Leveraging the Cloud: Getting the more bang for your buck


Published on

Cloud management and monitoring includes a broad set of tools that help cloud managers to keep track of their deployment health, utilization, consumption and cost.

This deck will cover techniques and best practices for efficient cloud deployment, specifically: how to implement capacity, utilization and cost metrics in your AWS cloud deployment in order to maximize the ROI.

Published in: Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Leveraging the Cloud: Getting the more bang for your buck

  1. 1. Getting the most bang for your buck
  2. 2. Nate LindstromDirector of Network Operationsat Desk.com www.linkedin.com/in/nwlindstrom
  3. 3. §  We make it easy for you to support customers right from the browser, via email, phone, chat web, Facebook and Twitter§  We provide a hosted, cloud-based SaaS help desk platform for SMBs
  4. 4. CloudyCloudChangeChangeManagementManagementTrust but verifyTrust but verify
  5. 5. Process Requirements Process requirements§  Formal, documented Formal, documented change management change management ISO 27001 compliance§  ISO 27001 compliance SOX section 404 compliance§  SOX section 404 Safe Harbor compliance certification§  Safe Harbor certification
  6. 6. Single file change process RFC Make SME RFCcreated pull reviews closed request request Change Change Effects FIM applied to applied to observed updated staging production§  Changes can be made rapidly and safely§  Unauthorized changes reverted by the CMS or flagged by CloudPassage Halo FIM
  7. 7. Under the hoodUnder the hood§  Chicken-and-egg problem Chicken-and-egg for new instances problem for new instances§  Puppet determines role Puppet determines basedbased on role on hostname hostname§  Hostname isn’t set on new Hostname  isn’t  set  on   instances new instances
  8. 8. How we start instances Script Name=web01.desk.com web01.desk.com nginx Puppet AMInode/^webd+.desk.com$/inherits production_app { includeweb}
  9. 9. How we monitor instances web01.desk.com cron S3 Bucket
  10. 10. Effective monitoringEffective monitoring§  Icinga isis the most Icinga the most comprehensive open comprehensive open source monitoring solution source monitoring available available solution
  11. 11. Secret change process RFC Make SME RFC created pull reviews closed request request Change FIM applied to updated production§  “Secret” as in production secrets, like passwords
  12. 12. Under the hoodUnder the hood§  Storing production secrets Storing production in plain text is BAD secrets in plain text is bad§  Sending decryption key over samedecryption Sending channel as encrypted sameis BAD key over data channel as encrypted data is bad
  13. 13. Secure repositories TechO Everyone ps Full Access Pull Request Only Puppet Prod Non-Prod Credentials Credentials git Repo GnuPG GnuPG
  14. 14. Secure distribution AMI   Puppet GnuPG git git   Key   Repo Secrets   Instance Puppet Credentials
  15. 15. What the What thecloud means cloudmeans to us to usMore typing, less More typing, less drivingdriving
  16. 16. Physical asset tracking Physical asset tracking§  If you came to doubt the accuracy of yourdoubt you If you came to CMDB, the accuracy of your could always fall back on a CMDB, you could physical inventory a always fall back on physical inventory§  Almost always, anyways Almost always, anyway
  17. 17. Virtual asset tracking§  When Virtual asset tracking you don’t have any physical assets it’s even easier to “lose” instances When  you  don’t  have  any  physical  assets  it’s  even   easier  to  “lose”  instances§  “Lost” instances can silently consume big $$$ “Lost”  instances  can  silently  consume  big  $$$
  18. 18. How an instance can be lost§  Provisioning script loses connectivity during launch§  Instance fails to upload existence information to S3 Provisioning CMDB Sot Launches Updates S3 Instance Bucket
  19. 19. Minimizing lost instances Minimizing lost instances§  Your CMDB may not see Your CMDB may not yoursee your lost lost instances consuming $$$, but instances consuming Cloudyn but Cloudyn does $$$, does Cloudyn makes it easy§  Cloudyn makes it efficient to maintain an easy to maintain an cloud and lean efficient and presence lean cloud presence
  20. 20. JIT capacityIT capacity Let your servers orderet your servers more servers der more servers
  21. 21. Auto Scale architecture Auto Scale architecture§  Everything should scale horizontally Everything should scale horizontally
  22. 22. Auto Scale in action§  Loosely-couple tiers provide greatest flexibility Auto Scale in action§  Scale up quickly, scale downgreatest flexibility Loosely-coupled tiers provide slowly Scale up quickly, scale down slowly ELB Traffic Decreasing Traffic Increasing Web Web Web Web Web Web Web ELB App App App App App App
  23. 23. Auto Scaling controlAuto Scaling control Scalr makes§  Scalr makes managing managing dynamic dynamic environments in environments in the the cloud easy and painless cloud easy and painless
  24. 24. Whole-unitWhole-unit troubleshooting oubleshootingon’t  sweat  the   small Don’t sweat themallstuff stuff
  25. 25. Think in clusters§  If one instance is having problems, replace it§  If many instances are having problems, dig deeper§  Use the 1, 2, 3 rule for determining response ELB   Instance Instance Instance Instance Instance
  26. 26. Architecture forArchitecting failurefor failureBuild it it to land Build to land gracefullygracefully
  27. 27. Expect failure§  Make use of regions and availability zones§  Avoid storing sessions on any one server§  The cloud is inherently unreliable, but your app doesn’t need to be AWS us-west-1 us-east-1 Us-west-1a Us-west-1b
  28. 28. ecurity Security awarenesswarenessse security is is worse False securityse than no security than nourity
  29. 29. Cloud isn’t private§  Multitenancy means the cloud is never truly private§  Build security in from the very beginning§  Apply defense in depth Internet ELB   Web ELB   App DB
  30. 30. Security groups are limitedSecurity groups are limited§ An  instance’s  security   An instance’s security groups cannot ever be groups cannot ever be changed changed Security groups can§ only limit inbound only Security groups can (ingress) traffic(ingress) limit inbound traffic Security groups cannot restrict§ outboundgroups cannot Security (egress) traffic outbound (egress) restrict traffic
  31. 31. Comprehensive securityComprehensive security§  CloudPassage Halo allows CloudPassage Halo allows the the implementation of implementation of comprehensive security comprehensive with minimal minimal security with effort effort
  32. 32. The cloud... The cloud…§  Is not a data center Is not a data center§  Is only as secureas you Is only as secure as you make it make it Is very expensive if not§  Is very expensive if not managed well managed well Works best with lots§  Works of little servers and lots best with lots and lots of litter serversWill occasionally fail§  Will occasionally fail
  33. 33. THANK YOU!