Submit Search
Upload
AWS實際架構實踐演化與解決方案
•
0 likes
•
203 views
CKmates
Follow
AWS實際架構實踐演化與解決方案
Read less
Read more
Internet
Report
Share
Report
Share
1 of 98
Download now
Download to read offline
Recommended
Achieving Network Deployment Flexibility with Mirantis OpenStack
Achieving Network Deployment Flexibility with Mirantis OpenStack
Eric Zhaohui Ji
Presentation cloud orchestration solution overview
Presentation cloud orchestration solution overview
xKinAnx
Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...
Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...
Cisco DevNet
OpenStack, SDN, and the Future of Software Defined Infrastructure
OpenStack, SDN, and the Future of Software Defined Infrastructure
Lew Tucker
Oracle database in cloud, dr in cloud and overview of oracle database 18c
Oracle database in cloud, dr in cloud and overview of oracle database 18c
AiougVizagChapter
Open Service Containers: a virtual machine hosting environment directly into ...
Open Service Containers: a virtual machine hosting environment directly into ...
Cisco DevNet
Introduction to MANTL Data Platform
Introduction to MANTL Data Platform
Cisco DevNet
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Scott Carlson
Recommended
Achieving Network Deployment Flexibility with Mirantis OpenStack
Achieving Network Deployment Flexibility with Mirantis OpenStack
Eric Zhaohui Ji
Presentation cloud orchestration solution overview
Presentation cloud orchestration solution overview
xKinAnx
Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...
Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...
Cisco DevNet
OpenStack, SDN, and the Future of Software Defined Infrastructure
OpenStack, SDN, and the Future of Software Defined Infrastructure
Lew Tucker
Oracle database in cloud, dr in cloud and overview of oracle database 18c
Oracle database in cloud, dr in cloud and overview of oracle database 18c
AiougVizagChapter
Open Service Containers: a virtual machine hosting environment directly into ...
Open Service Containers: a virtual machine hosting environment directly into ...
Cisco DevNet
Introduction to MANTL Data Platform
Introduction to MANTL Data Platform
Cisco DevNet
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Scott Carlson
Expanding your impact with programmability in the data center
Expanding your impact with programmability in the data center
Cisco Canada
CloudStack Hyderabad Meetup: Migrating applications to IaaS clouds
CloudStack Hyderabad Meetup: Migrating applications to IaaS clouds
CloudStack - Open Source Cloud Computing Project
Oracle IaaS including OCM and Ravello
Oracle IaaS including OCM and Ravello
Andrey Akulov
Converge ou Hyperconverge? Cisco HyperFlex
Converge ou Hyperconverge? Cisco HyperFlex
Cisco Canada
Private IaaS Cloud Provider
Private IaaS Cloud Provider
David Pasek
IBM and OpenStack: Collaboration Beyond the Code
IBM and OpenStack: Collaboration Beyond the Code
Daniel Krook
Pivotal CenturyLink Cloud Platform Seminar Presentations: Architecture & Oper...
Pivotal CenturyLink Cloud Platform Seminar Presentations: Architecture & Oper...
VMware Tanzu
Considerations for Operating An OpenStack Cloud
Considerations for Operating An OpenStack Cloud
Mark Voelker
Mirantis unlocked partner webinar deck
Mirantis unlocked partner webinar deck
Eric Zhaohui Ji
엔터프라이즈를 위한 하이브리드 클라우드 및 보안 관리
엔터프라이즈를 위한 하이브리드 클라우드 및 보안 관리
Amazon Web Services Korea
Kubernetes for the VI Admin
Kubernetes for the VI Admin
Kendrick Coleman
Intel & QLogic NIC performance test results v0.2
Intel & QLogic NIC performance test results v0.2
David Pasek
Presentation comprehensive cloud management with ucs director and ciac
Presentation comprehensive cloud management with ucs director and ciac
xKinAnx
101b-3
101b-3
Terence Tsao
Ismael Intalio Cloud Benefits
Ismael Intalio Cloud Benefits
Tomoaki Sawada
Cisco at v mworld 2015 cs integrated infrastructure_vmworld_cisco_v1
Cisco at v mworld 2015 cs integrated infrastructure_vmworld_cisco_v1
ldangelo0772
Oracle Ravello
Oracle Ravello
Andrey Akulov
SDN in the Enterprise
SDN in the Enterprise
Cisco Canada
Chef arista devops days a'dam 2015
Chef arista devops days a'dam 2015
Edwin Beekman
大数据数据治理及数据安全
大数据数据治理及数据安全
Jianwei Li
20191201 kubernetes managed weblogic revival - part 2
20191201 kubernetes managed weblogic revival - part 2
makker_nl
The Kubernetes WebLogic revival (part 2)
The Kubernetes WebLogic revival (part 2)
Simon Haslam
More Related Content
What's hot
Expanding your impact with programmability in the data center
Expanding your impact with programmability in the data center
Cisco Canada
CloudStack Hyderabad Meetup: Migrating applications to IaaS clouds
CloudStack Hyderabad Meetup: Migrating applications to IaaS clouds
CloudStack - Open Source Cloud Computing Project
Oracle IaaS including OCM and Ravello
Oracle IaaS including OCM and Ravello
Andrey Akulov
Converge ou Hyperconverge? Cisco HyperFlex
Converge ou Hyperconverge? Cisco HyperFlex
Cisco Canada
Private IaaS Cloud Provider
Private IaaS Cloud Provider
David Pasek
IBM and OpenStack: Collaboration Beyond the Code
IBM and OpenStack: Collaboration Beyond the Code
Daniel Krook
Pivotal CenturyLink Cloud Platform Seminar Presentations: Architecture & Oper...
Pivotal CenturyLink Cloud Platform Seminar Presentations: Architecture & Oper...
VMware Tanzu
Considerations for Operating An OpenStack Cloud
Considerations for Operating An OpenStack Cloud
Mark Voelker
Mirantis unlocked partner webinar deck
Mirantis unlocked partner webinar deck
Eric Zhaohui Ji
엔터프라이즈를 위한 하이브리드 클라우드 및 보안 관리
엔터프라이즈를 위한 하이브리드 클라우드 및 보안 관리
Amazon Web Services Korea
Kubernetes for the VI Admin
Kubernetes for the VI Admin
Kendrick Coleman
Intel & QLogic NIC performance test results v0.2
Intel & QLogic NIC performance test results v0.2
David Pasek
Presentation comprehensive cloud management with ucs director and ciac
Presentation comprehensive cloud management with ucs director and ciac
xKinAnx
101b-3
101b-3
Terence Tsao
Ismael Intalio Cloud Benefits
Ismael Intalio Cloud Benefits
Tomoaki Sawada
Cisco at v mworld 2015 cs integrated infrastructure_vmworld_cisco_v1
Cisco at v mworld 2015 cs integrated infrastructure_vmworld_cisco_v1
ldangelo0772
Oracle Ravello
Oracle Ravello
Andrey Akulov
SDN in the Enterprise
SDN in the Enterprise
Cisco Canada
Chef arista devops days a'dam 2015
Chef arista devops days a'dam 2015
Edwin Beekman
大数据数据治理及数据安全
大数据数据治理及数据安全
Jianwei Li
What's hot
(20)
Expanding your impact with programmability in the data center
Expanding your impact with programmability in the data center
CloudStack Hyderabad Meetup: Migrating applications to IaaS clouds
CloudStack Hyderabad Meetup: Migrating applications to IaaS clouds
Oracle IaaS including OCM and Ravello
Oracle IaaS including OCM and Ravello
Converge ou Hyperconverge? Cisco HyperFlex
Converge ou Hyperconverge? Cisco HyperFlex
Private IaaS Cloud Provider
Private IaaS Cloud Provider
IBM and OpenStack: Collaboration Beyond the Code
IBM and OpenStack: Collaboration Beyond the Code
Pivotal CenturyLink Cloud Platform Seminar Presentations: Architecture & Oper...
Pivotal CenturyLink Cloud Platform Seminar Presentations: Architecture & Oper...
Considerations for Operating An OpenStack Cloud
Considerations for Operating An OpenStack Cloud
Mirantis unlocked partner webinar deck
Mirantis unlocked partner webinar deck
엔터프라이즈를 위한 하이브리드 클라우드 및 보안 관리
엔터프라이즈를 위한 하이브리드 클라우드 및 보안 관리
Kubernetes for the VI Admin
Kubernetes for the VI Admin
Intel & QLogic NIC performance test results v0.2
Intel & QLogic NIC performance test results v0.2
Presentation comprehensive cloud management with ucs director and ciac
Presentation comprehensive cloud management with ucs director and ciac
101b-3
101b-3
Ismael Intalio Cloud Benefits
Ismael Intalio Cloud Benefits
Cisco at v mworld 2015 cs integrated infrastructure_vmworld_cisco_v1
Cisco at v mworld 2015 cs integrated infrastructure_vmworld_cisco_v1
Oracle Ravello
Oracle Ravello
SDN in the Enterprise
SDN in the Enterprise
Chef arista devops days a'dam 2015
Chef arista devops days a'dam 2015
大数据数据治理及数据安全
大数据数据治理及数据安全
Similar to AWS實際架構實踐演化與解決方案
20191201 kubernetes managed weblogic revival - part 2
20191201 kubernetes managed weblogic revival - part 2
makker_nl
The Kubernetes WebLogic revival (part 2)
The Kubernetes WebLogic revival (part 2)
Simon Haslam
Big data journey to the cloud 5.30.18 asher bartch
Big data journey to the cloud 5.30.18 asher bartch
Cloudera, Inc.
Creating Polyglot Communication Between Kubernetes Clusters and Legacy System...
Creating Polyglot Communication Between Kubernetes Clusters and Legacy System...
VMware Tanzu
Rightscale webinar-key-design-considerations-private-hybrid-clouds
Rightscale webinar-key-design-considerations-private-hybrid-clouds
RightScale
YARN Containerized Services: Fading The Lines Between On-Prem And Cloud
YARN Containerized Services: Fading The Lines Between On-Prem And Cloud
DataWorks Summit
Community Session: Strategic Private Cloud in SKY UK
Community Session: Strategic Private Cloud in SKY UK
VMUG IT
Oracle on AWS
Oracle on AWS
Amazon Web Services
Enhancing Data Protection Workflows with Kanister And Argo Workflows
Enhancing Data Protection Workflows with Kanister And Argo Workflows
LibbySchulze
Oracle on AWS
Oracle on AWS
Amazon Web Services
MySQL Enterprise Edition Overview
MySQL Enterprise Edition Overview
Mario Beck
Five Tips for Running Cloudera on AWS
Five Tips for Running Cloudera on AWS
Cloudera, Inc.
The Kubernetes WebLogic revival (part 1)
The Kubernetes WebLogic revival (part 1)
Simon Haslam
Trusted Application Delivery: Achieving Ultimate Security
Trusted Application Delivery: Achieving Ultimate Security
Weaveworks
Presentation building and running your private cloud
Presentation building and running your private cloud
solarisyourep
Presentation building and running your private cloud
Presentation building and running your private cloud
xKinAnx
What’s New in Cloudera Enterprise 6.0: The Inside Scoop 6.14.18
What’s New in Cloudera Enterprise 6.0: The Inside Scoop 6.14.18
Cloudera, Inc.
20191201 kubernetes managed weblogic revival - part 1
20191201 kubernetes managed weblogic revival - part 1
makker_nl
Using Databases and Containers From Development to Deployment
Using Databases and Containers From Development to Deployment
Aerospike, Inc.
Rubrik CMD Installation (1).pptx
Rubrik CMD Installation (1).pptx
Suresh569521
Similar to AWS實際架構實踐演化與解決方案
(20)
20191201 kubernetes managed weblogic revival - part 2
20191201 kubernetes managed weblogic revival - part 2
The Kubernetes WebLogic revival (part 2)
The Kubernetes WebLogic revival (part 2)
Big data journey to the cloud 5.30.18 asher bartch
Big data journey to the cloud 5.30.18 asher bartch
Creating Polyglot Communication Between Kubernetes Clusters and Legacy System...
Creating Polyglot Communication Between Kubernetes Clusters and Legacy System...
Rightscale webinar-key-design-considerations-private-hybrid-clouds
Rightscale webinar-key-design-considerations-private-hybrid-clouds
YARN Containerized Services: Fading The Lines Between On-Prem And Cloud
YARN Containerized Services: Fading The Lines Between On-Prem And Cloud
Community Session: Strategic Private Cloud in SKY UK
Community Session: Strategic Private Cloud in SKY UK
Oracle on AWS
Oracle on AWS
Enhancing Data Protection Workflows with Kanister And Argo Workflows
Enhancing Data Protection Workflows with Kanister And Argo Workflows
Oracle on AWS
Oracle on AWS
MySQL Enterprise Edition Overview
MySQL Enterprise Edition Overview
Five Tips for Running Cloudera on AWS
Five Tips for Running Cloudera on AWS
The Kubernetes WebLogic revival (part 1)
The Kubernetes WebLogic revival (part 1)
Trusted Application Delivery: Achieving Ultimate Security
Trusted Application Delivery: Achieving Ultimate Security
Presentation building and running your private cloud
Presentation building and running your private cloud
Presentation building and running your private cloud
Presentation building and running your private cloud
What’s New in Cloudera Enterprise 6.0: The Inside Scoop 6.14.18
What’s New in Cloudera Enterprise 6.0: The Inside Scoop 6.14.18
20191201 kubernetes managed weblogic revival - part 1
20191201 kubernetes managed weblogic revival - part 1
Using Databases and Containers From Development to Deployment
Using Databases and Containers From Development to Deployment
Rubrik CMD Installation (1).pptx
Rubrik CMD Installation (1).pptx
Recently uploaded
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewing
bigorange77
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
stephieert
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
ishabajaj13
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
aditipandeya
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
imessage0108
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
rehmti665
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Person
furqan222004
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Dana Luther
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
vipmodelshub1
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
akbard9823
Call Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
dollysharma2066
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
Fs
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
Damian Radcliffe
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
sasti delhi Call Girls in munirka 🔝 9953056974 🔝 escort Service-
sasti delhi Call Girls in munirka 🔝 9953056974 🔝 escort Service-
9953056974 Low Rate Call Girls In Saket, Delhi NCR
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
Fs
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
sonalikaur4
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
divyansh0kumar0
Recently uploaded
(20)
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewing
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Person
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Call Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
sasti delhi Call Girls in munirka 🔝 9953056974 🔝 escort Service-
sasti delhi Call Girls in munirka 🔝 9953056974 🔝 escort Service-
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
AWS實際架構實踐演化與解決方案
1.
Copyright © CKmates.
All rights reserved 1 實際架構實踐演化與解決方案 Camel Camel P r o v i d e a l l y o u n e e d
2.
Copyright © CKmates.
All rights reserved Agenda 2 • Hello, How about me • Architecture Design • Maintenance • Serverless CI/CD Work on AWS
3.
Copyright © CKmates.
All rights reserved About me 3 • Focus on AWS - 2012 • Handled hundreds of customers • Get Professional Certified
4.
Copyright © CKmates.
All rights reserved Architecture Think? 4
5.
Copyright © CKmates.
All rights reserved 5 Meeting discussion • 團隊認知或程度 • 考量需求、改善或目標 • 架構上共識(階段性) • 角色所負責及無法勝任工作 • 團隊整合及分權劃分
6.
Copyright © CKmates.
All rights reserved Architecture Design Metric[1] 6 • 主要客群所在區域- Area • 服務類型- AP/Live Stream • 預算成本/可靠度- Cost • 安全性/網路效能- ACL • 自已維護能力- Ability • 未來擴展延申性- Scalability ServiceService SecuritySecurity MonitorMonitor
7.
Copyright © CKmates.
All rights reserved Metric got the answer 7 • Region Choose – Region • AWS Service Choose – EC2/RDS/CDN/R53/AS • AWS Service Define – EC2/AZ • Public/Private subnet/CDN/VPN/DC/WAF/Shield – VPC • IAM/CloudTrail/CloudWatch/trusted advisor – Support team • Serverless/AS/ELB/SQS/dynamodb – Loose Coupling
8.
Copyright © CKmates.
All rights reserved 88 • 主要客群所在區域(Region Choose)[2] Cloud ping
9.
Copyright © CKmates.
All rights reserved 99 • 服務類型(AWS Service)[3]
10.
Copyright © CKmates.
All rights reserved 1010 • 預算成本- Cost[4]
11.
Copyright © CKmates.
All rights reserved 1111 • 進階成本預算- RI
12.
Copyright © CKmates.
All rights reserved 1212 • 以秒計費,網內互打不用錢
13.
Copyright © CKmates.
All rights reserved 1313 • 安全性/網路效能-ELB
14.
Copyright © CKmates.
All rights reserved 1414 • 安全性/網路效能分析對照表-ELB[5]
15.
Copyright © CKmates.
All rights reserved 1515 • 安全性/網路效能-VPC
16.
Copyright © CKmates.
All rights reserved 1616 • 安全性/網路效能-CDN
17.
Copyright © CKmates.
All rights reserved 1717 • 安全性/網路效能-VPN
18.
Copyright © CKmates.
All rights reserved 1818 • 安全性/網路效能-Direct Connect
19.
Copyright © CKmates.
All rights reserved 1919 • 為何選擇-Direct Connect
20.
Copyright © CKmates.
All rights reserved 2020 • 安全性/網路效能-Direct Connect
21.
Copyright © CKmates.
All rights reserved 2121 • 未來擴展延申性- Loose Coupling
22.
Copyright © CKmates.
All rights reserved 2222 • 我們都知道,永遠都有適合的新服務 • (各司其職)
23.
Copyright © CKmates.
All rights reserved 2323
24.
Copyright © CKmates.
All rights reserved 2424 經討論後實際架構圖stage 1 region Private subnet Public subnet Availability Zone Availability Zone Private subnet Public subnet security group Amazon EC2
25.
Copyright © CKmates.
All rights reserved 2525 經討論後實際架構圖stage 1 region Private subnet Public subnet Availability Zone Availability Zone Private subnet Public subnet security group Amazon EC2 Performance
26.
Copyright © CKmates.
All rights reserved 2626 數據增長實際架構圖stage 2 region Private subnet Public subnet Availability Zone Availability Zone Private subnet Public subnet Amazon EC2 Amazon RDS
27.
Copyright © CKmates.
All rights reserved 2727 數據增長實際架構圖stage 2 region Private subnet Public subnet Availability Zone Availability Zone Private subnet Public subnet Amazon EC2 Amazon RDS Loose Coupling
28.
Copyright © CKmates.
All rights reserved 2828 活動人數增長實際架構圖stag 3 region Private subnet Public subnet Availability Zone Availability Zone Private subnet Public subnet Amazon EC2 Amazon RDS Amazon EC2 Elastic Load Balancing
29.
Copyright © CKmates.
All rights reserved 2929 活動人數增長實際架構圖stag 3 region Private subnet Public subnet Availability Zone Availability Zone Private subnet Public subnet Amazon EC2 Amazon RDS Amazon EC2 Elastic Load Balancing Reliability
30.
Copyright © CKmates.
All rights reserved 3030 活動指標後實際架構圖stag 4 region Private subnet Public subnet Availability Zone Availability Zone Private subnet Public subnet Amazon EC2 Amazon RDS Amazon EC2 Amazon RDS multi-az Auto Scaling
31.
Copyright © CKmates.
All rights reserved 3131 活動指標後實際架構圖stag 4 region Private subnet Public subnet Availability Zone Availability Zone Private subnet Public subnet Amazon EC2 Amazon RDS Amazon EC2 Failover Amazon RDS multi-az Auto Scaling
32.
Copyright © CKmates.
All rights reserved 3232 Cost Security DR Serverless CI/CD MA Group
33.
Copyright © CKmates.
All rights reserved 運維要件 1.Identity and a ccess man agement(身份和成本管理) 2.Detective controls(檢測控制) 3.Infrastructure protection(基礎設施保護) 4.Data protection(數據保護) 5.Incident response(回應)
34.
Copyright © CKmates.
All rights reserved 運維要件 1.Identity and a ccess man agement(身份和成本管理)-IAM 2.Detective controls(檢測控制)-CloudWatch 3.Infrastructure protection(基礎設施保護)-VPC/WAF/-Trusted Advisor 4.Data protection(數據保護)-Private/DC/堡壘/AD-CloudTrail 5.Incident response(回應)-VPC Flow Logs/CLI/CloudWatch-SNS/Slack
35.
Copyright © CKmates.
All rights reserved • 身份和成本管理-IAM[6] 隱藏您的 AWS 賬戶根用戶訪問密鑰 創建單獨的 IAM 用戶 盡量使用由 AWS 定義的策略分配權限 使用組向 IAM 用戶分配權限 授予最低權限 使用訪問權限級別查看 IAM 權限 為您的用戶配置強密碼策略 為特權用戶啟用 MFA 針對在 Amazon EC2 實例上運行的應用程序使用角色 通過使用角色而非共享憑證來委託訪問 定期輪換憑證 刪除不需要的憑證 使用策略條件來增強安全性
36.
Copyright © CKmates.
All rights reserved • 身份管理-IAM[7]
37.
Copyright © CKmates.
All rights reserved • 成本管理-Cost Explorer &CW
38.
Copyright © CKmates.
All rights reserved • 系統活動監控- CW&SNS • CloudWatch log • CloudWatch event
39.
Copyright © CKmates.
All rights reserved • 說真的CloudWatch好用,不用嗎[8]
40.
Copyright © CKmates.
All rights reserved • elasticsearch/ELK
41.
Copyright © CKmates.
All rights reserved • 異常資訊管理-VPC F&CWL[9]
42.
Copyright © CKmates.
All rights reserved • 凡走過必流痕跡- CloudTrail
43.
Copyright © CKmates.
All rights reserved • 監控差異恢復- Config
44.
Copyright © CKmates.
All rights reserved • 系統活動監控-NoC • 7 X 24 NoC • SOP
45.
Copyright © CKmates.
All rights reserved 4545 • 顧問分析工具- Trusted Advisor
46.
Copyright © CKmates.
All rights reserved 4646 • 顧問分析工具- Trusted Advisor 分析四象限:成本最佳化/資源利用率/資訊安全/架構可靠度 Cost Optimization / Performance / Security /Fault Tolerance
47.
Copyright © CKmates.
All rights reserved 4747 • 技術&障礙詢問求解- Support 7 x 24hrBusiness Support
48.
Copyright © CKmates.
All rights reserved 4848 自已維護能力- Business Support 7 x 24hrBusiness Support • Prewarm • 技術咨詢 • 系統障礙 • 攻擊壓測 • 使用建議 • RI
49.
Copyright © CKmates.
All rights reserved 4949 • 在地化服務- Support 每位專業服務人員都擁有AWS的Associate&Professional架構師證照, 並且承諾SLA答覆時間於指定時間內回覆您的問題,為您做專業的解答。 顧問顧問
50.
Copyright © CKmates.
All rights reserved 5050 個人能力及管理YouTube-AWS[10]
51.
Copyright © CKmates.
All rights reserved 5151 Security Console MFA/CloudTrail/IAM(最低) 架構 DC/VPC/SG(最低) 正常服務,異常行為 CDN/WAF/清洗/BW
52.
Copyright © CKmates.
All rights reserved 5252 Security-針對性 異常 CDN/R53 高可靠快速擴展 防禦:WAF/清洗 正常 PTVA 事先預防 Arc Sight Log事件分析
53.
Copyright © CKmates.
All rights reserved 5353 WAF
54.
Copyright © CKmates.
All rights reserved 5454 Shield&AWS WAF&清洗
55.
Copyright © CKmates.
All rights reserved 5555 Security-PTVA 掃描顯示出網站或主機的弱點及潛在隱藏風險。可藉此修復, 避免被有心人士 利用,當完全掃描完畢後,將以報告方式呈現。
56.
Copyright © CKmates.
All rights reserved 資訊安全檢測服務項目 56 • 根據弱點掃描結果,對主機的弱點進行模擬攻擊行 為,確認該弱點的有效性與影響範圍 • 建議每年對重要系統至少執行一次滲透測試 • 為基礎弱點掃描的延伸,會根據其掃描結果加入人 工檢測動作來進一步判斷,以減少誤判 • 建議每一季的基礎弱點掃描可提升為進階掃描 • 使用自動工具進行檢測一般常見弱點,例如:未上 Patch的軟體、弱密碼認證和設定錯誤等等項目 • 建議每月執行一次,其結果可用於趨勢分析、偵測 網路上的新增設備,以及發現新的弱點等等 進階弱點掃描 滲透測試 基礎弱點掃描
57.
Copyright © CKmates.
All rights reserved 什麼是弱點掃描? ¡ 弱點掃描是針對企業組織資訊系統的弱點,進行偵測、有效性評估,和判定影響程度的一連串過 程 ¡ 弱點掃描服務可分為: - 基礎弱點掃描服務 ‣ 使用自動化掃描工具檢測一般弱點 ‣ 建議每月執行一次 - 進階弱點掃描服務 ‣ 人工進行判讀與檢測相關弱點,降低誤判機率 ‣ 建議每季執行一次 57
58.
Copyright © CKmates.
All rights reserved 什麼是滲透測試? ¡ 滲透測試是: - 利用模擬攻擊的方式來檢測資訊系統和網路的安全性 - 主動分析可能導致系統漏洞的潛在弱點 - 利用弱點進行實際驗證 ¡ 滲透測試可以達成 : - 模擬大部分駭客的攻擊方式來檢測系統漏洞 - 試圖找出大部分可被入侵的弱點 ¡ 滲透測試不可以達成: - 在測試期間找出所有的潛在或未知的弱點 ¡ 在現實環境下,我們會假設駭客有無限的時間來試圖攻破系統 ¡ 建議每年執行一次滲透測試 58
59.
Copyright © CKmates.
All rights reserved 採用業界資安測試標準 ¡ OSSTMM - 參考公開標準OSSTMM(Open Source Security Testing Methodology Manual)框架進行測試步驟 ¡ SANS Top 20 Internet Vulnerabilities - 參考SANS所列出的前20大資安嚴重弱點,範圍涵蓋Windows、Unix,及其他跨平台軟體和網路設 備的弱點 ¡ OWASP - OWASP(開放Web軟體安全計畫 - Open Web Application Security Project)是一個開放社群、非營利 性組織,長期致力於改善網頁應用程式與網頁服務的安全性,本測試亦參考OWASP定期公布的前 10大Web弱點 59
60.
Copyright © CKmates.
All rights reserved 資訊安全檢測服務最佳實務 60 時間軸 (月) n+12n+11n+10n+9n+8n+7n+6n+5n+4n+3n+2n+1n 基礎弱點掃描建議每月執行 進階弱點掃描建議每季執行 滲透測試建議每年執行 ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓✓ ✓ ✓ ✓ ✓ ✓✓ ✓
61.
Copyright © CKmates.
All rights reserved 6161 Security
62.
Copyright © CKmates.
All rights reserved 6262 Security
63.
Copyright © CKmates.
All rights reserved 63 剛說的可能是都系統人員或 網管可以處理 那Program??
64.
Copyright © CKmates.
All rights reserved 6464 Serverless應用 功能抽離,易於建置維護、去耦和擴展的應用程式元件。 Amazon API Gateway + AWS Lambda ? + AWS Lambda + ?
65.
Copyright © CKmates.
All rights reserved 6565 • 未來擴展延申性- Loose Coupling
66.
Copyright © CKmates.
All rights reserved 6666 • 未來擴展延申性- Loose Coupling
67.
Copyright © CKmates.
All rights reserved 6767 • 未來擴展延申性- Loose Coupling
68.
Copyright © CKmates.
All rights reserved 68 Why to do this?
69.
Copyright © CKmates.
All rights reserved 69 Why to do this? Find Distinct People in a Video with Amazon Rekognition[11]
70.
Copyright © CKmates.
All rights reserved 70 Why to do this?
71.
Copyright © CKmates.
All rights reserved 71
72.
Copyright © CKmates.
All rights reserved Difficulty 7272 • Version MA & Security • Decentralized version • Deployed a lot… • Rollback ? • Different environment (Test. Dev. Prod.) • Server trouble
73.
Copyright © CKmates.
All rights reserved 73 How CI/CD Work on AWS
74.
Copyright © CKmates.
All rights reserved 74 Introduction CI/CD Service
75.
Copyright © CKmates.
All rights reserved 75 Version RISK
76.
Copyright © CKmates.
All rights reserved 76 Introduction CodeCommit (Version) • Fully Managed • Secure store • High Availability • Faster Development Lifecycle • Use Your Existing Tools
77.
Copyright © CKmates.
All rights reserved 77 Introduction CodeCommit (IAM by user key or Credentials)
78.
Copyright © CKmates.
All rights reserved 78 CodeCommit
79.
Copyright © CKmates.
All rights reserved 79 Introduction CodeCommit (Version)
80.
Copyright © CKmates.
All rights reserved 80 Environment Confusion
81.
Copyright © CKmates.
All rights reserved 81 Introduction CodePipeline (Environment) • Rapid Delivery • Improved Quality • Configurable Workflow • Get Started Fast • Easy to Integrate
82.
Copyright © CKmates.
All rights reserved 82 CodePipeline 開發環境repo 驗証環境repo 線上環境repo
83.
Copyright © CKmates.
All rights reserved 83 Introduction CodePipeline (Environment)
84.
Copyright © CKmates.
All rights reserved 84 Verify integration Slow
85.
Copyright © CKmates.
All rights reserved 85 Introduction CodeBuild (Verify integration) • Build and Test Your Code • Configurable Settings • CI and Delivery Workflows • Security and Permissions • Monitoring
86.
Copyright © CKmates.
All rights reserved 86 Introduction CodeBuild (Verify integration)
87.
Copyright © CKmates.
All rights reserved 87 CodeBuild-YAML格式 Unit Test Support
88.
Copyright © CKmates.
All rights reserved 88 Deploy Process
89.
Copyright © CKmates.
All rights reserved 89 Introduction CodeDeploy (Deploy) • Automated Deployments • Minimize Downtime • Centralized Control • Easy To Adopt
90.
Copyright © CKmates.
All rights reserved 90 CodeDeploy
91.
Copyright © CKmates.
All rights reserved 91 Introduction Code Deploy (Deploy)
92.
Copyright © CKmates.
All rights reserved 92 CI/CD Work on AWS
93.
Copyright © CKmates.
All rights reserved 93 最後最難管理的-團隊間溝通 定義Flow/權責分明
94.
Copyright © CKmates.
All rights reserved 94 雲端是一條學無止盡的不歸路
95.
Copyright © CKmates.
All rights reserved 95 Architecture Design Metric[1] https://d0.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf 主要客群所在區域(Region Choose)[2] http://www.cloudping.info/ 服務類型(AWS Service)[3] https://aws.amazon.com/tw/architecture/ 預算成本- Cost[4] http://calculator.s3.amazonaws.com/index.html 安全性/網路效能分析對照表-ELB[5] https://aws.amazon.com/tw/elasticloadbalancing/details/
96.
Copyright © CKmates.
All rights reserved 96 身份和成本管理-IAM[6] http://docs.aws.amazon.com/zh_cn/IAM/latest/UserGuide/best-practices.html 身份管理-IAM[7] https://www.sumologic.com/blog/amazon-web-services/security-analytics-in-aws/ 說真的CloudWatch好用,不用嗎[8] https://cloudpack.media/20642 異常資訊管理-VPC F&CWL[9] https://www.sumologic.com/blog/amazon-web-services/security-analytics-in-aws/ 個人能力及管理YouTube-AWS[10] https://www.youtube.com/watch?v=1x20FxpiTVE&t=314s Find Distinct People in a Video with Amazon Rekognition[11] https://aws.amazon.com/tw/blogs/ai/find-distinct-people-in-a-video-with-amazon-rekog
97.
Copyright © CKmates.
All rights reserved LIKE US NOW! aws@ckmates.com 97
98.
Copyright © CKmates.
All rights reserved Thanks Q & A aws@ckmates.com 98
Download now