From the Trenches: Building Comprehensive and Secure Solutions in AWS

Sean Beard

Principal Architect, Emerging Technology

Pariveda Solutions

[email protected]

From the Trenches: Building Comprehensive and Secure Solutions in AWS

© Pariveda Solutions. Confidential & Proprietary.2

Principal Architect, Emerging Technology

Worked with Expedia.com, Hotels.com, CarRentals.com, Toyota, Mary Kay, National Resident Matching Program, and others to build AWS solutions and strategies

20 years of technology leadership with Pariveda Solutions and Compaq/Hewlett-Packard

Sean Beard

Enterprise IT architect, technology pundit, professional hobbyist, amateur woodworker, retired DJ, and lifelong Houston Astros fan. Entertainer to

many, and entertained by life’s mysteries.


Our ClientsPariveda solves the complex problems ofclients ranging from Fortune 100 to Global2000 to startup companies and spanningmultiple industries.

Clients partner with us for our high-calibercombination of technology and businessproblem-solving experts, our high-qualitydelivery consistency and our focus onbuilding lifetime relationships. We haveserved over 400 clients since inception.

Key Details

Our Locations

Strategy

Mobility

Cloud

Data

Portals & Collaboration

CRM

Custom Software

Enterprise Integration

User Experience

Pariveda Solutions Inc. is a leading management consulting firm delivering strategic services and

technology solutions. Our focus is simple. Start with the right people, deliver consistent value and

partner enthusiastically with our clients. We grow and deploy talented people to solve technical

and strategic challenges. We are passionate about delivering exceptional value to our clients.

Our SolutionsPariveda Overview


Platform selection and enterprise alignment

Assist determination of cloud platforms that best fit

application needs by evaluating current and planned

applications and workloads

Architectural approach and implementation

Emphasize architectural elements of custom solutions with

focus on scalability, flexibility, security, and longevity required

Completeness of perspective and value focus

Create impactful solutions with our clients aligned to people,

process and structure

Cloud Qualifications

AWS Case Study

Expedia Delivers Global

Deals Engine to Online

Partners

http://aws.amazon.com/solutions/case-

studies/expedia/

101 Accredited Business

Professionals

119 Accredited Technical

Professionals

37 Certified Solution

Architects (31 Associate, 6 Professional)

16 Certified Developers (Associate)

6 Certified SysOps

Administrators (Associate)

6 Certified DevOps

Engineers

(Professional)

Big Data on AWS,

Microsoft Apps on AWS,

TCO and Cloud Economics,

Value Messaging,

Business Development

Best Practices

serving clients with innovative

products and unknown /

unmet solutions

http://aws.amazon.com/solutions/case-studies/expedia/

Customer Mis-steps

Cloud Transformations

Strategizing in AWS

Building Solutions In the Cloud

Questions


Good judgment comes from experience, and a lot of that comes from bad judgment.

-Will Rogers

Customer Mis-steps - The Wisdom of Will Rogers


Customer Mis-Steps – Stories from Experience

The 18 Minute

Rule

Everyone can make a

mistake, in the cloud the

speed at which those

must be corrected is

critical

Consequence of opening

a Tomcat server on

0.0.0.0/0 for travel based

ecommerce site

Safety of

Isolation

Credit Card Transaction

Processing requires

secure execution plus

regulatory compliance

through audits

Compliance in

Processing

Customer Mis-steps


Strategizing in AWS


Questions

Client Project Project Description Outcome

Global Deals

Engine

Expedia needed a fast and inexpensive engine to expose

the best deals in their inventory online. The deals engine

needed to retrieve and analyze a large travel inventory and

make decisions on what constituted a good deal, and it

required global reach and scalability. Pariveda leveraged

AWS to build a solution and powered the decision engine

with Elastic Search and Elastic MapReduce (Hadoop).

The GDE allows consumers to perform a “fuzzy

search,” returning the best deals that match a

loose set of criteria, and returns personalized

deals based on a user’s geographic location.

The solution has been successfully expanded

to over 20 regions worldwide http://aws.amazon.com/solutions/case-studies/expedia/

Real-Time Data

Ingestion for

Agriculture IoT

Client needed to ingest real-time sensor data from heavy

farm equipment globally, model and enhance with data

science, and deliver downstream to power new agronomic

insights for growers. The AWS cloud powered data

transformation and storage in a data lake; key AWS

services included Kinesis, Lambda, DynamoDB, and S3

The solution provides a data ingestion platform

to enable future grower insights and new

products and services.

International

.Com Migration

CarRentals.com grew rapidly through acquisition and felt

growth pain in its datacenters, so Pariveda recommended

consolidation into one global AWS data center with robust

analytics to instrument the environment. The solution used

EC2 and ELB for core operations and Kinesis, Lambda,

DynamoDB and EMR for streaming analytics.

In three months, Pariveda moved the entire

CarRentals.com data center operation into

AWS and delivered a site serving millions of

customers across Europe and the Americas.

Cloud Data

Warehouse &

Analytics

DirecTV needed to better understand competitive market

environments at national and regional levels. Pariveda

leveraged AWS to aggregate data into an Amazon

Redshift data warehouse. Then, the team developed a

custom application leveraging D3.js to display data

nationally with ability to drill down into regions and display

more granular details at each level.

An easy-to-digest map view provided in-context

data analysis, and customer research teams

looked at relevant market factors and identified

threats to the subscriber base in a highly

competitive market.


http://aws.amazon.com/solutions/case-studies/expedia/


Cloud Transformations - Unleash Potential…Rapidly

Digital

Disruptors

taking Market

Share?

Focus is only

yearly on

IT Strategy?

Experiencing

Growing Pains?

Speed to Market Vs.

Robust + Stable

Need to Innovate

Vs.Keep the Lights On

Give me MoreVs.

Spending Less

Do you feel caught in the swirl of organizational priorities?

Customer Mis-steps


Strategizing In the Cloud


Questions


Mat

uri

ty

Strategizing In the Cloud

Organization understands and invests in automation, virtualization, and cloud initiatives to continually realize benefits throughout the enterprise; scaling for demand is highly automated with speed to market a developing skill

Automation of the “happy path” is well covered; disparate automation “scripts” are generated to help with concrete tasks and deployment effort is somewhat predictable. Adding additional scale is straightforward but may take manual effort

Adaptive

Capable

Nascent

Experimenting with Cloud components to explore benefits;build, deploy, & run of software applications is highly manual with groups frequently doing disjointed or duplicate efforts. Value proposition of cloud is still being defined for the business

Adhoc

Effective

Advanced handling to track and respond to potential issues with repeatable approaches to building, deploying, and running software applications; process tuned to evolve, scale with changing usage patterns and has high speed to market

DevOps repeatability and automation of effort in the public cloud is evolving; more mature cloud capabilities are still being assessed for benefit realization and most decisions are made on reduction of ownership costs

Note: Above Descriptions are Illustrative Examples


Strategizing In the Cloud - Identify Areas of Change

Cloud technology is worth investing resources intoday and has impacts beyond just technology

We’ve found organizations that learn andimplement in small projects initially for theirpublic cloud capabilities realize larger benefitsover time with greater success in future

Tools Assessment Framework (Illustrative of 1 aspect)

Technology Stack

WorkloadAssessment

Org. Capabilities

Clustering and Orchestration

Environment Management

Logging and Monitoring

Integration

Backup and Retention

Developer Tools

Cloud Capabilities

DevOps Management

Networking and Security

Assess where your organization will make changes for public cloud Network & Security

IAM for Internal

VPC for VM

Security Groups & defined ports open

Route 53 for DNS

CloudFront for CDN


Strategizing In the Cloud - Understanding the Landscape

Public Cloud will let you assemble nearly any technology type creating high maintainability costs over time

OS & Dependency Support

Organizations are not yet equipped to handle building, deploying, and running cloud applications

Organizational Capabilities

The fast paced and Open Source nature of cloud technology means frequent change

Fast Paced New Technology

Cost / benefit of cloud tech is not considered for all work streams, and misapplied via initial assumptions

Work Stream Suitability

Technology Standardization

Standardize technology choices for the business in order to deploy applications around a core OS to optimize support costs & optimize operations

Skills Development

Budget to grow technical capabilities throughout the organization with training and set aside contingency effort for learning during project work

Navigating Change

Be prepared for the public cloud ecosystem to evolve and determine the best tools as well as processes to implement with the future in mind

Where to Get Started

Understand and prioritize across a portfolio of applications the assets that benefit from a shift to public cloud setting clear expectation outcomes

Pitfalls Mitigation

Customer Mis-steps


Strategizing in AWS


Questions


Building Solutions In the Cloud – Guiding Principles

Collaboration - It is critical

that developers, operations

and support organizations

work closely on a regular basis.

Principle of Least Privilege –

Grant only the access required

to run the system, and avoid

expanding access to manage or

monitor solution behavior.

Centralize access control.

Application Design -

Review the application

source code, identify

potential attack surface

points and optimize to

minimize attack surface

area.

Zones - Establish separate

zones to meet compliance

requirements such as PCI, PII,

HIPAA, etc.

Continuous Monitoring – It

is important to adopt a

holistic approach towards

monitoring, which includes

business metrics, cloud

services, application,

database, connectivity,

threats and vulnerabilities

within the overall

infrastructure. Automation – Automate as

much as possible, including

security and compliance

requirements, and minimize

human process & access.

Agile Methods –

Manage infrastructure

operations as a

software development

process. Execute short

cycles with feedback

loops, and be open to

refactoring based on

feedback.


Building Solutions In the Cloud - A Holistic Approach To Solution Development

Assess

Production workload inventory

Workload readiness scorecard

Organizational capabilities assessment

Custom & COTS hosting assessment

Vendor and cloud roadmap overview

Strategize Plan Execute

Narrow potential workload migration candidates

Proof of Concept & Tool analysis

Organizational Readiness

Define team structure based on capabilities

Vendor lock-in considerations

Assess Modernization opportunities

Prioritize workload migration

Final tool selections

Scope and deliverables

Create timelines & obtain approvals

Define training plan

Continue to update workload inventory

Environment setup

Execute plan – delivery & documentation

Improve organizational capabilities

Deployment & warranty period

Project handoff

Simplify implementation with a holistic approach to solution development

No one partner is a subject matter expert in all aspects of the Public Cloud

Through a network of strong partners with specific subject matter expertise we combine others strengths with our expertise to bring best-in-class service


Building Solutions In the Cloud - Pariveda Solutions Cloud Offerings

Cloud-Enabled Web

Applications

E-Commerce @ Scale

Connected Devices /

Internet of Things

APIs & Mobile Backend-

as-a-Service

Integrated Enterprise

Solutions

Real-Time Data Ingestion

Data Management &

Transformation

Business Intelligence

Predictive Analytics

Data Strategy & Governance

Cloud Application Delivery Big Data Solutions

Cloud Strategy &

Justification

Adoption Readiness

Assessment

Organizational

Transformation &

Governance

Platform Selection &

Implementation Roadmap

Workload Rationalization

& Modernization Analysis

Cloud Advisory Services

Cloud Solution Architecture

Cloud R&D / Experimentation

Platform Automation

Data Center Transformation

DevOps Process Definition & Change Plan

Solution Evolution & Cost Optimization

Cloud Solution Enablement

Questions

Date post:	07-Jan-2017
Category:	Technology
Upload:	alert-logic
View:	82 times
Download:	0 times