SlideShare uma empresa Scribd logo

Leveraging the Cloud - Getting the Most Bang for your Buck ( presentation by Salesforce on optimizing AWS costs )

Cloudyn
Cloudyn

This presentation was given by Nate Lindstrom, Director of Network Operations at Salesforce at the Silicon Valley Cloud Computing Meetup on April 4th 2013 in Mountain View - special thanks to host Quixey, along with organizers Scalr and Cloudyn. SalesForce,

TecnologiaNegócios
1 de 33
Baixar para ler offline
Leveraging the cloud Getting the most bang for your buck
Nate Lindstrom Director of Network Operations in/nwlindstrom
salesforce desk We make it easy for you to support customers right from the browser, via email, phone, chat, web, Facebook, and Twitter We provide a hosted, cloud-based SaaS help desk platform for SMB
Cloudy Change Management Trust but verify
Process requirements Formal, documented change management ISO 27001 compliance SOX section 404 compliance Safe Harbor certification
Single file change process RFC Make SME RFC create pull reviews Close d request request d Change applied to staging ✓Effects observed Change applied to production Changes can be made rapidly and safely FIM updated Unauthorized changes reverted by the CMS or flagged by CloudPassage Halo FIM
Under the hood Chicken-and-egg problem for new instances Puppet determines role based on hostname Hostname isn’t set on new instances
How we start instances Scri pt Name=web01.desk .com Pupp web01.desk.com nginx ip-10-20-30-40.us-west-1.compute.internal et node /^webd+.desk.com$/ AMI inherits production_app { include web}
How we monitor instances web01.desk.com cron S3 Buck et
Effective monitoring Icinga is the most comprehensive open source monitoring solution available
Secret change process RFC Make SME RFC create pull reviews Close d request request d Change FIM applied to production updated “Secret” as in production secrets, like passwords
Under the hood Storing production secrets in plain text is bad Sending decryption key over same channel as encrypted data is bad
Secure repositories TechO Everyo ps ne Full Access Pull Request Only Puppet Prod Non-Prod git Credentials Credentials Repo GnuPG GnuPG
Secure distribution AMI Puppet GnuPG git git Key Repo Secrets Instance Puppet Credentials
What the cloud means to us More typing, less driving
Physical asset tracking If you came to doubt the accuracy of your CMDB, you could always fall back on a physical inventory Almost always, anyway
Virtual asset tracking When you don’t have any physical assets it’s even easier to “lose” instances “Lost” instances can silently consume big $$$
How an instance can be lost Provisioning script loses connectivity during launch Instance fails to upload existence information to S3 Provisioning CMDB Script Launches Updates S3 Instance Buck Uploads et
Minimizing lost instances Your CMDB may not see your lost instances consuming $$$, but Cloudyn does Cloudyn makes it easy to maintain an efficient and lean cloud presence
JIT capacity Let your servers order more servers
Auto Scale architecture Everything should scale horizontally
Auto Scale in action Loosely-coupled tiers provide greatest flexibility Scale up quickly, scale down slowly ELB Traffic Decreasing Traffic Increasing Web Web Web Web Web Web Web ELB App App App App App App
Auto Scaling control Scalr makes managing dynamic environments in the cloud easy and painless
Whole-unit troubleshooting Don’t sweat the small stuff
Think in clusters If one instance is having problems, replace it If many instances are having problems, dig deeper Use the 1, 2, 3 rule for determining response ELB Instanc Instanc Instanc Instanc Instanc e e e e e
Architecting for failure Build it to land gracefully
Expect failure Make use of regions and availability zones Avoid storing sessions on any one server The cloud is inherently unreliable, but your app doesn’t need to be AWS us-west-1 us-east-1 us-west-1a us-west-1b
Security awareness False security is worse than no security
Cloud isn’t private Multitenancy means the cloud is never truly private Build security in from the very beginning Apply defense in depth Internet ELB Web ELB App DB
Security groups are limited An instance’s security groups cannot ever be changed Security groups can only limit inbound (ingress) traffic Security groups cannot restrict outbound (egress) traffic
Comprehensive security CloudPassage Halo allows the implementation of comprehensive security with minimal effort
The cloud... Is not a data center Is only as secure as you make it Is very expensive if not managed well Works best with lots and lots of little servers Will occasionally fail
Thank you!

Recomendados

Architecting for AWS - Carlos Conde - AWS Summit Paris
Architecting for AWS - Carlos Conde - AWS Summit ParisArchitecting for AWS - Carlos Conde - AWS Summit Paris
Architecting for AWS - Carlos Conde - AWS Summit ParisAmazon Web Services
 
Serverless in production, an experience report
Serverless in production, an experience reportServerless in production, an experience report
Serverless in production, an experience reportYan Cui
 
How did we get here and where are we going
How did we get here and where are we goingHow did we get here and where are we going
How did we get here and where are we goingYan Cui
 
Security in serverless world
Security in serverless worldSecurity in serverless world
Security in serverless worldYan Cui
 
Architecting for AWS
Architecting for AWSArchitecting for AWS
Architecting for AWSAmazon Web Services
 
Infrastructure Automation
Infrastructure Automation Infrastructure Automation
Infrastructure Automation Groupware Technology
 
Bss
BssBss
BssBUSINESS SOFTWARES & SOLUTIONS
 
You wouldn't build a toast, would you?
You wouldn't build a toast, would you?You wouldn't build a toast, would you?
You wouldn't build a toast, would you?Yan Cui
 

Recomendados

Architecting for AWS - Carlos Conde - AWS Summit Paris
Architecting for AWS - Carlos Conde - AWS Summit ParisArchitecting for AWS - Carlos Conde - AWS Summit Paris
Architecting for AWS - Carlos Conde - AWS Summit ParisAmazon Web Services
 
Serverless in production, an experience report
Serverless in production, an experience reportServerless in production, an experience report
Serverless in production, an experience reportYan Cui
 
How did we get here and where are we going
How did we get here and where are we goingHow did we get here and where are we going
How did we get here and where are we goingYan Cui
 
Security in serverless world
Security in serverless worldSecurity in serverless world
Security in serverless worldYan Cui
 
Architecting for AWS
Architecting for AWSArchitecting for AWS
Architecting for AWSAmazon Web Services
 
Infrastructure Automation
Infrastructure Automation Infrastructure Automation
Infrastructure Automation Groupware Technology
 
Bss
BssBss
BssBUSINESS SOFTWARES & SOLUTIONS
 
You wouldn't build a toast, would you?
You wouldn't build a toast, would you?You wouldn't build a toast, would you?
You wouldn't build a toast, would you?Yan Cui
 
Security in serverless world
Security in serverless worldSecurity in serverless world
Security in serverless worldYan Cui
 
How to train your Jenkins?
How to train your Jenkins?How to train your Jenkins?
How to train your Jenkins?Manivannan Selvaraj
 
Detecting Credential Compromise in AWS (Black Hat Conference 2018)
Detecting Credential Compromise in AWS (Black Hat Conference 2018)Detecting Credential Compromise in AWS (Black Hat Conference 2018)
Detecting Credential Compromise in AWS (Black Hat Conference 2018)Priyanka Aash
 
Debunking serverless myths
Debunking serverless mythsDebunking serverless myths
Debunking serverless mythsYan Cui
 
Dev to Delivery with Puppet - PuppetConf 2014
Dev to Delivery with Puppet - PuppetConf 2014Dev to Delivery with Puppet - PuppetConf 2014
Dev to Delivery with Puppet - PuppetConf 2014Puppet
 
I Am MongoDB – And So Can You!
I Am MongoDB – And So Can You!I Am MongoDB – And So Can You!
I Am MongoDB – And So Can You!MongoDB
 
India SME ICT Adoption IAMAI Survey
India SME ICT Adoption IAMAI SurveyIndia SME ICT Adoption IAMAI Survey
India SME ICT Adoption IAMAI SurveyArun Tyagi
 
April 2015: Salesforce Basics for the Accidental Admin
April 2015: Salesforce Basics for the Accidental AdminApril 2015: Salesforce Basics for the Accidental Admin
April 2015: Salesforce Basics for the Accidental AdminIdealist Consulting
 
Leverage ebiz for growth of MSMEs
Leverage ebiz for growth of MSMEsLeverage ebiz for growth of MSMEs
Leverage ebiz for growth of MSMEsDolly Bhasin
 
Adoption stony point salesforce end user training overview
Adoption stony point salesforce end user training overviewAdoption stony point salesforce end user training overview
Adoption stony point salesforce end user training overviewAtlanta Salesforce Nonprofit User Group (ASNUG)
 
Expert Hour - Salesforce Integration Tools
Expert Hour - Salesforce Integration ToolsExpert Hour - Salesforce Integration Tools
Expert Hour - Salesforce Integration ToolsGeraldine Gray
 
Clextra sme india_it
Clextra sme india_itClextra sme india_it
Clextra sme india_itEdgevalue
 
Salesforce presentation for it summit
Salesforce presentation for it summitSalesforce presentation for it summit
Salesforce presentation for it summitkevin_donovan
 
Introduction to salesforce
Introduction to salesforceIntroduction to salesforce
Introduction to salesforceHassan Maynard
 
Salesforce training workbook FINAL
Salesforce training workbook FINALSalesforce training workbook FINAL
Salesforce training workbook FINALKenny Berrouet
 
Cii Sme
Cii SmeCii Sme
Cii SmeR Jai Krishna
 
Business intelligence implementation_in_SME_in_INDIA
Business intelligence implementation_in_SME_in_INDIABusiness intelligence implementation_in_SME_in_INDIA
Business intelligence implementation_in_SME_in_INDIANavin Shukla
 
Salesforce Integration
Salesforce IntegrationSalesforce Integration
Salesforce IntegrationJoshua Hoskins
 
SME 10-minute guide to digital transformation v1
SME 10-minute guide to digital transformation v1SME 10-minute guide to digital transformation v1
SME 10-minute guide to digital transformation v1Bill Harpley
 
Deloitte maverick regional finals
Deloitte maverick regional finalsDeloitte maverick regional finals
Deloitte maverick regional finalsTarun Gupta
 
How Salesforce CRM works & who should use it?
How Salesforce CRM works & who should use it?How Salesforce CRM works & who should use it?
How Salesforce CRM works & who should use it?Suyati Technologies
 
Salesforce Presentation
Salesforce PresentationSalesforce Presentation
Salesforce PresentationChetna Purohit
 

Mais conteúdo relacionado

Mais procurados

Security in serverless world
Security in serverless worldSecurity in serverless world
Security in serverless worldYan Cui
 
Detecting Credential Compromise in AWS (Black Hat Conference 2018)
Detecting Credential Compromise in AWS (Black Hat Conference 2018)Detecting Credential Compromise in AWS (Black Hat Conference 2018)
Detecting Credential Compromise in AWS (Black Hat Conference 2018)Priyanka Aash
 
Debunking serverless myths
Debunking serverless mythsDebunking serverless myths
Debunking serverless mythsYan Cui
 
Dev to Delivery with Puppet - PuppetConf 2014
Dev to Delivery with Puppet - PuppetConf 2014Dev to Delivery with Puppet - PuppetConf 2014
Dev to Delivery with Puppet - PuppetConf 2014Puppet
 
I Am MongoDB – And So Can You!
I Am MongoDB – And So Can You!I Am MongoDB – And So Can You!
I Am MongoDB – And So Can You!MongoDB
 

Mais procurados (6)

Security in serverless world
Security in serverless worldSecurity in serverless world
Security in serverless world
 
How to train your Jenkins?
How to train your Jenkins?How to train your Jenkins?
How to train your Jenkins?
 
Detecting Credential Compromise in AWS (Black Hat Conference 2018)
Detecting Credential Compromise in AWS (Black Hat Conference 2018)Detecting Credential Compromise in AWS (Black Hat Conference 2018)
Detecting Credential Compromise in AWS (Black Hat Conference 2018)
 
Debunking serverless myths
Debunking serverless mythsDebunking serverless myths
Debunking serverless myths
 
Dev to Delivery with Puppet - PuppetConf 2014
Dev to Delivery with Puppet - PuppetConf 2014Dev to Delivery with Puppet - PuppetConf 2014
Dev to Delivery with Puppet - PuppetConf 2014
 
I Am MongoDB – And So Can You!
I Am MongoDB – And So Can You!I Am MongoDB – And So Can You!
I Am MongoDB – And So Can You!
 

Destaque

India SME ICT Adoption IAMAI Survey
India SME ICT Adoption IAMAI SurveyIndia SME ICT Adoption IAMAI Survey
India SME ICT Adoption IAMAI SurveyArun Tyagi
 
April 2015: Salesforce Basics for the Accidental Admin
April 2015: Salesforce Basics for the Accidental AdminApril 2015: Salesforce Basics for the Accidental Admin
April 2015: Salesforce Basics for the Accidental AdminIdealist Consulting
 
Leverage ebiz for growth of MSMEs
Leverage ebiz for growth of MSMEsLeverage ebiz for growth of MSMEs
Leverage ebiz for growth of MSMEsDolly Bhasin
 
Expert Hour - Salesforce Integration Tools
Expert Hour - Salesforce Integration ToolsExpert Hour - Salesforce Integration Tools
Expert Hour - Salesforce Integration ToolsGeraldine Gray
 
Clextra sme india_it
Clextra sme india_itClextra sme india_it
Clextra sme india_itEdgevalue
 
Salesforce presentation for it summit
Salesforce presentation for it summitSalesforce presentation for it summit
Salesforce presentation for it summitkevin_donovan
 
Introduction to salesforce
Introduction to salesforceIntroduction to salesforce
Introduction to salesforceHassan Maynard
 
Salesforce training workbook FINAL
Salesforce training workbook FINALSalesforce training workbook FINAL
Salesforce training workbook FINALKenny Berrouet
 
Business intelligence implementation_in_SME_in_INDIA
Business intelligence implementation_in_SME_in_INDIABusiness intelligence implementation_in_SME_in_INDIA
Business intelligence implementation_in_SME_in_INDIANavin Shukla
 
Salesforce Integration
Salesforce IntegrationSalesforce Integration
Salesforce IntegrationJoshua Hoskins
 
SME 10-minute guide to digital transformation v1
SME 10-minute guide to digital transformation v1SME 10-minute guide to digital transformation v1
SME 10-minute guide to digital transformation v1Bill Harpley
 
Deloitte maverick regional finals
Deloitte maverick regional finalsDeloitte maverick regional finals
Deloitte maverick regional finalsTarun Gupta
 
How Salesforce CRM works & who should use it?
How Salesforce CRM works & who should use it?How Salesforce CRM works & who should use it?
How Salesforce CRM works & who should use it?Suyati Technologies
 
Salesforce Presentation
Salesforce PresentationSalesforce Presentation
Salesforce PresentationChetna Purohit
 

Destaque (16)

India SME ICT Adoption IAMAI Survey
India SME ICT Adoption IAMAI SurveyIndia SME ICT Adoption IAMAI Survey
India SME ICT Adoption IAMAI Survey
 
April 2015: Salesforce Basics for the Accidental Admin
April 2015: Salesforce Basics for the Accidental AdminApril 2015: Salesforce Basics for the Accidental Admin
April 2015: Salesforce Basics for the Accidental Admin
 
Leverage ebiz for growth of MSMEs
Leverage ebiz for growth of MSMEsLeverage ebiz for growth of MSMEs
Leverage ebiz for growth of MSMEs
 
Adoption stony point salesforce end user training overview
Adoption stony point salesforce end user training overviewAdoption stony point salesforce end user training overview
Adoption stony point salesforce end user training overview
 
Expert Hour - Salesforce Integration Tools
Expert Hour - Salesforce Integration ToolsExpert Hour - Salesforce Integration Tools
Expert Hour - Salesforce Integration Tools
 
Clextra sme india_it
Clextra sme india_itClextra sme india_it
Clextra sme india_it
 
Salesforce presentation for it summit
Salesforce presentation for it summitSalesforce presentation for it summit
Salesforce presentation for it summit
 
Introduction to salesforce
Introduction to salesforceIntroduction to salesforce
Introduction to salesforce
 
Salesforce training workbook FINAL
Salesforce training workbook FINALSalesforce training workbook FINAL
Salesforce training workbook FINAL
 
Cii Sme
Cii SmeCii Sme
Cii Sme
 
Business intelligence implementation_in_SME_in_INDIA
Business intelligence implementation_in_SME_in_INDIABusiness intelligence implementation_in_SME_in_INDIA
Business intelligence implementation_in_SME_in_INDIA
 
Salesforce Integration
Salesforce IntegrationSalesforce Integration
Salesforce Integration
 
SME 10-minute guide to digital transformation v1
SME 10-minute guide to digital transformation v1SME 10-minute guide to digital transformation v1
SME 10-minute guide to digital transformation v1
 
Deloitte maverick regional finals
Deloitte maverick regional finalsDeloitte maverick regional finals
Deloitte maverick regional finals
 
How Salesforce CRM works & who should use it?
How Salesforce CRM works & who should use it?How Salesforce CRM works & who should use it?
How Salesforce CRM works & who should use it?
 
Salesforce Presentation
Salesforce PresentationSalesforce Presentation
Salesforce Presentation
 

Semelhante a Leveraging the Cloud - Getting the Most Bang for your Buck ( presentation by Salesforce on optimizing AWS costs )

Leveraging the Cloud: Getting the more bang for your buck
Leveraging the Cloud: Getting the more bang for your buckLeveraging the Cloud: Getting the more bang for your buck
Leveraging the Cloud: Getting the more bang for your buckDesk
 
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanFrom 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanEC-Council
 
Ca today here and_now_martin_vajda
Ca today here and_now_martin_vajdaCa today here and_now_martin_vajda
Ca today here and_now_martin_vajdamvajda62
 
There is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless ArchitectureThere is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless ArchitectureSonatype
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedJason Chan
 
Cloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Cloud-powered Continuous Integration and Deployment architectures - Jinesh VariaCloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Cloud-powered Continuous Integration and Deployment architectures - Jinesh VariaAmazon Web Services
 
Apache cloud stack 4.1 new features deep dive
Apache cloud stack 4.1 new features deep diveApache cloud stack 4.1 new features deep dive
Apache cloud stack 4.1 new features deep diveShapeBlue
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedJason Chan
 
Cloudefigo - From zero to secure in 1 minute
Cloudefigo - From zero to secure in 1 minuteCloudefigo - From zero to secure in 1 minute
Cloudefigo - From zero to secure in 1 minuteIsrael AWS User Group
 
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberDefcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberMoshe Ferber
 
Continuous Integration and Deployment Best Practices on AWS
Continuous Integration and Deployment Best Practices on AWSContinuous Integration and Deployment Best Practices on AWS
Continuous Integration and Deployment Best Practices on AWSAmazon Web Services
 
AWS & Intel: A Partnership Dedicated to Cloud Innovations
AWS & Intel: A Partnership Dedicated to Cloud InnovationsAWS & Intel: A Partnership Dedicated to Cloud Innovations
AWS & Intel: A Partnership Dedicated to Cloud InnovationsAmazon Web Services
 
Migrating Jive To The Cloud
Migrating Jive To The CloudMigrating Jive To The Cloud
Migrating Jive To The Cloudmattjive
 
Continuous Deployment Practices, with Production, Test and Development Enviro...
Continuous Deployment Practices, with Production, Test and Development Enviro...Continuous Deployment Practices, with Production, Test and Development Enviro...
Continuous Deployment Practices, with Production, Test and Development Enviro...Amazon Web Services
 
Devoxx France 2013 Cloud Best Practices
Devoxx France 2013 Cloud Best PracticesDevoxx France 2013 Cloud Best Practices
Devoxx France 2013 Cloud Best PracticesEric Bottard
 
Scaling Twilio - Evan Cooke - Twilio Conference 2011
Scaling Twilio - Evan Cooke - Twilio Conference 2011Scaling Twilio - Evan Cooke - Twilio Conference 2011
Scaling Twilio - Evan Cooke - Twilio Conference 2011Twilio Inc
 
5 Simple Steps to Migrate to AWS – Zerto
5 Simple Steps to Migrate to AWS – Zerto 5 Simple Steps to Migrate to AWS – Zerto
5 Simple Steps to Migrate to AWS – ZertoAmazon Web Services
 

Semelhante a Leveraging the Cloud - Getting the Most Bang for your Buck ( presentation by Salesforce on optimizing AWS costs ) (20)

Leveraging the Cloud: Getting the more bang for your buck
Leveraging the Cloud: Getting the more bang for your buckLeveraging the Cloud: Getting the more bang for your buck
Leveraging the Cloud: Getting the more bang for your buck
 
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanFrom 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
 
Cloud atebay
Cloud atebayCloud atebay
Cloud atebay
 
Ca today here and_now_martin_vajda
Ca today here and_now_martin_vajdaCa today here and_now_martin_vajda
Ca today here and_now_martin_vajda
 
There is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless ArchitectureThere is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless Architecture
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
 
Cloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Cloud-powered Continuous Integration and Deployment architectures - Jinesh VariaCloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Cloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
 
Apache cloud stack 4.1 new features deep dive
Apache cloud stack 4.1 new features deep diveApache cloud stack 4.1 new features deep dive
Apache cloud stack 4.1 new features deep dive
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
 
Cloudefigo - From zero to secure in 1 minute
Cloudefigo - From zero to secure in 1 minuteCloudefigo - From zero to secure in 1 minute
Cloudefigo - From zero to secure in 1 minute
 
Cloud Talk
Cloud TalkCloud Talk
Cloud Talk
 
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberDefcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
 
Continuous Integration and Deployment Best Practices on AWS
Continuous Integration and Deployment Best Practices on AWSContinuous Integration and Deployment Best Practices on AWS
Continuous Integration and Deployment Best Practices on AWS
 
AWS & Intel: A Partnership Dedicated to Cloud Innovations
AWS & Intel: A Partnership Dedicated to Cloud InnovationsAWS & Intel: A Partnership Dedicated to Cloud Innovations
AWS & Intel: A Partnership Dedicated to Cloud Innovations
 
Migrating Jive To The Cloud
Migrating Jive To The CloudMigrating Jive To The Cloud
Migrating Jive To The Cloud
 
Continuous Deployment Practices, with Production, Test and Development Enviro...
Continuous Deployment Practices, with Production, Test and Development Enviro...Continuous Deployment Practices, with Production, Test and Development Enviro...
Continuous Deployment Practices, with Production, Test and Development Enviro...
 
Devoxx France 2013 Cloud Best Practices
Devoxx France 2013 Cloud Best PracticesDevoxx France 2013 Cloud Best Practices
Devoxx France 2013 Cloud Best Practices
 
Lets focus on business value
Lets focus on business valueLets focus on business value
Lets focus on business value
 
Scaling Twilio - Evan Cooke - Twilio Conference 2011
Scaling Twilio - Evan Cooke - Twilio Conference 2011Scaling Twilio - Evan Cooke - Twilio Conference 2011
Scaling Twilio - Evan Cooke - Twilio Conference 2011
 
5 Simple Steps to Migrate to AWS – Zerto
5 Simple Steps to Migrate to AWS – Zerto 5 Simple Steps to Migrate to AWS – Zerto
5 Simple Steps to Migrate to AWS – Zerto
 

Último

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 

Último (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 

Leveraging the Cloud - Getting the Most Bang for your Buck ( presentation by Salesforce on optimizing AWS costs )

  • 1. Leveraging the cloud Getting the most bang for your buck
  • 2. Nate Lindstrom Director of Network Operations in/nwlindstrom
  • 3. salesforce desk We make it easy for you to support customers right from the browser, via email, phone, chat, web, Facebook, and Twitter We provide a hosted, cloud-based SaaS help desk platform for SMB
  • 5. Process requirements Formal, documented change management ISO 27001 compliance SOX section 404 compliance Safe Harbor certification
  • 6. Single file change process RFC Make SME RFC create pull reviews Close d request request d Change applied to staging ✓Effects observed Change applied to production Changes can be made rapidly and safely FIM updated Unauthorized changes reverted by the CMS or flagged by CloudPassage Halo FIM
  • 7. Under the hood Chicken-and-egg problem for new instances Puppet determines role based on hostname Hostname isn’t set on new instances
  • 8. How we start instances Scri pt Name=web01.desk .com Pupp web01.desk.com nginx ip-10-20-30-40.us-west-1.compute.internal et node /^webd+.desk.com$/ AMI inherits production_app { include web}
  • 9. How we monitor instances web01.desk.com cron S3 Buck et
  • 10. Effective monitoring Icinga is the most comprehensive open source monitoring solution available
  • 11. Secret change process RFC Make SME RFC create pull reviews Close d request request d Change FIM applied to production updated “Secret” as in production secrets, like passwords
  • 12. Under the hood Storing production secrets in plain text is bad Sending decryption key over same channel as encrypted data is bad
  • 13. Secure repositories TechO Everyo ps ne Full Access Pull Request Only Puppet Prod Non-Prod git Credentials Credentials Repo GnuPG GnuPG
  • 14. Secure distribution AMI Puppet GnuPG git git Key Repo Secrets Instance Puppet Credentials
  • 15. What the cloud means to us More typing, less driving
  • 16. Physical asset tracking If you came to doubt the accuracy of your CMDB, you could always fall back on a physical inventory Almost always, anyway
  • 17. Virtual asset tracking When you don’t have any physical assets it’s even easier to “lose” instances “Lost” instances can silently consume big $$$
  • 18. How an instance can be lost Provisioning script loses connectivity during launch Instance fails to upload existence information to S3 Provisioning CMDB Script Launches Updates S3 Instance Buck Uploads et
  • 19. Minimizing lost instances Your CMDB may not see your lost instances consuming $$$, but Cloudyn does Cloudyn makes it easy to maintain an efficient and lean cloud presence
  • 20. JIT capacity Let your servers order more servers
  • 21. Auto Scale architecture Everything should scale horizontally
  • 22. Auto Scale in action Loosely-coupled tiers provide greatest flexibility Scale up quickly, scale down slowly ELB Traffic Decreasing Traffic Increasing Web Web Web Web Web Web Web ELB App App App App App App
  • 23. Auto Scaling control Scalr makes managing dynamic environments in the cloud easy and painless
  • 25. Think in clusters If one instance is having problems, replace it If many instances are having problems, dig deeper Use the 1, 2, 3 rule for determining response ELB Instanc Instanc Instanc Instanc Instanc e e e e e
  • 26. Architecting for failure Build it to land gracefully
  • 27. Expect failure Make use of regions and availability zones Avoid storing sessions on any one server The cloud is inherently unreliable, but your app doesn’t need to be AWS us-west-1 us-east-1 us-west-1a us-west-1b
  • 29. Cloud isn’t private Multitenancy means the cloud is never truly private Build security in from the very beginning Apply defense in depth Internet ELB Web ELB App DB
  • 30. Security groups are limited An instance’s security groups cannot ever be changed Security groups can only limit inbound (ingress) traffic Security groups cannot restrict outbound (egress) traffic
  • 31. Comprehensive security CloudPassage Halo allows the implementation of comprehensive security with minimal effort
  • 32. The cloud... Is not a data center Is only as secure as you make it Is very expensive if not managed well Works best with lots and lots of little servers Will occasionally fail