Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Innovate - How AsiaPac is helping Customers to Build a Restricted Cloud Environment on AWS

276 views

Published on

Discover how AsiaPac is helping government, education and nonprofit organizations to architect and migrate their mission-critical applications onto AWS - with secure, high-performing, resilient, and efficient infrastructure. As more organizations move towards cloud, learn how best practices have been implemented on AsiaPac's full-lifecycle services - to provision, run, and support infrastructure, as well as managed services to reduce customer's operation overhead and risks.

  • Be the first to comment

  • Be the first to like this

Innovate - How AsiaPac is helping Customers to Build a Restricted Cloud Environment on AWS

  1. 1. P U B L I C S E C T O R S U M M I T SINGAPORE
  2. 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T How AsiaPac is helping Customers to build a Restricted Cloud Environment on AWS Sourav Ray Cloud Architect AsiaPac
  3. 3. Copyright © & Confidential
  4. 4. Copyright © & Confidential An M1 company. Since Nov’18 EPPU S/10 company ISO 9001:2015 & Biz Safe Level 3 certified ICT Solutions Provider Started 1990 Commercial, Enterprise, Education, Healthcare & Government
  5. 5. Copyright © & Confidential
  6. 6. Self Service Management Portal Government / Enterprise Customers Self Service & Service Management Hybrid Cloud Management System Leading Telecommunications Provider First telco to embark 5G live test in SG Direct Connect Local Loops SDWAN CMP Frameworks Blueprints Modernization • Bring workloads closer to AWS • Low latency connectivity • Orchestration Bring close to AWS Migrate to AWS or Migrate to AWS Outpost/ VMC Customer Self Manage Creating Business Ecosystem
  7. 7. VMware Cloud on AWS Exclusive Launch Partner
  8. 8. Copyright © & Confidential Governance in Restricted Cloud Environment
  9. 9. § Controlled access reducing Security Risks § Ensuring regulatory compliance like HIPAA, PCI, MTSC Tier 3, ISO etc. § Cost Optimization § Eliminate unnecessary IT and Cloud initiatives § DevOps process initiation and parameter definitions § Enhance management of Cloud resources The Disciplines of CLOUD GOVERNANCE Why is it important?
  10. 10. Our Approach to CLOUD GOVERNANCE Cloud Governance Data Security Resource Tagging Structured DevOps Solutions Security and Log Management Monthly Reports and Analytics Patch Management with Approval Process Infrastructure Monitoring Application Monitoring Internal Audits Cost Budgeting Environment Templatization Authentication & Authorization
  11. 11. Our Approach to CLOUD GOVERNANCE Cloud Governance Environment Templatization Data Security Resource Tagging Structured DevOps Solutions Security and Log Management Authentication and Authorization Monthly Reports and Analytics Patch Management with Approval process Application Monitoring Infrastructure Monitoring Internal Audits Cost Budgeting § Compliance Audit § Security Audit § User Audit § Data Privacy Audit § Penetration Testing
  12. 12. Our Approach to CLOUD GOVERNANCE Cloud Governance Environment Templatization Data Security Resource Tagging Structured DevOps Solutions Security and Log Management Authentication and Authorization Monthly Reports and Analytics Patch Management with Approval process Application Monitoring Infrastructure Monitoring Internal Audits Cost Budgeting § Enforcing MFA for AWS Management Console § Enforcing console login via on premise AD authentication using AWS SSO § Enforcing AWS Cognito for application level authentication § Enforcing privileged access using AWS IAM
  13. 13. Our Approach to CLOUD GOVERNANCE Cloud Governance Environment Templatization Data Security Resource Tagging Structured DevOps Solutions Security and Log Management Authentication and Authorization Monthly Reports and Analytics Patch Management with Approval process Application Monitoring Infrastructure Monitoring Internal Audits Cost Budgeting Continuous Integration Micro-Services Policy as Code and Automated Monitoring
  14. 14. Our Approach to CLOUD GOVERNANCE Cloud Governance Environment Templatization Data Security Resource Tagging Structured DevOps Solutions Security and Log Management Authentication and Authorization Monthly Reports and Analytics Patch Management with Approval process Application Monitoring Infrastructure Monitoring Internal Audits Cost Budgeting Launch Instance Create Tags Scan OS based on Patch Baseline Generate Missing Patch List SSM Document for Patch Scan Stop Instance Create Image Create Tags Terminate Instance SSM Document for Patch Install Launch Instance Update OS Software Generate Installed Patch List Update Parameter Store If approved
  15. 15. How to Regain a Healthy Governance § current state of all cloud users and their access rights across the enterprise? “WITHOUT REDUCING CLOUD AGILITY” MANAGE ENSURE § adherence to the overall costs to PAY PER USE model? § deployments and operations are in track with compliance regulations and policies? ENFORCE § security across all the environment workloads as well as User Management? Cloud Governance Pain Areas
  16. 16. ASIAPAC MANAGED INFRASTRUCTURE & CLOUD SERVICES Increase in AWS Workloads Growth in AWS account Management Cost Control Security & Compliance GOVERNANCE AT SCALE Solutions to Governance at Scale
  17. 17. Design Architecture AZ-A AZ-B IGW Direct Connect Internet Web 1 RDS Master IDS1 IDS2Mgmt 1EVM1 Mgmt 2 EVM2 ELB ELB Cyber Watch Center App1 App2 App3 App4 App5 App6 ELB App7 App8 App9 App10 App11 App12 Web 2 Tier 1 NGFW Tier 1 NGFW RDS Slave Tier 2 NGFW Tier 2 NGFW NAT Gateway NAT Gateway AD Server 1 AZ-A AD Server 2 Event Collector1 Event Collector2 Customer On Premise Dev Server Dev Server Bastion Host API Server Monitoring Collector AZ-B AsiaPac NOC VPC AsiaPac EM7 Database VPN Gateway2FA 2FA API Server On Premise SOC AsiaPac SysAdmin IPSEC VPN API Server Dev Server IGW Client VPN IPSEC VPN NAT Gateway AZ-A AZ-B App1 App2 App3 App4 App5 App6 ELB Web 1 Master DB Slave DB App7 App8 App9 App10 App11 App12 Web 2 VPN IGW Firewall ELB NAT Gateway NAT Gateway ELB Internet AD Server 1 AZ-A AD Server 2 Event Collector1 Customer Data Center Dev Server Bastion Host API Server DB Server AZ-B VPN Gateway2FA 2FA API Server On Premise SOC AsiaPac SysAdmin IPSEC VPN API Server CI CD Server IGW Client VPN IPSEC VPN NAT Gateway AZ-A App1 App2 App3 ELB ELB Web 1 Master DB App4 App5 App6 App7 IGW Fwd Proxy ELB NAT Gateway Internet
  18. 18. VMware Cloud on AWS: Jointly engineered Cloud Service Service Overview: § VMware SDDC running on AWS bare metal § Delivered, operated, supported by VMware § On-demand capacity and flexible consumption § Seamless portability of hybrid large-scale workload § Direct access to native AWS services Business Use Cases: § Data Center Extension § Disaster Recovery § Cloud Migration § Application Modernization
  19. 19. Cloud Motion: Workload Mobility across Hybrid Clouds Active Migrated VMs CROSS-VERSION HYBRIDITY SECURITY ON PREMISE CLOUD LARGE SCALE WARM MIGRATION Hybrid Interconnect Any-to-Any vSphere Migration vSphere 5.0 VMware Cloud
  20. 20. VMware Cloud on AWSOn-Premises Data Center AWS Direct Connect Compute Storage Network Compute Storage Network vSphere-based SDDC with NSX CGW Network A MGW N-S FW Router Network 172.16.10.0/24 Network 172.16.20.0/24 Govt Network Zone VMC-VM BGP Peering Session Public Internet N-S FW Governing Internet/Security Posture from On Premise DC Manage the Internet bound traffic on Public cloud via On-premise security framework, so that control and governance need not be re-architected and use Public Cloud for the benefit of Agility and Scale. Use Cases: § Internet Separation or Network Zone Separation for VDI/Any workloads. § Data Center Extension where Public Cloud is used as Hot capacity/Cloud Burst.
  21. 21. Leveraging Well Architected Framework on AWS § Expense Awareness § Cost-effective Resource § Match supply with demand § Architecture optimization § Select § Review § Monitoring § Trade-offs § Automated Change Management § Automated Failure Management § Centralized Privileged Management § Centralized Monitoring § Data Security § Incident Management plan § Prepare § Operate § Evolve Cost Optimization Performance Efficiency ReliabilitySecurity Operational Excellence
  22. 22. Copyright © & Confidential Providing Cloud Best Practices through EXPERIENCE.
  23. 23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T
  24. 24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Thank you! © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Sourav Ray Cloud Architect AsiaPac

×