Bringing Governance to an Existing Cloud at NASA's JPL (ENT201) | AWS re:Invent 2013


Published on

Amazon Web Services provides JPL a vast array of capabilities to store, process, and analyze mission data. JPLers were early to adopt AWS services to build complex solutions. However, we quickly grew to over 50 AWS accounts, 80 IAM users, and hundreds of resources. A team of engineers inside JPL's Office of the CIO developed a cloud governance model. The true challenge was implementing it on existing deployments. Learn about our model and how we overcame the challenges.

Published in: Technology, Education
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Bringing Governance to an Existing Cloud at NASA's JPL (ENT201) | AWS re:Invent 2013

  1. 1. Bringing Governance to an Existing Cloud at NASA’s Jet Propulsion Laboratory Jonathan Chiang, Matt Derenski – NASA/JPL November 12–15 © 2013 California Institute of Technology. Government sponsorship acknowledged.
  2. 2. Introductions • Jonathan Chiang – IT Chief Engineer • Matthew Derenski – Cyber Security Engineer
  3. 3. Agenda • • • • • • Provide a brief background of JPL Detail why JPL uses AWS Understand JPL use cases for AWS Describe JPL’s early engagement with AWS Review JPL’s implementation of its governance plan Utilizing governance to achieve organizational efficiency • Measuring the value
  4. 4. What is JPL? • We are a Federally Funded Research and Development Center (FFRDC) managed by Caltech • We have 21 spacecraft and 9 instruments conducting active missions • We manage NASA’s Deep Space Network (DSN) • We “dare mighty things”
  5. 5. Why JPL use AWS? • • • • Quick and easy to provision/de-provision Reduce CapEx and large initial investments Pay as you go, only for what you use Automation and reusability
  6. 6. How JPL uses AWS HPC/Data Processing
  7. 7. How JPL Uses AWS Public Outreach Mars Exploration Program Eyes on the Solar System Night Sky Network
  8. 8. How JPL Uses AWS Storage, Backup, and Disaster Recovery Mars Exploration Rovers Station Fires
  9. 9. How JPL Uses AWS Rapid Development Collaboration Enterprise Applications
  10. 10. Early AWS Engagement • Issued 60+ root level AWS accounts to various project teams • Added all accounts to consolidated billing • Associated a single project/task number for chargeback and bill back
  11. 11. The Problem
  12. 12. Key Principles of JPL’s Governance Model Understand your users and their use cases Apply policy and accountability Provide auditing and traceability Leverage an iterative implementation
  13. 13. Account Management Consolidated Billing (No Users or Resources) Consolidated Billing AWS Root – MFA, Managed By IT Sec IAM Accounts Resources MSL Account IAM User 02 MSL Developer IAM User 01 Auditing AMI 1 Hosting Account MER Account IAM User 02 MER Developer AMI 2 AMI 1 IAM User Hosting Provisioning IAM User 01 Auditing AMI 2 +50 More AMI 1 AMI 2
  14. 14. Organizational Efficiency (DevOps) • Automated Configuration Management • Monitoring, Notification, Escalation • Networking and Security Operations Development Dev Ops Operations Quality Assurance
  15. 15. Measure the Value • Calculate the cost of implementing governance along with the cost of cloud resources • Consider the benefits of organizational efficiencies gained by cloud and governance • Compare agility and speed to market vs. adoption of governance
  16. 16. Summary
  17. 17. We are eager to hear your feedback on this presentation and on re:Invent. ENT201 Please fill out an evaluation form when you have a chance.