AWS provides security certifications like SAS70 Type II audits and maintains physical and network security controls. It utilizes multiple availability zones, data redundancy, encryption, firewalls, and access management to isolate and protect customer data and infrastructure. The document encourages feedback to further strengthen AWS's security posture and compliance offerings.
- CloudStack is an open source cloud computing platform that was donated to the Apache Software Foundation in 2012. It provides infrastructure as a service and supports various hypervisors and physical hardware.
- CloudStack has a scalable architecture designed to support thousands of hosts and VMs across multiple availability zones. It provides rich networking and storage capabilities.
- CloudStack can support both traditional server virtualization workloads as well as "Amazon-style" workloads with software defined networks and object storage.
- The CloudStack community is growing rapidly and encourages participation through mailing lists, IRC, forums and meetup groups.
Apache CloudStack is open source software for building public, private and hybrid Infrastructure as a Service (IaaS) clouds, it allows users to provision virtual servers, storage and networking resources through a web interface and provides APIs for management and integration with other systems, and it supports various hypervisors including KVM, Xen, VMware and Oracle VM VirtualBox as well as storage systems like iSCSI, NFS and object storage.
This document summarizes Amazon Web Services' (AWS) security processes and certifications. It discusses AWS' SAS70 Type II certification, physical security measures, data backup processes, multi-factor authentication, virtual machine isolation, network security controls, and use of encryption and virtual private clouds. The document is intended to provide an overview of AWS' security practices and resources for customers.
The Lean Cloud for Startups with AWS - Architectural Best Practices & Automat...Amazon Web Services
This document provides best practices for building powerful web applications on AWS. It outlines 6 main rules:
1. Service all web requests by ensuring requests reach applications and that applications have the necessary data.
2. Service requests as fast as possible by choosing the fastest routing, offloading to services like CloudFront, caching frequently requested data, and using low latency services like DynamoDB.
3. Handle requests at any scale by vertically and horizontally scaling as needed using auto-scaling, and by provisioning for high performance using services like EBS and DynamoDB.
4. Simplify architecture with AWS services that handle "undifferentiated heavy lifting" like databases, queues, workflows, search
Delivering Secure OpenStack IaaS for SaaS ProductsCloudPassage
This document is a presentation by Andrew Hay, Chief Evangelist at CloudPassage, about delivering secure OpenStack IaaS for SaaS products. The presentation discusses OpenStack security concepts like Quantum, Keystone, and Nova. It emphasizes the importance of securing OpenStack images by disabling unnecessary services, removing unneeded packages, and restricting access. The presentation recommends using tools designed for cloud environments to provide continuous security monitoring and compliance for public, private, and hybrid clouds.
Delivering Secure OpenStack IaaS for SaaS Products - OpenStack 2012.pptxOpenStack Foundation
The document discusses how CloudPassage provides security automation for public, private, and hybrid cloud servers through features like dynamic cloud firewall automation, two-factor authentication, server vulnerability scanning, and server security event alerting. It also covers some of the challenges of securing OpenStack images and infrastructure given the multitenant and dynamic nature of cloud deployments which limits the effectiveness of traditional network-based security approaches alone. Securing the images themselves is important to fully protect cloud servers and endpoints.
Cloud Computing With Amazon Web Services, Part 4: Reliable Messaging With SQSwhite paper
SQS is a scalable and reliable messaging service from Amazon Web Services that allows applications to exchange text messages through message queues. Key features of SQS include reliability through redundant storage, simplicity through multiple programming language clients, and scalability to handle unlimited messages. Developers must account for the eventual consistency model, lack of ordering guarantees, and potential for duplicate message processing.
- CloudStack is an open source cloud computing platform that was donated to the Apache Software Foundation in 2012. It provides infrastructure as a service and supports various hypervisors and physical hardware.
- CloudStack has a scalable architecture designed to support thousands of hosts and VMs across multiple availability zones. It provides rich networking and storage capabilities.
- CloudStack can support both traditional server virtualization workloads as well as "Amazon-style" workloads with software defined networks and object storage.
- The CloudStack community is growing rapidly and encourages participation through mailing lists, IRC, forums and meetup groups.
Apache CloudStack is open source software for building public, private and hybrid Infrastructure as a Service (IaaS) clouds, it allows users to provision virtual servers, storage and networking resources through a web interface and provides APIs for management and integration with other systems, and it supports various hypervisors including KVM, Xen, VMware and Oracle VM VirtualBox as well as storage systems like iSCSI, NFS and object storage.
This document summarizes Amazon Web Services' (AWS) security processes and certifications. It discusses AWS' SAS70 Type II certification, physical security measures, data backup processes, multi-factor authentication, virtual machine isolation, network security controls, and use of encryption and virtual private clouds. The document is intended to provide an overview of AWS' security practices and resources for customers.
The Lean Cloud for Startups with AWS - Architectural Best Practices & Automat...Amazon Web Services
This document provides best practices for building powerful web applications on AWS. It outlines 6 main rules:
1. Service all web requests by ensuring requests reach applications and that applications have the necessary data.
2. Service requests as fast as possible by choosing the fastest routing, offloading to services like CloudFront, caching frequently requested data, and using low latency services like DynamoDB.
3. Handle requests at any scale by vertically and horizontally scaling as needed using auto-scaling, and by provisioning for high performance using services like EBS and DynamoDB.
4. Simplify architecture with AWS services that handle "undifferentiated heavy lifting" like databases, queues, workflows, search
Delivering Secure OpenStack IaaS for SaaS ProductsCloudPassage
This document is a presentation by Andrew Hay, Chief Evangelist at CloudPassage, about delivering secure OpenStack IaaS for SaaS products. The presentation discusses OpenStack security concepts like Quantum, Keystone, and Nova. It emphasizes the importance of securing OpenStack images by disabling unnecessary services, removing unneeded packages, and restricting access. The presentation recommends using tools designed for cloud environments to provide continuous security monitoring and compliance for public, private, and hybrid clouds.
Delivering Secure OpenStack IaaS for SaaS Products - OpenStack 2012.pptxOpenStack Foundation
The document discusses how CloudPassage provides security automation for public, private, and hybrid cloud servers through features like dynamic cloud firewall automation, two-factor authentication, server vulnerability scanning, and server security event alerting. It also covers some of the challenges of securing OpenStack images and infrastructure given the multitenant and dynamic nature of cloud deployments which limits the effectiveness of traditional network-based security approaches alone. Securing the images themselves is important to fully protect cloud servers and endpoints.
Cloud Computing With Amazon Web Services, Part 4: Reliable Messaging With SQSwhite paper
SQS is a scalable and reliable messaging service from Amazon Web Services that allows applications to exchange text messages through message queues. Key features of SQS include reliability through redundant storage, simplicity through multiple programming language clients, and scalability to handle unlimited messages. Developers must account for the eventual consistency model, lack of ordering guarantees, and potential for duplicate message processing.
Best Practices for Deploying Microsoft Workloads on AWSZlatan Dzinic
This document provides best practices for deploying Microsoft workloads on AWS. It discusses identity management best practices including AWS IAM, server identity management, and federation. It also covers deploying SQL Server for high availability and disaster recovery. Additional sections discuss deploying Exchange, SharePoint, and other Microsoft server products on AWS, as well as developer best practices and DevOps automation. The document concludes with information on licensing options for Microsoft software on AWS.
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...Amazon Web Services
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) cloud where you can launch AWS resources in a virtual data center that you define. In this session you learn how to leverage the VPC networking constructs to configure a highly available and secure virtual data center on AWS for your application. We cover best practices around choosing an IP range for your VPC, creating subnets, configuring routing, securing your VPC, establishing VPN connectivity, and much more. The session culminates in creating a highly available web application stack inside of VPC and testing its availability with Chaos Monkey.
Generated REST Gateways for Mobile ApplicationsWolfgang Frank
The document discusses generating REST gateways for mobile applications. It introduces arconsis IT-Solutions GmbH, who develops agile and lean software using JBoss middleware and focuses on mobile solutions. The presentation aims to show how a domain-specific language approach can simplify creating RESTful mobile apps that integrate with enterprise systems in a simple, fast, and multi-platform way. It demonstrates using a DSL to generate a REST gateway on JBoss AS along with mobile app code and proxies to connect an example mobile app to a backend system.
The document provides an overview of AWS cloud security concepts, including the shared responsibility model and identity and access management (IAM). It discusses how AWS is responsible for security of the cloud, including physical and network security of data centers, while customers are responsible for security in the cloud, such as operating systems and applications. The document also describes IAM principles for authentication, authorization, and auditing using tools like IAM users, policies, and CloudTrail.
OpSource Cloud Hosting is the first Cloud solution to meet enterprise production application requirements for security, control, performance and ease of integration. Each OpSource Cloud user automatically receives a Virtual Private Cloud which allows them to set their preferred amount of public Internet connectivity.
Network Services provides concise summaries of key AWS networking services:
Virtual Private Cloud (VPC) allows users to define their own virtual network space within AWS. A VPC Peer connects two VPCs privately. VPC Endpoints allow private connections between VPCs and supported AWS services.
Route53 is AWS's DNS service. Direct Connect provides dedicated private connectivity between on-premises networks and AWS.
CloudFront is a content delivery network (CDN) that caches and delivers content globally via an edge network for fast performance. Configuring CloudFront involves specifying origins like S3 buckets and distributing files to edge locations worldwide.
Selecting the Best VPC Network Architecture (CPN208) | AWS re:Invent 2013Amazon Web Services
Which is better: a single VPC with multiple subnets or multiple accounts with many VPCs? Should you simplify management with a single VPC or use multiple VPCs to lessen the blast radius of network changes? In this session, we hear from customers who've implemented each approach and discuss how they addressed management, security, and connectivity for their Amazon EC2 environments.
AWS Re:Invent - High Availability Architecture at NetflixAdrian Cockcroft
Slides from my talk at AWS Re:Invent November 2012. Describes the architecture, how to make highly available application code and data stores, a taxonomy of failure modes, and actual failures and effects. Ends with a summary of @NetflixOSS projects so others can easily leverage this architecture.
AWS re:Invent 2016: Securing Container-Based Applications (CON402)Amazon Web Services
Containers have had an incredibly large adoption rate since Docker was launched, especially from the developer community, as it provides an easy way to package, ship, and run applications. Securing your container-based application is now becoming a critical issue as applications move from development into production. In this session, you learn ways to implement storing secrets, distributing AWS privileges using IAM roles, protecting your container-based applications with vulnerability scans of container images, and incorporating automated checks into your continuous delivery workflow.
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)Amazon Web Services
As more customers adopt Amazon VPC architectures, the features and flexibility of the service are squaring off against evolving design requirements. This session follows this evolution of a single regional VPC into a multi-VPC, multi-region design with diverse connectivity into on-premises systems and infrastructure. Along the way, we investigate creative customer solutions for scaling and securing outbound VPC traffic, securing private access to Amazon S3, managing multi-tenant VPCs, integrating existing customer networks through AWS Direct Connect, and building a full VPC mesh network across global regions.
PP slides for a presentation for the Queensland SQL Server User Group that covered application candidates/use cases, SQL performance considerations including road tests of new SQL 2014 performance features on AWS EC2 instances, security, HA/DR and licensing.
Keith Wymbs, CMO at AWS Elemental's presentation to the Video Processing & Delivery track at the Media & Entertainment Cloud Symposium on November 4, 2016
AWS Webcast - Implementing Windows and SQL Server for High Availability on AWS Amazon Web Services
This webinar is on high availability features for Microsoft Windows Server and SQL Server running on the AWS Cloud. Windows Server Failover Clustering (WSFC) and SQL AlwaysOn Availability Groups are part of the underpinnings for many enterprise-class solutions, including Microsoft SharePoint and .NET applications.
Blue Medora IBM Tivoli Monitoring (ITM) Agents for Amazon EC2 and S3 OverviewBlue Medora
The document discusses Blue Medora's ITM agents for monitoring Amazon EC2 and S3 resources. It provides an overview of Blue Medora's product portfolio including 8 recently released IBM Tivoli Monitoring agents and 4 agents currently under development. The agents for EC2 and S3 expand in-depth ITM monitoring to critical cloud resources and provide monitoring of Amazon AWS infrastructure through auto-discovery of instances and storage buckets along with performance and event monitoring.
CloudFest Denver Windows Azure Design PatternsDavid Pallmann
This document outlines various design patterns for building applications on the Windows Azure platform, including patterns for compute, storage, databases, communication, security, and networking, providing examples of how to implement roles, virtual networks, content delivery networks, and other patterns within the Windows Azure environment.
The document describes Amazon EKS (Elastic Container Service for Kubernetes), including an overview of EKS, its architecture, features, and integration with other AWS services. Key points include: EKS manages Kubernetes control planes and nodes are launched in the customer's VPC, EKS supports networking via the AWS VPC CNI plugin, and EKS provides security and access management using IAM roles and policies.
Shailendra seeks a job in a growing company where he can contribute to the growth of the organization. He has a B.Tech in computer science and over 4 years of experience in Linux system administration and AWS cloud administration. He is skilled in managing Linux servers, AWS infrastructure like EC2, S3, RDS, and monitoring tools like Nagios.
Amazon Virtual Private Cloud (VPC) allows users to define virtual networks within AWS. Users can launch AWS resources like EC2 instances into a VPC and configure the VPC's IP address range, subnets, route tables, and security settings. Security groups act as a firewall at the instance-level to control inbound and outbound traffic, while network access control lists provide an additional optional layer of firewall controls at the subnet-level.
Businesses both big and small have found a great alternative in cloud due to its variable cost and pay-as-you-go utility model of computing, allowing clear gains and flexibility over traditional capital expenditure models of IT computing infrastructure deployment. Besides the obvious economic sense that goes in cloud, platforms such as Amazon Web Services (AWS) also provide benefits of elasticity, dynamic scalability, built-in high availability and redundancy. While unprecedented market growth has been witnessed in the number of organizations embarking on cloud infrastructure, a survey also highlights that nearly 64% enterprises consider security concerns as the biggest barrier to adoption of public cloud platforms like AWS. Cloud adoption has reached a point where enterprises are turning to public cloud services like AWS for their tier 1 applications and critical customer data. However, there's a need for better security solutions for enterprise-class cloud infrastructure. This webinar explains Cyberoam's comprehensive security for AWS cloud and discusses opportunities for partners.
Best Practices for Deploying Microsoft Workloads on AWSZlatan Dzinic
This document provides best practices for deploying Microsoft workloads on AWS. It discusses identity management best practices including AWS IAM, server identity management, and federation. It also covers deploying SQL Server for high availability and disaster recovery. Additional sections discuss deploying Exchange, SharePoint, and other Microsoft server products on AWS, as well as developer best practices and DevOps automation. The document concludes with information on licensing options for Microsoft software on AWS.
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...Amazon Web Services
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) cloud where you can launch AWS resources in a virtual data center that you define. In this session you learn how to leverage the VPC networking constructs to configure a highly available and secure virtual data center on AWS for your application. We cover best practices around choosing an IP range for your VPC, creating subnets, configuring routing, securing your VPC, establishing VPN connectivity, and much more. The session culminates in creating a highly available web application stack inside of VPC and testing its availability with Chaos Monkey.
Generated REST Gateways for Mobile ApplicationsWolfgang Frank
The document discusses generating REST gateways for mobile applications. It introduces arconsis IT-Solutions GmbH, who develops agile and lean software using JBoss middleware and focuses on mobile solutions. The presentation aims to show how a domain-specific language approach can simplify creating RESTful mobile apps that integrate with enterprise systems in a simple, fast, and multi-platform way. It demonstrates using a DSL to generate a REST gateway on JBoss AS along with mobile app code and proxies to connect an example mobile app to a backend system.
The document provides an overview of AWS cloud security concepts, including the shared responsibility model and identity and access management (IAM). It discusses how AWS is responsible for security of the cloud, including physical and network security of data centers, while customers are responsible for security in the cloud, such as operating systems and applications. The document also describes IAM principles for authentication, authorization, and auditing using tools like IAM users, policies, and CloudTrail.
OpSource Cloud Hosting is the first Cloud solution to meet enterprise production application requirements for security, control, performance and ease of integration. Each OpSource Cloud user automatically receives a Virtual Private Cloud which allows them to set their preferred amount of public Internet connectivity.
Network Services provides concise summaries of key AWS networking services:
Virtual Private Cloud (VPC) allows users to define their own virtual network space within AWS. A VPC Peer connects two VPCs privately. VPC Endpoints allow private connections between VPCs and supported AWS services.
Route53 is AWS's DNS service. Direct Connect provides dedicated private connectivity between on-premises networks and AWS.
CloudFront is a content delivery network (CDN) that caches and delivers content globally via an edge network for fast performance. Configuring CloudFront involves specifying origins like S3 buckets and distributing files to edge locations worldwide.
Selecting the Best VPC Network Architecture (CPN208) | AWS re:Invent 2013Amazon Web Services
Which is better: a single VPC with multiple subnets or multiple accounts with many VPCs? Should you simplify management with a single VPC or use multiple VPCs to lessen the blast radius of network changes? In this session, we hear from customers who've implemented each approach and discuss how they addressed management, security, and connectivity for their Amazon EC2 environments.
AWS Re:Invent - High Availability Architecture at NetflixAdrian Cockcroft
Slides from my talk at AWS Re:Invent November 2012. Describes the architecture, how to make highly available application code and data stores, a taxonomy of failure modes, and actual failures and effects. Ends with a summary of @NetflixOSS projects so others can easily leverage this architecture.
AWS re:Invent 2016: Securing Container-Based Applications (CON402)Amazon Web Services
Containers have had an incredibly large adoption rate since Docker was launched, especially from the developer community, as it provides an easy way to package, ship, and run applications. Securing your container-based application is now becoming a critical issue as applications move from development into production. In this session, you learn ways to implement storing secrets, distributing AWS privileges using IAM roles, protecting your container-based applications with vulnerability scans of container images, and incorporating automated checks into your continuous delivery workflow.
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)Amazon Web Services
As more customers adopt Amazon VPC architectures, the features and flexibility of the service are squaring off against evolving design requirements. This session follows this evolution of a single regional VPC into a multi-VPC, multi-region design with diverse connectivity into on-premises systems and infrastructure. Along the way, we investigate creative customer solutions for scaling and securing outbound VPC traffic, securing private access to Amazon S3, managing multi-tenant VPCs, integrating existing customer networks through AWS Direct Connect, and building a full VPC mesh network across global regions.
PP slides for a presentation for the Queensland SQL Server User Group that covered application candidates/use cases, SQL performance considerations including road tests of new SQL 2014 performance features on AWS EC2 instances, security, HA/DR and licensing.
Keith Wymbs, CMO at AWS Elemental's presentation to the Video Processing & Delivery track at the Media & Entertainment Cloud Symposium on November 4, 2016
AWS Webcast - Implementing Windows and SQL Server for High Availability on AWS Amazon Web Services
This webinar is on high availability features for Microsoft Windows Server and SQL Server running on the AWS Cloud. Windows Server Failover Clustering (WSFC) and SQL AlwaysOn Availability Groups are part of the underpinnings for many enterprise-class solutions, including Microsoft SharePoint and .NET applications.
Blue Medora IBM Tivoli Monitoring (ITM) Agents for Amazon EC2 and S3 OverviewBlue Medora
The document discusses Blue Medora's ITM agents for monitoring Amazon EC2 and S3 resources. It provides an overview of Blue Medora's product portfolio including 8 recently released IBM Tivoli Monitoring agents and 4 agents currently under development. The agents for EC2 and S3 expand in-depth ITM monitoring to critical cloud resources and provide monitoring of Amazon AWS infrastructure through auto-discovery of instances and storage buckets along with performance and event monitoring.
CloudFest Denver Windows Azure Design PatternsDavid Pallmann
This document outlines various design patterns for building applications on the Windows Azure platform, including patterns for compute, storage, databases, communication, security, and networking, providing examples of how to implement roles, virtual networks, content delivery networks, and other patterns within the Windows Azure environment.
The document describes Amazon EKS (Elastic Container Service for Kubernetes), including an overview of EKS, its architecture, features, and integration with other AWS services. Key points include: EKS manages Kubernetes control planes and nodes are launched in the customer's VPC, EKS supports networking via the AWS VPC CNI plugin, and EKS provides security and access management using IAM roles and policies.
Shailendra seeks a job in a growing company where he can contribute to the growth of the organization. He has a B.Tech in computer science and over 4 years of experience in Linux system administration and AWS cloud administration. He is skilled in managing Linux servers, AWS infrastructure like EC2, S3, RDS, and monitoring tools like Nagios.
Amazon Virtual Private Cloud (VPC) allows users to define virtual networks within AWS. Users can launch AWS resources like EC2 instances into a VPC and configure the VPC's IP address range, subnets, route tables, and security settings. Security groups act as a firewall at the instance-level to control inbound and outbound traffic, while network access control lists provide an additional optional layer of firewall controls at the subnet-level.
Businesses both big and small have found a great alternative in cloud due to its variable cost and pay-as-you-go utility model of computing, allowing clear gains and flexibility over traditional capital expenditure models of IT computing infrastructure deployment. Besides the obvious economic sense that goes in cloud, platforms such as Amazon Web Services (AWS) also provide benefits of elasticity, dynamic scalability, built-in high availability and redundancy. While unprecedented market growth has been witnessed in the number of organizations embarking on cloud infrastructure, a survey also highlights that nearly 64% enterprises consider security concerns as the biggest barrier to adoption of public cloud platforms like AWS. Cloud adoption has reached a point where enterprises are turning to public cloud services like AWS for their tier 1 applications and critical customer data. However, there's a need for better security solutions for enterprise-class cloud infrastructure. This webinar explains Cyberoam's comprehensive security for AWS cloud and discusses opportunities for partners.
The 2014 AWS Enterprise Summit - Understanding AWS SecurityAmazon Web Services
AWS provides comprehensive security capabilities to support workloads on its cloud platform. It emphasizes that security is a shared responsibility between AWS and customers, with AWS responsible for security of the cloud and customers responsible for security in the cloud. AWS offers more visibility into environments, auditability of actions, and control over identity and access than customers can achieve on their own through services like CloudTrail, IAM, and encryption options. Customers can choose the right level of security for their needs.
Corpus Christi-Rebecca Ryan Presentation March 10, 2011Rebecca Ryan
Yee-Howdy! On Thursday, March 10, current and emerging leaders in Corpus Christi met, and Rebecca Ryan issued some perspective on how to make Corpus a place people are proud to call "home." These are the slides. Please share and give attribution: "Copyright Next Generation Consulting, 2011, All Rights Reserved." You can also email Rebecca: rr@nextgenerationconsulting.com or follow her on Twitter: ngcRebecca
April 12-How To Renegotiate Work So You Can Get a LifeRebecca Ryan
Thanks to The Network for hosting me today. Here are slides from my breakout, “How to renegotiate work so you can get a life.”
Enjoy!
Rebecca Ryan
Twitter: ngcrebecca
Email: rr@nextgenerationconsulting.com
Rebecca Ryan - Wisconsin Governor's Conference - 5 TrendsRebecca Ryan
The document discusses 5 trends: 1) The Great Unraveling involving societal crisis around 2005. 2) The graying and browning of America as minorities drive population growth making the US majority-minority. 3) The economic benefits of large cities according to Kleiber's Law where resource needs increase sublinearly with population. 4) The talent dividend where areas with more college graduates have higher incomes. 5) Emerging technologies and their adoption, like two-and-a-half year olds using iPads. The document examines these trends and their implications.
This document discusses how Amazon Web Services (AWS) provides high-performance computing (HPC) capabilities through elastic cloud computing resources. It describes AWS computing instances like EC2 that provide configurable compute capacity and GPU-accelerated instances. The document also outlines how users can get started with HPC on AWS through a simple 4-step process and notes the ecosystem of independent software vendors supporting HPC workloads on AWS.
1) The Jet Propulsion Laboratory (JPL) is transitioning from understanding cloud computing to actively working in and partnering using cloud technologies.
2) Early prototypes at JPL have shown benefits like reducing processing times from weeks to hours and allowing more scientists worldwide to access Mars rover data.
3) Moving forward, JPL will advance concepts like Cloud Readiness Levels and Cloud Oriented Architectures, transition more applications to an operational cloud model, and continue prototyping new use cases to maximize the benefits of cloud computing.
Cornell Food Executives - Rebecca Ryan PresentationRebecca Ryan
The document discusses leading multi-generational teams and keeping top talent. It describes the four main generations currently in the workforce - Silents, Baby Boomers, Gen X, and Millennials. Each generation views the world differently. The presentation provides a framework for intentionally designing teams that Millennials love by focusing on trust, management, work-life balance, development, rewards, and connection. It also discusses what traits like long-term planning, feedback, and advancement opportunities younger employees desire from their jobs. The turnover costs of losing employees is estimated to be $35,000 per person.
April 7 Kenosha Rebecca Ryan PresentationRebecca Ryan
Thank you, KABA, for inviting me to speak today at your annual meeting. These are the slides I used; please use and share with proper attribution: “Copyright 2011, Next Generation Consulting, All Rights Reserved.” If you’d like to stay in touch, here are a few ways to do it:
>> Twitter: ngcRebecca, or nextgenconsult
>> Email: rr@nextgenerationconsulting.com
>> Phone: 888-922-9596 ext. 702
April 7 Kaba Rebecca Ryan PresentationRebecca Ryan
KABA, thank you for inviting me to speak at your annual meeting! Here are my slides for your use and review. Please reach out if you have any follow up Qs or ideas.
Rebecca Ryan
rr@nextgenerationconsulting.com
888.922.9596 ext. 702
April 19 Rebecca Ryan WA & OR MGMA MeetingRebecca Ryan
In this presentation, leaders and managers learn five skills of great managers and 6 dimensions of great practices. Please use with proper attribution.
- Rebecca Ryan
rr@nextgenerationconsulting.com
The document introduces the Federal Register 2.0, a new XML-based web edition of the daily Federal Register. It builds on existing digital systems like FDsys and uses structured XML data to create an improved online experience organized like a web newspaper. Key features include news sections on broad topics, agency home pages, clean layouts, crowdsourced content, and tools for public participation like commenting directly from relevant documents. The goal is to make the Federal Register more open, useful and engaging for 21st century rulemaking.
Engaging Millennials as Organ Donors June 13 2011Rebecca Ryan
Rebecca Ryan gave this presentation on June 13, 2011 to Donate Life America. In it, she shares four techniques to increase the number of MIllennials who are registered organ donors. She uses Millennial research plus behavioral economics to shape her recommendations. You can reach Rebecca: rr@nextgenerationconsulting.com.
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...Amazon Web Services
The cloud is not an 'All or Nothing' approach with regards to replacing workloads inside your datacenter. Enterprises with existing datacenters can easily extend their Infrastructure into the cloud to seamlessly leverage the benefits of cloud while using the same set of controls familiar to their business. However availability and security still remain among the top two concerns for CIOs when deciding on cloud adoption for their organization.
Amazon Web Services has infrastructure across multiple geographical Regions spanning five continents, with multiple Availability Zones in each Region along with a set of global edge locations. Building a similar infrastructure for high availability with your traditional datacenter would be non-trivial and cost prohibitive. Join this session to understand how you can achieve high availability across geographies, deploy your applications close to your users, control where your data is located, achieve low latency, and migrate your applications around the world in a cost-effective and easy manner using AWS services. You will also learn how AWS builds services in accordance with security best practices, provides appropriate security features in those services, has achieved industry standard certifications, and other third-party attestations. In addition, in line with the shared security model on the cloud, AWS customers must leverage on security features and best practices to architect an appropriately secure application environment. Enabling customers to ensure the confidentiality, integrity, and availability of their data is of the utmost importance to AWS, as is maintaining trust and confidence.
AWS Summit 2011: Overview of Security and Compliance in the cloudAmazon Web Services
The document provides an overview of Amazon Web Services security and compliance certifications. It discusses key security concepts like the shared responsibility model, identity and access management, multi-factor authentication, and data backups. It also summarizes certifications including SAS70 Type II audit, ISO 27001, PCI DSS Level 1, and FedRAMP.
RightScale Conference Santa Clara 2011: Cloud security is a critical topic for everyone who uses Amazon Web Services (AWS). Join Miles Ward, Ecosystem Solution Architect of Amazon Web Services, as he shares best practices in building a secure solution on top of Amazon Web Services. Topics discussed will include the physical, procedural and logical controls implemented by AWS to assure security in the cloud, as well as the security certifications attained by AWS.
This document provides an overview of application security best practices on AWS. It discusses how security is a shared responsibility between AWS and the customer. AWS is responsible for security of the cloud infrastructure, while customers are responsible for security in their own systems like operating systems, applications, network configurations, and identity management. The document then provides recommendations for securing applications deployed on AWS, such as using security groups, encryption, monitoring tools, and log management strategies.
This document discusses using AWS for disaster recovery. It outlines several disaster recovery scenarios that can be implemented on AWS, including backup and restore, pilot light, low-capacity standby, and multi-site hot standby. For each scenario, it describes the advantages, preparation needed, and objectives for recovery time and point objectives. It emphasizes testing disaster recovery plans on AWS and notes that initial steps are simple. The presentation encourages attendees to learn more about AWS disaster recovery resources and consider using AWS for a disaster recovery project.
- AWS provides security certifications and accreditations like SOC 1 Type II, ISO 27001, PCI DSS Level 1 to assure customers of the security of their infrastructure and services.
- AWS shares responsibility for security with customers - AWS is responsible for security of the cloud infrastructure while customers are responsible for security in the cloud.
- AWS uses physical and network security measures like controlled data centers, firewalls, and encryption to protect servers, storage, and data.
- AWS provides security certifications and accreditations like SOC 1 Type II, ISO 27001, PCI DSS Level 1 to assure customers of the security of their infrastructure and services.
- AWS shares responsibility for security with customers - AWS is responsible for security of the cloud infrastructure while customers are responsible for security in the cloud.
- AWS uses physical and network security measures like controlled data centers, firewalls, and encryption to protect servers, storage, and data.
Security and Privacy in the AWS Cloud, Steve Schmidt, CIS Officer, AWSAmazon Web Services
AWS provides several security certifications and accreditations for its infrastructure including SOC 1 Type II, ISO 27001, PCI DSS Level 1, and FISMA. It utilizes a shared responsibility model where AWS manages security of the cloud infrastructure and the customer manages security in their virtual private cloud, operating systems, applications, and network configurations. AWS regions provide physically isolated and geographically separated availability zones for applications and data.
Security and Privacy in the Cloud - Stephen Schmidt - AWS Summit 2012 AustraliaAmazon Web Services
Stephen Schmidt, Vice President and Chief Information Security Officer at AWS, discussed security and privacy in the cloud. He provided an overview of AWS's security model including certifications, physical security of data centers, network security controls, and the shared responsibility model between AWS and customers. Schmidt also discussed virtual private clouds and deployment models that provide logical and physical isolation of customer workloads and data.
AWS Security Overview - AWS CISO Steve Schmidt - AWS Summit 2012 - NYCAmazon Web Services
AWS provides several layers of security and compliance certifications for its cloud services. It utilizes physical access controls, network security controls, and identity and access management. AWS shares responsibility for security with its customers, with AWS focusing on security of the cloud infrastructure and customers being responsible for security controls within their account, such as guest operating systems, firewalls, and network configurations. AWS offers multiple deployment models with varying levels of isolation, including commercial cloud services, VPC, and GovCloud to meet different regulatory and compliance needs.
Smartronix - Building Secure Applications on the AWS CloudAmazon Web Services
Smartronix specializes in cybersecurity, infrastructure services, and application development. They are an AWS partner and have over 50 AWS specialists. They have experience migrating large government websites to AWS, including Treasury.gov and Recovery.gov. When building applications on AWS, security is a shared responsibility between AWS and the customer. AWS is responsible for security of the cloud infrastructure, while customers are responsible for security in their operating systems, applications, network configuration and more. Smartronix can help customers implement security best practices and leverage AWS security features.
APN Partner Webinar - Security & Compliance for AWS EMEA PartnersAmazon Web Services
Learn how AWS has delivered a compliant, secure infrastructure available on-demand; how our shared security model protects mission-critical data every day; and how you can meet your own security standards using sophisticated tools and controls on AWS.
Watch a recording of this presentation here: http://youtu.be/vgRpkcepAYI
Running Microsoft SharePoint On AWS - Smartronix and AWS - WebinarAmazon Web Services
Miles Ward, Solution Architect, AWS
Robert Groat, Chief Technology Officer, Smartronix
discuss how you can run microsoft Enterprise Applications like SharePoint on AWS Cloud, Architecture. Recovery.gov
This document discusses the benefits of cloud computing on Amazon Web Services (AWS). Key benefits include no upfront capital expenses, low costs by only paying for resources used, ability to easily scale infrastructure up and down, and improved agility and time to market for deploying new services. AWS offers global infrastructure across multiple regions and availability zones for high availability. Security is a shared responsibility between AWS and customers. AWS provides several foundational services for compute, storage, database, and networking resources that customers can use to build applications.
This document provides an introduction to cloud computing with Amazon Web Services (AWS). It discusses how AWS started by externalizing Amazon's early IT services in 2006 and launched their first services like SQS, S3, and EC2 beta. It describes AWS's mission to enable businesses and developers to build scalable applications using their web services. Key aspects of AWS that are highlighted include its utility computing model with on-demand, uniform pricing and pay-as-you-go availability. The document also shows how AWS provides elastic capacity to dynamically scale from one compute instance to thousands to meet variable or predictable usage peaks. It provides a demo of DynamoDB's ability to provision high performance with 150,000 I/Os per second.
MED303 Addressing Security in Media Workflows - AWS re: Invent 2012Amazon Web Services
Are your media assets secure? For media companies, security is paramount. Few things can more directly impact your company’s bottom line. As the move to store, process and distribute digital media via the cloud continues, it is imperative to examine the relevant security implications of a multi-tenant public cloud environment. This talk is intended to answer questions around securely storing, processing, distributing and archiving digital media assets on the AWS environment. AWS also enables customers to achieve compliance with the MPAA security best practices with minimal effort. Learn how AWS complies with the MPAA security best practices and how media companies can leverage that for their media workloads.
Cloud Storage Transformation – Keynote - AWS Cloud Storage for the Enterprise...Amazon Web Services
1) The document discusses transforming storage strategies using AWS services like Amazon S3, which provides scalable cloud storage.
2) It provides examples of using Amazon S3 for backup of Oracle databases and as a replacement for on-premises storage solutions like SAN, NAS, tape backup, and secondary data centers.
3) The benefits of AWS storage include significant cost reduction, reduced complexity, streamlined operations, increased innovation, and unlimited scalable capacity.
The document outlines an agenda for a CloudStack developer day, including presentations on what CloudStack is, its deployment architecture, networking features, software architecture, integration capabilities, and how to contribute to the Apache CloudStack community. The key topics will be an introduction to CloudStack, an overview of its basics and deployment architecture including networking, a discussion of its current and future software architecture, and sessions on UI customization, the API, and how to get involved in the Apache CloudStack project.
This document discusses security best practices for Amazon Web Services (AWS). It recommends removing SSH host key pairs from public Amazon Machine Images (AMIs) to prevent security risks. It also suggests configuring virtual private clouds (VPCs) to restrict outbound traffic, using smaller instance types like t1.micro that offer less resources to attackers, mounting filesystems as noexec to prevent execution of unauthorized code, and using chroot jails.
The document discusses various disaster recovery strategies using Amazon Web Services. It defines archiving, backup, and disaster recovery. It then summarizes common DR patterns using AWS, including backup and restore where backups are stored in S3 and restored on EC2 if needed, pilot light where a small environment runs in AWS for quick failover, and multi-site hot standby where a fully scaled environment runs in parallel in AWS. The document outlines the benefits and processes for each pattern.
ShareFile Enterprise allows for file sharing with anyone, syncing data across devices, and creating online file sharing spaces for virtual teams. It provides selective offline access on mobile devices and encrypts data for protection. ShareFile addresses issues with services like Dropbox by enabling workforce mobility and simple, secure data sharing between employees, teams, and external collaborators. It enhances productivity through broad device, workflow, and protocol support. ShareFile uses a high-level architecture with control planes and storage zones for managing file storage across various locations worldwide.
3. AWS S ECURITY R ESOURCES
• http://aws.amazon.com/security/
• Security Whitepaper
• Latest Version 8/24/2010
• Updated bi-annually
• Feedback is welcome
4. AWS C ERTIFICATIONS
• Shared Responsibility Model
• Sarbanes-Oxley (SOX)
• SAS70 Type II Audit
• FISMA A&A
– NIST Low Approvals to Operate
– Actively pursuing NIST Moderate
– FedRAMP
• Pursuing ISO 27001 Certification
• Customers have deployed various compliant
applications such as HIPAA (healthcare)
5. SAS70 T YPE II
• Based on the Control Objectives for
Information and related Technology
(COBIT), which is a set of established best
practices (transitioning to ISO 27001)
• Covers Access (Security), Change
Management and Operations of
Amazon EC2 and Amazon S3
• Audit conducted by an independent
accounting firm (E&Y) on a recurring basis
6. SAS70 T YPE II – C ONTROL O BJECTIVES
• Control Objective 1: Security Organization
• Control Objective 2: Amazon Employee Lifecycle
• Control Objective 3: Logical Security
• Control Objective 4: Secure Data Handling
• Control Objective 5: Physical Security
• Control Objective 6: Environmental Safeguards
• Control Objective 7: Change Management
• Control Objective 8: Data Integrity, Availability and Redundancy
• Control Objective 9: Incident Handling
7. PHYSICAL SECURITY
• Amazon has been building large-scale data centers for
many years
• Important attributes:
– Non-descript facilities
– Robust perimeter controls
– Strictly controlled physical access
– 2 or more levels of two-factor auth
• Controlled, need-based access for
AWS employees (least privilege)
• All access is logged and reviewed
8. FAULT SEPARATION AND G EOGRAPHIC
D IVERSITY
US East Region (N. VA) EU West Region (IRE)
Availability Availability
Zone A Zone B Availability Availability
Zone A Zone B
Availability Availability
Zone C Zone D
US West Region (N. CA) APAC Region (Singapore)
Availability Availability Availability
vailability Availability
Availability
Zone A Zone B Zone A
Zone A Zone BB
Zone
Amazon CloudWatch
Note: Conceptual drawing only. The number of Availability Zones may vary
9. D ATA B ACKUPS
• Data stored in Amazon S3, Amazon SimpleDB,
and Amazon EBS is stored redundantly in
multiple physical locations
• Amazon EBS redundancy remains within a single
Availability Zone
• Amazon S3 and Amazon SimpleDB replicate
customer objects across storage systems in
multiple Availability Zones to ensure durability
– Equivalent to more traditional backup solutions, but
offers much higher data availability and throughput
• Data stored on Amazon EC2 local disks must be
proactively copied to Amazon EBS or Amazon
S3 for redundancy
10. AWS M ULTI-FACTOR AUTHENTICATION
A recommended opt-in security feature of your
Amazon Web Services (AWS) account
11. AWS MFA B ENEFITS
• Helps prevent anyone with unauthorized
knowledge of your e-mail address and password
from impersonating you
• Requires a device in your physical possession to
gain access to secure pages on the AWS Portal or
to gain access to the AWS Management Console
• Adds an extra layer of protection to sensitive
information, such as your AWS access identifiers
• Extends protection to your AWS resources such as
Amazon EC2 instances and Amazon S3 data
12. IAM – AWS I DENTITY AND ACCESS MANAGEMENT
• A brand new service designed
for our entire range of users
• Multiple user identities per
AWS account
• Enhanced security
• Better control
• Integrated with other services
13. IAM – AWS I DENTITY AND ACCESS MANAGEMENT
• Create users and groups within
an AWS account
• Each user has unique security
credentials:
– Access keys
– Login/Password
– MFA device
• Put users in groups
• Create policy statements for
users or groups
• Control access to resources
• Control access to APIs
14. AMAZON EC2 S ECURITY
• Host operating system
– Individual SSH keyed logins via bastion host for AWS admins
– All accesses logged and audited
• Guest operating system
– Customer controlled at root level
– AWS admins cannot log in
– Customer-generated keypairs
• Stateful firewall
– Mandatory inbound firewall, default deny mode
• Signed API calls
– Require X.509 certificate or customer’s secret AWS key
15. AMAZON EC2 I NSTANCE ISOLATION
Customer 1 Customer 2 … Customer n
Hypervisor
Virtual Interfaces
Customer 1
Security Groups
Customer 2
Security Groups … Customer n
Security Groups
Firewall
Physical Interfaces
16. VIRTUAL MEMORY & LOCAL D ISK
Amazon EC2
Instances
Encrypted
File System Amazon EC2
Instance
Encrypted
Swap File
• Proprietary Amazon disk management prevents one Instance from
reading the disk contents of another
• Local disk storage can also be encrypted by the customer for an added
layer of security
17. N ETWORK TRAFFIC FLOW SECURITY
Inbound Traffic
Amazon EC2
Amazon Security Groups
Instances
iptables
Encrypted
File System Amazon EC2
Instance
Encrypted
Swap File
• Inbound traffic must be explicitly specified by protocol, port, and
security group
• iptables may be implemented as a completely user controlled security
layer for granular access control of discrete hosts, including other
Amazon Web Services (Amazon S3/SimpleDB, etc.)
18. MULTI- TIER S ECURITY A RCHITECTURE
AWS employs a private network with
Web Tier ssh support for secure access
between tiers and is configurable to
limit access between tiers
Application Tier
Database Tier
EBS Volume
Ports 80 and 443 only
open to the Internet
Engineering staff have ssh
access to the App Tier,
which acts as Bastion
Authorized 3rd parties can Amazon EC2
be granted ssh access to Security Group
select AWS resources, such Firewall
as the Database Tier All other Internet ports
blocked by default
19. NETWORK SECURITY
CONSIDERATIONS
• DDoS (Distributed Denial of Service):
– Standard mitigation techniques in effect
• MITM (Man in the Middle):
– All endpoints protected by SSL
– Fresh EC2 host keys generated at boot
• IP Spoofing:
– Prohibited at host OS level
• Unauthorized Port Scanning:
– Violation of AWS TOS
– Detected, stopped, and blocked
– Ineffective anyway since inbound ports
blocked by default
• Packet Sniffing:
– Promiscuous mode is ineffective
– Protection at hypervisor level
• Configuration Management:
– Configuration changes are authorized, logged, tested, approved, and
documented
Most updates are done in such a manner that they will not impact the
customer
AWS will communicate with customers, either via email, or through the AWS
Service Health Dashboard (http://status.aws.amazon.com/) when there is a
chance that their Service use may be affected.
20. N ETWORK TRAFFIC C ONFIDENTIALITY
Amazon EC2
Instances Internet Traffic
Encrypted
File System Amazon EC2
Instance Corporate
Encrypted Network
Swap File VPN
• All traffic should be cryptographically controlled
• Inbound and outbound traffic to corporate networks should be
wrapped within industry standard VPN tunnels (option to use Amazon
VPC)
21. AMAZON VPC Customer’s
isolated AWS
resources
Subnets
Router
VPN
Gateway
Amazon
Web Services
Cloud
Secure VPN
Connection over
the Internet
Customer’s
Network
22. AMAZON VPC C APABILITIES
• Create an isolated environment within AWS
• Establish subnets to control who and what can
access your resources
• Connect your isolated AWS resources and your IT
infrastructure via a VPN connection
• Launch AWS resources within the isolated network
• Use your existing security and networking
technologies to examine traffic to/from your
isolated resources
• Extend your existing security and management
policies within your IT infrastructure to your isolated
AWS resources as if they were running within your
infrastructure
23. VPC S UPPORTED D EVICES
• Any device that :
– Establishes IKE Security Association using Pre-Shared Keys
– Establishes IPsec Security Associations in Tunnel mode
– Utilizes the AES 128-bit encryption function
– Utilizes the SHA-1 hashing function
– Utilizes Diffie-Hellman Perfect Forward Secrecy in “Group
2” mode
– Establishes Border Gateway Protocol (BGP) peerings
– Binds tunnel to logical interface (route-based VPN)
– Utilize IPsec Dead Peer Detection
24. AMAZON S3 S ECURITY
• Access controls at bucket
and object level:
– Read, Write, Full
• Owner has full control
• Customer Encryption
– SSL Supported
• Durability 99.999999999%
• Availability 99.99%
• Versioning (MFA Delete)
• Detailed Access Logging
• Storage Device
Decommissioning
– DoD 5220.22-M/NIST 800-
88 to destroy data
25. YOUR INPUT IS IMPORTANT …
• Thoughts/questions about our SAS70 Type II
Audit?
• Other certifications, compliance requirements or
audits to explore?
• What risk & compliance services should AWS
consider offering natively?
• How can we further promote AWS security
posture?