Leveraging the cloudGetting the most bang for your buck
Nate LindstromDirector of Network Operations  in/nwlindstrom
salesforce deskWe make it easy foryou to supportcustomers right fromthe browser, via email,phone, chat, web,Facebook, and ...
CloudyChangeManagementTrust but verify
Process requirementsFormal, documentedchange managementISO 27001 complianceSOX section 404complianceSafe Harborcertification
Single file change process   RFC      Make          SME                    RFC  create     pull       reviews             ...
Under the hoodChicken-and-eggproblem for newinstancesPuppet determinesrole based onhostnameHostname isn’t set onnew instan...
How we start instances Scri  pt                      Name=web01.desk                           .com                       ...
How we monitor instances  web01.desk.com   cron                           S3                          Buck                ...
Effective monitoring Icinga is the most comprehensive open source monitoring solution available
Secret change process   RFC       Make        SME                    RFC  create      pull     reviews                  Cl...
Under the hoodStoring productionsecrets in plain text isbadSending decryptionkey over samechannel as encrypteddata is bad
Secure repositories               TechO                 Everyo                 ps                    ne Full Access       ...
Secure distribution                                           AMIPuppet                       GnuPG  git         git      ...
What thecloudmeans to usMore typing, lessdriving
Physical asset tracking If you came to doubt the accuracy of your CMDB, you could always fall back on a physical inventory...
Virtual asset tracking When you don’t have any physical assets it’s even easier to “lose” instances “Lost” instances can s...
How an instance can belostProvisioning script loses connectivity during launchInstance fails to upload existence informati...
Minimizing lost instances Your CMDB may not see your lost instances consuming $$$, but Cloudyn does Cloudyn makes it easy ...
JIT capacityLet your serversorder more servers
Auto Scale architectureEverything should scale horizontally
Auto Scale in action                         Loosely-coupled tiers provide greatest flexibility                         Sc...
Auto Scaling control Scalr makes managing dynamic environments in the cloud easy and painless
Whole-unittroubleshootingDon’t sweat thesmall stuff
Think in clusters If one instance is having problems, replace it If many instances are having problems, dig deeper Use the...
Architectingfor failureBuild it to landgracefully
Expect failure  Make use of regions and availability zones  Avoid storing sessions on any one server  The cloud is inheren...
SecurityawarenessFalse security isworse than nosecurity
Cloud isn’t private Multitenancy means the cloud is never truly private Build security in from the very beginning Apply de...
Security groups are limited An instance’s security groups cannot ever be changed Security groups can only limit inbound (i...
Comprehensive securityCloudPassage Haloallows theimplementation ofcomprehensivesecurity with minimaleffort
The cloud... Is not a data center Is only as secure as you make it Is very expensive if not managed well Works best with l...
Thank you!
Upcoming SlideShare
Loading in...5
×

Leveraging the Cloud - Getting the Most Bang for your Buck ( presentation by Salesforce on optimizing AWS costs )

1,749

Published on

This presentation was given by Nate Lindstrom, Director of Network Operations at Salesforce at the Silicon Valley Cloud Computing Meetup on April 4th 2013 in Mountain View - special thanks to host Quixey, along with organizers Scalr and Cloudyn.

SalesForce,

Published in: Technology, Business
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,749
On Slideshare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
21
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Leveraging the Cloud - Getting the Most Bang for your Buck ( presentation by Salesforce on optimizing AWS costs )

  1. 1. Leveraging the cloudGetting the most bang for your buck
  2. 2. Nate LindstromDirector of Network Operations in/nwlindstrom
  3. 3. salesforce deskWe make it easy foryou to supportcustomers right fromthe browser, via email,phone, chat, web,Facebook, and TwitterWe provide a hosted,cloud-based SaaShelp desk platform forSMB
  4. 4. CloudyChangeManagementTrust but verify
  5. 5. Process requirementsFormal, documentedchange managementISO 27001 complianceSOX section 404complianceSafe Harborcertification
  6. 6. Single file change process RFC Make SME RFC create pull reviews Close d request request d Change applied to staging ✓Effects observed Change applied to productionChanges can be made rapidly and safely FIM updatedUnauthorized changes reverted by the CMS orflagged by CloudPassage Halo FIM
  7. 7. Under the hoodChicken-and-eggproblem for newinstancesPuppet determinesrole based onhostnameHostname isn’t set onnew instances
  8. 8. How we start instances Scri pt Name=web01.desk .com Pupp web01.desk.com nginx ip-10-20-30-40.us-west-1.compute.internal et node /^webd+.desk.com$/ AMI inherits production_app { include web}
  9. 9. How we monitor instances web01.desk.com cron S3 Buck et
  10. 10. Effective monitoring Icinga is the most comprehensive open source monitoring solution available
  11. 11. Secret change process RFC Make SME RFC create pull reviews Close d request request d Change FIM applied to production updated“Secret” as in production secrets, like passwords
  12. 12. Under the hoodStoring productionsecrets in plain text isbadSending decryptionkey over samechannel as encrypteddata is bad
  13. 13. Secure repositories TechO Everyo ps ne Full Access Pull Request Only Puppet Prod Non-Prod git Credentials Credentials Repo GnuPG GnuPG
  14. 14. Secure distribution AMIPuppet GnuPG git git Key Repo Secrets Instance Puppet Credentials
  15. 15. What thecloudmeans to usMore typing, lessdriving
  16. 16. Physical asset tracking If you came to doubt the accuracy of your CMDB, you could always fall back on a physical inventory Almost always, anyway
  17. 17. Virtual asset tracking When you don’t have any physical assets it’s even easier to “lose” instances “Lost” instances can silently consume big $$$
  18. 18. How an instance can belostProvisioning script loses connectivity during launchInstance fails to upload existence information to S3 Provisioning CMDB Script Launches Updates S3 Instance Buck Uploads et
  19. 19. Minimizing lost instances Your CMDB may not see your lost instances consuming $$$, but Cloudyn does Cloudyn makes it easy to maintain an efficient and lean cloud presence
  20. 20. JIT capacityLet your serversorder more servers
  21. 21. Auto Scale architectureEverything should scale horizontally
  22. 22. Auto Scale in action Loosely-coupled tiers provide greatest flexibility Scale up quickly, scale down slowly ELBTraffic Decreasing Traffic Increasing Web Web Web Web Web Web Web ELB App App App App App App
  23. 23. Auto Scaling control Scalr makes managing dynamic environments in the cloud easy and painless
  24. 24. Whole-unittroubleshootingDon’t sweat thesmall stuff
  25. 25. Think in clusters If one instance is having problems, replace it If many instances are having problems, dig deeper Use the 1, 2, 3 rule for determining response ELB Instanc Instanc Instanc Instanc Instanc e e e e e
  26. 26. Architectingfor failureBuild it to landgracefully
  27. 27. Expect failure Make use of regions and availability zones Avoid storing sessions on any one server The cloud is inherently unreliable, but your app doesn’t need to beAWS us-west-1 us-east-1 us-west-1a us-west-1b
  28. 28. SecurityawarenessFalse security isworse than nosecurity
  29. 29. Cloud isn’t private Multitenancy means the cloud is never truly private Build security in from the very beginning Apply defense in depth InternetELB Web ELB App DB
  30. 30. Security groups are limited An instance’s security groups cannot ever be changed Security groups can only limit inbound (ingress) traffic Security groups cannot restrict outbound (egress) traffic
  31. 31. Comprehensive securityCloudPassage Haloallows theimplementation ofcomprehensivesecurity with minimaleffort
  32. 32. The cloud... Is not a data center Is only as secure as you make it Is very expensive if not managed well Works best with lots and lots of little servers Will occasionally fail
  33. 33. Thank you!
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×