Explore the business case and technology for deploying a CMS in the cloud, using Magnolia CMS on AWS as our case study. Discover how Amazon Web Services infrastructure can save costs and improve the visitor experience. Learn how to optimize the AWS environment for your business and how to make this CMS work seamlessly with AWS through integration. We will also cover technical areas such as deployment automation, auto-healing and auto-scaling of Magnolia on AWS for high-availability, high-traffic infrastructure. While focused on Magnolia, many lessons can be applied to other enterprise-level CMS deployments.

1. i n f o @ p r i o c e p t . c o m | p r i o c e p t . c o m | + 4 4 ( 0 ) 2 0 7 4 2 2 0 0 6 0 C o p y r i g h t © P r i o c e p t L t d . 2 0 1 7
Webinar: How to get the most out of your
CMS deployment on Amazon Web
ServicesMarch 2018

2. i n f o @ p r i o c e p t . c o m | p r i o c e p t . c o m | + 4 4 ( 0 ) 2 0 7 4 2 2 0 0 6 0 C o p y r i g h t © P r i o c e p t L t d . 2 0 1 7
Presenters
Bill Beardslee
Magnolia
General Manager,
Americas
Abhay Kumar
Priocept
CMS Consultant
Ruchika Abbi
Amazon Web Services
Cloud Consultant
Dan Norris-Jones
Priocept
Technical Consultant
PRESENTER PRESENTER

3. i n f o @ p r i o c e p t . c o m | p r i o c e p t . c o m | + 4 4 ( 0 ) 2 0 7 4 2 2 0 0 6 0 C o p y r i g h t © P r i o c e p t L t d . 2 0 1 7
Magnolia on Amazon Web Services
Topics covered:
Part I
Business Benefits of running on AWS (Ruchika)
Part II
Technical guidelines for running Magnolia on AWS
(Abhay)

4. i n f o @ p r i o c e p t . c o m | p r i o c e p t . c o m | + 4 4 ( 0 ) 2 0 7 4 2 2 0 0 6 0 C o p y r i g h t © P r i o c e p t L t d . 2 0 1 7
Priocept
Priocept is the leading Magnolia consultancy in the UK
Priocept’s clients include global Fortune 500 companies in
the US and Europe
Priocept are an AWS Consultancy Partner
For more information see:
http://priocept.com

5. i n f o @ p r i o c e p t . c o m | p r i o c e p t . c o m | + 4 4 ( 0 ) 2 0 7 4 2 2 0 0 6 0 C o p y r i g h t © P r i o c e p t L t d . 2 0 1 7
Introduction to AWS

6. The new normal

7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.7
Responding to the shift in technology requires a new model
FOCUS
on differentiating
your company.
at start-up like
speed.
INNOVATE
under your terms.
MIGRATE
risk.
REDUCE

8. Reduce time-consuming, expensive tasks
Rethink your approach to technology
investments, reducing complexity and cost
Stop guessing at capacity planning
Remove complicated infrastructure
management that adds little business value
Optimize the life of your existing IT
investments
GE Oil & Gas is migrating
500 applications, and
more than 750TB of data,
to the cloud by the end of
2016 as part of a major
digital transformation,
helping it attain a 52%
reduction in TCO and
greater speed to market.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.8

9. Flexible hybrid architecture options
Fully Featured
Compute
Resource &
Deployment
Management
Common Controls
for Security &
Access
Integrated
Networking
Data Integration &
Life Cycle
Management
Your
Datacenter
Amazon Web
Services
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.9

10. AWS Global Infrastructure
18 Regions – 53 Availability Zones – 102 Edge Locations

11. Freedom to build, unfettered
Most robust, fully featured technology infrastructure platform
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.11
TECHNICAL & BUSINESS SUPPORT
MARKETPLACE
HYBRID
ARCHITECTURE
MOBILE
SERVICES
DEV/OPS IoT AI ENTERPRISE
APPS
MIGRATIONANALYTICS
INFRASTRUCTURE CORE SERVICES SECURITY & COMPLIANCE
APP SERVICES
MANAGEMENT TOOLS

12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.12
Integrated Networking
Rules Engine
Device Shadows
Device SDKs
Device Gateway
Registry
Local Compute
Machine Learning
Conversational Interface
Virtual Desktops
App Streaming
Schema
Conversion
Image Recognition
Sharing &
Collaboration
Exabyte-Scale
Data Migration
Text to Speech Corporate Email
Application
Migration
Database
Migration
Regions
Availability Zones
Points of
Presence
Data Warehousing
Business Intelligence
Elasticsearch
Hadoop/Spark
Data Pipelines
Streaming Data
Collection
ETL
Streaming Data
Analysis
Interactive SQL
Queries
Queuing & Notifications
Workflow
Email
Transcoding
Deep Learning
Frameworks
Server
Migration
Communications
Business Apps
Business
Intelligence
DevOps Tools Security Networking StorageDatabases
API Gateway
Single Integrated
Console
Identity
Sync
Mobile Analytics
Mobile App
Testing
Targeted Push
Notifications
One-click App
Deployment
DevOps Resource
Management
Application Lifecycle
Management
Containers
Triggers
Resource Templates
Build and Test
Analyze and Debug
Compute
VMs, Auto-
scaling, Load
Balancing,
Containers,
Virtual Private
Servers, Batch
Computing, Cloud
Functions, Elastic
GPUs, Edge
Computing
Storage
Object, Blocks,
File, Archivals,
Import/Export,
Exabyte-scale data
transfer
CDN
Databases
Relational,
NoSQL,
Caching,
Migration,
PostgreSQL
compatible
Networking
VPC, DX, DNS
Identity
Management
Key Management
& Storage
Monitoring
& Logs
Configuration
Compliance
Web Application
Firewall
Assessment
& Reporting
Resource &
Usage Auditing
Access Control
Account
Grouping
DDOS Protection
Support Professional
Services
Optimization
Guidance
Partner
Ecosystem
Training &
Certification Solutions Management
Account
Management
Security & Billing Reports
Personalized
Dashboard
TECHNICAL & BUSINESS SUPPORT
MARKETPLACE
Monitoring
Manage
Resources
Data Integration
Integrated Identity &
Access
Integrated Resource &
Deployment Management
Integrated Devices
& Edge Systems
Resource
Templates
Configuration
Tracking
Server
Management
Service
Catalogue
Search
HYBRID ARCHITECTUREANALYTICS MOBILE SERVICESDEV/OPS IoT AI ENTERPRISE APPS MIGRATION
APP SERVICES
INFRASTRUCTURE CORE SERVICES SECURITY & COMPLIANCE MANAGEMENT TOOLS
The AWS Platform

13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.13
Portfolio Discovery &
Planning
Application
Design
Migration &
Validation
Operate
Migration
Preparation &
Business
Case
Continually
optimize
There is a
migration
process.

14. Move fast. Stay secure.OR

15. Move fast. Stay secure.AND

16. Strengthen your security posture
” In the last four years as we
transitioned to the cloud, I have
come to realize that as a relatively
small organization, we can be far
more secure in the cloud and
achieve a higher level of
assurance at a much lower cost,
in terms of effort and dollars
invested. We determined that
security in AWS is superior to our
on-premises data center across
several dimensions, including
patching, encryption, auditing and
logging, entitlements, and
compliance.
John Brady
FINRA CISO
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.16
Security infrastructure built to satisfy military,
global banks, and other high-sensitivity
organizations
Leverage security enhancements from 1M+
customer experiences
Benefit from AWS industry leading security
teams 24/7, 365 days a year
Over 50 global compliance certifications and
accreditations

17. Virtual Private Cloud
Isolated cloud resources
Web Application
Firewall
Filter Malicious Web Traffic
Shield
DDoS protection
Certificate Manager
Provision, manage, and
deploy SSL/TSL certificates
Networking
Key Management
Service
Manage creation and
control of encryption keys
CloudHSM
Hardware-based key storage
Server-Side Encryption
Flexible data encryption
options
Encryption
IAM
Manage user access and
encryption keys
SAML Federation
SAML 2.0 support to allow
on-prem identity
integration
Directory Service
Host and manage Microsoft
Active Directory
Organizations
Manage settings for
multiple accounts
Identity &
Management
Service Catalog
Create and use standardized
products
Config
Track resource inventory
and changes
CloudTrail
Track user activity and API
usage
CloudWatch
Monitor resources and
applications
Inspector
Analyze application security
Compliance
Access a deep set of cloud security tools
Macie
Discover, Classify & Protect
data

18. AWS & compliance standards
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.18
Certifications & Attestations Laws, Regulations and Privacy Alignments & Frameworks
Cloud Computing Compliance Controls
Catalogue (C5)
DE 🇩🇪 CISPE EU 🇪🇺 CIS (Center for Internet Security) 🌐
Cyber Essentials Plus UK 🇬🇧 EU Model Clauses EU 🇪🇺 CJIS (US FBI) US 🇺🇸
DoD SRG US 🇺🇸 FERPA US 🇺🇸 CSA (Cloud Security Alliance) 🌐
FedRAMP US 🇺🇸 GLBA US 🇺🇸 Esquema Nacional de Seguridad ES 🇪🇸
FIPS US 🇺🇸 HIPAA US 🇺🇸 EU-US Privacy Shield EU 🇪🇺
IRAP AU 🇦🇺 HITECH 🌐 FISC JP 🇯🇵
ISO 9001 🌐 IRS 1075 US 🇺🇸 FISMA US 🇺🇸
ISO 27001 🌐 ITAR US 🇺🇸 G-Cloud UK 🇬🇧
ISO 27017 🌐 My Number Act JP 🇯🇵 GxP (US FDA CFR 21 Part 11) US 🇺🇸
ISO 27018 🌐 Data Protection Act – 1988 UK 🇬🇧 ICREA 🌐
MLPS Level 3 CN 🇨🇳 VPAT / Section 508 US 🇺🇸 IT Grundschutz DE 🇩🇪
MTCS SG 🇸🇬 Data Protection Directive EU 🇪🇺 MITA 3.0 (US Medicaid) US 🇺🇸
PCI DSS Level 1 💳 Privacy Act [Australia] AU 🇦🇺 MPAA US 🇺🇸
SEC Rule 17-a-4(f) US 🇺🇸 Privacy Act [New Zealand] NZ 🇳🇿 NIST US 🇺🇸
SOC 1, SOC 2, SOC 3 🌐 PDPA - 2010 [Malaysia] MY 🇲🇾 Uptime Institute Tiers 🌐
PDPA - 2012 [Singapore] SG 🇸🇬 Cloud Security Principles UK 🇬🇧
PIPEDA [Canada] CA 🇨🇦
🌐 = industry or global standard Agencia Española de Protección de
Datos
ES 🇪🇸

19. Shared responsibility model
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.19
Compute
Responsible for security
OF the cloud
Customer
Responsible for security
IN the cloud
• Customer Data
• Platform, Applications, Identity & Access Management
• Operating System, Network & Firewall Configuration
• Client-side Data Encryption & Data Integrity Authentication
• Server-side Encryption (File System and/or Data)
• Network Traffic Protection (Encryption, Integrity, and/or Identity)
• Compute
• Storage
• Database
• Networking
• AWS Global Infrastructure
• Regions
• Availability Zones
• Edge Locations

20. i n f o @ p r i o c e p t . c o m | p r i o c e p t . c o m | + 4 4 ( 0 ) 2 0 7 4 2 2 0 0 6 0 C o p y r i g h t © P r i o c e p t L t d . 2 0 1 7
Magnolia on AWS

21. i n f o @ p r i o c e p t . c o m | p r i o c e p t . c o m | + 4 4 ( 0 ) 2 0 7 4 2 2 0 0 6 0 C o p y r i g h t © P r i o c e p t L t d . 2 0 1 7
Magnolia on AWS
Magnolia is a cloud-friendly platform
that works well with AWS
The diagram on the right shows a
typical Magnolia implementation on
AWS, deployed in a single region
Diagram shows a single region
deployment, with a VPC containing
private and public subnets

22. i n f o @ p r i o c e p t . c o m | p r i o c e p t . c o m | + 4 4 ( 0 ) 2 0 7 4 2 2 0 0 6 0 C o p y r i g h t © P r i o c e p t L t d . 2 0 1 7
Auto-Scaling Groups
To configure auto-scaling EC2 instances in AWS create
an Auto-Scaling Group
Auto-Scaling Groups fulfil three requirements:
Auto-scaling
Auto-healing (with or without auto-scaling)
Zero downtime (“rolling”) updates

23. i n f o @ p r i o c e p t . c o m | p r i o c e p t . c o m | + 4 4 ( 0 ) 2 0 7 4 2 2 0 0 6 0 C o p y r i g h t © P r i o c e p t L t d . 2 0 1 7
Fixed Infrastructure
Fixed infrastructure means:
Paying for spare, mostly
unused capacity
No flexibility to scale up or
down
Scaling physical servers is
a cumbersome IT process

24. i n f o @ p r i o c e p t . c o m | p r i o c e p t . c o m | + 4 4 ( 0 ) 2 0 7 4 2 2 0 0 6 0 C o p y r i g h t © P r i o c e p t L t d . 2 0 1 7
Auto-Scaling Infrastructure
Auto-scaling is dynamically
scaling infrastructure to
cope with demand
There is slight over
capacity, but this is
minimized

25. i n f o @ p r i o c e p t . c o m | p r i o c e p t . c o m | + 4 4 ( 0 ) 2 0 7 4 2 2 0 0 6 0 C o p y r i g h t © P r i o c e p t L t d . 2 0 1 7
Common CMS Architecture
Central database
Items “published” by
updating a row in the
database
Content editing can slow
down the functioning of the
public website
Single point of failure

26. i n f o @ p r i o c e p t . c o m | p r i o c e p t . c o m | + 4 4 ( 0 ) 2 0 7 4 2 2 0 0 6 0 C o p y r i g h t © P r i o c e p t L t d . 2 0 1 7
Magnolia Architecture
Separate databases
Transactional Publication
Content pushed to separate databases
on the public instances
No database contention between Author
and Public
Becomes a problem on cloud-based,
auto-scaling infrastructure

27. i n f o @ p r i o c e p t . c o m | p r i o c e p t . c o m | + 4 4 ( 0 ) 2 0 7 4 2 2 0 0 6 0 C o p y r i g h t © P r i o c e p t L t d . 2 0 1 7
Magnolia Activation and Auto-Scaling
In this example, an auto-scaling event
created Public Web Server 3
Public Web Server 3’s content is not
yet synchronized
Content must be published before
traffic is sent to Public Web Server 3

28. i n f o @ p r i o c e p t . c o m | p r i o c e p t . c o m | + 4 4 ( 0 ) 2 0 7 4 2 2 0 0 6 0 C o p y r i g h t © P r i o c e p t L t d . 2 0 1 7
Magnolia on AWS
To configure a fully automated scaling process for Magnolia the following AWS services are
required:
EC2 RDS Lambda S3
Elastic
Compute
Service
Relation
al
Databas
e Service
Serverless
Computing
Platform
Simple
Storage
Service

29. i n f o @ p r i o c e p t . c o m | p r i o c e p t . c o m | + 4 4 ( 0 ) 2 0 7 4 2 2 0 0 6 0 C o p y r i g h t © P r i o c e p t L t d . 2 0 1 7
Subscriber Synchronisation
This solution ensures Public servers are
brought into the load only when they
have the latest content
This achieved by orchestrating events
between Magnolia and AWS.

30. i n f o @ p r i o c e p t . c o m | p r i o c e p t . c o m | + 4 4 ( 0 ) 2 0 7 4 2 2 0 0 6 0 C o p y r i g h t © P r i o c e p t L t d . 2 0 1 7
Web Server Creation
EC2 instances are launched by the Auto-Scaling
Group based on a specified AMI
Ansible is used to install and configure servers
Magnolia application is deployed as a WAR file
(stored in an S3 bucket)
Auto Scaling Group rolling updates are used to
perform sequential deployments

31. i n f o @ p r i o c e p t . c o m | p r i o c e p t . c o m | + 4 4 ( 0 ) 2 0 7 4 2 2 0 0 6 0 C o p y r i g h t © P r i o c e p t L t d . 2 0 1 7
Magnolia Publication Key Exchange
A public key is required to authorise publication
from the author to public instances
The key is saved in S3 on creation of the
Author server and retrieved by the Public
servers as part of their initialisation process.

32. i n f o @ p r i o c e p t . c o m | p r i o c e p t . c o m | + 4 4 ( 0 ) 2 0 7 4 2 2 0 0 6 0 C o p y r i g h t © P r i o c e p t L t d . 2 0 1 7
Other Considerations

33. i n f o @ p r i o c e p t . c o m | p r i o c e p t . c o m | + 4 4 ( 0 ) 2 0 7 4 2 2 0 0 6 0 C o p y r i g h t © P r i o c e p t L t d . 2 0 1 7
Containerization
Docker ECS

34. i n f o @ p r i o c e p t . c o m | p r i o c e p t . c o m | + 4 4 ( 0 ) 2 0 7 4 2 2 0 0 6 0 C o p y r i g h t © P r i o c e p t L t d . 2 0 1 7
Magnolia on AWS Beanstalk
AWS Elastic Beanstalk automates infrastructure creation
It is useful for smaller Magnolia implementations or for
demonstration purposes, but is not recommended for large-
scale Magnolia deployments

35. i n f o @ p r i o c e p t . c o m | p r i o c e p t . c o m | + 4 4 ( 0 ) 2 0 7 4 2 2 0 0 6 0 C o p y r i g h t © P r i o c e p t L t d . 2 0 1 7
Magnolia - Services Incubator
For enterprise clients, the “Services Incubator” includes modules to solve
some of the challenges of running Magnolia on AWS:
Publication freeze
Subscription management tools
Extended synchronisation tools
Improved health check
Auto-license module

36. i n f o @ p r i o c e p t . c o m | p r i o c e p t . c o m | + 4 4 ( 0 ) 2 0 7 4 2 2 0 0 6 0 C o p y r i g h t © P r i o c e p t L t d . 2 0 1 7
Summary
Magnolia is an inherently cloud-friendly platform that works well on Amazon Web Services
Special configuration is required to achieve a fully elastic solution
For more information please get in touch

37. i n f o @ p r i o c e p t . c o m | p r i o c e p t . c o m | + 4 4 ( 0 ) 2 0 7 4 2 2 0 0 6 0 C o p y r i g h t © P r i o c e p t L t d . 2 0 1 7
Contact
Ruchika Abbi
Solutions Architect
Amazon Web Services (AWS)
ruchikaa@amazon.com
+1 (703)-470-6213
Abhay Kumar
CMS Consultant
Priocept
abhay.kumar@priocept.com
+44 (0)20 7422 0060

38. i n f o @ p r i o c e p t . c o m | p r i o c e p t . c o m | + 4 4 ( 0 ) 2 0 7 4 2 2 0 0 6 0 C o p y r i g h t © P r i o c e p t L t d . 2 0 1 7
Q&A

39. i n f o @ p r i o c e p t . c o m | p r i o c e p t . c o m | + 4 4 ( 0 ) 2 0 7 4 2 2 0 0 6 0 C o p y r i g h t © P r i o c e p t L t d . 2 0 1 7
Thanks for listening