SlideShare a Scribd company logo

Leveraging the Cloud - Getting the Most Bang for your Buck ( presentation by Salesforce on optimizing AWS costs )

Cloudyn
Cloudyn

This presentation was given by Nate Lindstrom, Director of Network Operations at Salesforce at the Silicon Valley Cloud Computing Meetup on April 4th 2013 in Mountain View - special thanks to host Quixey, along with organizers Scalr and Cloudyn. SalesForce,

TechnologyBusiness
1 of 33
Download to read offline
Leveraging the cloud Getting the most bang for your buck
Nate Lindstrom Director of Network Operations in/nwlindstrom
salesforce desk We make it easy for you to support customers right from the browser, via email, phone, chat, web, Facebook, and Twitter We provide a hosted, cloud-based SaaS help desk platform for SMB
Cloudy Change Management Trust but verify
Process requirements Formal, documented change management ISO 27001 compliance SOX section 404 compliance Safe Harbor certification
Single file change process RFC Make SME RFC create pull reviews Close d request request d Change applied to staging ✓Effects observed Change applied to production Changes can be made rapidly and safely FIM updated Unauthorized changes reverted by the CMS or flagged by CloudPassage Halo FIM
Under the hood Chicken-and-egg problem for new instances Puppet determines role based on hostname Hostname isn’t set on new instances
How we start instances Scri pt Name=web01.desk .com Pupp web01.desk.com nginx ip-10-20-30-40.us-west-1.compute.internal et node /^webd+.desk.com$/ AMI inherits production_app { include web}
How we monitor instances web01.desk.com cron S3 Buck et
Effective monitoring Icinga is the most comprehensive open source monitoring solution available
Secret change process RFC Make SME RFC create pull reviews Close d request request d Change FIM applied to production updated “Secret” as in production secrets, like passwords
Under the hood Storing production secrets in plain text is bad Sending decryption key over same channel as encrypted data is bad
Secure repositories TechO Everyo ps ne Full Access Pull Request Only Puppet Prod Non-Prod git Credentials Credentials Repo GnuPG GnuPG
Secure distribution AMI Puppet GnuPG git git Key Repo Secrets Instance Puppet Credentials
What the cloud means to us More typing, less driving
Physical asset tracking If you came to doubt the accuracy of your CMDB, you could always fall back on a physical inventory Almost always, anyway
Virtual asset tracking When you don’t have any physical assets it’s even easier to “lose” instances “Lost” instances can silently consume big $$$
How an instance can be lost Provisioning script loses connectivity during launch Instance fails to upload existence information to S3 Provisioning CMDB Script Launches Updates S3 Instance Buck Uploads et
Minimizing lost instances Your CMDB may not see your lost instances consuming $$$, but Cloudyn does Cloudyn makes it easy to maintain an efficient and lean cloud presence
JIT capacity Let your servers order more servers
Auto Scale architecture Everything should scale horizontally
Auto Scale in action Loosely-coupled tiers provide greatest flexibility Scale up quickly, scale down slowly ELB Traffic Decreasing Traffic Increasing Web Web Web Web Web Web Web ELB App App App App App App
Auto Scaling control Scalr makes managing dynamic environments in the cloud easy and painless
Whole-unit troubleshooting Don’t sweat the small stuff
Think in clusters If one instance is having problems, replace it If many instances are having problems, dig deeper Use the 1, 2, 3 rule for determining response ELB Instanc Instanc Instanc Instanc Instanc e e e e e
Architecting for failure Build it to land gracefully
Expect failure Make use of regions and availability zones Avoid storing sessions on any one server The cloud is inherently unreliable, but your app doesn’t need to be AWS us-west-1 us-east-1 us-west-1a us-west-1b
Security awareness False security is worse than no security
Cloud isn’t private Multitenancy means the cloud is never truly private Build security in from the very beginning Apply defense in depth Internet ELB Web ELB App DB
Security groups are limited An instance’s security groups cannot ever be changed Security groups can only limit inbound (ingress) traffic Security groups cannot restrict outbound (egress) traffic
Comprehensive security CloudPassage Halo allows the implementation of comprehensive security with minimal effort
The cloud... Is not a data center Is only as secure as you make it Is very expensive if not managed well Works best with lots and lots of little servers Will occasionally fail
Thank you!

Recommended

Architecting for AWS - Carlos Conde - AWS Summit Paris
Architecting for AWS - Carlos Conde - AWS Summit ParisArchitecting for AWS - Carlos Conde - AWS Summit Paris
Architecting for AWS - Carlos Conde - AWS Summit Paris
Amazon Web Services
 
Serverless in production, an experience report
Serverless in production, an experience reportServerless in production, an experience report
Serverless in production, an experience report
Yan Cui
 
How did we get here and where are we going
How did we get here and where are we goingHow did we get here and where are we going
How did we get here and where are we going
Yan Cui
 
Security in serverless world
Security in serverless worldSecurity in serverless world
Security in serverless world
Yan Cui
 
Architecting for AWS
Architecting for AWSArchitecting for AWS
Architecting for AWSAmazon Web Services
 
Infrastructure Automation
Infrastructure Automation Infrastructure Automation
Infrastructure Automation
Groupware Technology
 
Bss
BssBss
Bss
BUSINESS SOFTWARES & SOLUTIONS
 
You wouldn't build a toast, would you?
You wouldn't build a toast, would you?You wouldn't build a toast, would you?
You wouldn't build a toast, would you?
Yan Cui
 

Recommended

Architecting for AWS - Carlos Conde - AWS Summit Paris
Architecting for AWS - Carlos Conde - AWS Summit ParisArchitecting for AWS - Carlos Conde - AWS Summit Paris
Architecting for AWS - Carlos Conde - AWS Summit Paris
Amazon Web Services
 
Serverless in production, an experience report
Serverless in production, an experience reportServerless in production, an experience report
Serverless in production, an experience report
Yan Cui
 
How did we get here and where are we going
How did we get here and where are we goingHow did we get here and where are we going
How did we get here and where are we going
Yan Cui
 
Security in serverless world
Security in serverless worldSecurity in serverless world
Security in serverless world
Yan Cui
 
Architecting for AWS
Architecting for AWSArchitecting for AWS
Architecting for AWSAmazon Web Services
 
Infrastructure Automation
Infrastructure Automation Infrastructure Automation
Infrastructure Automation
Groupware Technology
 
Bss
BssBss
Bss
BUSINESS SOFTWARES & SOLUTIONS
 
You wouldn't build a toast, would you?
You wouldn't build a toast, would you?You wouldn't build a toast, would you?
You wouldn't build a toast, would you?
Yan Cui
 
Security in serverless world
Security in serverless worldSecurity in serverless world
Security in serverless world
Yan Cui
 
How to train your Jenkins?
How to train your Jenkins?How to train your Jenkins?
How to train your Jenkins?
Manivannan Selvaraj
 
Detecting Credential Compromise in AWS (Black Hat Conference 2018)
Detecting Credential Compromise in AWS (Black Hat Conference 2018)Detecting Credential Compromise in AWS (Black Hat Conference 2018)
Detecting Credential Compromise in AWS (Black Hat Conference 2018)
Priyanka Aash
 
Debunking serverless myths
Debunking serverless mythsDebunking serverless myths
Debunking serverless myths
Yan Cui
 
Dev to Delivery with Puppet - PuppetConf 2014
Dev to Delivery with Puppet - PuppetConf 2014Dev to Delivery with Puppet - PuppetConf 2014
Dev to Delivery with Puppet - PuppetConf 2014
Puppet
 
I Am MongoDB – And So Can You!
I Am MongoDB – And So Can You!I Am MongoDB – And So Can You!
I Am MongoDB – And So Can You!
MongoDB
 
India SME ICT Adoption IAMAI Survey
India SME ICT Adoption IAMAI SurveyIndia SME ICT Adoption IAMAI Survey
India SME ICT Adoption IAMAI Survey
Arun Tyagi
 
April 2015: Salesforce Basics for the Accidental Admin
April 2015: Salesforce Basics for the Accidental AdminApril 2015: Salesforce Basics for the Accidental Admin
April 2015: Salesforce Basics for the Accidental Admin
Idealist Consulting
 
Leverage ebiz for growth of MSMEs
Leverage ebiz for growth of MSMEsLeverage ebiz for growth of MSMEs
Leverage ebiz for growth of MSMEs
Dolly Bhasin
 
Adoption stony point salesforce end user training overview
Adoption stony point salesforce end user training overviewAdoption stony point salesforce end user training overview
Adoption stony point salesforce end user training overview
Atlanta Salesforce Nonprofit User Group (ASNUG)
 
Expert Hour - Salesforce Integration Tools
Expert Hour - Salesforce Integration ToolsExpert Hour - Salesforce Integration Tools
Expert Hour - Salesforce Integration ToolsGeraldine Gray
 
Clextra sme india_it
Clextra sme india_itClextra sme india_it
Clextra sme india_it
Edgevalue
 
Salesforce presentation for it summit
Salesforce presentation for it summitSalesforce presentation for it summit
Salesforce presentation for it summitkevin_donovan
 
Introduction to salesforce
Introduction to salesforceIntroduction to salesforce
Introduction to salesforce
Hassan Maynard
 
Salesforce training workbook FINAL
Salesforce training workbook FINALSalesforce training workbook FINAL
Salesforce training workbook FINALKenny Berrouet
 
Cii Sme
Cii SmeCii Sme
Cii SmeR Jai Krishna
 
Business intelligence implementation_in_SME_in_INDIA
Business intelligence implementation_in_SME_in_INDIABusiness intelligence implementation_in_SME_in_INDIA
Business intelligence implementation_in_SME_in_INDIA
Navin Shukla
 
Salesforce Integration
Salesforce IntegrationSalesforce Integration
Salesforce Integration
Joshua Hoskins
 
SME 10-minute guide to digital transformation v1
SME 10-minute guide to digital transformation v1SME 10-minute guide to digital transformation v1
SME 10-minute guide to digital transformation v1
Bill Harpley
 
Deloitte maverick regional finals
Deloitte maverick regional finalsDeloitte maverick regional finals
Deloitte maverick regional finals
Tarun Gupta
 
How Salesforce CRM works & who should use it?
How Salesforce CRM works & who should use it?How Salesforce CRM works & who should use it?
How Salesforce CRM works & who should use it?
Suyati Technologies
 
Salesforce Presentation
Salesforce PresentationSalesforce Presentation
Salesforce Presentation
Chetna Purohit
 

More Related Content

What's hot

Security in serverless world
Security in serverless worldSecurity in serverless world
Security in serverless world
Yan Cui
 
How to train your Jenkins?
How to train your Jenkins?How to train your Jenkins?
How to train your Jenkins?
Manivannan Selvaraj
 
Detecting Credential Compromise in AWS (Black Hat Conference 2018)
Detecting Credential Compromise in AWS (Black Hat Conference 2018)Detecting Credential Compromise in AWS (Black Hat Conference 2018)
Detecting Credential Compromise in AWS (Black Hat Conference 2018)
Priyanka Aash
 
Debunking serverless myths
Debunking serverless mythsDebunking serverless myths
Debunking serverless myths
Yan Cui
 
Dev to Delivery with Puppet - PuppetConf 2014
Dev to Delivery with Puppet - PuppetConf 2014Dev to Delivery with Puppet - PuppetConf 2014
Dev to Delivery with Puppet - PuppetConf 2014
Puppet
 
I Am MongoDB – And So Can You!
I Am MongoDB – And So Can You!I Am MongoDB – And So Can You!
I Am MongoDB – And So Can You!
MongoDB
 

What's hot (6)

Security in serverless world
Security in serverless worldSecurity in serverless world
Security in serverless world
 
How to train your Jenkins?
How to train your Jenkins?How to train your Jenkins?
How to train your Jenkins?
 
Detecting Credential Compromise in AWS (Black Hat Conference 2018)
Detecting Credential Compromise in AWS (Black Hat Conference 2018)Detecting Credential Compromise in AWS (Black Hat Conference 2018)
Detecting Credential Compromise in AWS (Black Hat Conference 2018)
 
Debunking serverless myths
Debunking serverless mythsDebunking serverless myths
Debunking serverless myths
 
Dev to Delivery with Puppet - PuppetConf 2014
Dev to Delivery with Puppet - PuppetConf 2014Dev to Delivery with Puppet - PuppetConf 2014
Dev to Delivery with Puppet - PuppetConf 2014
 
I Am MongoDB – And So Can You!
I Am MongoDB – And So Can You!I Am MongoDB – And So Can You!
I Am MongoDB – And So Can You!
 

Viewers also liked

India SME ICT Adoption IAMAI Survey
India SME ICT Adoption IAMAI SurveyIndia SME ICT Adoption IAMAI Survey
India SME ICT Adoption IAMAI Survey
Arun Tyagi
 
April 2015: Salesforce Basics for the Accidental Admin
April 2015: Salesforce Basics for the Accidental AdminApril 2015: Salesforce Basics for the Accidental Admin
April 2015: Salesforce Basics for the Accidental Admin
Idealist Consulting
 
Leverage ebiz for growth of MSMEs
Leverage ebiz for growth of MSMEsLeverage ebiz for growth of MSMEs
Leverage ebiz for growth of MSMEs
Dolly Bhasin
 
Adoption stony point salesforce end user training overview
Adoption stony point salesforce end user training overviewAdoption stony point salesforce end user training overview
Adoption stony point salesforce end user training overview
Atlanta Salesforce Nonprofit User Group (ASNUG)
 
Expert Hour - Salesforce Integration Tools
Expert Hour - Salesforce Integration ToolsExpert Hour - Salesforce Integration Tools
Expert Hour - Salesforce Integration ToolsGeraldine Gray
 
Clextra sme india_it
Clextra sme india_itClextra sme india_it
Clextra sme india_it
Edgevalue
 
Salesforce presentation for it summit
Salesforce presentation for it summitSalesforce presentation for it summit
Salesforce presentation for it summitkevin_donovan
 
Introduction to salesforce
Introduction to salesforceIntroduction to salesforce
Introduction to salesforce
Hassan Maynard
 
Salesforce training workbook FINAL
Salesforce training workbook FINALSalesforce training workbook FINAL
Salesforce training workbook FINALKenny Berrouet
 
Business intelligence implementation_in_SME_in_INDIA
Business intelligence implementation_in_SME_in_INDIABusiness intelligence implementation_in_SME_in_INDIA
Business intelligence implementation_in_SME_in_INDIA
Navin Shukla
 
Salesforce Integration
Salesforce IntegrationSalesforce Integration
Salesforce Integration
Joshua Hoskins
 
SME 10-minute guide to digital transformation v1
SME 10-minute guide to digital transformation v1SME 10-minute guide to digital transformation v1
SME 10-minute guide to digital transformation v1
Bill Harpley
 
Deloitte maverick regional finals
Deloitte maverick regional finalsDeloitte maverick regional finals
Deloitte maverick regional finals
Tarun Gupta
 
How Salesforce CRM works & who should use it?
How Salesforce CRM works & who should use it?How Salesforce CRM works & who should use it?
How Salesforce CRM works & who should use it?
Suyati Technologies
 
Salesforce Presentation
Salesforce PresentationSalesforce Presentation
Salesforce Presentation
Chetna Purohit
 

Viewers also liked (16)

India SME ICT Adoption IAMAI Survey
India SME ICT Adoption IAMAI SurveyIndia SME ICT Adoption IAMAI Survey
India SME ICT Adoption IAMAI Survey
 
April 2015: Salesforce Basics for the Accidental Admin
April 2015: Salesforce Basics for the Accidental AdminApril 2015: Salesforce Basics for the Accidental Admin
April 2015: Salesforce Basics for the Accidental Admin
 
Leverage ebiz for growth of MSMEs
Leverage ebiz for growth of MSMEsLeverage ebiz for growth of MSMEs
Leverage ebiz for growth of MSMEs
 
Adoption stony point salesforce end user training overview
Adoption stony point salesforce end user training overviewAdoption stony point salesforce end user training overview
Adoption stony point salesforce end user training overview
 
Expert Hour - Salesforce Integration Tools
Expert Hour - Salesforce Integration ToolsExpert Hour - Salesforce Integration Tools
Expert Hour - Salesforce Integration Tools
 
Clextra sme india_it
Clextra sme india_itClextra sme india_it
Clextra sme india_it
 
Salesforce presentation for it summit
Salesforce presentation for it summitSalesforce presentation for it summit
Salesforce presentation for it summit
 
Introduction to salesforce
Introduction to salesforceIntroduction to salesforce
Introduction to salesforce
 
Salesforce training workbook FINAL
Salesforce training workbook FINALSalesforce training workbook FINAL
Salesforce training workbook FINAL
 
Cii Sme
Cii SmeCii Sme
Cii Sme
 
Business intelligence implementation_in_SME_in_INDIA
Business intelligence implementation_in_SME_in_INDIABusiness intelligence implementation_in_SME_in_INDIA
Business intelligence implementation_in_SME_in_INDIA
 
Salesforce Integration
Salesforce IntegrationSalesforce Integration
Salesforce Integration
 
SME 10-minute guide to digital transformation v1
SME 10-minute guide to digital transformation v1SME 10-minute guide to digital transformation v1
SME 10-minute guide to digital transformation v1
 
Deloitte maverick regional finals
Deloitte maverick regional finalsDeloitte maverick regional finals
Deloitte maverick regional finals
 
How Salesforce CRM works & who should use it?
How Salesforce CRM works & who should use it?How Salesforce CRM works & who should use it?
How Salesforce CRM works & who should use it?
 
Salesforce Presentation
Salesforce PresentationSalesforce Presentation
Salesforce Presentation
 

Similar to Leveraging the Cloud - Getting the Most Bang for your Buck ( presentation by Salesforce on optimizing AWS costs )

Leveraging the Cloud: Getting the more bang for your buck
Leveraging the Cloud: Getting the more bang for your buckLeveraging the Cloud: Getting the more bang for your buck
Leveraging the Cloud: Getting the more bang for your buck
Desk
 
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanFrom 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
EC-Council
 
Ca today here and_now_martin_vajda
Ca today here and_now_martin_vajdaCa today here and_now_martin_vajda
Ca today here and_now_martin_vajdamvajda62
 
There is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless ArchitectureThere is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless Architecture
Sonatype
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Jason Chan
 
Cloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Cloud-powered Continuous Integration and Deployment architectures - Jinesh VariaCloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Cloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Amazon Web Services
 
Apache cloud stack 4.1 new features deep dive
Apache cloud stack 4.1 new features deep diveApache cloud stack 4.1 new features deep dive
Apache cloud stack 4.1 new features deep dive
ShapeBlue
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Jason Chan
 
Cloudefigo - From zero to secure in 1 minute
Cloudefigo - From zero to secure in 1 minuteCloudefigo - From zero to secure in 1 minute
Cloudefigo - From zero to secure in 1 minute
Israel AWS User Group
 
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberDefcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Moshe Ferber
 
Continuous Integration and Deployment Best Practices on AWS
Continuous Integration and Deployment Best Practices on AWSContinuous Integration and Deployment Best Practices on AWS
Continuous Integration and Deployment Best Practices on AWS
Amazon Web Services
 
AWS & Intel: A Partnership Dedicated to Cloud Innovations
AWS & Intel: A Partnership Dedicated to Cloud InnovationsAWS & Intel: A Partnership Dedicated to Cloud Innovations
AWS & Intel: A Partnership Dedicated to Cloud Innovations
Amazon Web Services
 
Migrating Jive To The Cloud
Migrating Jive To The CloudMigrating Jive To The Cloud
Migrating Jive To The Cloud
mattjive
 
Continuous Deployment Practices, with Production, Test and Development Enviro...
Continuous Deployment Practices, with Production, Test and Development Enviro...Continuous Deployment Practices, with Production, Test and Development Enviro...
Continuous Deployment Practices, with Production, Test and Development Enviro...
Amazon Web Services
 
Devoxx France 2013 Cloud Best Practices
Devoxx France 2013 Cloud Best PracticesDevoxx France 2013 Cloud Best Practices
Devoxx France 2013 Cloud Best PracticesEric Bottard
 
Lets focus on business value
Lets focus on business valueLets focus on business value
Lets focus on business value
Einar Ingebrigtsen
 
Scaling Twilio - Evan Cooke - Twilio Conference 2011
Scaling Twilio - Evan Cooke - Twilio Conference 2011Scaling Twilio - Evan Cooke - Twilio Conference 2011
Scaling Twilio - Evan Cooke - Twilio Conference 2011
Twilio Inc
 
5 Simple Steps to Migrate to AWS – Zerto
5 Simple Steps to Migrate to AWS – Zerto 5 Simple Steps to Migrate to AWS – Zerto
5 Simple Steps to Migrate to AWS – Zerto
Amazon Web Services
 

Similar to Leveraging the Cloud - Getting the Most Bang for your Buck ( presentation by Salesforce on optimizing AWS costs ) (20)

Leveraging the Cloud: Getting the more bang for your buck
Leveraging the Cloud: Getting the more bang for your buckLeveraging the Cloud: Getting the more bang for your buck
Leveraging the Cloud: Getting the more bang for your buck
 
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanFrom 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
 
Cloud atebay
Cloud atebayCloud atebay
Cloud atebay
 
Ca today here and_now_martin_vajda
Ca today here and_now_martin_vajdaCa today here and_now_martin_vajda
Ca today here and_now_martin_vajda
 
There is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless ArchitectureThere is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless Architecture
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
 
Cloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Cloud-powered Continuous Integration and Deployment architectures - Jinesh VariaCloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Cloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
 
Apache cloud stack 4.1 new features deep dive
Apache cloud stack 4.1 new features deep diveApache cloud stack 4.1 new features deep dive
Apache cloud stack 4.1 new features deep dive
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
 
Cloudefigo - From zero to secure in 1 minute
Cloudefigo - From zero to secure in 1 minuteCloudefigo - From zero to secure in 1 minute
Cloudefigo - From zero to secure in 1 minute
 
Cloud Talk
Cloud TalkCloud Talk
Cloud Talk
 
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberDefcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
 
Continuous Integration and Deployment Best Practices on AWS
Continuous Integration and Deployment Best Practices on AWSContinuous Integration and Deployment Best Practices on AWS
Continuous Integration and Deployment Best Practices on AWS
 
AWS & Intel: A Partnership Dedicated to Cloud Innovations
AWS & Intel: A Partnership Dedicated to Cloud InnovationsAWS & Intel: A Partnership Dedicated to Cloud Innovations
AWS & Intel: A Partnership Dedicated to Cloud Innovations
 
Migrating Jive To The Cloud
Migrating Jive To The CloudMigrating Jive To The Cloud
Migrating Jive To The Cloud
 
Continuous Deployment Practices, with Production, Test and Development Enviro...
Continuous Deployment Practices, with Production, Test and Development Enviro...Continuous Deployment Practices, with Production, Test and Development Enviro...
Continuous Deployment Practices, with Production, Test and Development Enviro...
 
Devoxx France 2013 Cloud Best Practices
Devoxx France 2013 Cloud Best PracticesDevoxx France 2013 Cloud Best Practices
Devoxx France 2013 Cloud Best Practices
 
Lets focus on business value
Lets focus on business valueLets focus on business value
Lets focus on business value
 
Scaling Twilio - Evan Cooke - Twilio Conference 2011
Scaling Twilio - Evan Cooke - Twilio Conference 2011Scaling Twilio - Evan Cooke - Twilio Conference 2011
Scaling Twilio - Evan Cooke - Twilio Conference 2011
 
5 Simple Steps to Migrate to AWS – Zerto
5 Simple Steps to Migrate to AWS – Zerto 5 Simple Steps to Migrate to AWS – Zerto
5 Simple Steps to Migrate to AWS – Zerto
 

Recently uploaded

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 

Recently uploaded (20)

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 

Leveraging the Cloud - Getting the Most Bang for your Buck ( presentation by Salesforce on optimizing AWS costs )

  • 1. Leveraging the cloud Getting the most bang for your buck
  • 2. Nate Lindstrom Director of Network Operations in/nwlindstrom
  • 3. salesforce desk We make it easy for you to support customers right from the browser, via email, phone, chat, web, Facebook, and Twitter We provide a hosted, cloud-based SaaS help desk platform for SMB
  • 5. Process requirements Formal, documented change management ISO 27001 compliance SOX section 404 compliance Safe Harbor certification
  • 6. Single file change process RFC Make SME RFC create pull reviews Close d request request d Change applied to staging ✓Effects observed Change applied to production Changes can be made rapidly and safely FIM updated Unauthorized changes reverted by the CMS or flagged by CloudPassage Halo FIM
  • 7. Under the hood Chicken-and-egg problem for new instances Puppet determines role based on hostname Hostname isn’t set on new instances
  • 8. How we start instances Scri pt Name=web01.desk .com Pupp web01.desk.com nginx ip-10-20-30-40.us-west-1.compute.internal et node /^webd+.desk.com$/ AMI inherits production_app { include web}
  • 9. How we monitor instances web01.desk.com cron S3 Buck et
  • 10. Effective monitoring Icinga is the most comprehensive open source monitoring solution available
  • 11. Secret change process RFC Make SME RFC create pull reviews Close d request request d Change FIM applied to production updated “Secret” as in production secrets, like passwords
  • 12. Under the hood Storing production secrets in plain text is bad Sending decryption key over same channel as encrypted data is bad
  • 13. Secure repositories TechO Everyo ps ne Full Access Pull Request Only Puppet Prod Non-Prod git Credentials Credentials Repo GnuPG GnuPG
  • 14. Secure distribution AMI Puppet GnuPG git git Key Repo Secrets Instance Puppet Credentials
  • 15. What the cloud means to us More typing, less driving
  • 16. Physical asset tracking If you came to doubt the accuracy of your CMDB, you could always fall back on a physical inventory Almost always, anyway
  • 17. Virtual asset tracking When you don’t have any physical assets it’s even easier to “lose” instances “Lost” instances can silently consume big $$$
  • 18. How an instance can be lost Provisioning script loses connectivity during launch Instance fails to upload existence information to S3 Provisioning CMDB Script Launches Updates S3 Instance Buck Uploads et
  • 19. Minimizing lost instances Your CMDB may not see your lost instances consuming $$$, but Cloudyn does Cloudyn makes it easy to maintain an efficient and lean cloud presence
  • 20. JIT capacity Let your servers order more servers
  • 21. Auto Scale architecture Everything should scale horizontally
  • 22. Auto Scale in action Loosely-coupled tiers provide greatest flexibility Scale up quickly, scale down slowly ELB Traffic Decreasing Traffic Increasing Web Web Web Web Web Web Web ELB App App App App App App
  • 23. Auto Scaling control Scalr makes managing dynamic environments in the cloud easy and painless
  • 25. Think in clusters If one instance is having problems, replace it If many instances are having problems, dig deeper Use the 1, 2, 3 rule for determining response ELB Instanc Instanc Instanc Instanc Instanc e e e e e
  • 26. Architecting for failure Build it to land gracefully
  • 27. Expect failure Make use of regions and availability zones Avoid storing sessions on any one server The cloud is inherently unreliable, but your app doesn’t need to be AWS us-west-1 us-east-1 us-west-1a us-west-1b
  • 29. Cloud isn’t private Multitenancy means the cloud is never truly private Build security in from the very beginning Apply defense in depth Internet ELB Web ELB App DB
  • 30. Security groups are limited An instance’s security groups cannot ever be changed Security groups can only limit inbound (ingress) traffic Security groups cannot restrict outbound (egress) traffic
  • 31. Comprehensive security CloudPassage Halo allows the implementation of comprehensive security with minimal effort
  • 32. The cloud... Is not a data center Is only as secure as you make it Is very expensive if not managed well Works best with lots and lots of little servers Will occasionally fail