Cloud management and monitoring includes a broad set of tools that help cloud managers to keep track of their deployment health, utilization, consumption and cost. This deck will cover techniques and best practices for efficient cloud deployment, specifically: how to implement capacity, utilization and cost metrics in your AWS cloud deployment in order to maximize the ROI.

1. Getting the most bang for your buck

2. Nate Lindstrom
Director of Network Operations
at Desk.com
www.linkedin.com/in/nwlindstrom

3. § We make it easy for you to support
customers right from the browser, via
email, phone, chat web, Facebook and
Twitter
§ We provide a hosted, cloud-based SaaS
help desk platform for SMBs

4. Cloudy
Cloud
Change
Change
Management
Management
Trust but verify
Trust but verify

5. Process Requirements
Process requirements
§ Formal, documented
Formal, documented
change management
change management
ISO 27001 compliance
§ ISO 27001 compliance
SOX section 404
compliance
§ SOX section 404
Safe Harbor
compliance
certification
§ Safe Harbor certification

6. Single file change process
RFC
Make SME RFC
created pull reviews closed
request request
Change Change
Effects FIM
applied to applied to
observed updated
staging production
§ Changes can be made rapidly and safely
§ Unauthorized changes reverted by the CMS or
flagged by CloudPassage Halo FIM

7. Under the hood
Under the hood
§ Chicken-and-egg problem
Chicken-and-egg
for new instances
problem for new
instances
§ Puppet determines role
Puppet determines
basedbased on
role on hostname
hostname
§ Hostname isn’t set on new
Hostname isn’t set on
instances
new instances

8. How we start instances
Script Name=web01.desk.com
web01.desk.com nginx Puppet
AMI
node/^webd+.desk.com$/
inherits production_app { include
web}

9. How we monitor instances
web01.desk.com cron
S3
Bucket

10. Effective monitoring
Effective monitoring
§ Icinga isis the most
Icinga
the most
comprehensive open
comprehensive open
source monitoring solution
source monitoring
available available
solution

11. Secret change process
RFC
Make SME RFC
created pull reviews closed
request request
Change
FIM
applied to
updated
production
§ “Secret” as in production secrets, like passwords

12. Under the hood
Under the hood
§ Storing production secrets
Storing production
in plain text is BAD
secrets in plain text is
bad
§ Sending decryption key
over samedecryption
Sending channel as
encrypted sameis BAD
key over data
channel as encrypted
data is bad

13. Secure repositories
TechO
Everyone
ps
Full Access Pull Request Only
Puppet Prod Non-Prod
Credentials Credentials
git
Repo
GnuPG GnuPG

14. Secure distribution
AMI
Puppet GnuPG
git git
Key
Repo
Secrets
Instance
Puppet Credentials

15. What the
What the
cloud means
cloud
means to us
to us
More typing, less
More typing, less driving
driving

16. Physical asset tracking
Physical asset tracking
§ If you came to doubt the
accuracy of yourdoubt you
If you came to CMDB,
the accuracy of your
could always fall back on a
CMDB, you could
physical inventory a
always fall back on
physical inventory
§ Almost always, anyways
Almost always,
anyway

17. Virtual asset tracking
§ When Virtual asset tracking
you don’t have any physical assets it’s even
easier to “lose” instances
When you don’t have any physical assets it’s even
easier to “lose” instances
§ “Lost” instances can silently consume big $$$
“Lost” instances can silently consume big $$$

18. How an instance can be lost
§ Provisioning script loses connectivity during launch
§ Instance fails to upload existence information to S3
Provisioning CMDB
Sot
Launches Updates
S3
Instance
Bucket

19. Minimizing lost instances
Minimizing lost instances
§ Your CMDB may not see
Your CMDB may not
yoursee your lost
lost instances
consuming $$$, but
instances consuming
Cloudyn but Cloudyn does
$$$, does
Cloudyn makes it easy
§ Cloudyn makes it efficient
to maintain an easy to
maintain an cloud
and lean efficient and
presence
lean cloud presence

20. JIT capacity
IT capacity
Let your servers order
et your servers
more servers
der more servers

21. Auto Scale architecture
Auto Scale architecture
§ Everything should scale horizontally
Everything should scale horizontally

22. Auto Scale in action
§ Loosely-couple tiers provide greatest flexibility
Auto Scale in action
§ Scale up quickly, scale downgreatest flexibility
Loosely-coupled tiers provide slowly
Scale up quickly, scale down slowly
ELB
Traffic Decreasing
Traffic Increasing
Web Web Web Web Web Web Web
ELB
App App App App App App

23. Auto Scaling control
Auto Scaling control
Scalr makes
§ Scalr makes managing
managing dynamic
dynamic environments in
environments in the
the cloud easy and painless
cloud easy and
painless

24. Whole-unit
Whole-unit
troubleshooting
oubleshooting
on’t sweat the small
Don’t sweat the
mallstuff
stuff

25. Think in clusters
§ If one instance is having problems, replace it
§ If many instances are having problems, dig
deeper
§ Use the 1, 2, 3 rule for determining response
ELB
Instance Instance Instance Instance Instance

26. Architecture for
Architecting
failure
for failure
Build it it to land
Build to land
gracefully
gracefully

27. Expect failure
§ Make use of regions and availability zones
§ Avoid storing sessions on any one server
§ The cloud is inherently unreliable, but your app
doesn’t need to be
AWS
us-west-1 us-east-1
Us-west-1a Us-west-1b

28. ecurity
Security
awareness
wareness
se security is is worse
False security
se than no security
than no
urity

29. Cloud isn’t private
§ Multitenancy means the cloud is never truly
private
§ Build security in from the very beginning
§ Apply defense in depth
Internet
ELB
Web ELB
App DB

30. Security groups are limited
Security groups are limited
§ An instance’s security
An instance’s security
groups cannot ever be
groups cannot ever be
changed
changed
Security groups can
§ only limit inbound only
Security groups can
(ingress) traffic(ingress)
limit inbound
traffic
Security groups
cannot restrict
§ outboundgroups cannot
Security (egress)
traffic outbound (egress)
restrict
traffic

31. Comprehensive security
Comprehensive security
§ CloudPassage Halo allows
CloudPassage Halo
allows the
the implementation of
implementation of
comprehensive security
comprehensive
with minimal minimal
security with
effort
effort

32. The cloud...
The cloud…
§ Is not a data center
Is not a data center
§ Is only as secureas you
Is only as secure as
you make it
make it
Is very expensive if not
§ Is very expensive if not
managed well
managed well
Works best with lots
§ Works of little servers
and lots best with lots and
lots of litter servers
Will occasionally fail
§ Will occasionally fail

33. THANK YOU!