Weitere ähnliche Inhalte
Ähnlich wie Overview of CTE's CloudEnable Platform to Develop, Deploy, Secure and Manage - Arjun Chopra
Ähnlich wie Overview of CTE's CloudEnable Platform to Develop, Deploy, Secure and Manage - Arjun Chopra (20)
Mehr von Amazon Web Services
Mehr von Amazon Web Services (20)
Kürzlich hochgeladen (20)
Overview of CTE's CloudEnable Platform to Develop, Deploy, Secure and Manage - Arjun Chopra
- 1. Overview
of
CTE’s
CloudEnable
Pla6orm
Arjun
Chopra
CTO
Cambridge
Technology
Enterprises
- 3. Agenda
• Who
is
CloudEnable
• Why
the
Cloud
makes
sense
• Building
a
Cloud-‐ready
App
• 24/7,
SLA-‐driven
OperaCons
• Business
ConCnuity
and
DR
• Cloud
Highlights
• Next
Steps
3
ConfidenCal:
©
2011:
CloudEnable
(All
Rights
Reserved)
- 4. Who
is
CloudEnable
500+
Trained
Cloud
Folks
5
$1.5B
CMMi
Level
ISV
Customer
5M
5
Hours
of
upIme
NOCs
24/7
Management,
starCng
at
$9
4
ConfidenCal:
©
2011:
CloudEnable
(All
Rights
Reserved)
- 6. Agenda
• Who
is
CloudEnable
• Why
the
Cloud
makes
sense
• Building
a
Cloud-‐ready
App
• 24/7,
SLA-‐driven
OperaCons
• Business
ConCnuity
and
DR
• Cloud
Highlights
• Next
Steps
6
ConfidenCal:
©
2011:
CloudEnable
(All
Rights
Reserved)
- 7. Why the Cloud makes sense
• Pay-as-you-go
• No up-front Capital expenses
• On-demand Provisioning
• Elastic Scale
• Pass benefits on to users
7
ConfidenCal:
©
2011:
CloudEnable
(All
Rights
Reserved)
- 8. PredicCng
Infrastructure
Needs
Actual
Usage
Customer
Dissa.sfac.on
Compute
Power
Predicted
Usage
Waste
Time
8
ConfidenCal:
©
2011:
CloudEnable
(All
Rights
Reserved)
- 9. Cloud
Goal:
Flip
This
EquaCon
30%
70%
On-‐Premise
Your
Managing
All
of
the
Infrastructure
Business
UndifferenCated
Heavy
Lifing
Configuring
More
Time
to
Focus
on
Cloud-‐Based
Your
Cloud
Your
Business
Infrastructure
Assets
70%
30%
9
ConfidenCal:
©
2011:
CloudEnable
(All
Rights
Reserved)
- 10. Agenda
• Who
is
CloudEnable
• Why
the
Cloud
makes
sense
• Building
a
Cloud-‐ready
App
• 24/7,
SLA-‐driven
OperaCons
• Business
ConCnuity
and
DR
• Cloud
Highlights
• Next
Steps
10
ConfidenCal:
©
2011:
CloudEnable
(All
Rights
Reserved)
- 11. The Cloud Shared Responsibility Model
Development
and
MigraCon
assisted
by
CTE
ApplicaCon
24/7
Managed
Services
delivered
by
CloudEnable
On-‐demand,
Pay-‐as-‐
you-‐go
Infrastructure
provided
by
AWS
11
ConfidenCal:
©
2011:
CloudEnable
(All
Rights
Reserved)
- 12. Design
Best
PracCces
• Protect
your
data
• Design
for
failure
so
nothing
fails
• Handle
reboots
gracefully
• Decouple
and
make
stateless
• Isolate
Traffic
– StaCc
vs
Dynamic
– Read
vs
Write
12
ConfidenCal:
©
2011:
CloudEnable
(All
Rights
Reserved)
- 13. OperaCons
Best
PracCces
• Secure
the
systems
• Leverage
Regions
and
AZs
for
disaster
recovery
• Create
the
automaCon
roadmap
• Separate
environments
and
keep
consistent
• Establish
monitoring
and
management
parameters
and
alarms
• Document,
Test,
Improve
13
ConfidenCal:
©
2011:
CloudEnable
(All
Rights
Reserved)
- 14. Security, Security, Security!
• Deny-all by default, except as mentioned
below
• Web Server Security Group (80 + 443)
• App Server Security Group (App Server
ports; communication from Web Server
Group members only)
• DB Security Group (DB ports;
Communication with App Server Group
members only)
• Admin Security Group (SSH port; Access
restricted to corporate subnet only)
14
ConfidenCal:
©
2011:
CloudEnable
(All
Rights
Reserved)
- 15. Harden all Stack Components
Deliverable: Hardened Gold AMI
DB
Tasks include:
• Encrypt the file system and swap space
• Configuring the OS firewall (EC2
Instance)
• Reviewing inittab and boot scripts
• Securing ssh
• Securing history App
Server
• Setting up IPS/IDS/AV
(EC2
Instance)
15
ConfidenCal:
©
2011:
CloudEnable
(All
Rights
Reserved)
- 16. Secure the Database
• Use TDE where available to ease
application development
• Classify data based on importance
• Encrypt desired columns, tables and
DB
tablespaces
• Ensure separation of duties
• Establish access control and audit (EC2
Instance)
tools
• Run on a hardened AMI
• Use RDS or ensure HA
16
ConfidenCal:
©
2011:
CloudEnable
(All
Rights
Reserved)
- 17. SupporCng
MulCple
Customers
• Hardened OS for
entire stack
• Dedicated Cloudlets
for each Tenant
• Dedicated Cloudlet
for Multi-tenant
Software
• Managed VPN
Tunnel between
Customer Site and
AWS Cloudlet *
• SGs, In Flight and
At Rest data
security across
stacks
* = As Needed
17
ConfidenCal:
©
2011:
CloudEnable
(All
Rights
Reserved)
- 18. Agenda
• Who
is
CloudEnable
• Why
the
Cloud
makes
sense
• Building
a
Cloud-‐ready
App
• 24/7,
SLA-‐driven
OperaCons
• Business
ConCnuity
and
DR
• Cloud
Highlights
• Next
Steps
18
ConfidenCal:
©
2011:
CloudEnable
(All
Rights
Reserved)
- 19. CloudEnable s
24/7
SLA-‐driven
OperaCons
1. Pro-active Management
• 24/7 geographically distributed
NOCs
• Integrated App, Infrastructure and
Security mgmt and Help Desk
systems
• BC/DR set up
• MFA and Privilege-based access
• Vulnerability Assessment and
testing
• IAM set up and management
2. Pro-active Monitoring
• Event & Application Logs
• Change Monitoring
• Network interface monitoring
• Host IDS/IPS monitoring
• DB log monitoring
3. Configuration
Management
• Gold Image Patching
• Key-Pair Generation, Retrieval,
Distribution, Rotation, Destruction
• Security policy tracking and
management
19
ConfidenCal:
©
2011:
CloudEnable
(All
Rights
Reserved)
- 20. Agenda
• Who
is
CloudEnable
• Why
the
Cloud
makes
sense
• Building
a
Cloud-‐ready
App
• 24/7,
SLA-‐driven
OperaCons
• Business
ConCnuity
and
DR
• Cloud
Highlights
• Next
Steps
20
ConfidenCal:
©
2011:
CloudEnable
(All
Rights
Reserved)
- 21. Business
ConCnuity
and
DR
• Avoid
single
points
of
failure
• Design
and
test
failure
and
recovery
scenarios
• Define
RTOs
and
RPOs
• Define
and
develop
data
backup
management
• Account
for
security,
encrypCon,
key
rotaCon
and
account
terminaCon
• Deliver
automaCon
where
required
21
ConfidenCal:
©
2011:
CloudEnable
(All
Rights
Reserved)
- 22. Agenda
• Who
is
CloudEnable
• Why
the
Cloud
makes
sense
• Building
a
Cloud-‐ready
App
• 24/7,
SLA-‐driven
OperaCons
• Business
ConCnuity
and
DR
• Cloud
Highlights
• Next
Steps
22
ConfidenCal:
©
2011:
CloudEnable
(All
Rights
Reserved)
- 23. Case
Studies
• A
$2B
India-‐based
conglomerate
• A
$1.5B
ISV
• A
Fortune
100
Auto
company
• A
Financial
Services
Startup
23
ConfidenCal:
©
2011:
CloudEnable
(All
Rights
Reserved)
- 24. Agenda
• Who
is
CloudEnable
• Why
the
Cloud
makes
sense
• Building
a
Cloud-‐ready
App
• 24/7,
SLA-‐driven
OperaCons
• Business
ConCnuity
and
DR
• Cloud
Highlights
• Next
Steps
24
ConfidenCal:
©
2011:
CloudEnable
(All
Rights
Reserved)
- 25. Next
Steps
• University
of
Cloud
• Cloud
Readiness
Assessments
• Cloud
On-‐boarding
• CloudEnable
Management
25
©
2011:
Cambridge
Technology
Enterprises
(All
Rights
Reserved)