Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Proven Methodologies for Accelerating Your Clou...

Proven Methodologies for Accelerating Your Cloud Journey

Nicolas DAVID

March 07, 2019
Tweet

More Decks by Nicolas DAVID

Other Decks in Technology

Transcript

  1. © 2018, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. 2 Proven Methodologies for Accelerating Your Cloud Journey Nicolas David Consultant, AWS WWPS [email protected]
  2. 3 AWS Pop-up Loft I Johannesburg Agenda Typical Journey –

    Effectiveness vs Time Challenges and Solutions Sustainability Future Outlook
  3. 12 AWS Pop-up Loft I Johannesburg Challenges and Their Solutions

    Lack of Knowledge and Experience Unknown State of Existing On-Premises Infrastructure No Guardrails Reduced Speed and Accuracy in Deployments Road Blocks from Risk Management
  4. 13 AWS Pop-up Loft I Johannesburg Lack of Knowledge and

    Experience Problem: • There is a lot to know and do to be prepared for the cloud. Where do you begin to ensure the journey is successful?
  5. 14 AWS Pop-up Loft I Johannesburg Lack of Knowledge and

    Experience Solution: • Executive Development • Create a Cloud Center of Excellence (CCoE) • Staff Education • Develop a Cloud First Strategy • KPIs for Measuring Success
  6. 15 AWS Pop-up Loft I Johannesburg Unknown State of Existing

    On-Premises Infrastructure Problem: • There are lots of workloads on-prem. There is probably a lot of information that isn’t known: • Interdependencies between applications • Network throughput • Actual server requirements
  7. 16 AWS Pop-up Loft I Johannesburg Unknown State of Existing

    On-Premises Infrastructure Solution: • Assessing the current workloads is important to create an efficient workload migration plan while minimizing costs and identifying risks. • Use tooling to evaluate current environment • Interview application owners • Assign risk levels • Create a full assessment report to share • Develop a migration plan and schedule
  8. 17 AWS Pop-up Loft I Johannesburg No Guardrails Problem: •

    Infrastructure is deployed without proper standards, governance, cost consideration and security. Self- service and experimentation can be a challenging proposition.
  9. 18 AWS Pop-up Loft I Johannesburg No Guardrails Solution: Create

    a cloud security policy. Inputs include: • Industry compliance requirements • Existing corporate governance requirements • CIS Benchmarks for Cloud Solution: Develop a Landing Zone • Account strategy • Design in foundational components • Tagging standards • Reference architectures • Shared services • Configuration management
  10. 19 AWS Pop-up Loft I Johannesburg Reduced Speed and Accuracy

    in Deployments Problem: • With 100’s or possibly 1000’s of workloads to deploy, many experience frustration related to deployment times and rework required to fix the deployment.
  11. 20 AWS Pop-up Loft I Johannesburg Reduced Speed and Accuracy

    in Deployments Solution: • Build a deployment pipeline. Source: https://aws.amazon.com/blogs/devops/aws-service-catalog-sync-code/
  12. 21 AWS Pop-up Loft I Johannesburg Road Blocks from Risk

    Management Problem: • As more deployments are taking place, Risk Management is becoming concerning and may stop the migration.
  13. 22 AWS Pop-up Loft I Johannesburg Road Blocks from Risk

    Management Solution: • Educate and ensure the group is cloud-ready. Include the group with all the design phases of the prior items. Provide access to the platform: • AWS Config • CloudTrail • Log access • IAM Roles and Federation
  14. 24 AWS Pop-up Loft I Johannesburg You got to the

    AWS cloud… Now what? Day 2 –Transforming to Cloud Native
  15. 25 AWS Pop-up Loft I Johannesburg “When a resource becomes

    essential to competition but inconsequential to strategy, the risks it creates become more important than the advantages it provides.” - Nicholas Carr IT Doesn’t Matter…
  16. 26 AWS Pop-up Loft I Johannesburg Minimize the challenges of

    shipping, rapidly iterating, and securing software applications.
  17. © 2018, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Common Customer Scenario Customer Layout: Customer has CloudTrail Logs and email alerting, but lacks operational expertise and/or bandwidth to analyze and respond to events Customer Challenge: Too many data streams, no way to keep an eye on all of them Solution: Centralized log visualization and analysis platform
  18. © 2018, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. What is GuardDuty? • GuardDuty analyzes logs for threat signatures • Can send alerts via SNS when a threat is detected
  19. © 2018, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. GuardDuty Alert Notification
  20. © 2018, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. GuardDuty Visualized EC2 instance i-0bf6a7c59f is querying a domain name that is associated with Bitcoin- related activity. i-0bf6a7c59f
  21. © 2018, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. GuardDuty Visualized • GuardDuty findings are surfaced in a single dashboard • Event severity and type is organized to allow quick threat assessment • Excellent AWS Quick Start Template available called “Visualizing Amazon GuardDuty Findings”
  22. © 2018, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Who remediated this?
  23. © 2018, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. GuardDuty Proactive • GuardDuty finding triggered a CloudWatch Event • CloudWatch Event targeted a Lambda function that replaced the offending server with a new instance • Advanced options include server quarantine, ticket creation for follow-up investigation, etc.
  24. © 2018, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Customer Scenario Customer Layout: Customer is running a public-facing website on AWS Customer has Amazon CloudWatch and Amazon VPC Flow Logs, but lacks operational expertise and/or bandwidth to analyze and respond to events Customer Challenge: Too many data streams, no way to keep an eye on all of them Solution: Centralized log visualization and analysis platform
  25. © 2018, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Review Visualization Dashboard • Notice high outbound packet communication with a single public IP • Notice billing alert from autoscaling web pool • Determine that this warrants immediate intervention
  26. © 2018, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Auto-Remediation AWS Lambda-triggered remediation • Quarantines old instance for analysis • Removes instance from ELB, removes ingress/egress SG records, flags for security follow-up • Redirects to maintenance page • Adds maintenance page to ELB • Deploy replacement instance • Triggers automation pipeline to create new AMI, add to ELB
  27. © 2018, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. SUMMIT Cape Town, 11 July 2019, CTICC
  28. © 2018, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Register for free: