Date post: | 04-Aug-2015 |
Category: |
Technology |
Upload: | amazon-web-services |
View: | 337 times |
Download: | 2 times |
©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
Enterprise Summit - Chicago
©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
Managing lifecycle of enterprise workloads as IT Products in AWS
Prashant Prahlad [email protected]
Traditional Lifecycle of IT Products
Stage Who? How?
Provision IT Admin Tickets, Manual, Scripts
Monitor/Manage IT Admin Traditional tools to monitor, patch, backup
Track/Govern IT Admin Compliance tools, inspections, spreadsheets
IT Product: Server, Database, Desktop, Environment, Application
Self-service: The “New” way to administer
Stage Who? How?
Define IT Admin Documents
Publish IT Admin Portal, Spreadsheet
Request User Tickets
Provision IT Admin Scripts
Monitor/Manage IT Admin Traditional tools to monitor, patch, backup
Track/Govern IT Admin Compliance tools, inspections, spreadsheets
Lifecycle of IT Products in the cloud
Stage Who? How?
Define IT Admin
Publish IT Admin
Request
Provision
Monitor/Manage IT Admin
Track/Govern IT Admin
IT Products: Server, Database, Desktop, Environment, Application
Lifecycle of IT Products in AWS
Stage Cloud AWS Define Infrastructure as code CloudFormation
Publish Service catalog CloudFormation, Service Catalog
Request Self-Service Portal AWS APIs, Service Catalog
Provision Self-Service Portal with automation Service Catalog
Monitor/Manage Metrics, visualizations & automated alerts CloudWatch
Track/Govern Audit logs, change events and alerts Config, CloudTrail
IT Product Lifecycle Management in AWS
CloudFormation template
Admin
Define
AWS Service Catalog
Publish
CloudFormation stack
Users
Browse and Launch
AWS CloudTrail Amazon S3
Monitors
Logs all API calls
AWS CloudWatch alarm
Monitors
Initiates
Notifies
AWS Config
Track changes
Notifies
Changes Changes Provisions
IT Product Lifecycle Management in AWS
CloudFormation template
Admin
Define
AWS Service Catalog
Publish
CloudFormation stack
Users
Browse and Launch
AWS CloudTrail Amazon S3
Logs all API calls
AWS CloudWatch alarm
Monitors
Initiates
Notifies
AWS Config
Track changes
Notifies
Changes Changes Provisions
Use cases enabled by CloudFormation • Allows creating templates of your
infrastructure and applications
• Specify resources and their relationships
• Easily version control, replicate or update your environments
• Integrate with other development, CI/CD, and management tools.
Example: Provision your resources with standardized templates
Create template – For example, for the food catalog website
security group
Auto Scaling group
EC2 instance
Elastic Load Balancing
Customer DB Service
Inventory Service
Recommendations Service
ElastiCache memcached cluster
Software pkgs, config, & data CloudWatch
alarms
Create template – Resources
"Resources" : { "SecurityGroup" : {}, "WebServerGroup" : { "Type" : "AWS::AutoScaling::AutoScalingGroup", "Properties" : { "MinSize" : "1", "MaxSize" : "3", "LoadBalancerNames" : [ { "Ref" : "LoadBalancer" } ], ... } }, "LoadBalancer" : {}, "CacheCluster" : {}, "Alarm" : {} },
security group
Auto Scaling group
EC2 instance
Elastic Load Balancing
ElastiCache memcached cluster
Software pkgs, config, & data CloudWatch
alarms
CloudFormation Template
Create template – Parameters
"Parameters" : { "CustomerDBServiceEndPoint" : { "Description" : "URL of the Customer DB Service", "Type" : "String" }, "CustomerDBServiceKey" : { "Description" : "API key for the Customer DB Service", "Type" : "String", "NoEcho" : "true" }, "InstanceType" : { "Description" : "WebServer EC2 instance type", "Type" : "String", "Default" : "m3.medium", "AllowedValues" : ["m3.medium","m3.large","m3.xlarge"], "ConstraintDescription" : "Must be a valid instance type"
Auto Scaling group
EC2 instance
Recommendations Service Inventory
Service Customer DB
Service
Info to Customize Stack at Creation. Examples: Instance Type, App Pkg Version
CloudFormation Template
Create template – Outputs
"Resources" : { "LoadBalancer" : {}, ... }, "Outputs" : { "WebsiteDNSName" : { "Description" : "The DNS name of the website", "Value" : { "Fn::GetAtt" : [ "LoadBalancer", "DNSName" ] } } }
Elastic Load Balancing
CloudFormation Template
Create template – Deploy and configure software
"AWS::CloudFormation::Init": { "webapp-‐config": { "packages" : {}, "sources" : {}, "files" : {}, "groups" : {}, "users" : {}, "commands" : {}, "services" : {}
}, "chef-‐config" : {} }
Auto Scaling group
EC2 instance
Software pkgs, config, & data
CloudFormation Template ü Declarative ü Debug-able ü Updatable ü Highly Secure ü BIOT™ Bring In
Other Tools
Extend with Custom Resources
"Resources" : { "WebAnalyticsTrackingID" : { "Type" : "Custom::WebAnalyticsService::TrackingID", "Properties" : { "ServiceToken" : "arn:aws:sns:...", "Target" : {"Fn::GetAtt" : ["LoadBalancer", "DNSName"]}, "Plan" : "Gold" } }, ...
security group
Auto Scaling group
EC2 instance
Elastic Load Balancing
ElastiCache memcached cluster
Software pkgs, config, & data CloudWatch
alarms Web Analytics
Service AWS
CloudFormation
Provision AWS Resources
“Success” + Metadata
“Create, Update, Rollback, or Delete” + Metadata
IT Product Lifecycle Management in AWS
CloudFormation template
Admin
Define
AWS Service Catalog
Publish
CloudFormation stack
Users
Browse and Launch
AWS CloudTrail Amazon S3
Monitors
Logs all API calls
AWS CloudWatch alarm
Monitors
Initiates
Notifies
AWS Config
Track changes
Notifies
Changes Changes Provisions
What is the AWS Service Catalog?
AWS Service Catalog is a personalized portal for end-users in an organization to browse and launch services listed by their IT departments
IT Developers
Control Visibility
Compliance
Agility Self-service
Time to market
Why should I use a Service Catalog?
Use cases
• Development/Test Environments
• Line-of-business applications
Benefits • For organizations
– Promote compliance – Cost Management
• For administrators – Increase standardization – Controlled access – Centralized management
• For end-users (developers & applications users) – Simple personalized portal – Self-service provisioning
Creates portfolio
Adds constraints and grant access
1
4
5
Administrator Portfolio
Users
Browse Products
6Launch Products AWS CloudFormation template
Creates product 3Authors template 2
ProductX ProductY ProductZ
7Deploys stacks
Notifications Notifications
88
Service Catalog flow
Create custom services
and grant access
Use a personalized
portal to find & launch services
AWS Service Catalog Demo
IT Product Lifecycle Management in AWS
CloudFormation template
Admin
Define
AWS Service Catalog
Publish
CloudFormation stack
Users
Browse and Launch
AWS CloudTrail Amazon S3
Monitors
Logs all API calls
AWS CloudWatch alarm
Monitors
Initiates
Notifies
AWS Config
Track changes
Notifies
Changes Changes Provisions
AWS CloudWatch
• Monitoring service in AWS • 300+ built-in metrics • Publish your own custom metrics • Alerts on metrics • Centralized archive & access for logs
Use cases enabled by CloudWatch
• Monitor metrics & logs: errors, exceptions, HTTP responses
• Analyze metrics data using statistics (e.g. min, max, sum)
• Centralized repository of logs and metrics off-box
• Watching logs without connecting to host
• Correlate system status with change events
Demo: Monitor resources and products on AWS
IT Product Lifecycle Management in AWS
CloudFormation template
Admin
Define
AWS Service Catalog
Publish
CloudFormation stack
Users
Browse and Launch
AWS CloudTrail Amazon S3
Monitors
Logs all API calls
AWS CloudWatch alarm
Monitors
Initiates
Notifies
AWS Config
Track changes
Notifies
Changes Changes Provisions
Visibility: In your datacenter
Visibility: In your datacenter
“I don’t have record of that box (server). It was before my time. I don’t want to turn it off because something may be running on it” – Anonymous Administrator “I want to do stuff, but my IT approvals can get in the way, so I go out and buy a server or get what I need from the Cloud.” - Developer
Visibility: In the cloud
1. Developers in full control of Infrastructure! 2. Many users. Many new users. 3. Everything is changing all the time 4. Existing tools may not be efficient or effective
Visibility is even more important in the cloud
Get full visibility into resource configurations, user activity, configuration changes continuously, without affecting how developers consume AWS
©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
Continuous Change Recording Changing Resources
AWS Config History
Stream
Snapshot (ex. 2014-11-05) AWS Config
Use cases enabled • Security Analysis: Am I safe? • Audit Compliance: Where is the evidence? • Change Management: What will this change
affect? • Troubleshooting: What has changed? • Discovery: What resources exist?
Component Description Contains
Metadata Information about this configuration item
Version ID, Configuration item ID, Time when the configuration item was captured, State ID indicating the ordering of the configuration items of a resource, MD5Hash, etc.
Common Attributes Resource attributes Resource ID, tags, Resource type. Amazon Resource Name (ARN) Availability Zone, etc.
Relationships How the resource is related to other resources associated with the account
EBS volume vol-1234567 is attached to an EC2 instance i-a1b2c3d4
Current Configuration Information returned through a call to the Describe or List API of the resource
e.g. for EBS Volume State of DeleteOnTermination flag Type of volume. For example, gp2, io1, or standard
Related Events The AWS CloudTrail events that are related to the current configuration of the resource
AWS CloudTrail event ID
Configuration Item
Demo: AWS Config
IT Product Lifecycle Management in AWS
CloudFormation template
Admin
Define
AWS Service Catalog
Publish
CloudFormation stack
Users
Browse and Launch
AWS CloudTrail Amazon S3
Monitors
Logs all API calls
AWS CloudWatch alarm
Monitors
Initiates
Notifies
AWS Config
Track changes
Notifies
Changes Changes Provisions
Introduction to AWS CloudTrail
Customers are making API calls...
On a growing set of services
around the world…
CloudTrail is continuously
recording API calls…
And delivering log files to customers
Use cases enabled by CloudTrail
• Security Analysis – Use log files as an input into log management and analysis solutions to perform security
analysis and to detect user behavior patterns
• Track API calls to AWS Resources – Track creation, modification, and deletion of AWS resources such as Amazon EC2
instances, Amazon VPC security groups and Amazon EBS volumes
• Troubleshoot Operational Issues – Identify the most recent actions made to resources in your AWS account
• Compliance Aid – Easier to demonstrate compliance with internal policies and regulatory standards
Partner solutions integrated with CloudTrail
IT Product Lifecycle Management in AWS – Wrap up
CloudFormation template
Admin
Define
AWS Service Catalog
Publish
CloudFormation stack
Users
Browse and Launch
AWS CloudTrail Amazon S3
Monitors
Logs all API calls
AWS CloudWatch alarm
Monitors
Initiates
Notifies
AWS Config
Track changes
Notifies
Changes Changes Provisions
More Information
• http://aws.amazon.com/solutions/case-studies/ • http://aws.amazon.com/whitepapers • http://aws.amazon.com/economics/
Thank you! [email protected]
Chicago
©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
Enterprise Summit - Chicago
Lifecycle of IT Products in AWS
Stage Who? How?
Define IT Admin
Publish IT Admin
Request
Provision
Monitor/Manage IT Admin
Track/Govern IT Admin
IT Products: Server, Database, Desktop, Environment, Application