How to Architect AWS for Mission-Critical Applications

©2017 Logicworks. All Rights Reserved. 1
Today’s Agenda
9:30-10am: How to Architect for High Availability
10:45-11:30am: Workshop: Working with Elastic Load Balancing:
https://www.qwiklabs.com/focuses/3441?locale=en
11:30-12pm: How to Architect for Security and Cost
12-12:30pm: Lunch & Q&A

How to Architect for Mission-
Critical Applications
Phil Christensen
Senior Solutions Architect
Logicworks
www.logicworks.net
©2017 Logicworks. All Rights Reserved.

About Logicworks
Cloud Strategy
& Migration
Managed
Cloud
Cloud
Security
DevOps
Automation
We design, build, automate, and manage enterprise clouds.

How to Architect for Mission-Critical Applications
High Availability
Phil Christensen
Senior Solutions Architect
Logicworks
www.logicworks.net

How to Improve Availability
Throw people and
money at availability
problems:
• Buy better
hardware
• Buy DR
• 24/7 NOC team
Develop smarter
software to control
your cloud:
• Design for failure
• Automate!
OLD WORLD AWS
CLOUD

① Design for failure
② Design for constant change
③ Disposable infrastructure
④ Destructive testing
Principles of Cloud HA

Design for Failure

AWS already gives you the tools for high availability…
 Availability Zones and Regions
 99.99% EC2 Reliability
 Built-in Reliability with Services like RDS
 AWS Auto Scaling
 Lower Cost Disaster Recovery
Design for Failure: Foundation

Assume everything fails and work
backwards
Applications should continue to
function even if the underlying
physical hardware fails or is
removed/replaced
When, not if, an individual
component fails, the application
does not fail
Design for Failure: Core Concepts
“Everything fails, all
the time.”
Werner Vogels, CTO
Amazon.com

Let’s start from Day 1, User 1:
• Amazon Route 53 for DNS
• A single Elastic IP
• A single Amazon EC2 instance
 With full stack on this host:
 Web app
 Database
 Management
 And so on… Amazon EC2
instance
Elastic IP
User
Amazon
Route 53
10

• We could potentially get to a
few hundred to a few thousand
depending on application
complexity and traffic, but…
• No failover
• No redundancy
• Too many eggs in one basket
11
Amazon EC2
instance
Elastic IP
User
Amazon
Route 53

First, let’s separate out our single host
into more than one:
• Web
• Improve scaling capabilities
• Database
• Make your life easier: use RDS
Web
instance
Elastic IP
RDS DB
instance
User Amazon
Route 53
12

Next, let’s address our lack of
failover and redundancy issues:
Add another web instance
 Use a different Availability Zone
RDS Multi-AZ deployment
Elastic Load Balancing (ELB)
Web
Instance
RDS DB Instance
Active (Multi-AZ)
Availability Zone Availability Zone
Web
Instance
RDS DB Instance
Standby (Multi-AZ)
ELB
Balancer
13

Best Practices
Use multiple Availability Zones
Use Elastic Load Balancing
Configure CloudWatch alerts for
real-time monitoring
Consider cross-region replication of
crucial data using read replicas
Web
Instance
RDS DB Instance
Active (Multi-AZ)
Availability Zone Availability Zone
Web
Instance
RDS DB Instance
Standby (Multi-AZ)
ELB
Balancer
14

Design for
Constant Change

Changes we must prepare for:
A. Updates to infrastructure or instance configurations
B. Instance or component failure
C. Changing capacity requirements
D. Ongoing development of custom software
Design for Constant Change

The key to changing your infrastructure
frequently and securely is automation.
Design for Constant Change: Automation
Infrastructure
Buildout
Configuration
Management
Iterative
Deployment
Process
Monitoring

A. Engineers want to change infrastructure
• Human error
• High risk of
change
• Slow
• Hours or days of
engineering time
• Can’t rollback
• Change code, not
servers
• Can be rolled back
• Affects all
instances
• Every server
maintains ideal
configuration
MANUAL AUTOMATED

B. Instance or component failure
• Alert notifies
human
• Human must take
action to rebuild
from AMI or
scratch
• High potential of
downtime
• Failover to other
instance in ASG
• Automated rebuild
of failed instance
• Automated deploy
of most recent code
push to instance
MANUAL AUTOMATED

Design for Constant Change: Auto Scaling
When to use ASGs?
Availability AND Scalability
Misconceptions about ASGs?
More on this in our Workshop

Design for Constant Change: Build Process

C. Capacity is Reached
• Alert notifies
human
• Human must take
action to rebuild
from AMI or
scratch
• High potential of
downtime
• Failover to other
instance in ASG
• Automated rebuild
of failed instance
• Automated deploy
of most recent code
push to instance
MANUAL AUTOMATED
SAME PROCESS

D. Developers deploy new code
• Manual deploy,
high risk of error
• Infrastructure
doesn’t change
• Potential conflict
between
packages,
updates, etc.
• Push-button
deploys
• Containers
• Infrastructure is
tested, too
MANUAL AUTOMATED

Configuration management is your
best friend in the cloud.
Design for Constant Change: CM
The goal of configuration
management is to create
and maintain system
configurations.
Individual deployments are merely
instances of the template
Proactive correction of misconfigured
resources
Special scanners to monitor for
unusual changes

Design for Constant Change: Monitoring
Do real-time monitoring with
CloudWatch
Use Simple Notification Service
(SNS) for real-time alarms based on
CloudWatch metrics
AWS CloudTrail
AWS Config
AWS Inspector

Disposable
Infrastructure

It is expensive, time-consuming, and often boring
to fix a server.
Disposable Infrastructure: Core Concepts
So why fix a server when you can throw
it away and build a new one?

Disposable Infrastructure: Benefits
Infrastructure never strays from initial “known-good” state
You are forced to test the “failure” process, higher certainty of
appropriate failure response
Failure is a routine and continuous way of doing business
However, requires
FULL automation of
instance boot process

Applications host critical data for 86%
of Fortune 500 enterprises
High potential threat exposure
New application, wanted to test
viability of immutable infrastructure
Custom AWS environment built from
AWS CloudFormation template library
Multiple templates for different projects
and application components
Environment is blown away and rebuilt
many times a day
The entire build-out and bootstrapping
process happens in minutes
True immutable infrastructure
Security-as-code as a service
BACKGROUND:
SOLUTION:
Enterprise Backup
Software Company
Disposable Infrastructure: Case Study

RESULTS:
0.001% instance failure rate
100% uptime for production application
Single-click deployment to production, without any instance
configuration tasks
No residual impacts from previous failed or passed tests
60% higher deployment efficiency over similar projects within
company

Lean IT team
20+ team websites
Transition to microservices and
Docker containers
Custom configuration to host
containers
Automated self-healing and auto
scaling across containers, tasks
• 100% Uptime
• Horizontal and vertical scalability
Deployment automation
• Maintained existing deployment
pipeline with modifications for AWS
BACKGROUND:
SOLUTION:
National Sports
Media Company

Test Resiliency

Empirically prove resiliency
(don’t just assume)
Netflix Chaos Monkey
Exposes unexpected failure
scenarios
Test Resiliency: Destructive Testing

Security Impact of
Automation

Our Automation Framework
Infrastructure
Buildout
Configuration
Management
Iterative
Deployment
Process
Monitoring

Security Impact of Automation
① Reduced human error
② Central control
③ Central security configuration standard
④ Improved transparency
⑤ Reduced cost of security upgrades
⑥ Simplified patching
⑦ Happy auditors

Summary

If you want to increase resiliency, automate
The ideal is Disposable Infrastructure, but if you do nothing
else, start with configuration management
The same work you do to increase resiliency also increases
scalability, cost efficiency, security (more on this next)
Summary

Workshop!

AWS CLOUD SECURITY
Jason Giddens, Manager, Channel
Sales Engineering, Alert Logic

AWS Cloud Security
Agenda:
• Shared Security Model
• What's different in AWS?
• AWS Best Practices

Shared Security Model
Service
Providers
Responsibility

The Good:
 Customers benefit from an environment built for the most security
sensitive organizations
 AWS manages and validates testing against more than 3000
security controls so you don’t have to
 You get to define the right security controls for your workload
sensitivity
 You always have full ownership and control of your data

The Bad: Attackers Are Focused on Your Network, Hosts, and Apps
• Secure coding and best practices
• Software and virtual patching
• Configuration management
• Access management
• Application level attack monitoring
• Access management
• Patch management
• Configuration hardening
• Security monitoring
• Log analysis
• Network threat detection
• Security monitoring
• Logical network segmentation
• Perimeter security services
• External DDoS, spoofing, and scanning prevented
• Hardened hypervisor
• System image library
• Root access for customer
• Configuration
best practices
Service
Providers
Responsibility

Challenges of Security for Hybrid Cloud
- Legacy security tools don’t deploy or work well in the cloud
- Hard to find good security people that ‘get’ cloud
- Different threat surface
Cloud Environment Breaches On Premise
Source: Alert Logic CSR 2016
42%
25%
19%
8%
4% 2%
Application-Attack
Brute-Force
Suspicious Activity
Recon
Trojan-Activity
DOS
18%
51%
22%
3% 5% 1%
Application-Attack
Brute-Force
Suspicious Acitivity
Recon
Trojan-Activity
DOS

5
47
74
89
184
289
277
222
207
571
Denial of Service
Crimeware
Physical Theft / Loss
Payment Card Skimmers
Everything Else
Cyber-espionage
Privilege Misuse
Miscellaneous Errors
POS Intrusions
Security risk is shifting to unprotected web applications
Web app attacks are now the
#1 source of data breaches
But less than 5% of data center security
budgets are spent on app security
Source: Verizon DBIR 2017
n= 1,935
UP 300% SINCE 2014
$23 to $1
Percentage of Breaches
10% 20% 30%
Source: Gartner
Web App
Attacks

Design for security from Day One
Design for security:
• Role Based IAM
• No root access
• MFA Everywhere (!)
• Encrypt Everywhere (!)
• Keys are like Fruit – they go bad quickly

Visibility
Visibility:
• CloudTrail
• Log Review
• 3rd Party Review

Trust No One / Automate
Trust No One
• Least Privilege Model
• Only what you need, nothing more.
• Strict EC2 Roles
Automate:
• Cattle not Pets
• Be Immutable

Use the Tools
Amazon provides high quality security controls:
• VPC
• Code Deploy
• Cloud Formation Templates
• CloudFront
• Route 53
• AWS KMS
• Amazon Inspector
• AWS Config
• …. More

Leaders
28
8
6
4
10
25
3
5
5
11
8
10
15
24
Other
Amazon
Check Point
Chronicle Data
Cisco
Fortinet
Intel Security
Okta
Symantec
Barricade
JumpCloud
Evident.io
Palerra
Microsoft
CloudPassage
CloudCheckr
FortyCloud
ThreatStack
Alert Logic
A recognized security leader
“Alert Logic has a
head start in the cloud,
and it shows.”
PETER STEPHENSON
SC Magazine review
“…the depth and breadth
of the offering’s analytics
and threat management
process goes beyond
anything we’ve seen…”Who is your primary
in-use vendor for Cloud
Infrastructure Security?
Who are the top vendors
in consideration for Cloud
Infrastructure Security?
Alert Logic

Best Practices and Policies for Improving TCO
of Your AWS Environment
Presenter:
• Bob Kilbride, Director of Channel Sales, CloudHealth Technologies
June 2017

®
TECHNOLOGIES I NC.
How do you know where you are?
Optimization
Standardization
Consolidation
Novice

®
TECHNOLOGIES I NC.
Novice
• Unpredictable AWS expenses.
• Nagging sense of waste.
• No standards for security.
• Lack of automation.
• Limited or no monitoring.
• Little or no usage of cost optimization.
• Little or no usage of elasticity.

®
TECHNOLOGIES I NC.
Prescription for Success
Novice
 Gain visibility
 Leverage basic cost
optimizations

®
TECHNOLOGIES I NC.
Consolidation
• Unclear ROI.
• Unsure of best instance types for you.
• Unable to determine cost per business group.
• No change control.
• Little or no understanding of the different workloads
you operate in the cloud.

®
TECHNOLOGIES I NC.
Consolidation
 Align cost and usage to business
 Remove obsolete infrastructure
 Tighten security policies
 Leverage elasticity
 Standardize on system of record
 Raise stakeholder cloud IQ

®
TECHNOLOGIES I NC.
Standardization
• Unsure of best configuration for workloads.
• Lack of plan for availability/reliability process.
• Lack of continuous optimization.
• Lack of data driven operating requirements.
• Lack of supporting people/roles.

®
TECHNOLOGIES I NC.
Standardization
 Continuously monitor workloads.
 Continuously standardize workloads.
 Adopt continuous monitoring.
 Adopt continuous optimization
process.
 Automate optimization.
 Assign people/roles.

®
TECHNOLOGIES I NC.
Optimization
• Full transparency
• Reference architectures.
• Documented policies.
• Continuous optimization process.
• Continuous monitoring.
• Automated optimization.
• Clear roles and responsibilities.
• Forecasting / ”What if” analysis.
• High availability / Reliability.

®
TECHNOLOGIES I NC.
Optimization
You’ve achieved
cloud success!

Lunch!
RESOURCES:
1. Secrets of Cloud Leaders
Some companies are cloud trailblazers - reaping greater business benefits from their cloud deployment.
What are they doing differently? Download the “Secrets of the Cloud Leaders” survey report to read the
findings and learn how cloud leaders achieve success.
2. 9 Considerations For Securing Web Apps in the Cloud
Securing your applications in AWS requires consistently applying the right security practices, so you can
avoid delays in application development—and grow your business. Download this guide to review the do’s
and don’ts in cloud security.
(https://www.alertlogic.com/resources/whitepapers/read-this-guide-rethink-web-application-security/).
3. DevOps on AWS eBook
In this eBook, learn how to improve operations on the AWS cloud and deploy applications in a rapid,
repeatable, and reliable manner with automation. Download here (http://go.logicworks.net/devops-on-aws-
cloud-ebook).

How to Architect AWS for Mission-Critical Applications

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to How to Architect AWS for Mission-Critical Applications

Similar to How to Architect AWS for Mission-Critical Applications (20)

Recently uploaded

Recently uploaded (20)

How to Architect AWS for Mission-Critical Applications

Editor's Notes