Contenu connexe Similaire à From the Trenches: Building Comprehensive and Secure Solutions in AWS (20) From the Trenches: Building Comprehensive and Secure Solutions in AWS1. Sean Beard
Principal Architect, Emerging Technology
Pariveda Solutions
sean.beard@parivedasolutions.com
From the Trenches: Building
Comprehensive and Secure
Solutions in AWS
2. © Pariveda Solutions. Confidential & Proprietary.2
Principal Architect, Emerging
Technology
Worked with Expedia.com,
Hotels.com, CarRentals.com,
Toyota, Mary Kay, National
Resident Matching Program, and
others to build AWS solutions and
strategies
20 years of technology leadership
with Pariveda Solutions and
Compaq/Hewlett-Packard
Sean Beard
Enterprise IT architect, technology pundit, professional hobbyist, amateur
woodworker, retired DJ, and lifelong Houston Astros fan. Entertainer to
many, and entertained by life’s mysteries.
3. © Pariveda Solutions. Confidential & Proprietary.3
Our Clients
Pariveda solves the complex problems of
clients ranging from Fortune 100 to Global
2000 to startup companies and spanning
multiple industries.
Clients partner with us for our high-caliber
combination of technology and business
problem-solving experts, our high-quality
delivery consistency and our focus on
building lifetime relationships. We have
served over 400 clients since inception.
Key Details
Our Locations
Strategy
Mobility
Cloud
Data
Portals & Collaboration
CRM
Custom Software
Enterprise Integration
User Experience
Pariveda Solutions Inc. is a leading management consulting firm delivering strategic services and
technology solutions. Our focus is simple. Start with the right people, deliver consistent value and
partner enthusiastically with our clients. We grow and deploy talented people to solve technical
and strategic challenges. We are passionate about delivering exceptional value to our clients.
Our SolutionsPariveda Overview
4. © Pariveda Solutions. Confidential & Proprietary.4
Platform selection and enterprise alignment
Assist determination of cloud platforms that best fit
application needs by evaluating current and planned
applications and workloads
Architectural approach and implementation
Emphasize architectural elements of custom solutions with
focus on scalability, flexibility, security, and longevity required
Completeness of perspective and value focus
Create impactful solutions with our clients aligned to people,
process and structure
Cloud Qualifications
AWS Case Study
Expedia Delivers Global
Deals Engine to Online
Partners
http://aws.amazon.com/solutions/case-
studies/expedia/
101 Accredited
Business
Professionals
119 Accredited
Technical
Professionals
37 Certified
Solution
Architects
(31 Associate,
6 Professional)
16 Certified
Developers
(Associate)
6 Certified
SysOps
Administrators
(Associate)
6 Certified
DevOps
Engineers
(Professional)
Big Data on
AWS,
Microsoft Apps
on AWS,
TCO and Cloud
Economics,
Value
Messaging,
Business
Development
Best Practices
serving clients
with innovative
products and
unknown /
unmet
solutions
6. © Pariveda Solutions. Confidential & Proprietary.6
Good judgment comes from experience, and a lot of
that comes from bad judgment.
-Will Rogers
Customer Mis-steps - The Wisdom of Will Rogers
7. © Pariveda Solutions. Confidential & Proprietary.7
Customer Mis-Steps – Stories from Experience
The 18 Minute
Rule
Everyone can make a
mistake, in the cloud the
speed at which those
must be corrected is
critical
Consequence of opening
a Tomcat server on
0.0.0.0/0 for travel based
ecommerce site
Safety of
Isolation
Credit Card Transaction
Processing requires
secure execution plus
regulatory compliance
through audits
Compliance in
Processing
9. Client Project Project Description Outcome
Global Deals
Engine
Expedia needed a fast and inexpensive engine to expose
the best deals in their inventory online. The deals engine
needed to retrieve and analyze a large travel inventory and
make decisions on what constituted a good deal, and it
required global reach and scalability. Pariveda leveraged
AWS to build a solution and powered the decision engine
with Elastic Search and Elastic MapReduce (Hadoop).
The GDE allows consumers to perform a “fuzzy
search,” returning the best deals that match a
loose set of criteria, and returns personalized
deals based on a user’s geographic location.
The solution has been successfully expanded
to over 20 regions worldwide
http://aws.amazon.com/solutions/case-studies/expedia/
Real-Time Data
Ingestion for
Agriculture IoT
Client needed to ingest real-time sensor data from heavy
farm equipment globally, model and enhance with data
science, and deliver downstream to power new agronomic
insights for growers. The AWS cloud powered data
transformation and storage in a data lake; key AWS
services included Kinesis, Lambda, DynamoDB, and S3
The solution provides a data ingestion platform
to enable future grower insights and new
products and services.
International
.Com Migration
CarRentals.com grew rapidly through acquisition and felt
growth pain in its datacenters, so Pariveda recommended
consolidation into one global AWS data center with robust
analytics to instrument the environment. The solution used
EC2 and ELB for core operations and Kinesis, Lambda,
DynamoDB and EMR for streaming analytics.
In three months, Pariveda moved the entire
CarRentals.com data center operation into
AWS and delivered a site serving millions of
customers across Europe and the Americas.
Cloud Data
Warehouse &
Analytics
DirecTV needed to better understand competitive market
environments at national and regional levels. Pariveda
leveraged AWS to aggregate data into an Amazon
Redshift data warehouse. Then, the team developed a
custom application leveraging D3.js to display data
nationally with ability to drill down into regions and display
more granular details at each level.
An easy-to-digest map view provided in-context
data analysis, and customer research teams
looked at relevant market factors and identified
threats to the subscriber base in a highly
competitive market.
Cloud Transformations
10. © Pariveda Solutions. Confidential & Proprietary.10
Cloud Transformations - Unleash Potential…Rapidly
Digital
Disruptors
taking Market
Share?
Focus is only
yearly on
IT Strategy?
Experiencing
Growing Pains?
Speed to Market
Vs.
Robust + Stable
Need to
Innovate
Vs.
Keep the
Lights On
Give me More
Vs.
Spending Less
Do you feel caught in the swirl of organizational priorities?
12. © Pariveda Solutions. Confidential & Proprietary.12
Maturity
Strategizing In the Cloud
Organization understands and invests in automation,
virtualization, and cloud initiatives to continually realize
benefits throughout the enterprise; scaling for demand is
highly automated with speed to market a developing skill
Automation of the “happy path” is well covered; disparate
automation “scripts” are generated to help with concrete tasks
and deployment effort is somewhat predictable. Adding
additional scale is straightforward but may take manual effort
Adaptive
Capable
Nascent
Experimenting with Cloud components to explore benefits;
build, deploy, & run of software applications is highly manual
with groups frequently doing disjointed or duplicate efforts.
Value proposition of cloud is still being defined for the business
Adhoc
Effective
Advanced handling to track and respond to potential issues
with repeatable approaches to building, deploying, and running
software applications; process tuned to evolve, scale with
changing usage patterns and has high speed to market
DevOps repeatability and automation of effort in the public
cloud is evolving; more mature cloud capabilities are still being
assessed for benefit realization and most decisions are made on
reduction of ownership costs
Note: Above Descriptions are Illustrative Examples
13. © Pariveda Solutions. Confidential & Proprietary.13
Strategizing In the Cloud - Identify Areas of Change
Cloud technology is worth investing resources in
today and has impacts beyond just technology
We’ve found organizations that learn and
implement in small projects initially for their
public cloud capabilities realize larger benefits
over time with greater success in future
Tools Assessment Framework
(Illustrative of 1 aspect)
Technology
Stack
Workload
Assessment
Org.
Capabilities
Clustering and Orchestration
Environment Management
Logging and Monitoring
Integration
Backup and Retention
Developer Tools
Cloud Capabilities
DevOps Management
Networking and Security
Assess where your organization will make changes for public cloud Network & Security
IAM for Internal
VPC for VM
Security Groups &
defined ports open
Route 53 for DNS
CloudFront for CDN
14. © Pariveda Solutions. Confidential & Proprietary.14
Strategizing In the Cloud - Understanding the Landscape
Public Cloud will let you assemble
nearly any technology type creating
high maintainability costs over time
OS & Dependency Support
Organizations are not yet equipped
to handle building, deploying, and
running cloud applications
Organizational Capabilities
The fast paced and Open Source
nature of cloud technology means
frequent change
Fast Paced New Technology
Cost / benefit of cloud tech is not
considered for all work streams, and
misapplied via initial assumptions
Work Stream Suitability
Technology Standardization
Standardize technology choices for the business in
order to deploy applications around a core OS to
optimize support costs & optimize operations
Skills Development
Budget to grow technical capabilities throughout
the organization with training and set aside
contingency effort for learning during project work
Navigating Change
Be prepared for the public cloud ecosystem to
evolve and determine the best tools as well as
processes to implement with the future in mind
Where to Get Started
Understand and prioritize across a portfolio of
applications the assets that benefit from a shift to
public cloud setting clear expectation outcomes
Pitfalls Mitigation
16. © Pariveda Solutions. Confidential & Proprietary.16
Building Solutions In the Cloud – Guiding Principles
Collaboration - It is critical
that developers, operations
and support organizations
work closely on a regular basis.
Principle of Least Privilege –
Grant only the access required
to run the system, and avoid
expanding access to manage or
monitor solution behavior.
Centralize access control.
Application Design -
Review the application
source code, identify
potential attack surface
points and optimize to
minimize attack surface
area.
Zones - Establish separate
zones to meet compliance
requirements such as PCI, PII,
HIPAA, etc.
Continuous Monitoring – It
is important to adopt a
holistic approach towards
monitoring, which includes
business metrics, cloud
services, application,
database, connectivity,
threats and vulnerabilities
within the overall
infrastructure.
Automation – Automate as
much as possible, including
security and compliance
requirements, and minimize
human process & access.
Agile Methods –
Manage infrastructure
operations as a
software development
process. Execute short
cycles with feedback
loops, and be open to
refactoring based on
feedback.
17. © Pariveda Solutions. Confidential & Proprietary.17
Building Solutions In the Cloud - A Holistic Approach To Solution
Development
Assess
Production workload inventory
Workload readiness scorecard
Organizational capabilities assessment
Custom & COTS hosting assessment
Vendor and cloud roadmap overview
Strategize Plan Execute
Narrow potential workload migration candidates
Proof of Concept & Tool analysis
Organizational Readiness
Define team structure based on capabilities
Vendor lock-in considerations
Assess Modernization opportunities
Prioritize workload migration
Final tool selections
Scope and deliverables
Create timelines & obtain approvals
Define training plan
Continue to update workload inventory
Environment setup
Execute plan – delivery & documentation
Improve organizational capabilities
Deployment & warranty period
Project handoff
Simplify implementation with a holistic approach to solution development
No one partner is a subject matter expert in all aspects of the Public Cloud
Through a network of strong partners with specific subject matter expertise
we combine others strengths with our expertise to bring best-in-class service
18. © Pariveda Solutions. Confidential & Proprietary.18
Building Solutions In the Cloud - Pariveda Solutions Cloud
Offerings
Cloud-Enabled Web
Applications
E-Commerce @ Scale
Connected Devices /
Internet of Things
APIs & Mobile Backend-
as-a-Service
Integrated Enterprise
Solutions
Real-Time Data Ingestion
Data Management &
Transformation
Business Intelligence
Predictive Analytics
Data Strategy & Governance
Cloud Application Delivery Big Data Solutions
Cloud Strategy &
Justification
Adoption Readiness
Assessment
Organizational
Transformation &
Governance
Platform Selection &
Implementation Roadmap
Workload Rationalization
& Modernization Analysis
Cloud Advisory Services
Cloud Solution Architecture
Cloud R&D / Experimentation
Platform Automation
Data Center Transformation
DevOps Process Definition & Change Plan
Solution Evolution & Cost Optimization
Cloud Solution Enablement