA API Server On Premise SOC AsiaPac SysAdmin IPSEC VPN API Server CI CD Server IGW Client VPN IPSEC VPN NAT Gateway AZ-A App1 App2 App3 ELB ELB Web 1 Master DB App4 App5 App6 App7 IGW Fwd Proxy ELB NAT Gateway Internet
  18. 18. VMware Cloud on AWS: Jointly engineered Cloud Service Service Overview: § VMware SDDC running on AWS bare metal § Delivered, operated, supported by VMware § On-demand capacity and flexible consumption § Seamless portability of hybrid large-scale workload § Direct access to native AWS services Business Use Cases: § Data Center Extension § Disaster Recovery § Cloud Migration § Application Modernization
  19. 19. Cloud Motion: Workload Mobility across Hybrid Clouds Active Migrated VMs CROSS-VERSION HYBRIDITY SECURITY ON PREMISE CLOUD LARGE SCALE WARM MIGRATION Hybrid Interconnect Any-to-Any vSphere Migration vSphere 5.0 VMware Cloud
  20. 20. VMware Cloud on AWSOn-Premises Data Center AWS Direct Connect Compute Storage Network Compute Storage Network vSphere-based SDDC with NSX CGW Network A MGW N-S FW Router Network 172.16.10.0/24 Network 172.16.20.0/24 Govt Network Zone VMC-VM BGP Peering Session Public Internet N-S FW Governing Internet/Security Posture from On Premise DC Manage the Internet bound traffic on Public cloud via On-premise security framework, so that control and governance need not be re-architected and use Public Cloud for the benefit of Agility and Scale. Use Cases: § Internet Separation or Network Zone Separation for VDI/Any workloads. § Data Center Extension where Public Cloud is used as Hot capacity/Cloud Burst.
  21. 21. Leveraging Well Architected Framework on AWS § Expense Awareness § Cost-effective Resource § Match supply with demand § Architecture optimization § Select § Review § Monitoring § Trade-offs § Automated Change Management § Automated Failure Management § Centralized Privileged Management § Centralized Monitoring § Data Security § Incident Management plan § Prepare § Operate § Evolve Cost Optimization Performance Efficiency ReliabilitySecurity Operational Excellence
  22. 22. Copyright © & Confidential Providing Cloud Best Practices through EXPERIENCE.
  23. 23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T
  24. 24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Thank you! © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Sourav Ray Cloud Architect AsiaPac

×