Learn How Trend Micro Used AWS to
Build their Enterprise Security Offering
(Deep Security as a Service)
Mark Nunnikhoven, ...
"The following story is fictional and does
not depict any actual person or event"

Friday, November 15, 13
"The following story is completely real and
depicts actual people & events"
* Only the names have been changes to protect ...
The stage

Friday, November 15, 13
What is Deep Security?

Centralized security control management

Friday, November 15, 13
What is Deep Security?

Centralized security control management
Manager

Friday, November 15, 13
What is Deep Security?

Centralized security control management
Manager

Friday, November 15, 13

Agent
What could be...

Friday, November 15, 13
What could be...
•

Friday, November 15, 13

For the cloud
What could be...

For the cloud
• In the cloud
•

Friday, November 15, 13
What was

Determine what an
appropriate visual here would
be (old style for contrast?)

Friday, November 15, 13
What was
•

Determine what an
appropriate visual here would
be (old style for contrast?)

Friday, November 15, 13

For the...
What was

For the data center
• In the data center
•

Determine what an
appropriate visual here would
be (old style for co...
The story so far...

Friday, November 15, 13
Deep Security—The Early Years

Security for servers and virtual machines

Friday, November 15, 13
Deep Security—The Early Years

Security for servers and virtual machines
Product focus

•

Enterprise only

•

Tight integ...
Deep Security—The Middle Years

Security for servers and virtual machines

Friday, November 15, 13
Deep Security—The Middle Years

Security for servers and virtual machines
Big changes

•

Acquired by Trend Micro in 2009
...
Deep Security—Now

Friday, November 15, 13
Deep Security—Now

Product changes

•

Protection regardless of location

•

“Single pane of glass”

•

Smart, simple, sec...
Deep Security—Now

Security for servers, virtual machines
Product changes

•

Protection regardless of location

•

“Singl...
Deep Security—Now

Security for servers, virtual machines, & the cloud
Product changes

•

Protection regardless of locati...
The Decision

Time to offer Deep Security as a service

Friday, November 15, 13
Why a Service?

Security for servers, virtual machines

Friday, November 15, 13
Why a Service?

Security for servers, virtual machines
Drivers

•

Face the same challenges as our clients

Friday, Novemb...
Why a Service?

Security for servers, virtual machines
Drivers

•

Face the same challenges as our clients

•

Work direct...
Why a Service?

Security for servers, virtual machines
Drivers

•

Face the same challenges as our clients

•

Work direct...
The players

Friday, November 15, 13
Internal Teams

Friday, November 15, 13
Internal Teams

The Service Team
Executive sponsor
Key R&D product team
members
DevOps*

Friday, November 15, 13
Internal Teams

The Service Team
Executive sponsor
Key R&D product team
members
DevOps*

Friday, November 15, 13
Internal Teams

The Service Team
Executive sponsor
Key R&D product team
members
DevOps*

People to win over
Executives
Inf...
Internal Teams

The Service Team
Executive sponsor
Key R&D product team
members
DevOps*

vs

People to win over
Executives...
Internal Teams

The Service Team
Executive sponsor
Key R&D product team
members
DevOps*

vs

People to win over
Executives...
Internal Teams

The Service Team
Executive sponsor
Key R&D product team
members
DevOps*

Friday, November 15, 13

+

Peopl...
Internal Teams

The Service Team
Executive sponsor
Key R&D product team
members
DevOps*

Friday, November 15, 13

+

Peopl...
Team Profile

Information Security
•

Own existing security policy

Friday, November 15, 13
Friday, November 15, 13
Team Profile

Information Security
•

Own existing security policy

Friday, November 15, 13
Team Profile

Information Security
•

Own existing security policy

•

400+ requirements for operational services

Friday,...
Team Profile

Information Security
•

Own existing security policy

•

400+ requirements for operational services

•

Want...
Team Profile

Operations
•

Run several data centers worldwide

Friday, November 15, 13
Team Profile

Operations
•

Run several data centers worldwide

•

Rigid change management with complex schedules

Friday,...
Team Profile

Operations
•

Run several data centers worldwide

•

Rigid change management with complex schedules

•

Want...
Team Profile

R&D Product Team
•

Develop & maintain the product

Friday, November 15, 13
Team Profile

R&D Product Team
•

Develop & maintain the product

•

Only operational work is emergency support

Friday, N...
Team Profile

R&D Product Team
•

Develop & maintain the product

•

Only operational work is emergency support

•

Wants ...
The details

Friday, November 15, 13
High Level Architecture

Friday, November 15, 13
High Level Architecture

Agent

Friday, November 15, 13
High Level Architecture

Agent

Friday, November 15, 13
High Level Architecture

Agent

Friday, November 15, 13

Load
Balancer
High Level Architecture

Agent

Friday, November 15, 13

Load
Balancer

Manager
+ Relay
High Level Architecture

Agent

Friday, November 15, 13

Load
Balancer

Manager
+ Relay

Database
High Level Architecture

Bi-direction communications

Agent

Friday, November 15, 13

Load
Balancer

Manager
+ Relay

Data...
Load balancers

Friday, November 15, 13
High Level Architecture

Friday, November 15, 13
High Level Architecture

Agent

Friday, November 15, 13
High Level Architecture

Agent

Friday, November 15, 13
High Level Architecture

Agent

Friday, November 15, 13

Load
Balancer
High Level Architecture

Agent

Friday, November 15, 13

Load
Balancer

Manager
+ Relay
High Level Architecture

Agent

Friday, November 15, 13

Load
Balancer

Manager
+ Relay

Database
High Level Architecture

Bi-direction communications

Agent

Friday, November 15, 13

Load
Balancer

Manager
+ Relay

Data...
Load Balancers

Friday, November 15, 13
Load Balancers

Requirements

•

3 flows, all incoming on :443

Friday, November 15, 13
Load Balancers

Requirements

•

3 flows, all incoming on :443

•

SSL off loading

Friday, November 15, 13
Load Balancers

Requirements

•

3 flows, all incoming on :443

•

SSL off loading

•

High number of concurrent connectio...
Load Balancers

HAProxy
Met requirements
2+ instances required (for HA)
EC2 instance costs
More boxes to maintain

Friday,...
Load Balancers

HAProxy

Elastic Load Balancing

Met requirements

Can meet requirements

2+ instances required (for HA)

...
Load Balancer Architecture

Fix

Load
Balancer

Friday, November 15, 13
Load Balancer Architecture

Fix

Agent

Friday, November 15, 13

Load
Balancer
Load Balancer Architecture

Fix

Agent

Friday, November 15, 13

Load
Balancer
Load Balancer Architecture

Fix

Agent

Friday, November 15, 13

Load
Balancer

Manager
+ Relay
Load Balancer Architecture

Fix

Agent

Friday, November 15, 13

Load
Balancer

Manager
+ Relay

Database
Load Balancer Architecture

Bi-direction communications

Fix

Agent

Friday, November 15, 13

Load
Balancer

Manager
+ Rel...
Manager + Relay

Friday, November 15, 13
High Level Architecture

Load
Balancer

Friday, November 15, 13
High Level Architecture

Agent

Friday, November 15, 13

Load
Balancer
High Level Architecture

Agent

Friday, November 15, 13

Load
Balancer
High Level Architecture

Agent

Friday, November 15, 13

Load
Balancer

Manager
+ Relay
High Level Architecture

Agent

Friday, November 15, 13

Load
Balancer

Manager
+ Relay

Database
High Level Architecture

Bi-direction communications

Agent

Friday, November 15, 13

Load
Balancer

Manager
+ Relay

Data...
Manager + Relay

Friday, November 15, 13
Manager + Relay

Requirements

•

Hosts JVM-based application

Friday, November 15, 13
Manager + Relay

Requirements

•

Hosts JVM-based application

•

Memory, CPU, and network are constraints

Friday, Novemb...
Manager + Relay

AWS Windows Base
Met requirements
Harder to script
More expensive

Friday, November 15, 13
Manager + Relay

AWS Windows Base

AWS Linux Base

Met requirements

Met requirements

Harder to script

Simple scripting
...
Manager + Relay Architecture

Fix

Load
Balancer

Friday, November 15, 13
Manager + Relay Architecture

Fix

Agent

Friday, November 15, 13

Load
Balancer
Manager + Relay Architecture

Fix

Agent

Friday, November 15, 13

Load
Balancer
Manager + Relay Architecture

Fix

Agent

Friday, November 15, 13

Load
Balancer

Manager
+ Relay
Manager + Relay Architecture

Fix

Agent

Friday, November 15, 13

Load
Balancer

Manager
+ Relay

Database
Manager + Relay Architecture

Bi-direction communications

Fix

Agent

Friday, November 15, 13

Load
Balancer

Manager
+ R...
Manager + Relay—Tips & Tricks

Friday, November 15, 13
Manager + Relay—Tips & Tricks

Tips & tricks

•

We don’t use AMIs

Friday, November 15, 13
Manager + Relay—Tips & Tricks

Tips & tricks

•

We don’t use AMIs

•

Auto-scale only for failover

Friday, November 15, ...
Database

Friday, November 15, 13
High Level Architecture

Load
Balancer

Friday, November 15, 13

Manager
+ Relay
High Level Architecture

Agent

Friday, November 15, 13

Load
Balancer

Manager
+ Relay
High Level Architecture

Agent

Friday, November 15, 13

Load
Balancer

Manager
+ Relay
High Level Architecture

Agent

Friday, November 15, 13

Load
Balancer

Manager
+ Relay

Database
High Level Architecture

Bi-direction communications

Agent

Friday, November 15, 13

Load
Balancer

Manager
+ Relay

Data...
Database

Friday, November 15, 13
Database

Requirements

•

MS SQL or Oracle

Friday, November 15, 13
Database

Requirements

•

MS SQL or Oracle

•

Low latency path to Manager + Relay nodes

Friday, November 15, 13
Manager + Relay

on Amazon EC2
Met requirements
2x cost for clustered pairs
More maintenance

Friday, November 15, 13
Manager + Relay

on Amazon EC2

on Amazon RDS

Met requirements

Can meet requirements

2x cost for clustered pairs

1.3x ...
Manager + Relay

MS SQL
Teams are more familiar
Better tools available*
30 DB limit per Amazon RDS
instance

Friday, Novem...
Manager + Relay

MS SQL

Oracle

Teams are more familiar

Forces product improvements

Better tools available*

“Encourage...
Database Architecture

Fix

Load
Balancer

Friday, November 15, 13

Manager
+ Relay
Database Architecture

Fix

Agent

Friday, November 15, 13

Load
Balancer

Manager
+ Relay
Database Architecture

Fix

Agent

Friday, November 15, 13

Load
Balancer

Manager
+ Relay
Database Architecture

Fix

Agent

Friday, November 15, 13

Load
Balancer

Manager
+ Relay

Database
Database Architecture

Bi-direction communications

Fix

Agent

Friday, November 15, 13

Load
Balancer

Manager
+ Relay

D...
Final(ish) Design

Friday, November 15, 13
High Level Architecture

Agent

Friday, November 15, 13

Load
Balancer

Manager
+ Relay

Database
High Level Architecture

Agent

Friday, November 15, 13

Load
Balancer

Manager
+ Relay

Database
High Level Architecture

Bi-direction communications

Agent

Friday, November 15, 13

Load
Balancer

Manager
+ Relay

Data...
High Level Architecture
Add highly detailed graphic
here

Agent

Friday, November 15, 13

Load
Balancer

Manager
+ Relay

...
High Level Architecture
Add highly detailed graphic
here

Agent

Friday, November 15, 13

Load
Balancer

Manager
+ Relay

...
High Level Architecture
Add highly detailed graphic
here

Bi-direction communications

Agent

Friday, November 15, 13

Loa...
Supporting Services

Friday, November 15, 13
Supporting Services

Amazon Route 53 for all
DNS

Friday, November 15, 13
Supporting Services

Amazon S3 for
deployment storage

Friday, November 15, 13
Supporting Services
Change graphic

AWS Trusted Advisor for
sanity checks

Friday, November 15, 13
Supporting Services
Change graphic

Premium Support for CYA

Friday, November 15, 13
“Soft” (not easy) changes

Friday, November 15, 13
Team Profile
Validating lessons for the
team

Information Security
•

Own existing security policy

Friday, November 15, 1...
Team Profile
Validating lessons for the
team

Information Security
•

Own existing security policy

•

400+ requirements f...
Team Profile
Validating lessons for the
team

Information Security
•

Own existing security policy

•

400+ requirements f...
Team Profile
Validating lessons for the
team

Operations
•

Run several data centers worldwide

Friday, November 15, 13
Team Profile
Validating lessons for the
team

Operations
•

Run several data centers worldwide

•

Rigid change management...
Team Profile
Validating lessons for the
team

Operations
•

Run several data centers worldwide

•

Rigid change management...
Chart Example
Region 1

Region 2

2007
Add stats for Service

2008

Add goals for other Trend
services

2009
2010
0

Frida...
Team Profile
Validating lessons for the
team

R&D Product Team
•

Develop & maintain the product

Friday, November 15, 13
Team Profile
Validating lessons for the
team

R&D Product Team
•

Develop & maintain the product

•

Only operational work...
Team Profile
Validating lessons for the
team

R&D Product Team
•

Develop & maintain the product

•

Only operational work...
Chart Example
Region 1

Region 2

2007
Add bug/feature stats

2008
2009
2010
0

Friday, November 15, 13

25

50

75

100
Team Profile
Validating lessons for the
team

Service Team
•

Own existing security policy

Friday, November 15, 13
Team Profile
Validating lessons for the
team

Service Team
•

Own existing security policy

•

400+ requirements for opera...
Team Profile
Validating lessons for the
team

Service Team
•

Own existing security policy

•

400+ requirements for opera...
Chart Example
Region 1

Region 2

2007
Add stats for support?

2008
2009
2010
0

Friday, November 15, 13

25

50

75

100
Well?

Friday, November 15, 13
Why a Service?

Security for servers, virtual machines

Friday, November 15, 13
Why a Service?

Security for servers, virtual machines
Drivers

•

Face the same challenges as our clients

Friday, Novemb...
Why a Service?

Security for servers, virtual machines
Drivers

•

Face the same challenges as our clients

•

Work direct...
Why a Service?

Security for servers, virtual machines
Drivers

•

Face the same challenges as our clients

•

Work direct...
Please give us your feedback on this
presentation

SEC307
As a thank you, we will select prize
winners daily for completed...
Upcoming SlideShare
Loading in...5
×

How Trend Micro Build their Enterprise Security Offering on AWS (SEC307) | AWS re:Invent 2013

1,162

Published on

"In this session, learn how Trend Micro built Deep Security as a service on AWS. This service offers enterprise-grade security controls for AWS deployments in the form of intrusion detection and prevention, anti-malware, a firewall, web reputation, and integrity monitoring.
With over 400 internal requirements set by their in-house Information Security and IT Operations teams, the Service team was challenged with building the case to deploy Deep Security as a service on AWS instead of in-house. This session walks through the reasons why the team chose AWS, the design decisions they made, and how they were able to meet or exceed their in-house requirements while deploying on AWS."

Published in: Technology, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,162
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
59
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

How Trend Micro Build their Enterprise Security Offering on AWS (SEC307) | AWS re:Invent 2013

  1. 1. Learn How Trend Micro Used AWS to Build their Enterprise Security Offering (Deep Security as a Service) Mark Nunnikhoven, Principal Engineer at Trend Micro November 14, 2013 © 2013 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc. Friday, November 15, 13
  2. 2. "The following story is fictional and does not depict any actual person or event" Friday, November 15, 13
  3. 3. "The following story is completely real and depicts actual people & events" * Only the names have been changes to protect the innocent ;-) Friday, November 15, 13
  4. 4. The stage Friday, November 15, 13
  5. 5. What is Deep Security? Centralized security control management Friday, November 15, 13
  6. 6. What is Deep Security? Centralized security control management Manager Friday, November 15, 13
  7. 7. What is Deep Security? Centralized security control management Manager Friday, November 15, 13 Agent
  8. 8. What could be... Friday, November 15, 13
  9. 9. What could be... • Friday, November 15, 13 For the cloud
  10. 10. What could be... For the cloud • In the cloud • Friday, November 15, 13
  11. 11. What was Determine what an appropriate visual here would be (old style for contrast?) Friday, November 15, 13
  12. 12. What was • Determine what an appropriate visual here would be (old style for contrast?) Friday, November 15, 13 For the data center
  13. 13. What was For the data center • In the data center • Determine what an appropriate visual here would be (old style for contrast?) Friday, November 15, 13
  14. 14. The story so far... Friday, November 15, 13
  15. 15. Deep Security—The Early Years Security for servers and virtual machines Friday, November 15, 13
  16. 16. Deep Security—The Early Years Security for servers and virtual machines Product focus • Enterprise only • Tight integration with virtualization platform • Focused on Windows platforms Friday, November 15, 13
  17. 17. Deep Security—The Middle Years Security for servers and virtual machines Friday, November 15, 13
  18. 18. Deep Security—The Middle Years Security for servers and virtual machines Big changes • Acquired by Trend Micro in 2009 • Provided more protection • Agentless protection is key • Expanded platform support Friday, November 15, 13
  19. 19. Deep Security—Now Friday, November 15, 13
  20. 20. Deep Security—Now Product changes • Protection regardless of location • “Single pane of glass” • Smart, simple, security that fits taken to heart Friday, November 15, 13
  21. 21. Deep Security—Now Security for servers, virtual machines Product changes • Protection regardless of location • “Single pane of glass” • Smart, simple, security that fits taken to heart Friday, November 15, 13
  22. 22. Deep Security—Now Security for servers, virtual machines, & the cloud Product changes • Protection regardless of location • “Single pane of glass” • Smart, simple, security that fits taken to heart Friday, November 15, 13
  23. 23. The Decision Time to offer Deep Security as a service Friday, November 15, 13
  24. 24. Why a Service? Security for servers, virtual machines Friday, November 15, 13
  25. 25. Why a Service? Security for servers, virtual machines Drivers • Face the same challenges as our clients Friday, November 15, 13
  26. 26. Why a Service? Security for servers, virtual machines Drivers • Face the same challenges as our clients • Work directly with clients Friday, November 15, 13
  27. 27. Why a Service? Security for servers, virtual machines Drivers • Face the same challenges as our clients • Work directly with clients • Smaller feedback loop for new features Friday, November 15, 13
  28. 28. The players Friday, November 15, 13
  29. 29. Internal Teams Friday, November 15, 13
  30. 30. Internal Teams The Service Team Executive sponsor Key R&D product team members DevOps* Friday, November 15, 13
  31. 31. Internal Teams The Service Team Executive sponsor Key R&D product team members DevOps* Friday, November 15, 13
  32. 32. Internal Teams The Service Team Executive sponsor Key R&D product team members DevOps* People to win over Executives Information Security Operations R&D Product Team Friday, November 15, 13
  33. 33. Internal Teams The Service Team Executive sponsor Key R&D product team members DevOps* vs People to win over Executives Information Security Operations R&D Product Team Friday, November 15, 13
  34. 34. Internal Teams The Service Team Executive sponsor Key R&D product team members DevOps* vs People to win over Executives Information Security Operations R&D Product Team Friday, November 15, 13
  35. 35. Internal Teams The Service Team Executive sponsor Key R&D product team members DevOps* Friday, November 15, 13 + People who helped Executives Information Security Operations R&D Product Team
  36. 36. Internal Teams The Service Team Executive sponsor Key R&D product team members DevOps* Friday, November 15, 13 + People who helped Executives Information Security Operations R&D Product Team
  37. 37. Team Profile Information Security • Own existing security policy Friday, November 15, 13
  38. 38. Friday, November 15, 13
  39. 39. Team Profile Information Security • Own existing security policy Friday, November 15, 13
  40. 40. Team Profile Information Security • Own existing security policy • 400+ requirements for operational services Friday, November 15, 13
  41. 41. Team Profile Information Security • Own existing security policy • 400+ requirements for operational services • Wants development of cloud best practices Friday, November 15, 13
  42. 42. Team Profile Operations • Run several data centers worldwide Friday, November 15, 13
  43. 43. Team Profile Operations • Run several data centers worldwide • Rigid change management with complex schedules Friday, November 15, 13
  44. 44. Team Profile Operations • Run several data centers worldwide • Rigid change management with complex schedules • Wants development of DevOps runbook Friday, November 15, 13
  45. 45. Team Profile R&D Product Team • Develop & maintain the product Friday, November 15, 13
  46. 46. Team Profile R&D Product Team • Develop & maintain the product • Only operational work is emergency support Friday, November 15, 13
  47. 47. Team Profile R&D Product Team • Develop & maintain the product • Only operational work is emergency support • Wants tighter feedback loop Friday, November 15, 13
  48. 48. The details Friday, November 15, 13
  49. 49. High Level Architecture Friday, November 15, 13
  50. 50. High Level Architecture Agent Friday, November 15, 13
  51. 51. High Level Architecture Agent Friday, November 15, 13
  52. 52. High Level Architecture Agent Friday, November 15, 13 Load Balancer
  53. 53. High Level Architecture Agent Friday, November 15, 13 Load Balancer Manager + Relay
  54. 54. High Level Architecture Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
  55. 55. High Level Architecture Bi-direction communications Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
  56. 56. Load balancers Friday, November 15, 13
  57. 57. High Level Architecture Friday, November 15, 13
  58. 58. High Level Architecture Agent Friday, November 15, 13
  59. 59. High Level Architecture Agent Friday, November 15, 13
  60. 60. High Level Architecture Agent Friday, November 15, 13 Load Balancer
  61. 61. High Level Architecture Agent Friday, November 15, 13 Load Balancer Manager + Relay
  62. 62. High Level Architecture Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
  63. 63. High Level Architecture Bi-direction communications Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
  64. 64. Load Balancers Friday, November 15, 13
  65. 65. Load Balancers Requirements • 3 flows, all incoming on :443 Friday, November 15, 13
  66. 66. Load Balancers Requirements • 3 flows, all incoming on :443 • SSL off loading Friday, November 15, 13
  67. 67. Load Balancers Requirements • 3 flows, all incoming on :443 • SSL off loading • High number of concurrent connections Friday, November 15, 13
  68. 68. Load Balancers HAProxy Met requirements 2+ instances required (for HA) EC2 instance costs More boxes to maintain Friday, November 15, 13
  69. 69. Load Balancers HAProxy Elastic Load Balancing Met requirements Can meet requirements 2+ instances required (for HA) 3 load balancers required (1x flow) EC2 instance costs More boxes to maintain Cheap Minimal maintenance Friday, November 15, 13
  70. 70. Load Balancer Architecture Fix Load Balancer Friday, November 15, 13
  71. 71. Load Balancer Architecture Fix Agent Friday, November 15, 13 Load Balancer
  72. 72. Load Balancer Architecture Fix Agent Friday, November 15, 13 Load Balancer
  73. 73. Load Balancer Architecture Fix Agent Friday, November 15, 13 Load Balancer Manager + Relay
  74. 74. Load Balancer Architecture Fix Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
  75. 75. Load Balancer Architecture Bi-direction communications Fix Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
  76. 76. Manager + Relay Friday, November 15, 13
  77. 77. High Level Architecture Load Balancer Friday, November 15, 13
  78. 78. High Level Architecture Agent Friday, November 15, 13 Load Balancer
  79. 79. High Level Architecture Agent Friday, November 15, 13 Load Balancer
  80. 80. High Level Architecture Agent Friday, November 15, 13 Load Balancer Manager + Relay
  81. 81. High Level Architecture Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
  82. 82. High Level Architecture Bi-direction communications Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
  83. 83. Manager + Relay Friday, November 15, 13
  84. 84. Manager + Relay Requirements • Hosts JVM-based application Friday, November 15, 13
  85. 85. Manager + Relay Requirements • Hosts JVM-based application • Memory, CPU, and network are constraints Friday, November 15, 13
  86. 86. Manager + Relay AWS Windows Base Met requirements Harder to script More expensive Friday, November 15, 13
  87. 87. Manager + Relay AWS Windows Base AWS Linux Base Met requirements Met requirements Harder to script Simple scripting More expensive Cheaper Friday, November 15, 13
  88. 88. Manager + Relay Architecture Fix Load Balancer Friday, November 15, 13
  89. 89. Manager + Relay Architecture Fix Agent Friday, November 15, 13 Load Balancer
  90. 90. Manager + Relay Architecture Fix Agent Friday, November 15, 13 Load Balancer
  91. 91. Manager + Relay Architecture Fix Agent Friday, November 15, 13 Load Balancer Manager + Relay
  92. 92. Manager + Relay Architecture Fix Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
  93. 93. Manager + Relay Architecture Bi-direction communications Fix Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
  94. 94. Manager + Relay—Tips & Tricks Friday, November 15, 13
  95. 95. Manager + Relay—Tips & Tricks Tips & tricks • We don’t use AMIs Friday, November 15, 13
  96. 96. Manager + Relay—Tips & Tricks Tips & tricks • We don’t use AMIs • Auto-scale only for failover Friday, November 15, 13
  97. 97. Database Friday, November 15, 13
  98. 98. High Level Architecture Load Balancer Friday, November 15, 13 Manager + Relay
  99. 99. High Level Architecture Agent Friday, November 15, 13 Load Balancer Manager + Relay
  100. 100. High Level Architecture Agent Friday, November 15, 13 Load Balancer Manager + Relay
  101. 101. High Level Architecture Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
  102. 102. High Level Architecture Bi-direction communications Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
  103. 103. Database Friday, November 15, 13
  104. 104. Database Requirements • MS SQL or Oracle Friday, November 15, 13
  105. 105. Database Requirements • MS SQL or Oracle • Low latency path to Manager + Relay nodes Friday, November 15, 13
  106. 106. Manager + Relay on Amazon EC2 Met requirements 2x cost for clustered pairs More maintenance Friday, November 15, 13
  107. 107. Manager + Relay on Amazon EC2 on Amazon RDS Met requirements Can meet requirements 2x cost for clustered pairs 1.3x cost for clustered pairs More maintenance Less effort Friday, November 15, 13
  108. 108. Manager + Relay MS SQL Teams are more familiar Better tools available* 30 DB limit per Amazon RDS instance Friday, November 15, 13
  109. 109. Manager + Relay MS SQL Oracle Teams are more familiar Forces product improvements Better tools available* “Encourages” learning 30 DB limit per Amazon RDS instance No tablespace limits Friday, November 15, 13
  110. 110. Database Architecture Fix Load Balancer Friday, November 15, 13 Manager + Relay
  111. 111. Database Architecture Fix Agent Friday, November 15, 13 Load Balancer Manager + Relay
  112. 112. Database Architecture Fix Agent Friday, November 15, 13 Load Balancer Manager + Relay
  113. 113. Database Architecture Fix Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
  114. 114. Database Architecture Bi-direction communications Fix Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
  115. 115. Final(ish) Design Friday, November 15, 13
  116. 116. High Level Architecture Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
  117. 117. High Level Architecture Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
  118. 118. High Level Architecture Bi-direction communications Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
  119. 119. High Level Architecture Add highly detailed graphic here Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
  120. 120. High Level Architecture Add highly detailed graphic here Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
  121. 121. High Level Architecture Add highly detailed graphic here Bi-direction communications Agent Friday, November 15, 13 Load Balancer Manager + Relay Database
  122. 122. Supporting Services Friday, November 15, 13
  123. 123. Supporting Services Amazon Route 53 for all DNS Friday, November 15, 13
  124. 124. Supporting Services Amazon S3 for deployment storage Friday, November 15, 13
  125. 125. Supporting Services Change graphic AWS Trusted Advisor for sanity checks Friday, November 15, 13
  126. 126. Supporting Services Change graphic Premium Support for CYA Friday, November 15, 13
  127. 127. “Soft” (not easy) changes Friday, November 15, 13
  128. 128. Team Profile Validating lessons for the team Information Security • Own existing security policy Friday, November 15, 13
  129. 129. Team Profile Validating lessons for the team Information Security • Own existing security policy • 400+ requirements for operational services Friday, November 15, 13
  130. 130. Team Profile Validating lessons for the team Information Security • Own existing security policy • 400+ requirements for operational services • Wants development of cloud best practices Friday, November 15, 13
  131. 131. Team Profile Validating lessons for the team Operations • Run several data centers worldwide Friday, November 15, 13
  132. 132. Team Profile Validating lessons for the team Operations • Run several data centers worldwide • Rigid change management with complex schedules Friday, November 15, 13
  133. 133. Team Profile Validating lessons for the team Operations • Run several data centers worldwide • Rigid change management with complex schedules • Wants development of DevOps runbook Friday, November 15, 13
  134. 134. Chart Example Region 1 Region 2 2007 Add stats for Service 2008 Add goals for other Trend services 2009 2010 0 Friday, November 15, 13 25 50 75 100
  135. 135. Team Profile Validating lessons for the team R&D Product Team • Develop & maintain the product Friday, November 15, 13
  136. 136. Team Profile Validating lessons for the team R&D Product Team • Develop & maintain the product • Only operational work is emergency support Friday, November 15, 13
  137. 137. Team Profile Validating lessons for the team R&D Product Team • Develop & maintain the product • Only operational work is emergency support • Wants tighter feedback loop Friday, November 15, 13
  138. 138. Chart Example Region 1 Region 2 2007 Add bug/feature stats 2008 2009 2010 0 Friday, November 15, 13 25 50 75 100
  139. 139. Team Profile Validating lessons for the team Service Team • Own existing security policy Friday, November 15, 13
  140. 140. Team Profile Validating lessons for the team Service Team • Own existing security policy • 400+ requirements for operational services Friday, November 15, 13
  141. 141. Team Profile Validating lessons for the team Service Team • Own existing security policy • 400+ requirements for operational services • Wants development of cloud best practices Friday, November 15, 13
  142. 142. Chart Example Region 1 Region 2 2007 Add stats for support? 2008 2009 2010 0 Friday, November 15, 13 25 50 75 100
  143. 143. Well? Friday, November 15, 13
  144. 144. Why a Service? Security for servers, virtual machines Friday, November 15, 13
  145. 145. Why a Service? Security for servers, virtual machines Drivers • Face the same challenges as our clients Friday, November 15, 13
  146. 146. Why a Service? Security for servers, virtual machines Drivers • Face the same challenges as our clients • Work directly with clients Friday, November 15, 13
  147. 147. Why a Service? Security for servers, virtual machines Drivers • Face the same challenges as our clients • Work directly with clients • Smaller feedback loop for new features Friday, November 15, 13
  148. 148. Please give us your feedback on this presentation SEC307 As a thank you, we will select prize winners daily for completed surveys! Friday, November 15, 13 Thank You
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×