JH
Uploaded byJames Huston
333 views

Smart Platform Infrastructure with AWS

James Huston's presentation at DevOps Days Charlotte discusses the evolution and importance of platform operations in ensuring reliable infrastructure and secure applications. He emphasizes the need for automation, effective monitoring, security measures, and the integration of documentation into workflows, highlighting best practices for utilizing cloud technologies and tools like Terraform. Ultimately, Huston advocates for a structured and reproducible infrastructure to empower teams and promote restful sleep for operators.

Embed presentation

Download to read offline
Smart Platform Infrastructure How we are learning to let our team sleep at night James Huston DevOPS Days Charlotte February 2017
whoami • James Huston - Director of Platform Engineering @ Red Ventures • Over the last 20 years I have been on teams that: • Tried a lot of things, some worked, some didn’t • Learned a lot of do’s and don’ts
The Team Thomas Hopkins Ryan Ruscett Alfonso Cabrera Garrett JohnsonMike Guthrie
So what do I have to share? • Sleep • Operations -vs- Platform Ops • Infrastructure (AWS) • Monitoring and Alerting • Security • Workflows • Documentation • Docker
Sleep • Our jobs are 24/7/365 • Small teams • Resource bound • To be successful, We need sleep
Operations -vs- Platform Ops • Deeper knowledge • Correct -vs- Fast • Snowflakes? • Wide breadth of knowledge • Fast turn around, or self service • Automate all the things
Platform Ops Platform enables developers to safely and consistently perform their own operations and build resilient and secure applications.
Infrastructure • Traditional Operations - Healthy Infrastructure • Linux in your datacenter • Apps on top of that • Platform Ops - Healthy Applications • AWS/Azure/Google • Managed services • Apps on top of that
Monitoring and Alerting • You are likely underestimating its importance • Integrate them from the beginning, don’t bolt them on. • Make sure your alerts go to the correct people • Don’t create alerts that you are going to ignore!
Infrastructure Layout Staging Production
Our Infrastructure
Infrastructure - Why is it Important • Take advantage of Autoscaling for scale and auto healing • Design to be secure from the start • Design with monitoring and alerting built in • Build your infrastructure in a standard, documented, reproducible way
Immutable Infrastructure • First line of debugging: remove the machine and let it get replaced • Avoid snowflakes/unicorns as much as possible • Replace for security reasons • Easy to implement (in the cloud anyhow) • Salt/Chef/Puppet - use it for initial config, don’t push changes
Program and Automate • Reproduce repeatable infrastructures • Team review of changes before they are made • Pull requests • Easy Rollback • Shareable and reusable modules • https://github.com/segmentio/stack
Terraform • Plays nice with Most of the Things • Multiple cloud providers, VMware, OpenStack • Grafana, DataDog, New Relic, PagerDuty, Logentries • MySQL, PostgreSQL • Program all the things - Except Snowflakes
Terraform -vs- CloudFormation • State • Fast • Admin Access • No State • Not so fast • AWS Service Catalog
Security - SSO • Don’t underestimate the power of the dark side OR your need to use Single Sign On (SSO) • Active Directory, LDAP, Okta for AWS/Apps • JumpCloud or LDAP for EC2 instances • Avoid tools that don’t support SSO (GitHub.com) in favor of tools that do (GitHub Enterprise)
Security • Don’t share SSH keys among your team(s). Ever. • 0.0.0.0/0 on a security group that is not a public ELB? That’s likely bad. • eg. future VPN or DirectConnect
Developer Workflows • Automation is key • Use standard tooling (Makefile, shell scripts, etc) • Bamboo -vs- Jenkins • Centralization • Provide guardrails and let teams with the expertise control their own destiny • Documentation of workflows is critically important
Documentation • README.MD - keep docs with your projects • Centralize infrastructure, CI/CD, and other core docs • Make it mandatory in governance • Set a good example!
Docker Security Info ala Jérôme Petazzoni (https://jpetazzo.github.io/) http://bit.ly/1t1DG3Q
Docker • Don’t run things as root • Update often! • For real security, run all filesystems read-only • Use small (Alpine, Debian) base images • Use only approved images • Update them often • Windows? All of the above.
Docker • KISS - Keep It Simple Stupid!
Drumroll Please The “Cloud” makes Platform Ops a reality. We can now program and automate “all the things” and we have the tools to make our infrastructure and applications maintain and heal themselves … And we get to sleep at night
411 James Huston Director of Platform Engineering @ Red Ventures james@jameshuston.net @hustonjs

More Related Content

PPTX
Blue Teaming on a Budget of Zero
byKyle Bubp
 
PPTX
Intro to Spring Boot and Spring Cloud OSS - Twin Cities Cloud Foundry Meetup
byJosh Ghiloni
 
PPTX
Webhooks with Azure Functions - Live 360 Conference
bySparkPost
 
PPTX
Deploying IIS and ASP.NET with Puppet
byPuppet
 
PPTX
Open stack jobs avoiding the axe
byJim Leitch
 
PPTX
Managing PowerShell DSC with Puppet
byPuppet
 
PDF
Principles of Chaos Engineering
byh_marvin
 
PDF
Chaos Engineering - Limiting Damage During Chaos Experiments
byNils Meder
 
Blue Teaming on a Budget of Zero
byKyle Bubp
 
Intro to Spring Boot and Spring Cloud OSS - Twin Cities Cloud Foundry Meetup
byJosh Ghiloni
 
Webhooks with Azure Functions - Live 360 Conference
bySparkPost
 
Deploying IIS and ASP.NET with Puppet
byPuppet
 
Open stack jobs avoiding the axe
byJim Leitch
 
Managing PowerShell DSC with Puppet
byPuppet
 
Principles of Chaos Engineering
byh_marvin
 
Chaos Engineering - Limiting Damage During Chaos Experiments
byNils Meder
 

What's hot

PDF
Vagrant for Effective DevOps Culture
byVaidik Kapoor
 
PDF
Hashicorp at holaluz
byRicard Clau
 
PDF
DevSecOps - Integrating Security in the Development Process (with memes) - Ma...
byMagno Logan
 
PPTX
Maksym Khamrovskyi, Kostiantyn Averin "Octopus: on the way to deployment bril...
byFwdays
 
PPTX
Security workflow with ansible
bydevanshdubey7
 
PPTX
Why AvePoint chose Azure for its Office 365 solutions
bynj-azure
 
PDF
iSense Java Summit 2017 - Microservices in action at the Dutch National Police
byBert Jan Schrijver
 
PPTX
Automatize everything
byBoris Bucha
 
PPTX
ThatConference 2016 - Highly Available Node.js
byBrad Williams
 
KEY
Migrating big data
bylauraxthomson
 
ODP
OWASP 2015 AppSec EU ZAP 2.4.0 and beyond..
bySimon Bennetts
 
PPTX
Openslava 2017 - Real appdev in the cloud on your laptop in minutes
byEric D. Schabell
 
PPTX
Cloud Provisioning: The SDKs Under the Hood
byEverett Toews
 
PPTX
2011 Continuous deployment with JBoss
byAndreas Wintersteiger
 
PPTX
Power shell v3 session1
byVladimir Márquez
 
PDF
Chat automation in a Modern IT environment
byJaap Brasser
 
PDF
Apply chat automation today - work smarter tomorrow
byJaap Brasser
 
PDF
Principles Of Chaos Engineering - Chaos Engineering Hamburg
byNils Meder
 
PPTX
Taking your first steps in the Clouds
byJosh Ghiloni
 
PDF
Devops and Immutable infrastructure - Cloud Expo 2015 NYC
byJohn Willis
 
Vagrant for Effective DevOps Culture
byVaidik Kapoor
 
Hashicorp at holaluz
byRicard Clau
 
DevSecOps - Integrating Security in the Development Process (with memes) - Ma...
byMagno Logan
 
Maksym Khamrovskyi, Kostiantyn Averin "Octopus: on the way to deployment bril...
byFwdays
 
Security workflow with ansible
bydevanshdubey7
 
Why AvePoint chose Azure for its Office 365 solutions
bynj-azure
 
iSense Java Summit 2017 - Microservices in action at the Dutch National Police
byBert Jan Schrijver
 
Automatize everything
byBoris Bucha
 
ThatConference 2016 - Highly Available Node.js
byBrad Williams
 
Migrating big data
bylauraxthomson
 
OWASP 2015 AppSec EU ZAP 2.4.0 and beyond..
bySimon Bennetts
 
Openslava 2017 - Real appdev in the cloud on your laptop in minutes
byEric D. Schabell
 
Cloud Provisioning: The SDKs Under the Hood
byEverett Toews
 
2011 Continuous deployment with JBoss
byAndreas Wintersteiger
 
Power shell v3 session1
byVladimir Márquez
 
Chat automation in a Modern IT environment
byJaap Brasser
 
Apply chat automation today - work smarter tomorrow
byJaap Brasser
 
Principles Of Chaos Engineering - Chaos Engineering Hamburg
byNils Meder
 
Taking your first steps in the Clouds
byJosh Ghiloni
 
Devops and Immutable infrastructure - Cloud Expo 2015 NYC
byJohn Willis
 

Viewers also liked

PPT
An assignment on advaita vedanta
byEugine Rosario
 
PDF
The Challenge of Technology
byChrystal Porter
 
PPT
Teaching Mindfulness
byRider University
 
PPTX
Mindful Leadership
byRider University
 
PPTX
Mindfulness Programs for Transition to Higher Education
byRider University
 
PPT
Mindfulness & Education
byRider University
 
PPTX
Technology challenge Term 1 2011
byjoshm82
 
An assignment on advaita vedanta
byEugine Rosario
 
The Challenge of Technology
byChrystal Porter
 
Teaching Mindfulness
byRider University
 
Mindful Leadership
byRider University
 
Mindfulness Programs for Transition to Higher Education
byRider University
 
Mindfulness & Education
byRider University
 
Technology challenge Term 1 2011
byjoshm82
 

Similar to Smart Platform Infrastructure with AWS

PPTX
Immutable infrastructure isn’t the answer
bySam Bashton
 
PDF
How to Build a Compute Cluster
byRamsay Key
 
PDF
DevOps Fest 2020. immutable infrastructure as code. True story.
byVlad Fedosov
 
PDF
JUST EAT: Embracing DevOps
byPeter Mounce
 
PDF
Infrastructure as code managing servers in the cloud Morris
byhabanbrino4l
 
PPTX
Introduction to DevOps on AWS
byShiva Narayanaswamy
 
PDF
Infrastructure as code managing servers in the cloud Morris
bysahfthr3687
 
PDF
Infrastructure as code managing servers in the cloud Morris 2024 scribd download
byborrosmartdf
 
PDF
Migrate and Govern Applications on Cloud Infrastructure
byManuj Bawa
 
PDF
Lessons learned from writing over 300,000 lines of infrastructure code
byYevgeniy Brikman
 
PDF
Presentation ING for ISC2 Secure Summits EMEA
byThijs Ebbers
 
PDF
Scalable Infrastructure - DevOpsDays London 2022 - Kief Morris.pdf
byKief Morris
 
PDF
Five Years of EC2 Distilled
byGrig Gheorghiu
 
PPTX
Openstack Summit Tokyo 2015 - Building a private cloud to efficiently handle ...
byPierre GRANDIN
 
PPTX
Develop, deploy, and operate services at reddit scale oscon 2018
byGregory Taylor
 
PDF
CMPE 297 Lecture: Building Infrastructure Clouds with OpenStack
byJoe Arnold
 
PPTX
Stephen Sadowski - Securely automating infrastructure in the cloud
byDevSecCon
 
PDF
Eric tucker - Eliminating "Over the Fence"
byMaritime DevCon
 
PDF
Economia AWS Journey
byStepan Burda
 
PDF
2023-09-28-AWS Las Palmas UG - Dynamic Anti-Frigile Systems.pdf
byAndrey Devyatkin
 
Immutable infrastructure isn’t the answer
bySam Bashton
 
How to Build a Compute Cluster
byRamsay Key
 
DevOps Fest 2020. immutable infrastructure as code. True story.
byVlad Fedosov
 
JUST EAT: Embracing DevOps
byPeter Mounce
 
Infrastructure as code managing servers in the cloud Morris
byhabanbrino4l
 
Introduction to DevOps on AWS
byShiva Narayanaswamy
 
Infrastructure as code managing servers in the cloud Morris
bysahfthr3687
 
Infrastructure as code managing servers in the cloud Morris 2024 scribd download
byborrosmartdf
 
Migrate and Govern Applications on Cloud Infrastructure
byManuj Bawa
 
Lessons learned from writing over 300,000 lines of infrastructure code
byYevgeniy Brikman
 
Presentation ING for ISC2 Secure Summits EMEA
byThijs Ebbers
 
Scalable Infrastructure - DevOpsDays London 2022 - Kief Morris.pdf
byKief Morris
 
Five Years of EC2 Distilled
byGrig Gheorghiu
 
Openstack Summit Tokyo 2015 - Building a private cloud to efficiently handle ...
byPierre GRANDIN
 
Develop, deploy, and operate services at reddit scale oscon 2018
byGregory Taylor
 
CMPE 297 Lecture: Building Infrastructure Clouds with OpenStack
byJoe Arnold
 
Stephen Sadowski - Securely automating infrastructure in the cloud
byDevSecCon
 
Eric tucker - Eliminating "Over the Fence"
byMaritime DevCon
 
Economia AWS Journey
byStepan Burda
 
2023-09-28-AWS Las Palmas UG - Dynamic Anti-Frigile Systems.pdf
byAndrey Devyatkin
 

Recently uploaded

PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
PDF
Agentic Automation for Testers – A Hands-On Deep Dive
byUiPathCommunity
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
December Patch Tuesday
byIvanti
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
PDF
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PPTX
The Landscape of Computer Software Development Companies
byYash Singh
 
PDF
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
PDF
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
PDF
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PPTX
Combining Induction and Transduction for Abstract Reasoning.pptx
byallen578468
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PPTX
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
PDF
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
PDF
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
PDF
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
PDF
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
Agentic Automation for Testers – A Hands-On Deep Dive
byUiPathCommunity
 
The year in review - MarvelClient in 2025
bypanagenda
 
December Patch Tuesday
byIvanti
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
The Landscape of Computer Software Development Companies
byYash Singh
 
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Combining Induction and Transduction for Abstract Reasoning.pptx
byallen578468
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 

Smart Platform Infrastructure with AWS

  • 1.
    Smart Platform Infrastructure How weare learning to let our team sleep at night James Huston DevOPS Days Charlotte February 2017
  • 2.
    whoami • James Huston- Director of Platform Engineering @ Red Ventures • Over the last 20 years I have been on teams that: • Tried a lot of things, some worked, some didn’t • Learned a lot of do’s and don’ts
  • 3.
    The Team Thomas HopkinsRyan Ruscett Alfonso Cabrera Garrett JohnsonMike Guthrie
  • 4.
    So what doI have to share? • Sleep • Operations -vs- Platform Ops • Infrastructure (AWS) • Monitoring and Alerting • Security • Workflows • Documentation • Docker
  • 5.
    Sleep • Our jobsare 24/7/365 • Small teams • Resource bound • To be successful, We need sleep
  • 6.
    Operations -vs- PlatformOps • Deeper knowledge • Correct -vs- Fast • Snowflakes? • Wide breadth of knowledge • Fast turn around, or self service • Automate all the things
  • 7.
    Platform Ops Platform enablesdevelopers to safely and consistently perform their own operations and build resilient and secure applications.
  • 8.
    Infrastructure • Traditional Operations- Healthy Infrastructure • Linux in your datacenter • Apps on top of that • Platform Ops - Healthy Applications • AWS/Azure/Google • Managed services • Apps on top of that
  • 9.
    Monitoring and Alerting •You are likely underestimating its importance • Integrate them from the beginning, don’t bolt them on. • Make sure your alerts go to the correct people • Don’t create alerts that you are going to ignore!
  • 10.
  • 11.
  • 12.
    Infrastructure - Whyis it Important • Take advantage of Autoscaling for scale and auto healing • Design to be secure from the start • Design with monitoring and alerting built in • Build your infrastructure in a standard, documented, reproducible way
  • 13.
    Immutable Infrastructure • Firstline of debugging: remove the machine and let it get replaced • Avoid snowflakes/unicorns as much as possible • Replace for security reasons • Easy to implement (in the cloud anyhow) • Salt/Chef/Puppet - use it for initial config, don’t push changes
  • 14.
    Program and Automate •Reproduce repeatable infrastructures • Team review of changes before they are made • Pull requests • Easy Rollback • Shareable and reusable modules • https://github.com/segmentio/stack
  • 15.
    Terraform • Plays nicewith Most of the Things • Multiple cloud providers, VMware, OpenStack • Grafana, DataDog, New Relic, PagerDuty, Logentries • MySQL, PostgreSQL • Program all the things - Except Snowflakes
  • 16.
    Terraform -vs- CloudFormation •State • Fast • Admin Access • No State • Not so fast • AWS Service Catalog
  • 17.
    Security - SSO •Don’t underestimate the power of the dark side OR your need to use Single Sign On (SSO) • Active Directory, LDAP, Okta for AWS/Apps • JumpCloud or LDAP for EC2 instances • Avoid tools that don’t support SSO (GitHub.com) in favor of tools that do (GitHub Enterprise)
  • 18.
    Security • Don’t shareSSH keys among your team(s). Ever. • 0.0.0.0/0 on a security group that is not a public ELB? That’s likely bad. • eg. future VPN or DirectConnect
  • 19.
    Developer Workflows • Automationis key • Use standard tooling (Makefile, shell scripts, etc) • Bamboo -vs- Jenkins • Centralization • Provide guardrails and let teams with the expertise control their own destiny • Documentation of workflows is critically important
  • 20.
    Documentation • README.MD -keep docs with your projects • Centralize infrastructure, CI/CD, and other core docs • Make it mandatory in governance • Set a good example!
  • 21.
    Docker Security Info alaJérôme Petazzoni (https://jpetazzo.github.io/) http://bit.ly/1t1DG3Q
  • 22.
    Docker • Don’t runthings as root • Update often! • For real security, run all filesystems read-only • Use small (Alpine, Debian) base images • Use only approved images • Update them often • Windows? All of the above.
  • 23.
    Docker • KISS -Keep It Simple Stupid!
  • 24.
    Drumroll Please The “Cloud”makes Platform Ops a reality. We can now program and automate “all the things” and we have the tools to make our infrastructure and applications maintain and heal themselves … And we get to sleep at night
  • 25.
    411 James Huston Director ofPlatform Engineering @ Red Ventures james@jameshuston.net @hustonjs