Understanding AWS Managed Databases and Analytic Services - AWS Innovate Otta...Amazon Web Services
• Overview of database services to elevate your applications, analytic services to engage your data, and migration services to help you reach database freedom.
• Survey of how Canadian and other organizations are using the cloud to make data scalable, reliable, and secure.
Jeff Kratz welcomes the public sector audience in Ottawa, Ontario and highlights the importance of innovation and transformation for digital government.
• Understand how cloud adoption transforms an organization and the way people work
• Identify critical stakeholders of a cloud transformation
• Bring exposure to key decisions points
• Help recognize cross-organizational dependencies
• Real life customer situations and lessons learned will be addressed
ENT211_How to Assess Your Organization’s Readiness to Migrate at Scale to AWSAmazon Web Services
Migrating to the cloud provides an opportunity to reinvent your organization's operations and the management of your IT landscape. In this session, we discuss how to evaluate your organizational readiness for the cloud and how to develop foundational capabilities before the migration. We also review key considerations developed by AWS Professional Services to help organizations prepare for a migration at scale through the Migration Readiness Assessment (MRA) and Migration Readiness and Planning (MRP) programs.
Intended for customers who have (or will have) thousands of instances on AWS, this session is about reducing the complexity of managing costs for these large fleets so they run efficiently. Attendees will learn about common roadblocks that prevent large customers from cost optimizing, tools they can use to efficiently remove those roadblocks, and techniques to monitor their rate of cost optimization. The session will include a case study that will talk in detail about the millions of dollars saved using these techniques. Customers will learn about a range of templates they can use to quickly implement these techniques, and also partners who can help them implement these templates.
Understanding AWS Managed Databases and Analytic Services - AWS Innovate Otta...Amazon Web Services
• Overview of database services to elevate your applications, analytic services to engage your data, and migration services to help you reach database freedom.
• Survey of how Canadian and other organizations are using the cloud to make data scalable, reliable, and secure.
Jeff Kratz welcomes the public sector audience in Ottawa, Ontario and highlights the importance of innovation and transformation for digital government.
• Understand how cloud adoption transforms an organization and the way people work
• Identify critical stakeholders of a cloud transformation
• Bring exposure to key decisions points
• Help recognize cross-organizational dependencies
• Real life customer situations and lessons learned will be addressed
ENT211_How to Assess Your Organization’s Readiness to Migrate at Scale to AWSAmazon Web Services
Migrating to the cloud provides an opportunity to reinvent your organization's operations and the management of your IT landscape. In this session, we discuss how to evaluate your organizational readiness for the cloud and how to develop foundational capabilities before the migration. We also review key considerations developed by AWS Professional Services to help organizations prepare for a migration at scale through the Migration Readiness Assessment (MRA) and Migration Readiness and Planning (MRP) programs.
Intended for customers who have (or will have) thousands of instances on AWS, this session is about reducing the complexity of managing costs for these large fleets so they run efficiently. Attendees will learn about common roadblocks that prevent large customers from cost optimizing, tools they can use to efficiently remove those roadblocks, and techniques to monitor their rate of cost optimization. The session will include a case study that will talk in detail about the millions of dollars saved using these techniques. Customers will learn about a range of templates they can use to quickly implement these techniques, and also partners who can help them implement these templates.
Amazon Web Services proporciona una amplia gama de servicios que le ayudarán a crear e implementar aplicaciones de análisis de big data de forma rápida y sencilla. AWS ofrece un acceso rápido a recursos de TI económicos y flexibles, algo que permitirá escalar prácticamente cualquier aplicación de big data con rapidez, incluidos almacenamiento de datos, análisis de clics, detección de elementos fraudulentos, motores de recomendación, proceso ETL impulsado por eventos, informática sin servidor y procesamiento del Internet de las cosas.
https://aws.amazon.com/es/big-data/
This session provides a framework that can be used to build a Cloud Strategy tailor-made for your organization. The framework helps organisations consider changes from the perspective of their Business, People, Governance, Security, Platform and Operations. By taking a multi-faceted approach in the development of a Cloud Strategy, organisations can de-risk their cloud adoption program, avoid a stall, and position themselves to take advantage of the benefits of cloud that stretch beyond mere cost savings.
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneAmazon Web Services
With customers migrating workloads to AWS, we are starting to see a need for the creation of a prescribed landing zone, which uses native AWS capabilities and meets or exceeds customers' security and compliance objectives. In this session, we will describe an AWS landing zone and explain features for account structuring, user configuration, provisioning, networking and operation automation. The Migration Landing Zone solution is based on AWS native capabilities such as AWS Service Catalog, AWS Identity and Access Management, AWS Config Rules, AWS CloudTrail and AWS Lambda. We will provide an overview of AWS Service Catalog and how it be used to provide self-service infrastructure to applications users, including various options for automation. After this session you will be able to configure an AWS landing zone for successful large scale application migrations.
Speaker: Koen Biggelaar, Senior Manager, Solutions Architecture, Amazon Web Services and Mahmoud ElZayet
ENT324-Automating and Auditing Cloud Governance and Compliance in Multi-Accou...Amazon Web Services
In this session, we explore multi-account considerations for compliance and auditing. We include topics such as API call prefiltering, a repeatable approach to SCP and IAM policy creation, internal separation of duty and need to know, compliance scope ring-fencing, scope of impact limitation, and mandatory access control. We review approaches for log and event analytics and log record lifecycle management (including redaction where necessary) and alerting. We also discuss how you can deploy compliance assessment tools in multi-account environments and how you can interpret these tools' output so it makes sense. Finally, no set of detailed multi-account sessions is complete without discussing tools for visualization.
Operating and Managing Hybrid Cloud on AWSTom Laszewski
Operating in a hybrid architecture is a necessary component of an enterprise cloud adoption journey. Security, provisioning, change management, and monitoring are all key aspects of managing any hybrid cloud environment. This session will cover the AWS Services, open source tools, and AWS partners that can provide enterprises with a secure, well-governed, performant, reliable, and well-operated hybrid cloud environment. Infrastructure and application continuous delivery and improvement solutions, along with best practices to automate hybrid cloud provisioning and operations activities will be covered.
Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring Tom Laszewski
How do I provision infrastructure and applications, manage systems, and operate and monitor a Hybrid Cloud on AWS is one of the first questions I get from enterprise customers as they start their cloud adoption journey. This presentations covers the tools, technologies, and AWS Services that can be used to manage, operate, and monitor a hybrid cloud. It also covers CI/CD in a hybrid cloud environment.
Cloud adoption requires that fundamental changes are considered across the entire organization, and that stakeholders across all organizational units are engaged in these changes. This session will introduce participants to the AWS Cloud Adoption Framework (AWS CAF) to help organizations take an accelerated path to successful cloud adoption. Participants will be exposed to consideration, guidance, and best practices that can be used to help their organizations develop an efficient and effective plan to realize measurable business benefits from cloud adoption faster and with less risk.
AWS FSI Symposium 2017 NYC - Moving at the Speed of Serverless ft BroadridgeAmazon Web Services
AWS’ suite of serverless technology has enabled enterprises in Financial Services to move quickly from conception to reality. By leveraging AWS, you can run code without provisioning or managing servers—and you only pay for what you use. In this session, we will walk through how we worked with Broadridge to take their Experience Manager application from design to deployment and provide details around how numerous AWS services were leveraged, including Cognito, Lambda, S3, DynamoDB, and SES. We will also dive into how the use of serverless technology can enable developers to move quickly, while improving security postures, minimizing management, and simplifying operations.
This session discusses aspects of AWS' own organisational and operational practices for embedding security into highly-scaled service provision, and covers tools for monitoring actions at an AWS asset level and automating responses to them, as well as robustly preventing various undesirable activities from occurring and enforcing multi-eyes rules for security-sensitive operations. We also touch briefly on the importance of building automated security checking into your CI/CD pipelines, where to do so, and how AWS CI/CD tools can be used to integrate security testing and rollback to safe states.
AWS Speaker: Dave Walker, Specialist Solutions Architect, Security and Compliance - Amazon Web Services
Customer Speaker: Timothy Stranex, CTO - Luno
Amazon Web Services proporciona una amplia gama de servicios que le ayudarán a crear e implementar aplicaciones de análisis de big data de forma rápida y sencilla. AWS ofrece un acceso rápido a recursos de TI económicos y flexibles, algo que permitirá escalar prácticamente cualquier aplicación de big data con rapidez, incluidos almacenamiento de datos, análisis de clics, detección de elementos fraudulentos, motores de recomendación, proceso ETL impulsado por eventos, informática sin servidor y procesamiento del Internet de las cosas.
https://aws.amazon.com/es/big-data/
This session provides a framework that can be used to build a Cloud Strategy tailor-made for your organization. The framework helps organisations consider changes from the perspective of their Business, People, Governance, Security, Platform and Operations. By taking a multi-faceted approach in the development of a Cloud Strategy, organisations can de-risk their cloud adoption program, avoid a stall, and position themselves to take advantage of the benefits of cloud that stretch beyond mere cost savings.
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneAmazon Web Services
With customers migrating workloads to AWS, we are starting to see a need for the creation of a prescribed landing zone, which uses native AWS capabilities and meets or exceeds customers' security and compliance objectives. In this session, we will describe an AWS landing zone and explain features for account structuring, user configuration, provisioning, networking and operation automation. The Migration Landing Zone solution is based on AWS native capabilities such as AWS Service Catalog, AWS Identity and Access Management, AWS Config Rules, AWS CloudTrail and AWS Lambda. We will provide an overview of AWS Service Catalog and how it be used to provide self-service infrastructure to applications users, including various options for automation. After this session you will be able to configure an AWS landing zone for successful large scale application migrations.
Speaker: Koen Biggelaar, Senior Manager, Solutions Architecture, Amazon Web Services and Mahmoud ElZayet
ENT324-Automating and Auditing Cloud Governance and Compliance in Multi-Accou...Amazon Web Services
In this session, we explore multi-account considerations for compliance and auditing. We include topics such as API call prefiltering, a repeatable approach to SCP and IAM policy creation, internal separation of duty and need to know, compliance scope ring-fencing, scope of impact limitation, and mandatory access control. We review approaches for log and event analytics and log record lifecycle management (including redaction where necessary) and alerting. We also discuss how you can deploy compliance assessment tools in multi-account environments and how you can interpret these tools' output so it makes sense. Finally, no set of detailed multi-account sessions is complete without discussing tools for visualization.
Operating and Managing Hybrid Cloud on AWSTom Laszewski
Operating in a hybrid architecture is a necessary component of an enterprise cloud adoption journey. Security, provisioning, change management, and monitoring are all key aspects of managing any hybrid cloud environment. This session will cover the AWS Services, open source tools, and AWS partners that can provide enterprises with a secure, well-governed, performant, reliable, and well-operated hybrid cloud environment. Infrastructure and application continuous delivery and improvement solutions, along with best practices to automate hybrid cloud provisioning and operations activities will be covered.
Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring Tom Laszewski
How do I provision infrastructure and applications, manage systems, and operate and monitor a Hybrid Cloud on AWS is one of the first questions I get from enterprise customers as they start their cloud adoption journey. This presentations covers the tools, technologies, and AWS Services that can be used to manage, operate, and monitor a hybrid cloud. It also covers CI/CD in a hybrid cloud environment.
Cloud adoption requires that fundamental changes are considered across the entire organization, and that stakeholders across all organizational units are engaged in these changes. This session will introduce participants to the AWS Cloud Adoption Framework (AWS CAF) to help organizations take an accelerated path to successful cloud adoption. Participants will be exposed to consideration, guidance, and best practices that can be used to help their organizations develop an efficient and effective plan to realize measurable business benefits from cloud adoption faster and with less risk.
AWS FSI Symposium 2017 NYC - Moving at the Speed of Serverless ft BroadridgeAmazon Web Services
AWS’ suite of serverless technology has enabled enterprises in Financial Services to move quickly from conception to reality. By leveraging AWS, you can run code without provisioning or managing servers—and you only pay for what you use. In this session, we will walk through how we worked with Broadridge to take their Experience Manager application from design to deployment and provide details around how numerous AWS services were leveraged, including Cognito, Lambda, S3, DynamoDB, and SES. We will also dive into how the use of serverless technology can enable developers to move quickly, while improving security postures, minimizing management, and simplifying operations.
This session discusses aspects of AWS' own organisational and operational practices for embedding security into highly-scaled service provision, and covers tools for monitoring actions at an AWS asset level and automating responses to them, as well as robustly preventing various undesirable activities from occurring and enforcing multi-eyes rules for security-sensitive operations. We also touch briefly on the importance of building automated security checking into your CI/CD pipelines, where to do so, and how AWS CI/CD tools can be used to integrate security testing and rollback to safe states.
AWS Speaker: Dave Walker, Specialist Solutions Architect, Security and Compliance - Amazon Web Services
Customer Speaker: Timothy Stranex, CTO - Luno
Whether you’re just beginning to explore cloud computing or adopting it at enterprise-scale, it is important to build security into your architecture. But where do you begin? This requires a thorough understanding of your shared security responsibilities as well as familiarity with the tools available to address these issues.
La seguridad en la nube de AWS es la mayor prioridad. Como cliente de AWS, se beneficiará de una arquitectura de red y un centro de datos diseñados para satisfacer los requisitos de seguridad de las organizaciones más exigentes.
Una ventaja de la nube de AWS es que permite a los clientes escalar e innovar al mismo tiempo que garantizan la seguridad del entorno. Los clientes solo pagan por los servicios que usan, es decir, que puede gozar de la seguridad que necesite sin tener que realizar pagos iniciales y a un costo inferior que el de un entorno on-premise.
https://aws.amazon.com/es/security/
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...Amazon Web Services
Healthcare organizations are rapidly adopting container technology to drive innovation. In this session, join Horizon Blue Cross Blue Shield of New Jersey and ClearDATA to learn about how to integrate Amazon ECS into your deployment pipeline while maintaining compliance for healthcare workloads, how to harden container environments for sensitive workloads, and how to leverage AWS tooling and microservices to provide new views and analysis for data stored in on-premises data centers.
Data protection is the highest priority for any organisation, so we answer common questions about GDPR, data residency, freedom of information, and privacy. We also address security-related compliance, risk management strategies, and best practices for securing data on AWS.
Segurança é uma das principais características da nuvem da AWS. Nesta apresentação, analisamos o modelo de segurança compartilhada da AWS, e os serviços usados para implementar este modelo.
Top 10 AWS Security and Compliance best practicesAhmad Khan
Learn how to secure your AWS from Hacks, and Misconfigurations. These 10 controls will lock down for all compliance regulations like HIPAA, PCI, FISMA, NIST and so on.
by Bill Reid, Leader, North American Solutions Architects
Security and Compliance Specialists AWS
Join us for four days of security and compliance sessions and hands-on labs led by our AWS security pros during AWS Security Week at the San Francisco Loft. Join us for all four days, or pick just the days that are most relevant to you. We'll open on Monday with Security 101 day, followed by sessions Tuesday on Identity and Access Management, our popular Threat Detection and Remediation day Wednesday will feature an updated GuardDuty lab, and we'll end Thursday with Incident Response sessions, labs, and a talk by Netflix on their new open source IR tool. This week will also feature Dome9 as a sponsor, and you can hear them speak and present a hands-on workshop Monday during Security 101 day.
Customers using AWS benefit from over 1,800 security and compliance controls built into the AWS platform and operations. In this session, you will learn how to take advantage of the advanced security features of the AWS platform to gain the visibility, agility, and control needed to be more secure in the cloud than in legacy environments. We'll take a look at several reference architectures for common workloads and highlight the innovative ways customers are using AWS to manage security more efficiently. After attending this session, you will be familiar with the shared security responsibility model and how you can inherit controls from the rich compliance and accreditation programs maintained by AWS.
by Brad Dispensa, Sr.SA–Security and Compliance
At AWS, security is job zero and we have architected our infrastructure for the most data-sensitive organizations in the world. In this session, we will cover our Shared Responsibility Model in relation to Security and our Compliance Program, and what that means for our customers when using our suite of storage services.
La sicurezza nel cloud, per AWS, è una priorità. I clienti che scelgono di utilizzare i servizi AWS traggono vantaggio da un'architettura di data center e di rete progettata per soddisfare i requisiti delle organizzazioni più esigenti a livello di sicurezza.Durante questa sessione vedremo quali sono gli strumenti che AWS mette a disposizione dei propri clienti per rendere le proprie applicazioni e i propri dati sicuri.
In this webinar, you'll learn how to create security workspaces for multiple teams through your AWS account. Discover how IAM works and find out how it integrates with AWS services. In addition, learn how AWS Config rules and AWS Cloud Trial can help you identify and rectify misconfiguration issues quickly and effectively.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops.
Speaker: Bill Reid - Sr Mgr, Solutions Architecture, AWS
AWS Security, Identity, & Compliance - An Overview: AWS Security Week at the San Francisco Loft
Presenter: William Reid, CISM, FIP
Head of Security and Compliance Solution Architecture, AWS
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
6. Security At AWS Is Our #1 Priority
Familiar Security
Model
Security measures are
validated and driven by
security experts across our
customer base
Superset of security
controls that benefit all
customers
PEOPLE & PROCESS
SYSTEM
NETWORK
PHYSICAL
7. Improving Security With The Cloud
“From a physical and logical security standpoint, I
believe that, if done right, public cloud computing is
as or more secure than self-hosting.”
– Steve Randich, EVP and CIO, Financial Industry Regulatory Authority, USA
FINRA now deploying multiple Hadoop-based and Redshift-based
analytics apps core to their regulatory mission
• Multi-petabyte clusters growing by terabytes per day
• Core apps in full production since January 2015
• Half way through a 2 year plan to go “all in” to the AWS cloud
8. Secure Cloud Architecture
Municipal Property Assessment Corporation
• Responsible for providing valuations for more
than 5 million properties
• Moved from its traditional IT architecture to
AWS, to be more responsive and agile in
serving its customers
• Runs its core property valuation engine on AWS
• Leveraging Amazon Virtual Private Cloud (VPC)
as part of its security architecture
9. AWS Shared Responsibility Model
DatabaseStorageCompute Networking
Edge
Locations
Regions
Avail. Zones
AWS Global
Infrastructure
Customers are
responsible for
security ‘in’ the Cloud
AWS is responsible for
security ‘of’ the Cloud
Customer Content
Platform, Applications,
Identity & Access Management
Operating System, Network &
Firewall Configuration
Client-side Data
Encryption & Data
Integrity
Authentication
Server-side Encryption
(Filesystem and/or
Data)
Network Traffic
Protection (Encryption /
Integrity / Identity)
10. AWS Security Training
AWS Security Fundamentals
Free 3 hour online course
Security Operations on AWS
Instructor-led 3 day class
Details at aws.amazon.com/training
11. AWS Security Whitepapers
Introduction to AWS Security
AWS Security Best Practices
AWS Security Checklist
Introduction to AWS Security Processes
Overview of AWS Security - Storage Services
Overview of AWS Security - Database Services
Overview of AWS Security - Compute Services
Overview of AWS Security - Application Services
Overview of AWS Security - Analytics, Mobile and Application Services
Overview of AWS Security - Network Services
Security at Scale: Logging in AWS
Security at Scale: Governance in AWS
... and more…
Details at aws.amazon.com/security/security-resources/
12. AWS CIS Benchmarks
AWS has partnered with the Center for Internet Security to create two consensus-based, best-practice
security configuration guides which will align to multiple security frameworks globally
https://www.cisecurity.org/
The Benchmarks are:
• Recommended technical control
rules/values for hardening operating
systems, middleware, software applications,
and network devices
• Distributed free of charge by CIS in .PDF
format
• Used by thousands of enterprises as the
basis for security configuration policies and
the de facto standard for IT configuration
best practices
15. AWS Artifact – Compliance Reports
Provides customers with an easier process to obtain certain AWS
compliance reports (SOC, PCI, ISO) with self-service, on-demand
access via the console
AWS Artifact
16. Security is a Shared Responsibility
Facilities
Physical security
Compute infrastructure
Storage infrastructure
Network infrastructure
Virtualization layer (EC2)
Hardened service endpoints
Rich IAM capabilities
Network configuration
Security groups
OS firewalls
Operating systems
Applications
Proper service configuration
Authentication management
Authorization policies
+ =
Customer
More secure and
compliant systems
than any one entity
could achieve on its
own at scale
17. Trusted Advisor
• Best practice and
recommendation engine
• Proactive guidance
• Helping customers reduce
spend
• Giving customers insight into
running more secure, highly
available environments
• 4 main categories
19. AWS Identity & Access Management
IAM Users IAM Groups IAM Roles IAM Policies
20. AWS Organizations
Control AWS service
use across accounts
Policy-based management for multiple AWS accounts
Consolidate billing
and usage reporting
Automate
account creation
22. AWS CloudTrail –
Cloud Usage Audit Logging
Users are
constantly
making API
calls...
On a growing set of
AWS services
around the world…
AWS CloudTrail
is continuously
recording and
logging the API
calls…
Who made the request?
What was requested?
When and from where?
What was the response?
23. Amazon CloudWatch –
Monitoring Service
• Provides visibility and metrics into every aspect
of your AWS environment
• Metrics are automatically actionable and can call
notifications, set alarms, run code, etc.
Metrics include
• EC2 Instances (CPU usage, networking, etc.)
• RDS instances (connections, CPU, etc.)
• ELB metrics (healthy backends, network, etc.)
• Support for custom metrics
25. Virtual Private Cloud (VPC)
/16
Availability Zone A Availability Zone B
Public Subnet Public Subnet
/22 /221019 IPs 1019 IPs
Private Subnet with Outbound NAT Private Subnet with Outbound NAT
/20 /204091 IPs 4091 IPs
Private Subnet Private Subnet
/20 /204091 IPs 4091 IPs
26. Example Architecture
AWS Region (Canada – Montreal)
10.10.0.0/16
Availability Zone A Availability Zone B
Web Subnet A 10.10.1.0/24
Database Subnet A 10.10.5.0/24
Web Subnet B 10.10.2.0/24
Database Subnet B 10.10.6.0/24
Web Tier Security Group
Database Tier Security Group
Web
Server
Web
Server
Web
Server
Web
Server
ELB
Internet Gateway (IGW)
Web Tier Auto Scaling Group
App Subnet A 10.10.3.0/24 App Subnet B 10.10.4.0/24
App Tier Security Group
App
Server
App
Server
App
Server
App
Server
App Tier Auto Scaling Group
Synchronous Replication
ELB
28. VPC Flow Logs – See All Your Traffic
• Agentless
• Enable per network interface, per subnet, or per VPC
• Logged to AWS CloudWatch Logs
• Create CloudWatch metrics from log data, and alarm on those metrics
Source IP
Destination IP
Source Port
Destination Port
Interface Protocol
Packets
Bytes
Start Time Accept
or
Reject
Account ID
End Time
31. It’s Always YOUR Data!
• Customers choose where to place their data
• Customers can encrypt data using native AWS tools
and/or 3rd party solutions
• AWS regions are geographically isolated by design
• Data is not replicated to other AWS regions and does not
move
• Customers own their data, the ability to encrypt it, move it,
and delete it
32. Data Encryption in AWS
Encryption In Transit
SSL/TLS
VPN / IPSEC
SSH
Encryption At Rest
Object
Database
Filesystem
Disk
33. We Use Keys to Encrypt / Decrypt Data
Unencrypted
Data
+ {
AES
DES
RC4
Blowfish
} + = Encrypted
Data
+ {
AES
DES
RC4
Blowfish
} + =
ENCRYPTION
ALGORITHM
ENCRYPTION
ALGORITHM
Encrypted
Data
Unencrypted
Data
34. Key Management Options in AWS
There are different options based on complexity, performance, cost,
integration, operations, and compliance requirements
Do It
Yourself
AWS Marketplace
Partner Solutions
AWS Key
Management Service
(KMS)
AWS CloudHSM
http://smallbusiness.com/wp-
content/uploads/2014/04/lego-worker.jpg
Represents a sample of AWS Marketplace Key Management Partner Solutions.
Further details available here: https://aws.amazon.com/marketplace/
35. Other AWS Security Services
AWS Shield
Managed DDoS protection
AWS Web Application Firewall
(WAF)
A web application firewall that helps
protect web applications from common
web exploits
Amazon Macie
Machine learning powered security service
to discover, classify, and protect sensitive
data
Amazon Inspector
Automated security assessment service that
helps improve the security and compliance
of applications deployed on AWS
36. AWS Marketplace:
One-Stop Shop For Security Tools
Infrastructure
Security
Logging &
Monitoring
Identity & Access
Control
Configuration &
Vulnerability Analysis
Data Protection
38. AWS Config & Config Rules
AWS Config AWS Config Rules
• Resource inventory and configuration
history
• Records configuration changes
continuously
• Time-series view of resource changes
• Archive and compare
• Configuration change notifications to
enable security and governance
• Powerful configuration rule system
• Define custom rules that can look
for desirable or undesirable
conditions
• Enforce best practices using
automated compliance checks
• Trigger additional alerts or workflow
39. AWS Config Partners
Represents a sample of AWS Config Partners, part of the AWS Service Delivery Program.
Further details available here: https://aws.amazon.com/config/partners/
40. AWS Service Catalog
Portfolios of
IT Approved
Products
Resource
Launch
Product
Permissions
Constraints
End-User
Self-Service Portal
Administration Interface
Users / Groups
Portfolios CloudFormation
Templates
Tags
ConstraintsAccounts
AWS
Service Catalog
End-Users
42. AWS CloudFormation –
Infrastructure as Code
Template StackAWS
CloudFormation
• Orchestrate changes across AWS
Services
• Use as foundation to Service
Catalog products
• Use with source code repositories
to manage infrastructure changes
• JSON-based text file
describing infrastructure
• Group of resources
created from a template
• Can be updated
• Updates can be
restricted
43. Security By Design
Infrastructure as code – automate deployment, provisioning, and
configurations of AWS cloud environments
CloudFormation Service CatalogStack
Templates
Instances AppsResources
Stack
Stack
Design Package
Products Portfolios
DeployConstrain
Identity & Access
Management
Set Permissions
46. EC2
Your catalog of
approved templates
Your custom
template specs
Your custom
running template
Hardening
Audit and logging
Vulnerability management
Malware and HIPS
Whitelisting and integrity
User administration
Operating system
• Configure and harden EC2 instances to your own specs
• Use host-based protection software
• Manage administrative users
• Enforce separation of duties & least privilege
• Connect to your existing services, e.g. SIEM, patching
• The immutable infrastructure pattern
Enforce Consistent Security On Servers
Base OS
image
47. Evolving the Practice of Security Architecture
Security architecture as a separate function can no longer exist
Static position papers,
architecture diagrams, risk
assessments & documents
UI-dependent consoles and
technologies
Auditing, assurance, and
compliance are decoupled,
separate processes
Current Security
Architecture
Practice
48. Evolving the Practice of Security Architecture
Security architecture can now be part of the “maker” team
Architecture artifacts
(design choices, narrative,
etc.) committed to common
repositories
Complete solutions
account for automation
Solution architectures are
living audit/compliance
artifacts and evidence in a
closed loop
Evolved Security
Architecture
Practice
AWS
CodeCommit
AWS
CodePipeline
Jenkins