Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale

Today, we are announcing EC2 Systems Manager. Amazon EC2 Systems Manager is a management service that helps you automatically collect software inventory, apply OS patches, create system images, and configure Windows and Linux operating systems. These capabilities help you define and track system configurations, prevent drift, and maintain software compliance of your EC2 and on-premises configurations. This session provides an overview of these newly announced services and how they work together within the larger AWS ecosystem to provide comprehensive management capabilities.

  • Login to see the comments

NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale

  1. 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Dean Samuels Manager, Solutions Architecture Hong Kong & Taiwan 19th January 2017 New Launch! Amazon EC2 Systems Manager Hybrid Cloud Management at Scale
  2. 2. What to Expect from the Session • Overview of Systems Manager and its capabilities • Learn how to configure and manage your cloud and hybrid IT environments at scale • Demos
  3. 3. Cloud is the new normal – enterprises of all sizes are moving to the cloud to take advantage of increased agility, lower costs, and a global reach
  4. 4. Many enterprises often bring their traditional on-premises toolset to manage their cloud and hybrid environments
  5. 5. What we heard from customers • Traditional IT tools not built for the cloud • Managing resources at scale is difficult • Lack of visibility into configuration and execution history • Multiple vendors; complex licensing Managing cloud and hybrid environments using traditional tools is complex and costly
  6. 6. Introducing EC2 Systems Manager A set of capabilities that enable automated configuration and ongoing management of systems at scale, across all of your Windows and Linux workloads, running in Amazon EC2 or on-premises
  7. 7. Why should I care? Hybrid Cross-platform Scalable Secure Easy-to-write automation Reduced TCO
  8. 8. Systems Manager capabilities Run Command Maintenance Window Inventory State Manager Parameter Store Patch Manager Automation Deploy, Configure, and Administer Track and Update Shared Capabilities
  9. 9. Documents
  10. 10. Parameter Store • Parameters reference-able via a Run Command, State Manager, and Automation Service • Granular access control limits unwanted data access • Encrypt sensitive information using your own AWS KMS keys • Eliminates on-going maintenance challenge of critical enterprise assets Centralized management of IT assets such as passwords and connection strings
  11. 11. Parameter Store – Getting Started 1. Set parameters as key-value pairs 3. Reuse: In Documents and easily reference at runtime across EC2 Systems manager using {{ssm:parameter- name}} 4. Access Control: Create an IAM policy to control access to specific parameter 2. Secure strings: encrypt sensitive parameters with your own KMS or default account encryption key
  12. 12. Maintenance Window • Define one or more recurring windows of time during which it is acceptable for disruptive actions to occur • Built-in integration with Run Command and Patch Manager • Helps improve availability and reliability of your workloads by automatically performing tasks in a well-defined window of time Schedule disruptive tasks in well-defined window to minimize downtime
  13. 13. Run Command • Example: Running shell and PowerShell scripts • Easily define new tasks using simple JSON-based Documents – no specialized skillset required • Leverage Documents built by AWS and the broader community • Delegate access, perform audit, receive notifications • Helps improve security posture by eliminating the need to SSH or RDP Perform common administrative tasks remotely at scale
  14. 14. Run Command – Getting Started 1. Instance: Setup agent, AWS Identity & Access Management (IAM) role on your instance. On-premise servers: create activation code, deploy agent and activate 3. Command and Command Invocation on target instances and on-premise servers 4. View status and output – granular results 2. Create Document to author your intent, define the plugins to run and parameters to use
  15. 15. State Manager • Example: Configuring firewall and updating anti-malware definitions • Define new policies using simple JSON-based Documents • Control how and when a configuration is applied and maintained • Helps enforce enterprise-wide compliance of configuration policies • Re-apply to keep servers from drifting • Track aggregate status for your fleet Define and maintain a consistent configuration of OS and applications
  16. 16. State Manager – Getting Started 1. Create Document to author your intent 3. Schedule: When to apply your association 4. Status: Check the state of your association at an aggregate or instance level 2. Association: Binding between a document and a target
  17. 17. Automation Service • Optimized for building and maintaining Amazon Machine Images (AMIs) • Start with an AMI  perform automation steps like OS patching and drive updates  produce a new AMI • Express your workflow as automation steps in a JSON-based Document • Support for Run Command, AWS Lambda functions, AWS CloudTrail, IAM and Amazon CloudWatch integrations • Eliminates the overhead in managing ‘golden’ enterprise images Automate common tasks using simplified workflows
  18. 18. Automation – Getting Started 1. Create an automation document 2. Run automation 3. Monitor your automation
  19. 19. Walkthrough Demo
  20. 20. Inventory • Example: Instance and OS details, network configuration, list of files, installed software and patches • Collect data from predefined inventory types or write a custom one using JSON Document • AWS Config integration enables tracking the history of changes • Simplifies management scenarios, such as licensing usage tracking and identifying zero-day vulnerabilities Scalable way of collecting, querying, and auditing detailed software inventory information
  21. 21. Inventory – Getting Started 1. Configure Inventory policy 2. Apply Inventory policy 3. Query inventory
  22. 22. Walkthrough Demo
  23. 23. Inventory – System Diagram SSMAgent EC2 Windows Instance SSMAgent EC2 Linux Instance SSMAgent On- Premises Instance AWS SSM Service State Manager EC2 Inventory SSM document Inventory Store EC2 Console, SSM CLI/APIs AWS Config AWS Config Console + CLI/APIs
  24. 24. Patch Manager • Express custom patch policies as patch baselines, e.g., apply critical patches on day 1 but wait 7 days for non-critical patches • Perform patching during scheduled maintenance windows • Built-in patch compliance reporting • Eliminates manual intervention and reduces time-to-deploy for critical updates and zero-day vulnerabilities Roll out Windows OS patches using custom-defined rules and pre-scheduled maintenance windows
  25. 25. Patch Manager – Getting Started 1. Create a Patch Baseline to define approved patches 3. Maintenance Window executes patching 4. Audit results with Patch Compliance 2. Create a Maintenance Window to schedule patching for a set of instances
  26. 26. Patch Manager - Overview Prod Environment Instance A Patch Group:Prod Patch Baseline - Critical, High - 5 days or older 1 Maintenance Window - Sundays @ 1AM - 2 hrs. long - Task: Patching 2 3 Patch Compliance 2 up to date 0 missing updates 1 error 4 Instance B Patch Group:Prod Patch Group:Prod
  27. 27. Best-practices and FAQs • What OS platforms are supported? • Update your SSM agent today to get started! • What ports or network access do my instances need? • Is there anything different to set up on-premises servers? • Use notifications, velocity control • For disruptive actions, use Run Command with Maintenance Window • Fine-grained access control through IAM policies on resources (e.g. documents) • Customize configuration with idempotent scripts for State Manager
  28. 28. Systems Manager availability • No charge – only pay for AWS resources you manage • Available in multiple regions
  29. 29. Systems Manager capabilities Run Command Maintenance Window Inventory State Manager Parameter Store Patch Manager Automation Deploy, Configure, and Administer Track and Update Shared Capabilities
  30. 30. Your Feedback is Important! • These services are available today • Learn more at command/ • Technical documentation at run-command.html • Please send your feedback, improvements, requests to
  31. 31. Next steps • Learn more at manager/ • Join us at the booth! We’d love to hear your feedback.
  32. 32. Remember to complete your evaluations!
  33. 33. Thank you! Dean Samuels Manager, Solutions Architecture Hong Kong & Taiwan 18/01/2017