Proven Methodologies for Accelerating Your Cloud Journey

Transcript

1. © 2018, Amazon Web Services, Inc. or its affiliates. All

   rights reserved.

2. © 2018, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. 2 Proven Methodologies for Accelerating Your Cloud Journey Nicolas David Consultant, AWS WWPS [email protected]

3. 3 AWS Pop-up Loft I Johannesburg Agenda Typical Journey –

   Effectiveness vs Time Challenges and Solutions Sustainability Future Outlook

4. 4 Typical Journey

5. 5 AWS Pop-up Loft I Johannesburg Typical Journey

6. 6 AWS Pop-up Loft I Johannesburg Proof of Concept Stage

7. 7 AWS Pop-up Loft I Johannesburg Cloud Becomes Fully Realized

8. 8 AWS Pop-up Loft I Johannesburg Cloud First

9. 9 AWS Pop-up Loft I Johannesburg Migration at Scale

10. 10 AWS Pop-up Loft I Johannesburg Accelerate the Cloud

11. 11 Challenges and Solutions

12. 12 AWS Pop-up Loft I Johannesburg Challenges and Their Solutions

    Lack of Knowledge and Experience Unknown State of Existing On-Premises Infrastructure No Guardrails Reduced Speed and Accuracy in Deployments Road Blocks from Risk Management

13. 13 AWS Pop-up Loft I Johannesburg Lack of Knowledge and

    Experience Problem: • There is a lot to know and do to be prepared for the cloud. Where do you begin to ensure the journey is successful?

14. 14 AWS Pop-up Loft I Johannesburg Lack of Knowledge and

    Experience Solution: • Executive Development • Create a Cloud Center of Excellence (CCoE) • Staff Education • Develop a Cloud First Strategy • KPIs for Measuring Success

15. 15 AWS Pop-up Loft I Johannesburg Unknown State of Existing

    On-Premises Infrastructure Problem: • There are lots of workloads on-prem. There is probably a lot of information that isn’t known: • Interdependencies between applications • Network throughput • Actual server requirements

16. 16 AWS Pop-up Loft I Johannesburg Unknown State of Existing

    On-Premises Infrastructure Solution: • Assessing the current workloads is important to create an efficient workload migration plan while minimizing costs and identifying risks. • Use tooling to evaluate current environment • Interview application owners • Assign risk levels • Create a full assessment report to share • Develop a migration plan and schedule

17. 17 AWS Pop-up Loft I Johannesburg No Guardrails Problem: •

    Infrastructure is deployed without proper standards, governance, cost consideration and security. Self- service and experimentation can be a challenging proposition.

18. 18 AWS Pop-up Loft I Johannesburg No Guardrails Solution: Create

    a cloud security policy. Inputs include: • Industry compliance requirements • Existing corporate governance requirements • CIS Benchmarks for Cloud Solution: Develop a Landing Zone • Account strategy • Design in foundational components • Tagging standards • Reference architectures • Shared services • Configuration management

19. 19 AWS Pop-up Loft I Johannesburg Reduced Speed and Accuracy

    in Deployments Problem: • With 100’s or possibly 1000’s of workloads to deploy, many experience frustration related to deployment times and rework required to fix the deployment.

20. 20 AWS Pop-up Loft I Johannesburg Reduced Speed and Accuracy

    in Deployments Solution: • Build a deployment pipeline. Source: https://aws.amazon.com/blogs/devops/aws-service-catalog-sync-code/

21. 21 AWS Pop-up Loft I Johannesburg Road Blocks from Risk

    Management Problem: • As more deployments are taking place, Risk Management is becoming concerning and may stop the migration.

22. 22 AWS Pop-up Loft I Johannesburg Road Blocks from Risk

    Management Solution: • Educate and ensure the group is cloud-ready. Include the group with all the design phases of the prior items. Provide access to the platform: • AWS Config • CloudTrail • Log access • IAM Roles and Federation

23. 23 Sustainability

24. 24 AWS Pop-up Loft I Johannesburg You got to the

    AWS cloud… Now what? Day 2 –Transforming to Cloud Native

25. 25 AWS Pop-up Loft I Johannesburg “When a resource becomes

    essential to competition but inconsequential to strategy, the risks it creates become more important than the advantages it provides.” - Nicholas Carr IT Doesn’t Matter…

26. 26 AWS Pop-up Loft I Johannesburg Minimize the challenges of

    shipping, rapidly iterating, and securing software applications.

27. 27 AWS Pop-up Loft I Johannesburg The Journey to Immutable

    Infrastructure

28. 28 AWS Pop-up Loft I Johannesburg The Journey to Immutable

    Infrastructure

29. 29 AWS Pop-up Loft I Johannesburg VMs… Containers… Functions

30. 30 AWS Pop-up Loft I Johannesburg Trading In Your Complexity…

31. 31 AWS Pop-up Loft I Johannesburg What kind of capabilities

    are we talking about?

32. 32 AWS Pop-up Loft I Johannesburg Even Further Down The

    Road…

33. 33 Bringing it together

34. © 2018, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Common Customer Scenario Customer Layout: Customer has CloudTrail Logs and email alerting, but lacks operational expertise and/or bandwidth to analyze and respond to events Customer Challenge: Too many data streams, no way to keep an eye on all of them Solution: Centralized log visualization and analysis platform

35. © 2018, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. What is GuardDuty? • GuardDuty analyzes logs for threat signatures • Can send alerts via SNS when a threat is detected

36. © 2018, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. GuardDuty Alert Notification

37. © 2018, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. GuardDuty Visualized EC2 instance i-0bf6a7c59f is querying a domain name that is associated with Bitcoin- related activity. i-0bf6a7c59f

38. © 2018, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. GuardDuty Visualized • GuardDuty findings are surfaced in a single dashboard • Event severity and type is organized to allow quick threat assessment • Excellent AWS Quick Start Template available called “Visualizing Amazon GuardDuty Findings”

39. © 2018, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Who remediated this?

40. © 2018, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. GuardDuty Proactive • GuardDuty finding triggered a CloudWatch Event • CloudWatch Event targeted a Lambda function that replaced the offending server with a new instance • Advanced options include server quarantine, ticket creation for follow-up investigation, etc.

41. © 2018, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Customer Scenario Customer Layout: Customer is running a public-facing website on AWS Customer has Amazon CloudWatch and Amazon VPC Flow Logs, but lacks operational expertise and/or bandwidth to analyze and respond to events Customer Challenge: Too many data streams, no way to keep an eye on all of them Solution: Centralized log visualization and analysis platform

42. © 2018, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Review Visualization Dashboard • Notice high outbound packet communication with a single public IP • Notice billing alert from autoscaling web pool • Determine that this warrants immediate intervention

43. © 2018, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Auto-Remediation AWS Lambda-triggered remediation • Quarantines old instance for analysis • Removes instance from ELB, removes ingress/egress SG records, flags for security follow-up • Redirects to maintenance page • Adds maintenance page to ELB • Deploy replacement instance • Triggers automation pipeline to create new AMI, add to ELB

44. © 2018, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. SUMMIT Cape Town, 11 July 2019, CTICC

45. © 2018, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Register for free:

46. 46 AWS Pop-up Loft I Johannesburg Please complete the session

    survey!

47. 47 Thank you ! Nicolas David Consultant, AWS WWPS [email protected]