The document provides best practices for cloud computing around performance/uptime, cost reduction, and security maximization. It discusses improving performance through scaling out servers rather than up, reducing costs by adjusting server capacity to match usage levels, and maximizing security by focusing on people, processes, partners, and hosting environment controls. The presentation was given by Jamie Kephalas on behalf of Chris Drake to discuss findings and applications for various environments.

1. Cloud Computing: Best Practices
Performance / Uptime / Cost / Security
Presented by:
Jamie Kephalas
Support Engineer
Cloud Computing: Best Practices

2. Jamie Kephalas
Support Engineer
(on behalf of Chris Drake- CEO)
Chris is a guest writer for:
revolutionblog.com
Cloud Computing: Best Practices

3. DISCLAIMER
DISCLAIMER
This is not a
Sales Pitch
Learn from our findings and
apply to your environment.
Cloud Computing: Best Practices

4. OVERVIEW
Overview
• Improve Performance / Uptime
• Reduce Costs
• Maximize Security
Assumptions
• You’re On The Cloud Already
• Second Generation Cloud Architecture (Blade/SAN)
• LAMP Stack (Linux, Apache, MySQL, PHP)
Cloud Computing: Best Practices

5. IMPROVE PERFORMANCE / UPTIME
IMPROVE PERFORMANCE / UPTIME
Stop thinking like Dedicated Hosting
Scale OUT and Then UP
Cloud Computing: Best Practices

6. IMPROVE PERFORMANCE / UPTIME
Smarter Not Harder
Role Based Environment
VS.
(~Same Price)
1x 24GB Server 6x 1GB Servers
HOW DID THAT HAPPEN? +200% (3x)
Performance Gains
App Stack Efficiency
Processor Cores
Storage Connectivity (IOPS) – Input/Output Operations Per Second
Caching Advantages
Cloud Computing: Best Practices

7. IMPROVE PERFORMANCE / UPTIME
Direct Fibre Internet EdgeCast CDN Direct Fibre Internet
Providers (US/EUROPE/APAC) Providers
DDoS VPN VPN DDoS
Edge Network (10 Gbps) Mitigation Connection Connection Mitigation
Perimeter Firewalls Web Application Firewalls Perimeter Firewalls
(Active/Active) (Ports 80/443 Protection) (Active/Active)
Public Network (10 Gbps)
Load Balancer
Single Point of Failure
Web Pool
DB Slave DB Master
Single Point of Failure
N-IDS N-IDS
NFS/Memcache
Single Point of Failure
Storage Network (Fibre Channel)
SSD Storage Arrays SAS Storage Arrays SATA Storage Arrays
Cloud Computing: Best Practices

8. IMPROVE PERFORMANCE / UPTIME
Direct Fibre Internet EdgeCast CDN Direct Fibre Internet
Providers (US/EUROPE/APAC) Providers
DDoS VPN VPN DDoS
Edge Network (10 Gbps) Mitigation Connection Connection Mitigation
Perimeter Firewalls Web Application Firewalls Perimeter Firewalls
(Active/Active) (Ports 80/443 Protection) (Active/Active)
Public Network (10 Gbps)
Load Balancer Load Balancer
DB Slave Pool Web Pool Varnish Pool
DB Master
Single Point of Failure
N-IDS N-IDS
NFS Memcache
Single Point of Failure
Storage Network (Fibre Channel)
SSD Storage Arrays SAS Storage Arrays SATA Storage Arrays
Cloud Computing: Best Practices

9. REDUCE COSTS
REDUCE COSTS
Adjusting Your Servers Every Month?
If not, you’re probably wasting money
Cloud Computing: Best Practices

10. REDUCE COSTS
Peak Requirement
Scale Scale
Down Up
Average Usage
Peak Requirement
Scale Scale
Down Up
Average Usage
Cloud Computing: Best Practices

11. REDUCE COSTS
REDUCE COSTS
Storage Speed vs. Processors
Understand Your Storage Limitations
Cloud Computing: Best Practices

12. MAXIMIZE SECURITY
MAXIMIZE SECURITY
The Obvious Can Save Your Business
So Much You Can Do Without Spending a Dime
Cloud Computing: Best Practices

13. MAXIMIZE SECURITY
Verizon / US Secret Service
“ We have yet to see a breach involving a successful attack against
the hypervisor.
”
Attack type by percent of breaches* Attack difficulty by percent of breaches*
High None
8% 6%
17%
Targeted
37%
Low
49%
83% Medium
Opportunistic
*Verizon / Secret Service Caseload Only
Cloud Computing: Best Practices

14. MAXIMIZE SECURITY
HUMANS
The Biggest Security Vulnerability
Cloud Computing: Best Practices

15. MAXIMIZE SECURITY
Your People
to to
NEED Have NICE Have
• Background checks • Vendor certifications
• Drug screenings • Customer validation
• Access granted as needed • Quarterly security training
• Employee manual with • Everyone is a Security Officer
security included
• Out of office secure
• No tolerance culture connectivity
Cloud Computing: Best Practices

16. MAXIMIZE SECURITY
Your Processes
to to
NEED Have NICE Have
• Group granularity • Change management
• Centralized authentication • Regular Security audits
• Security documentation
• Role-based not person-based
Cloud Computing: Best Practices

17. MAXIMIZE SECURITY
Your Partners
to to
NEED Have NICE Have
• Security policy review • Development environment
• Social engineering tests • No access to production
• Isolated access with VPN • No re-outsourcing agreement
Cloud Computing: Best Practices

18. MAXIMIZE SECURITY
Your Hosting Environment
to to
NEED Have NICE Have
• Network Firewalls •Two-Factor Authentication
• Web Application Firewalls • Vulnerability Monitoring
• VPN Access • Intrusion Detection
• Anti-Virus • Log Management
• SSL Certificates • Disk Encryption
• Isolated Environments
(Web/DB – Prod/Dev)
Cloud Computing: Best Practices