Discover how AsiaPac is helping government, education and nonprofit organizations to architect and migrate their mission-critical applications onto AWS - with secure, high-performing, resilient, and efficient infrastructure. As more organizations move towards cloud, learn how best practices have been implemented on AsiaPac's full-lifecycle services - to provision, run, and support infrastructure, as well as managed services to reduce customer's operation overhead and risks.
6. Self Service Management Portal
Government / Enterprise Customers Self Service &
Service
Management
Hybrid Cloud
Management
System
Leading Telecommunications Provider
First telco to embark 5G live test in SG
Direct Connect
Local Loops
SDWAN
CMP
Frameworks
Blueprints
Modernization
• Bring workloads closer to
AWS
• Low latency connectivity
• Orchestration
Bring
close to
AWS
Migrate to
AWS or
Migrate to
AWS
Outpost/
VMC
Customer
Self
Manage
Creating Business Ecosystem
9. § Controlled access reducing Security Risks
§ Ensuring regulatory compliance like HIPAA, PCI, MTSC Tier 3, ISO etc.
§ Cost Optimization
§ Eliminate unnecessary IT and Cloud initiatives
§ DevOps process initiation and parameter definitions
§ Enhance management of Cloud resources
The Disciplines of CLOUD GOVERNANCE
Why is it important?
10. Our Approach to CLOUD GOVERNANCE
Cloud
Governance
Data
Security
Resource
Tagging
Structured
DevOps
Solutions
Security and
Log
Management
Monthly
Reports and
Analytics
Patch
Management
with
Approval
Process
Infrastructure
Monitoring
Application
Monitoring
Internal
Audits
Cost
Budgeting
Environment
Templatization
Authentication
&
Authorization
11. Our Approach to CLOUD GOVERNANCE
Cloud
Governance
Environment
Templatization
Data Security
Resource
Tagging
Structured
DevOps
Solutions
Security and
Log
Management
Authentication
and
Authorization
Monthly
Reports and
Analytics
Patch
Management
with Approval
process
Application
Monitoring
Infrastructure
Monitoring
Internal Audits Cost Budgeting
§ Compliance Audit
§ Security Audit
§ User Audit
§ Data Privacy Audit
§ Penetration Testing
12. Our Approach to CLOUD GOVERNANCE
Cloud
Governance
Environment
Templatization
Data Security
Resource
Tagging
Structured
DevOps
Solutions
Security and
Log
Management
Authentication
and
Authorization
Monthly
Reports and
Analytics
Patch
Management
with Approval
process
Application
Monitoring
Infrastructure
Monitoring
Internal Audits Cost Budgeting
§ Enforcing MFA for AWS
Management Console
§ Enforcing console login via on
premise AD authentication using
AWS SSO
§ Enforcing AWS Cognito for
application level authentication
§ Enforcing privileged access using
AWS IAM
13. Our Approach to CLOUD GOVERNANCE
Cloud
Governance
Environment
Templatization
Data Security
Resource
Tagging
Structured
DevOps
Solutions
Security and
Log
Management
Authentication
and
Authorization
Monthly
Reports and
Analytics
Patch
Management
with Approval
process
Application
Monitoring
Infrastructure
Monitoring
Internal Audits Cost Budgeting
Continuous
Integration
Micro-Services
Policy as Code and Automated
Monitoring
14. Our Approach to CLOUD GOVERNANCE
Cloud
Governance
Environment
Templatization
Data Security
Resource
Tagging
Structured
DevOps
Solutions
Security and
Log
Management
Authentication
and
Authorization
Monthly
Reports and
Analytics
Patch
Management
with Approval
process
Application
Monitoring
Infrastructure
Monitoring
Internal Audits Cost Budgeting
Launch
Instance
Create
Tags
Scan OS based
on Patch
Baseline
Generate
Missing
Patch List
SSM Document for Patch Scan
Stop
Instance
Create
Image
Create Tags Terminate
Instance
SSM Document for Patch Install
Launch
Instance
Update OS
Software
Generate
Installed
Patch List
Update
Parameter
Store
If approved
15. How to Regain a Healthy Governance
§ current state of all cloud users and their access rights across
the enterprise?
“WITHOUT REDUCING CLOUD AGILITY”
MANAGE
ENSURE
§ adherence to the overall costs to PAY PER USE model?
§ deployments and operations are in track with
compliance regulations and policies?
ENFORCE
§ security across all the environment workloads as well
as User Management?
Cloud Governance
Pain Areas
16. ASIAPAC MANAGED INFRASTRUCTURE & CLOUD SERVICES
Increase in
AWS
Workloads
Growth in
AWS account
Management
Cost Control
Security &
Compliance
GOVERNANCE
AT SCALE
Solutions to Governance at Scale
17. Design
Architecture
AZ-A AZ-B
IGW
Direct Connect
Internet
Web 1
RDS Master
IDS1 IDS2Mgmt 1EVM1 Mgmt 2 EVM2
ELB
ELB
Cyber Watch
Center
App1 App2 App3 App4 App5 App6
ELB
App7 App8 App9 App10 App11 App12
Web 2
Tier 1
NGFW
Tier 1
NGFW
RDS Slave
Tier 2
NGFW
Tier 2
NGFW
NAT
Gateway
NAT
Gateway
AD Server 1
AZ-A
AD Server 2
Event
Collector1
Event
Collector2
Customer On
Premise
Dev Server Dev Server
Bastion Host
API Server
Monitoring
Collector
AZ-B
AsiaPac NOC VPC
AsiaPac
EM7
Database
VPN Gateway2FA 2FA
API Server
On Premise SOC
AsiaPac
SysAdmin
IPSEC VPN
API
Server
Dev Server
IGW
Client VPN
IPSEC VPN
NAT Gateway
AZ-A AZ-B
App1 App2 App3 App4 App5 App6
ELB
Web 1
Master DB
Slave DB
App7 App8 App9 App10 App11 App12
Web 2
VPN
IGW
Firewall
ELB
NAT
Gateway
NAT
Gateway
ELB
Internet
AD Server 1
AZ-A
AD Server 2
Event
Collector1
Customer
Data Center
Dev Server
Bastion Host
API Server
DB Server
AZ-B
VPN Gateway2FA 2FA
API Server
On Premise
SOC
AsiaPac
SysAdmin
IPSEC VPN
API Server
CI CD
Server
IGW
Client VPN
IPSEC VPN
NAT Gateway
AZ-A
App1 App2 App3
ELB
ELB
Web 1
Master DB
App4 App5 App6
App7
IGW
Fwd Proxy
ELB
NAT
Gateway
Internet
18. VMware Cloud on AWS:
Jointly engineered Cloud Service
Service Overview:
§ VMware SDDC running on AWS bare metal
§ Delivered, operated, supported by VMware
§ On-demand capacity and flexible consumption
§ Seamless portability of hybrid large-scale workload
§ Direct access to native AWS services
Business Use Cases:
§ Data Center Extension
§ Disaster Recovery
§ Cloud Migration
§ Application Modernization
19. Cloud Motion:
Workload Mobility across Hybrid Clouds
Active Migrated VMs
CROSS-VERSION HYBRIDITY SECURITY
ON PREMISE CLOUD
LARGE SCALE WARM MIGRATION
Hybrid Interconnect
Any-to-Any vSphere Migration
vSphere 5.0 VMware Cloud
20. VMware Cloud on AWSOn-Premises Data Center
AWS Direct Connect
Compute
Storage
Network
Compute
Storage
Network
vSphere-based SDDC with NSX
CGW
Network A
MGW
N-S FW
Router
Network 172.16.10.0/24
Network 172.16.20.0/24
Govt
Network
Zone
VMC-VM
BGP Peering Session
Public
Internet
N-S FW
Governing Internet/Security
Posture from On Premise DC
Manage the Internet bound traffic on Public cloud
via On-premise security framework, so that control
and governance need not be re-architected and
use Public Cloud for the benefit of Agility and
Scale.
Use Cases:
§ Internet Separation or Network Zone
Separation for VDI/Any workloads.
§ Data Center Extension where Public
Cloud is used as Hot capacity/Cloud
Burst.