Deploy Securely with Acquia & Amazon Web Services Tom Stickle [email_address]
Online Retail at Scale
Amazon Web Services <ul><li>Operate at Arbitratry Scale </li></ul><ul><li>Self-Service Capacity </li></ul><ul><li>Warehous...
High Availability Flood Plain A Network Provider B Power Utility C Flood Plain X Network Provider Y Power Utility Z www.my...
Cloud Platform Philosophy Virtualization Virtualization Root OS Application Infrastructure Generic Application Storage As ...
Acquia Hosting <ul><li>Smart Routing Layer </li></ul><ul><li>High performance cache & routing / load balancing & failover ...
AWS Federal Customers
Physical Security <ul><li>We’ve been building large-scale data centers for many years. </li></ul><ul><li>Important attribu...
SAS70 Type II <ul><li>Continuously audited control framework to provide customers with third-party assurance </li></ul><ul...
Amazon EC2 Instance Isolation Physical Interfaces Customer 1 Hypervisor Customer 2 Customer n … … Virtual Interfaces Firew...
Multi-tier Security Architecture  Web Tier Application Tier Database Tier EBS Volume Ports 80 and 443 only open to the Int...
Customer’s Network Amazon Web Services Cloud Secure VPN Connection over the Internet Subnets Customer’s isolated AWS resou...
Opt-in Multi-Factor Access <ul><li>Purchase device ($12.99) </li></ul><ul><li>Enable AWS MFA </li></ul><ul><li>Use AWS MFA...
AWS Security Whitepaper <ul><li>Available to the public in white paper form </li></ul><ul><li>Current version is Aug 2010 ...
Upcoming SlideShare
Loading in …5
×

Tom Stickle from Amazon presents - Deploy Securely with Acquia & Amazon Web Services

2,939 views
2,877 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,939
On SlideShare
0
From Embeds
0
Number of Embeds
1,707
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Tom Stickle from Amazon presents - Deploy Securely with Acquia & Amazon Web Services

  1. 1. Deploy Securely with Acquia & Amazon Web Services Tom Stickle [email_address]
  2. 2. Online Retail at Scale
  3. 3. Amazon Web Services <ul><li>Operate at Arbitratry Scale </li></ul><ul><li>Self-Service Capacity </li></ul><ul><li>Warehouse Scale Services </li></ul><ul><li>DataCenter Economics </li></ul><ul><li>Elasticity </li></ul><ul><li>Auto-Scaling </li></ul><ul><li>Pay for What you Use </li></ul>Amazon Simple Queue Service Amazon Elastic Load Balancer Amazon Simple Storage Service Self Service API Self Service API Self Service API Self Service API Self Service API Services At Scale
  4. 4. High Availability Flood Plain A Network Provider B Power Utility C Flood Plain X Network Provider Y Power Utility Z www.myAgency.gov Elastic Load Balancer API API API
  5. 5. Cloud Platform Philosophy Virtualization Virtualization Root OS Application Infrastructure Generic Application Storage As A Service Database As A Service Queuing As A Service Root OS Application Infrastructure Specific Application Storage As A Service Database As A Service Queuing As A Service Infrastructure As A Service Platform As A Service Customer Controlled Customer Controlled
  6. 6. Acquia Hosting <ul><li>Smart Routing Layer </li></ul><ul><li>High performance cache & routing / load balancing & failover </li></ul><ul><li>Drupal Engine Layer </li></ul><ul><li>LAMP stack components are dynamically scaled & optimized for Drupal performance </li></ul><ul><li>Cloud Services Layer </li></ul><ul><li>Back-end resources designed to improve scalability, performance and reliability of Drupal applications </li></ul>
  7. 7.
  8. 8. AWS Federal Customers
  9. 9. Physical Security <ul><li>We’ve been building large-scale data centers for many years. </li></ul><ul><li>Important attributes and features: </li></ul><ul><ul><li>Non-descript facilities </li></ul></ul><ul><ul><li>Military-grade perimeter control berms </li></ul></ul><ul><ul><li>Strictly controlled physical access (perimeter and building) </li></ul></ul><ul><ul><li>3 or more levels of two-factor authentication </li></ul></ul><ul><li>Controlled, need-based access for Amazon and AWS employees. </li></ul><ul><li>All physical and electronic access is logged. </li></ul>
  10. 10. SAS70 Type II <ul><li>Continuously audited control framework to provide customers with third-party assurance </li></ul><ul><li>ISO 27001 Control Framework </li></ul><ul><li>Covers access (security), change management, and operations of EC2 & S3 </li></ul><ul><li>Recurring audit by Ernst & Young </li></ul>
  11. 11. Amazon EC2 Instance Isolation Physical Interfaces Customer 1 Hypervisor Customer 2 Customer n … … Virtual Interfaces Firewall Customer 1 Security Groups Customer 2 Security Groups Customer n Security Groups
  12. 12. Multi-tier Security Architecture Web Tier Application Tier Database Tier EBS Volume Ports 80 and 443 only open to the Internet Engineering staff have ssh access to the App Tier, which acts as Bastion Authorized 3 rd parties can be granted ssh access to select AWS resources, such as the Database Tier Amazon EC2 Security Group Firewall
  13. 13. Customer’s Network Amazon Web Services Cloud Secure VPN Connection over the Internet Subnets Customer’s isolated AWS resources Router VPN Gateway Amazon Virtual Private Cloud
  14. 14. Opt-in Multi-Factor Access <ul><li>Purchase device ($12.99) </li></ul><ul><li>Enable AWS MFA </li></ul><ul><li>Use AWS MFA </li></ul><ul><ul><li>Sign in to AWS using your password and authentication code </li></ul></ul><ul><ul><li>Device issues a random, single-use six digit code every 60 seconds </li></ul></ul>+
  15. 15. AWS Security Whitepaper <ul><li>Available to the public in white paper form </li></ul><ul><li>Current version is Aug 2010 </li></ul><ul><li>Updated quarterly </li></ul><ul><li>Feedback is welcome </li></ul><ul><li>http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf </li></ul>

×