devops for business transformation at ellucian
TRANSCRIPT
REĀN Cloud:
Disaster Recovery Using DevOps on AWS
REANCloud.com
Location: US (Herndon, Philadelphia, Los
Angeles), India (Udaipur, Hyderabad), Israel (Tel
Aviv)
2
REĀN Organization Profile
Established: 2013
Presence: USA, Israel and India
Number of Employees: 150+
AWS Certifications: 80+ (including 8 Professional Certifications)
Management team consisting of executives formerly from Fortune 500 Enterprises - AWS, Amdocs, Booz Allen Hamilton, Capgemini, PWC and Merck with deep AWS cloud computing experience
AWS Competencies IncludeMigration Competency
Life Sciences
DevOps
Managed Services
24x7 follow the sun model with offices around the world with continuous operations in multiple time zones - EST, PST, and IST
REAN AWS Certifications
4
REĀN Capabilities
REAN Capabilities
Consulting Services
AWS Managed
Cloud Solutions
AWS Managed
Cloud Services
AWS Test Drive
5
REĀN Enterprise Service OfferingREAN ENTERPRISE CLOUD MANGEMENT (ECM) PORTFOLIO
RE
AN
SE
RV
ICE
S
MIGRATION
NATIVE AWS
APPLICATION
DEVELOPMENT
BILLING AS
a SERVICE
BU
SIN
ES
S
CO
NS
UL
TIN
G
CLOUD OPERATIONS STRATEGY
CLOUD ARCHITECTURE DEVOPS STRATEGY
ROI & BUSINESS CASE JUSTIFICATION SECURITY & RISK ASSESSMENTCLOUD
ADOPTION
STRATEGY
GOVERNANCE & COMPLIANCEACCOUNT MANAGEMENT
DR & BUSINESS
CONTINUITY
PLANNING (BCP)
SECURE
INFRASTRUCTU
RE SETUP
INF
RA
SE
RV
ICE
S
AWS INFRASTRUCTURE HYBRID ON-PREM INFRASTRUCTURE
MANAGED
CLOUD
SERVICES
DEVOPS (CD
|CI)
IMPLEMENTATI
ON
6
Application Deployment
Automation on AWS
Account
•Dev Environment
•Test Environment
•Staging Environment
•Production Environment
Identity/Access
•Server Admin
•Storage Admin
•Network Admin
•Machine (API)
•CloudTrail (Audit)
Network
•Subnets
•Route Tables
•DNS
•Access Control List
•Gateways
Application
•Load Balancer
•Web Server
•Application Server
•Database Server
7
Scope of Offering
DEVSECOPS – CICD AUTOMATION
ComplianceHIPAA, PCI, FedRAMP
Assessment Remediation
Operations Monitoring Patching Backup Logging
Application Setup Configuration DB Migration
Automated Infrastructure
Build/ValidationIAM VPC
EnvironmentsDev, Test,
Prod
SE
CU
RIT
Y
IDS
, IP
S, W
AF
, A
D,
EN
CR
YP
TIO
N
Disaster Recovery
10
Proposed Scope of Work High Availability and Disaster Recovery on AWS
Lift & Shift using Cloud Endure
Runbook/DevOps based Deployment
11
Elastic Load
Balancer
CloudWatchAuto Scaling
Server icons courtesy of http://creativecommons.org/licenses/by-nd/3.0/.
Latency
Utilization
Metrics
Architecture –Scale Up and Down On-
Demand
12
Auto Scale
Amazon S3
US WEST
Amazon S3
Network IO EBS
Snapshot
EBS
Snapshot
EC2
Network IO
EBS
Snapshot
EC2
Ephemeral
US EAST
Availability Zone - A Availability Zone - BLoad Balancer
Source: Amazon Web Services
Architecture - High Reliability
13
Migration – Lift & Shift (CloudEndure)
14
Migration – Runbook/Devops2
DNS Changes
15
Cross Account Deployment
REĀN Security Differentiator
17
Responsibility & Compliance Model
18 Source: Amazon Web Services VPC Architecture
Datacenter
Amazon Web ServicesSecure VPN Connection over the Internet
Subnets
AWS resources
Router
VPN Gateway
NAT
VPC
Internet
REĀN Virtual Private Cloud (VPC)
Architecture
19
Controls Necessary to Meet Compliance
| REAN Secure VPC Solution
20 | REAN Secure VPC Solution
Security Framework Controls
21
REAN OS/Application Controls + AWS IaaS GSS Controls
+ Customer Operations and Management = Compliance
| REAN Custom Application
Security and Compliance Benefits
AWS Account & Users
23
End User 4
End User 3
Consolid
ate
d B
illin
gId
entity
& A
ccess M
anag
em
ent
End User 1
End User 2
End User 5
Linked Account
Department 1
End User 3
End User 1
End User 2
End User 3
End User 2
End User 1
End User 4
End User 3
End User 1
End User 2
End User 4
Linked Account
Department 4
Linked Account
Department 2
Linked Account
Department 3
University Paying Account
End User Group
Use IAM for Access Control
24
• Users and Groups within Accounts
• Unique security credentials
–Access keys
–Login/Password
–MFA device
• Policies control access to AWS APIs
• Deep integration into S3
–policies on objects and buckets
• AWS Management Console now
supports User log on
• Not for Operating Systems or
Applications
–use LDAP, Active Directory, ADFS,
etc...
AWS IAM Fine Grained Identity Controls
25
User Management
REĀN Billing Services
27
REĀN Enterprise Billing
Capabilities
Billing as a Service RI Recommendation Engine
Customer/Account Provisioning and
ManagementAPI Integration
Enterprise Billing Solution
28
Multilayer flow through Provisioning
Accounts
Product | Service Groups
Divisions | Regions
Enterprise University
School #1
Dept #1
Account#1 Account#2
Dept #2
School#2
Dept #3
Account#3.1 Account#3.2
29
REĀN Enterprise Billing Solution (EBS)
Key Features
Simplify Billing and Chargebacks
• Track actual usage charges across every AWS product
• Generate bills and invoices in AWS format
• Package your own subscription-based services
• Define how usage and charges are billed through the use of SKUs and bundle in third-party services
Track Individual and Aggregate Usage
• Intuitive dashboards
• Customizable reports
• Multi-tier visibility of usage and accurate cost
• View aggregated usage across all resellers, customers, and accounts
• Organize and track costs and profitability
• Access granular usage details
Customer Provisioning
• Optimize the process of creating new AWS accounts
• Streamline process of provisioning new cloud accounts
• Integrate new accounts with consolidated bill
• Reduce costs of operations related to cloud
• Allow reseller or customer to grow on-demand
• Simplifies billing as resellers/customers onboard or grow
30
Billing Analytics vs Transactions
Billing Analytics
• Trend reporting
• Spend by project or server
• Recommendations for
opportunities to save money (e.g.
Reserved Instance
recommendations)
• Analysis of utilization vs. expense
Billing Transactions
• A verifiable transaction log of all
charges;
• 100% accuracy and audit-ability;
• The ability to lock/compare
historical billing against changes;
• Ensuring all charges are accurate
for each individual customer at
their agreed upon rates and level
of services;
• Seamless handling of additional
charges including support;
• True visibility to where charges
belong for all organizations and
customersAWS Detailed Consolidated Bill
ReconciledInvoiced to
Customer
3rd Party
Analytics/Dashb
oard
Dashboards
Thank You