• Save
Overview of CTE's CloudEnable Platform to Develop, Deploy, Secure and Manage - Arjun Chopra
Upcoming SlideShare
Loading in...5
×
 

Overview of CTE's CloudEnable Platform to Develop, Deploy, Secure and Manage - Arjun Chopra

on

  • 1,360 views

 

Statistics

Views

Total Views
1,360
Views on SlideShare
1,360
Embed Views
0

Actions

Likes
1
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Overview of CTE's CloudEnable Platform to Develop, Deploy, Secure and Manage - Arjun Chopra Overview of CTE's CloudEnable Platform to Develop, Deploy, Secure and Manage - Arjun Chopra Presentation Transcript

  • Overview  of  CTE’s   CloudEnable  Pla6orm     Arjun  Chopra   CTO  Cambridge  Technology  Enterprises  
  • CloudEnable  Securing.  Deploying.  Managing.  24/7.   2   ConfidenCal:  ©  2011:  CloudEnable  (All  Rights  Reserved)  
  • Agenda  •  Who  is  CloudEnable  •  Why  the  Cloud  makes  sense  •  Building  a  Cloud-­‐ready  App  •  24/7,  SLA-­‐driven  OperaCons  •  Business  ConCnuity  and  DR  •  Cloud  Highlights  •  Next  Steps   3   ConfidenCal:  ©  2011:  CloudEnable  (All  Rights  Reserved)  
  • Who  is  CloudEnable   500+  Trained  Cloud  Folks   5   $1.5B   CMMi  Level   ISV  Customer         5M   5   Hours  of  upIme   NOCs       24/7  Management,  starCng  at  $9   4   ConfidenCal:  ©  2011:  CloudEnable  (All  Rights  Reserved)  
  • Recent  Customers   5   ConfidenCal:  ©  2011:  CloudEnable  (All  Rights  Reserved)  
  • Agenda  •  Who  is  CloudEnable  •  Why  the  Cloud  makes  sense  •  Building  a  Cloud-­‐ready  App  •  24/7,  SLA-­‐driven  OperaCons  •  Business  ConCnuity  and  DR  •  Cloud  Highlights  •  Next  Steps   6   ConfidenCal:  ©  2011:  CloudEnable  (All  Rights  Reserved)  
  • Why the Cloud makes sense•  Pay-as-you-go•  No up-front Capital expenses•  On-demand Provisioning•  Elastic Scale•  Pass benefits on to users 7   ConfidenCal:  ©  2011:  CloudEnable  (All  Rights  Reserved)  
  • PredicCng  Infrastructure  Needs   Actual  Usage   Customer   Dissa.sfac.on  Compute  Power   Predicted  Usage   Waste   Time   8   ConfidenCal:  ©  2011:  CloudEnable  (All  Rights  Reserved)  
  • Cloud  Goal:  Flip  This  EquaCon   30%   70%  On-­‐Premise   Your   Managing  All  of  the    Infrastructure   Business   UndifferenCated  Heavy  Lifing   Configuring   More  Time  to  Focus  on  Cloud-­‐Based   Your  Cloud   Your  Business  Infrastructure   Assets   70%   30%   9   ConfidenCal:  ©  2011:  CloudEnable  (All  Rights  Reserved)  
  • Agenda  •  Who  is  CloudEnable  •  Why  the  Cloud  makes  sense  •  Building  a  Cloud-­‐ready  App  •  24/7,  SLA-­‐driven  OperaCons  •  Business  ConCnuity  and  DR  •  Cloud  Highlights  •  Next  Steps   10   ConfidenCal:  ©  2011:  CloudEnable  (All  Rights  Reserved)  
  • The Cloud Shared Responsibility Model Development  and   MigraCon  assisted  by  CTE   ApplicaCon   24/7  Managed   Services  delivered  by   CloudEnable  On-­‐demand,  Pay-­‐as-­‐you-­‐go  Infrastructure  provided  by  AWS   11 ConfidenCal:  ©  2011:  CloudEnable  (All  Rights  Reserved)  
  • Design  Best  PracCces  •  Protect  your  data  •  Design  for  failure  so  nothing  fails  •  Handle  reboots  gracefully  •  Decouple  and  make  stateless  •  Isolate  Traffic   –  StaCc  vs  Dynamic   –  Read  vs  Write   12   ConfidenCal:  ©  2011:  CloudEnable  (All  Rights  Reserved)  
  • OperaCons  Best  PracCces  •  Secure  the  systems  •  Leverage  Regions  and  AZs  for  disaster   recovery  •  Create  the  automaCon  roadmap  •  Separate  environments  and  keep  consistent  •  Establish  monitoring  and  management   parameters  and  alarms  •  Document,  Test,  Improve   13   ConfidenCal:  ©  2011:  CloudEnable  (All  Rights  Reserved)  
  • Security, Security, Security!•  Deny-all by default, except as mentioned below•  Web Server Security Group (80 + 443)•  App Server Security Group (App Server ports; communication from Web Server Group members only)•  DB Security Group (DB ports; Communication with App Server Group members only)•  Admin Security Group (SSH port; Access restricted to corporate subnet only) 14   ConfidenCal:  ©  2011:  CloudEnable  (All  Rights  Reserved)  
  • Harden all Stack ComponentsDeliverable: Hardened Gold AMI DB  Tasks include:•  Encrypt the file system and swap space•  Configuring the OS firewall (EC2  Instance)  •  Reviewing inittab and boot scripts•  Securing ssh  •  Securing history App  Server    •  Setting up IPS/IDS/AV     (EC2  Instance)   15   ConfidenCal:  ©  2011:  CloudEnable  (All  Rights  Reserved)  
  • Secure the Database•  Use TDE where available to ease application development•  Classify data based on importance•  Encrypt desired columns, tables and DB   tablespaces•  Ensure separation of duties•  Establish access control and audit (EC2  Instance)   tools•  Run on a hardened AMI•  Use RDS or ensure HA 16   ConfidenCal:  ©  2011:  CloudEnable  (All  Rights  Reserved)  
  • SupporCng  MulCple  Customers  •  Hardened OS for entire stack•  Dedicated Cloudlets for each Tenant•  Dedicated Cloudlet for Multi-tenant Software•  Managed VPN Tunnel between Customer Site and AWS Cloudlet *•  SGs, In Flight and At Rest data security across stacks * = As Needed 17   ConfidenCal:  ©  2011:  CloudEnable  (All  Rights  Reserved)  
  • Agenda  •  Who  is  CloudEnable  •  Why  the  Cloud  makes  sense  •  Building  a  Cloud-­‐ready  App  •  24/7,  SLA-­‐driven  OperaCons  •  Business  ConCnuity  and  DR  •  Cloud  Highlights  •  Next  Steps   18   ConfidenCal:  ©  2011:  CloudEnable  (All  Rights  Reserved)  
  • CloudEnable s  24/7  SLA-­‐driven  OperaCons  1.  Pro-active Management •  24/7 geographically distributed NOCs •  Integrated App, Infrastructure and Security mgmt and Help Desk systems •  BC/DR set up •  MFA and Privilege-based access •  Vulnerability Assessment and testing •  IAM set up and management2.  Pro-active Monitoring •  Event & Application Logs •  Change Monitoring •  Network interface monitoring •  Host IDS/IPS monitoring •  DB log monitoring3.  Configuration Management •  Gold Image Patching •  Key-Pair Generation, Retrieval, Distribution, Rotation, Destruction •  Security policy tracking and management 19   ConfidenCal:  ©  2011:  CloudEnable  (All  Rights  Reserved)  
  • Agenda  •  Who  is  CloudEnable  •  Why  the  Cloud  makes  sense  •  Building  a  Cloud-­‐ready  App  •  24/7,  SLA-­‐driven  OperaCons  •  Business  ConCnuity  and  DR  •  Cloud  Highlights  •  Next  Steps   20   ConfidenCal:  ©  2011:  CloudEnable  (All  Rights  Reserved)  
  • Business  ConCnuity  and  DR  •  Avoid  single  points  of  failure  •  Design  and  test  failure  and   recovery  scenarios  •  Define  RTOs  and  RPOs  •  Define  and  develop  data   backup  management  •  Account  for  security,   encrypCon,  key  rotaCon  and   account  terminaCon  •  Deliver  automaCon  where   required   21   ConfidenCal:  ©  2011:  CloudEnable  (All  Rights  Reserved)  
  • Agenda  •  Who  is  CloudEnable  •  Why  the  Cloud  makes  sense  •  Building  a  Cloud-­‐ready  App  •  24/7,  SLA-­‐driven  OperaCons  •  Business  ConCnuity  and  DR  •  Cloud  Highlights  •  Next  Steps   22   ConfidenCal:  ©  2011:  CloudEnable  (All  Rights  Reserved)  
  • Case  Studies  •  A  $2B  India-­‐based  conglomerate  •  A  $1.5B  ISV  •  A  Fortune  100  Auto  company  •  A  Financial  Services  Startup   23   ConfidenCal:  ©  2011:  CloudEnable  (All  Rights  Reserved)  
  • Agenda  •  Who  is  CloudEnable  •  Why  the  Cloud  makes  sense  •  Building  a  Cloud-­‐ready  App  •  24/7,  SLA-­‐driven  OperaCons  •  Business  ConCnuity  and  DR  •  Cloud  Highlights  •  Next  Steps   24   ConfidenCal:  ©  2011:  CloudEnable  (All  Rights  Reserved)  
  • Next  Steps  •  University  of  Cloud  •  Cloud  Readiness   Assessments  •  Cloud  On-­‐boarding  •  CloudEnable   Management  25   ©  2011:  Cambridge  Technology  Enterprises  (All  Rights   Reserved)  
  • For additional Informationwww.cloudenable.comwww.ctepl.com 26 ConfidenCal:  ©  2011:  CloudEnable  (All  Rights  Reserved)