Managing the Life Cycle of IT Products

©2015, Amazon Web Services, Inc. or its aﬃliates. All rights reserved
Enterprise Summit - Chicago

Managing lifecycle of enterprise
workloads as IT Products in AWS
Prashant Prahlad
pprahlad@amazon.com

Traditional Lifecycle of IT Products
Stage Who? How?
Provision IT Admin Tickets, Manual, Scripts
Monitor/Manage IT Admin Traditional tools to monitor, patch, backup
Track/Govern IT Admin Compliance tools, inspections, spreadsheets
IT Product: Server, Database, Desktop, Environment, Application

Self-service: The “New” way to administer
Stage Who? How?
Define IT Admin Documents
Publish IT Admin Portal, Spreadsheet
Request User Tickets
Provision IT Admin Scripts
Monitor/Manage IT Admin Traditional tools to monitor, patch, backup
Track/Govern IT Admin Compliance tools, inspections, spreadsheets

Lifecycle of IT Products in the cloud
Stage Who? How?
Define IT Admin
Publish IT Admin
Request
Provision
Monitor/Manage IT Admin
Track/Govern IT Admin
IT Products: Server, Database, Desktop, Environment, Application

Lifecycle of IT Products in AWS
Stage Cloud AWS
Define Infrastructure as code CloudFormation
Publish Service catalog CloudFormation,
Service Catalog
Request Self-Service Portal AWS APIs,
Service Catalog
Provision Self-Service Portal with automation Service Catalog
Monitor/Manage Metrics, visualizations & automated alerts CloudWatch
Track/Govern Audit logs, change events and alerts Config, CloudTrail

IT Product Lifecycle Management in AWS
CloudFormation
template
Admin
Define
AWS Service Catalog
Publish
CloudFormation
stack
Users
Browse and Launch
AWS CloudTrail
Amazon S3
Monitors
Logs all API calls
AWS CloudWatch
alarm
Monitors
Initiates
Notifies
AWS Conﬁg
Track changes
Notifies
ChangesChanges Provisions

IT Product Lifecycle Management in AWS
CloudFormation
template
Admin
Define
AWS Service Catalog
Publish
CloudFormation
stack
Users
Browse and Launch
AWS CloudTrail
Amazon S3
Logs all API calls
AWS CloudWatch
alarm
Monitors
Initiates
Notifies
AWS Conﬁg
Track changes
Notifies

Use cases enabled by CloudFormation
•  Allows creating templates of your
infrastructure and applications
•  Specify resources and their
relationships
•  Easily version control, replicate or
update your environments
•  Integrate with other development,
CI/CD, and management tools.

Example: Provision your resources with
standardized templates

Create template –
For example, for the food catalog website
security group
Auto Scaling group
EC2
instance
Elastic Load
Balancing
Customer DB
Service
Inventory Service
Recommendation
s Service
ElastiCache
memcached cluster
Software pkgs,
config, & dataCloudWatch
alarms

Create template – Resources

"Resources"
:
{

"SecurityGroup"
:
{},

"WebServerGroup"
:
{

"Type"
:
"AWS::AutoScaling::AutoScalingGroup",

"Properties"
:
{

"MinSize"
:
"1",

"MaxSize"
:
"3",

"LoadBalancerNames"
:
[
{
"Ref"
:

"LoadBalancer"
}
],

...

}

},

"LoadBalancer"
:
{},

"CacheCluster"
:
{},

"Alarm"
:
{}

},

security group
Auto Scaling group
EC2
instance
Elastic Load
Balancing
ElastiCache
memcached cluster
Software pkgs,
alarms
CloudFormation
Template

Create template – Parameters
"Parameters"
:
{

"CustomerDBServiceEndPoint"
:
{

"Description"
:
"URL
of
the
Customer
DB
Service",

"Type"
:
"String"

},

"CustomerDBServiceKey"
:
{

"Description"
:
"API
key
for
the
Customer
DB

Service",

"Type"
:
"String",

"NoEcho"
:
"true"

},

"InstanceType"
:
{

"Description"
:
"WebServer
EC2
instance
type",

"Type"
:
"String",

"Default"
:
"m3.medium",

"AllowedValues"
:

["m3.medium","m3.large","m3.xlarge"],

"ConstraintDescription"
:
"Must
be
a
valid

instance
type"

Auto Scaling group
EC2
instance
Recommendation
s Service
Inventory
Service
Customer DB
Service
Info to Customize
Stack at
Creation.
Examples:
Instance Type,
App Pkg Version
CloudFormation
Template

Create template – Outputs

"Resources"
:
{

"LoadBalancer"
:
{},

...

},

"Outputs"
:
{

"WebsiteDNSName"
:
{

"Description"
:
"The
DNS
name
of
the
website",

"Value"
:

{

"Fn::GetAtt"
:
[
"LoadBalancer",
"DNSName"
]

}

}

}

Elastic Load
Balancing
CloudFormation
Template

Create template – Deploy and configure software

"AWS::CloudFormation::Init":
{

"webapp-‐config":
{

"packages"
:
{},
"sources"
:
{},
"files"
:
{},

"groups"
:
{},
"users"
:
{},

"commands"
:
{},
"services"
:
{}

},

"chef-‐config"
:
{}

}

Auto Scaling group
EC2
instance
Software pkgs,
config, & data
CloudFormation
Template

ü  Declarative
ü  Debug-able
ü  Updatable
ü  Highly Secure
ü  BIOT™ Bring In
Other Tools

Extend with Custom Resources
"Resources"
:
{

"WebAnalyticsTrackingID"
:
{

"Type"
:
"Custom::WebAnalyticsService::TrackingID",

"Properties"
:
{

"ServiceToken"
:
"arn:aws:sns:...",

"Target"
:
{"Fn::GetAtt"
:
["LoadBalancer",
"DNSName"]},

"Plan"
:
"Gold"

}

},

...

security group
Auto Scaling group
EC2
instance
Elastic Load
Balancing
ElastiCache
memcached cluster
Software pkgs,
alarms
Web Analytics
Service
AWS
CloudFormation
Provision
AWS Resources
“Success” + Metadata
“Create, Update, Rollback, or Delete”
+ Metadata

What is the AWS Service Catalog?
AWS Service Catalog is a personalized portal for end-users in an
organization to browse and launch services listed by their IT departments
IT Developers
Control
Visibility
Compliance
Agility
Self-service
Time to market

Why should I use a Service Catalog?
Use cases
•  Development/Test
Environments
•  Line-of-business
applications
Benefits
•  For organizations
–  Promote compliance
–  Cost Management
•  For administrators
–  Increase standardization
–  Controlled access
–  Centralized management
•  For end-users (developers & applications users)
–  Simple personalized portal
–  Self-service provisioning

Creates portfolio
Adds constraints
and grant access
1
4
5
Administrator
Portfolio
Users
Browse Products
6Launch ProductsAWS CloudFormation
template
Creates
product3Authors template2
ProductX
ProductY
ProductZ
7
Deploys
stacks
Notifications
Notifications
8
8
Service Catalog flow
Create custom
services
and grant access
Use a
personalized
portal to find &
launch services

AWS CloudWatch
•  Monitoring service in AWS
•  300+ built-in metrics
•  Publish your own custom metrics
•  Alerts on metrics
•  Centralized archive & access for logs

Use cases enabled by CloudWatch
•  Monitor metrics & logs: errors, exceptions, HTTP responses
•  Analyze metrics data using statistics (e.g. min, max, sum)
•  Centralized repository of logs and metrics off-box
•  Watching logs without connecting to host
•  Correlate system status with change events

Demo: Monitor resources and products on
AWS

Visibility: In your datacenter

Visibility: In your datacenter
“I don’t have record of that box (server). It was before
my time. I don’t want to turn it off because something
may be running on it” – Anonymous Administrator
“I want to do stuff, but my IT approvals can get in the
way, so I go out and buy a server or get what I need
from the Cloud.” - Developer

Visibility: In the cloud
1. Developers in full control of Infrastructure!
2. Many users. Many new users.
3. Everything is changing all the time
4. Existing tools may not be efficient or effective
Visibility is even more important in the cloud

Get full visibility into resource configurations,
user activity, configuration changes continuously,
without affecting how developers consume AWS

Continuous Change
Recording
Changing
Resources
AWS Conﬁg
History
Stream
Snapshot (ex. 2014-11-05)
AWS Conﬁg

Use cases enabled
•  Security Analysis: Am I safe?
•  Audit Compliance: Where is the evidence?
•  Change Management: What will this change
affect?
•  Troubleshooting: What has changed?
•  Discovery: What resources exist?

Component Description Contains
Metadata Information about this configuration
item
Version ID, Configuration item ID,
Time when the configuration item
was captured, State ID indicating
the ordering of the configuration
items of a resource, MD5Hash, etc.
Common Attributes Resource attributes Resource ID, tags, Resource type.
Amazon Resource Name (ARN)
Availability Zone, etc.
Relationships How the resource is related to other
resources associated with the
account
EBS volume vol-1234567 is
attached to an EC2 instance i-
a1b2c3d4
Current Configuration Information returned through a call
to the Describe or List API of the
resource
e.g. for EBS Volume
State of DeleteOnTermination flag
Type of volume. For example, gp2,
io1, or standard
Related Events The AWS CloudTrail events that are
related to the current configuration
of the resource
AWS CloudTrail event ID
Configuration Item

Introduction to AWS CloudTrail
Customers
are making
API calls...
On a growing
set of services
around the
world…
CloudTrail is
continuously
recording
API calls…
And
delivering
log files to
customers

Use cases enabled by CloudTrail
•  Security Analysis
–  Use log files as an input into log management and analysis solutions to perform security
analysis and to detect user behavior patterns
•  Track API calls to AWS Resources
–  Track creation, modification, and deletion of AWS resources such as Amazon EC2
instances, Amazon VPC security groups and Amazon EBS volumes
•  Troubleshoot Operational Issues
–  Identify the most recent actions made to resources in your AWS account
•  Compliance Aid
–  Easier to demonstrate compliance with internal policies and regulatory standards

Partner solutions integrated with CloudTrail

IT Product Lifecycle Management in AWS – Wrap up
CloudFormation
template
Admin
Define
AWS Service Catalog
Publish
CloudFormation
stack
Users
Browse and Launch
AWS CloudTrail
Amazon S3
Monitors
Logs all API calls
AWS CloudWatch
alarm
Monitors
Initiates
Notifies
AWS Conﬁg
Track changes
Notifies

More Information
•  http://aws.amazon.com/solutions/case-studies/
•  http://aws.amazon.com/whitepapers
•  http://aws.amazon.com/economics/

Thank you!
pprahlad@amazon.com

Lifecycle of IT Products in AWS
Stage Who? How?
Define IT Admin
Publish IT Admin
Request
Provision
Monitor/Manage IT Admin
Track/Govern IT Admin
IT Products: Server, Database, Desktop, Environment, Application

Managing the Life Cycle of IT Products

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Destaque

Destaque (20)

Semelhante a Managing the Life Cycle of IT Products

Semelhante a Managing the Life Cycle of IT Products (20)

Mais de Amazon Web Services

Mais de Amazon Web Services (20)

Último

Último (20)

Managing the Life Cycle of IT Products