319 MANAGED HOSTING TECHNICAL DETAILS
|
|
- Ashlyn Porter
- 8 years ago
- Views:
Transcription
1 319 MANAGED HOSTING TECHNICAL DETAILS 319 NetWorks
2 Table of Contents Architecture Platform Applications Network Stack Cloud Hosting Technical Details... 5 Server Access... 7 Monitoring Systems... 7 Instance Isolation... 7 Elastic Block Storage (Amazon EBS) Security... 8 Multiple levels of Security... 8 Network Security Summary Amazon Simple Storage Service (Amazon S3) Security Data Management Amazon Certifications Commitment NetWorks Page 3
3 Architecture The 319 Enterprise Network comprises 319 Platform, 319 Applications, 319 Network Stack, Amazon Cloud Technology and Cloud Technical Applications, 319 Redundant Montioring System and 319 Backup & Restore Systems. 319 NetWorks Page 4
4 319 Platform The 319 Platform is a dynamic object oriented engine. The platform runs sets of 319 Applications. The base functions of the platform are but are not limited to: Web Page Security Engine o User Data Store and Authentication File management Web page generation o Page Template Engine o Dynamic Blocks o CSS Layer connected to Dynamic Blocks o HTML Content store and display o XML to XSLT Transformation Tracking Engine 319 Applications 319 Applications are comprised of 319 Platform Objects/ Actions that are dynamic systems which store, and query data form the 319 Platform Database. A filled 319 Platform can comprise of greater than 1000 Applications for everything from full elearning to web page secured login. 319 Network Stack The 319 network Stack is built from open source technology including but not limited to Linux, PHP 5+, MySQL 5 + and many other applications. 319 Cloud Hosting Technical Details The 319 Cloud Enterprise Solution employs a full cloud environment which is optimized for scalability, reliability and security. Virtual Servers are deployed at edge location the closest to the customers needs reducing latency and improving performance. The web server is a virtual machine that uses elastic IPs. Elastic IPs allow for rapidly moving of server resources as demands need for security, reliability and performance. If a virtual server is seeing high loads of traffic and file transfer, 319 has the rapid ability to partition a new and larger server and deploy a server image to it, change the elastic IP and connect the virtual drive to it. This assures the high reliability and uptime. The 319 Cloud Enterprises Solution is built inside the Amazon Cloud. 319 NetWorks Page 5
5 Server Image: A server image is a remote stored image of the 319 Server Stack. This includes all critical server applications, 319 Platform, all 319 Applications and key settings. In less than 10 minutes a new boot drive can be configured and connected to the new server instance. Boot Drive: This is the drive that is used to virtually connect to the server instance which boots up the server and includes the entire 319 Server Stack. Elastic IP: Elastic IP addresses are static IP addresses designed for dynamic cloud computing. An Elastic IP address is associated the 319 Cloud not a particular instance. Unlike traditional static IP addresses, however, Elastic IP addresses allows for masking of instance. This allows for rapid changes as the networks demands change or in case of an event. Virtual Data Store: Data is stored on virtual drives allowing for rapid drive resizing and scalability as needs demand. Replication and duplication built into cloud storage assures the reliability of data store and eliminate the reliability issues created by physical drives. Backup: Backup is run 7 days a week in the middle of the night EST depending on the demands of the server. Backup runs in parallel thus not stopping access to server resources or having any effect of uptime of the site. It will have a small impact on speed of the website during this time. Since backup runs from virtual drive to virtual drive it has little to no effect on the webserver but only on the disk access during the backup cycles. The backup stores 7 consecutive days of full backups for each site, including Platform319, 319Applications and data. This assures that under any event the site can 100% be restored to a prior state if needed. Since we also backup the applications and the platform a site can be replicated to another drive rapidly and will assure it will remain in the state of that backup. Backups are stored on a separate virtual drive providing the highest reliability in case of a drive event. On the 8 th day the backup from that day writes over the backup from the 1 st day, thus it is 7 days rolling. 319 Streaming Cloud: The 319 Streaming cloud deploys a combination of virtual drives and cloud front technology. The virtual drives allow for virtually unlimited scaling. Cloud front deploys copies of these files and they are served up from the closes point from where the visitor is requesting the file. Files in the Easter part of the US will be servers from Vagina while requests from Asia will be served up from Asia. At any time the file is changed it will dynamically be replicated across the entire CloudFront. CloudFront are determined for each customer based on their user footprint. Requests for files from the streaming network do not transfer through the webserver but rather are delivered directly from the CloudFront. Streaming is performed via RTMPS. Direct file delivery is achieved via HTTPS. 319 NetWorks Page 6
6 Server Access The server access is limited to standard internet protocol of https for secure sites, http for some sites for non-secure sites. Software maintenance is performed via SSH, Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client (running SSH server and SSH client programs, respectively). Monitoring Systems 319 employees 2 separate monitoring systems. Monitoring System 1: Amazon Cloud Watch Amazon CloudWatch provides monitoring for AWS cloud resources and the applications run on AWS. In CloudWatch we monitor resource utilization, application performance, and operational health. Monitoring System 2: 319 Monitoring This is a custom monitoring system that resides on an external server that monitors the health of all sites and their resources running within the 319 Cloud. Both systems employ notification via and SMS. Instance Isolation Different instances running on the same physical machine are isolated from each other via the Xen hypervisor. Amazon is active in the Xen community, which provides awareness of the latest developments. In addition, the AWS firewall resides within the hypervisor layer, between the physical network interface and the instance's virtual interface. All packets must pass through this layer, thus an instance s neighbors have no more access to that instance than any other host on the Internet and can be treated as if they are on separate physical hosts. The physical RAM is separated using similar mechanisms. 319 NetWorks Page 7
7 Customer instances have no access to raw disk devices, but instead are presented with virtualized disks. The AWS proprietary disk virtualization layer automatically resets every block of storage used by the customer, so that one customer s data are never unintentionally exposed to another. AWS recommends customers further protect their data using appropriate means. One common solution is to run an encrypted file system on top of the virtualized disk device. Elastic Block Storage (Amazon EBS) Security Amazon EBS volume access is restricted to the AWS Account that created the volume, and to the users under the AWS Account created with AWS IAM if the user has been granted access to the EBS operations, thus denying all other AWS Accounts and users the permission to view or access the volume. However, a customer can create Amazon S3 snapshots of their Amazon EBS volume and enable other AWS Accounts the ability to use the shared snapshot as the basis for creating their own volumes. Customers also have the ability to make Amazon EBS volume snapshots publicly available to all AWS Accounts. Sharing Amazon EBS volume snapshots does not provide other AWS Accounts with the permission to alter or delete the original snapshot as that right is explicitly reserved for the AWS Account that created the volume. An EBS snapshot is a block level view of an entire EBS volume. Data which is not visible through the file system on the volume, such as files which have been deleted, may be present in the EBS snapshot. Customers that want to create shared snapshots should do so carefully. If a volume has held sensitive data or has had files deleted from it, a new EBS volume should be created. The data to be contained in the shared snapshot should be copied to the new volume, and the snapshot created from the new volume. Amazon EBS volumes are presented to the customer as raw unformatted block devices, which have been wiped prior to being made available for use. Customers that have procedures requiring that all data be wiped via a specific method, such as those detailed in DoD M ( National Industrial Security Program Operating Manual ) or NIST ( Guidelines for Media Sanitization ), have the ability to do so on Amazon EBS. Customers should conduct a specialized wipe procedure prior to deleting the volume for compliance with their established requirements. Encryption of sensitive data is generally a good security practice, and AWS encourages users to encrypt their sensitive data via an algorithm consistent with their stated security policy. Multiple levels of Security Virtual Private Cloud: Each VPC is a distinct, isolated network within the cloud. At creation time, an IP address range for each VPC is selected by the customer. Network traffic within each VPC is isolated from all other VPCs; therefore, multiple VPCs may use overlapping (even identical) IP address ranges without loss of this isolation. By default, VPCs have no external connectivity. Customers may create and attach an Internet Gateway, VPN Gateway, or both to establish external connectivity, subject to the controls below. 319 NetWorks Page 8
8 API: Calls to create and delete VPCs, change routing, security group, and network ACL parameters, and perform other functions are all signed by the customer s Amazon Secret Access Key, which could be either the AWS Accounts Secret Access Key or the Secret Access key of a user created with AWS IAM. Without access to the customer s Secret Access Key, Amazon VPC API calls cannot be made on the customer s behalf. In addition, API calls can be encrypted with SSL to maintain confidentiality. Amazon recommends always using SSL-protected API endpoints. AWS IAM also enables a customer to further control what APIs a newly created user has permissions to call. Subnets: Customers create one or more subnets within each VPC; each instance launched in the VPC is connected to one subnet. Traditional Layer 2 security attacks, including MAC spoofing and ARP spoofing, are blocked. Route Tables and Routes: Each Subnet in a VPC is associated with a routing table, and all network traffic leaving a subnet is processed by the routing table to determine the destination. VPN Gateway: A VPN Gateway enables private connectivity between the VPC and another network. Network traffic within each VPN Gateway is isolated from network traffic within all other VPN Gateways. Customers may establish VPN Connections to the VPN Gateway from gateway devices at the customer premise. Each connection is secured by a preshared key in conjunction with the IP address of the customer gateway device. Internet Gateway: An Internet Gateway may be attached to a VPC to enable direct connectivity to Amazon S3, other AWS services, and the Internet. Each instance desiring this access must either have an Elastic IP associated with it or route traffic through a NAT instance. Additionally, network routes are configured (see above) to direct traffic to the Internet Gateway. AWS provides reference NAT AMIs that can be extended by customers to perform network logging, deep packet inspection, application-layer filtering, or other security controls. This access can only be modified through the invocation of Amazon VPC APIs. AWS supports the ability to grant granular access to different administrative functions on the instances and the Internet Gateway, therefore enabling the customer to implement additional security through separation of duties. Amazon EC2 Instances: Amazon EC2 instances running with an Amazon VPC contain all of the benefits described above related to the Host Operating System, Guest Operating System, Hypervisor, Instance Isolation, and protection against packet sniffing. Tenancy: VPC allows customers to launch Amazon EC2 instances that are physically isolated at the host hardware level; they will run on single tenant hardware. A VPC can be created with dedicated tenancy, in which case all instances launched into the VPC will utilize this feature. Alternatively, a VPC may be created with default tenancy, but customers may specify dedicated tenancy for particular instances launched into the VPC. Firewall (Security Groups): Like Amazon EC2, Amazon VPC supports a complete firewall solution enabling filtering on both ingress and egress traffic from an instance. The default group enables inbound communication from other members of the same group and outbound communication to any 319 NetWorks Page 9
9 destination. Traffic can be restricted by any IP protocol, by service port, as well as source/destination IP address (individual IP or Classless Inter-Domain Routing (CIDR) block). The firewall isn t controlled through the Guest OS; rather it can be modified only through the invocation of Amazon VPC APIs. AWS supports the ability to grant granular access to different administrative functions on the instances and the firewall, therefore enabling the customer to implement additional security through separation of duties. The level of security afforded by the firewall is a function of which ports are opened by the customer, and for what duration and purpose. Well-informed traffic management and security design are still required on a per-instance basis. AWS further encourages customers to apply additional per-instance filters with host-based firewalls such as IP tables or the Windows Firewall. Network Access Control Lists: To add a further layer of security within Amazon VPC, customers can configure Network ACLs. These are stateless traffic filters that apply to all traffic inbound or outbound from a subnet within VPC. These ACLs can contain ordered rules to allow or deny traffic based upon IP protocol, by service port, as well as source/destination IP address. Like security groups, network ACLs are managed through Amazon VPC APIs, adding an additional layer of protection and enabling additional security through separation of duties. Network Security Summary The diagram below depicts how the security controls above inter-relate to enable flexible network topologies while providing complete control over network traffic flows. 319 NetWorks Page 10
10 Amazon Simple Storage Service (Amazon S3) Security With any shared storage system, the most common security question is whether unauthorized users can access information either intentionally or by mistake. So that customers have flexibility to determine how, when, and to whom they wish to expose the information they store in AWS, Amazon S3 APIs provide both bucket- and object-level access controls, with defaults that only permit authenticated access by the bucket and/or object creator. Unless a customer grants anonymous access to their data, the first step before a user, either an AWS Account, or a user created with AWS IAM, can access data is to be authenticated using an HMAC-SHA1 signature of the request using the user s private key. An authenticated user can read an object only if the user has been granted Read permissions in an Access Control List (ACL) at the object level. An authenticated user can list the keys and create or overwrite objects in a bucket only if the user has been granted Read and Write permissions in an ACL at the bucket level or via permissions granted to them with AWS IAM. Bucket and object level ACLs are independent; an object does not inherit ACLs from its bucket. Permissions to read or modify the bucket or object ACLs are themselves controlled by ACLs that default to creator-only access. Therefore, the customer maintains full control over who has access to their data. Customers can grant access to their Amazon S3 data to other AWS Accounts by AWS Account ID or , or DevPay Product ID. Customers can also grant access to their Amazon S3 data to all AWS Accounts or to everyone (enabling anonymous access). Data Management For maximum security, Amazon S3 is accessible via SSL endpoints. The encrypted endpoints are accessible from both the Internet and from within Amazon EC2, so that data are transferred securely both within AWS and to and from sources outside of AWS. Securing data at rest involves physical security and data encryption. As mentioned in detail in Physical Security, Amazon employs multiple layers of physical security measures to protect customer data at rest. For example, physical access to Amazon datacenters is limited to an audited list of Amazon personnel. Encryption of sensitive data is generally a good security practice, and AWS encourages users to encrypt their sensitive data before it is uploaded to Amazon S3. When an object is deleted from Amazon S3, removal of the mapping from the public name to the object starts immediately, and is generally processed across the distributed system within several seconds. Once the mapping is removed, there is no remote access to the deleted object. The underlying storage area is then reclaimed for use by the system. Amazon S3 is designed to provide % durability and 99.99% availability of objects over a given year. Objects are redundantly stored on multiple devices across multiple facilities in an Amazon S3 Region. To help provide durability, Amazon S3 PUT and COPY operations synchronously store your data across multiple facilities before returning SUCCESS. Once stored, Amazon S3 helps maintain the 319 NetWorks Page 11
11 durability of your objects by quickly detecting and repairing any lost redundancy. Amazon S3 also regularly verifies the integrity of data stored using checksums. If corruption is detected, it is repaired using redundant data. In addition, Amazon S3 calculates checksums on all network traffic to detect corruption of data packets when storing or retrieving data. Amazon S3 provides further protection via Versioning. You can use Versioning to preserve, retrieve, and restore every version of every object stored in your Amazon S3 bucket. With Versioning, you can easily recover from both unintended user actions and application failures. By default, requests will retrieve the most recently written version. Older versions of an object can be retrieved by specifying a version in the request. You can further protect your versions using Amazon S3 Versioning's MFA Delete feature, once enabled for an S3 bucket, each version deletion request must include the six digit code and serial number from your multi factor authentication device. Amazon Certifications SOC 1/SSAE 16/ISAE 3402 Amazon Web Services now publishes a Service Organization Controls 1 (SOC 1), Type 2 report. The audit for this report is conducted in accordance with the Statement on Standards for Attestation Engagements No. 16 (SSAE 16) and the International Standards for Assurance Engagements No (ISAE 3402) professional standards. This dual-standard report can meet a broad range of auditing requirements for U.S. and international auditing bodies. The SOC 1 report audit attests that AWS control objectives are appropriately designed and that the individual controls defined to safeguard customer data are operating effectively. Our commitment to the SOC 1 report is on-going and we plan to continue our process of periodic audits. This audit is the replacement of the Statement on Auditing Standards No. 70 (SAS 70) Type II report. FISMA Moderate AWS enables U.S. government agency customers to achieve and sustain compliance with the Federal Information Security Management Act (FISMA). FISMA requires federal agencies to develop, document, and implement an information security system for its data and infrastructure based on the National Institute of Standards and Technology Special Publication , Revision 3 standard. FISMA Moderate Authorization and Accreditation requires AWS to implement and operate an extensive set of security configurations and controls. This includes documenting the management, operational, and technical processes used to secure the physical and virtual infrastructure, as well as the third-party audit of the established processes and controls. AWS has received a three-year FISMA Moderate authorization for Infrastructure as a Service from the General Services Administration. AWS has also successfully achieved other ATOs at the FISMA Moderate level by working with government agencies to certify their applications and workloads. 319 NetWorks Page 12
12 PCI DSS Level 1 AWS has achieved Level 1 PCI compliance. We have been successfully validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS). Merchants and other service providers can now run their applications on our PCI-compliant technology infrastructure for storing, processing, and transmitting credit card information in the cloud. Other enterprises can also benefit by running their applications on other PCI-compliant technology infrastructure. PCI validated services include Amazon Elastic Compute Cloud (EC2), Amazon Simple Storage Service (S3), Amazon Elastic Block Storage (EBS) and Amazon Virtual Private Cloud (VPC), Amazon Relational Database Service (RDS), Amazon Elastic Load Balancing (ELB), Amazon Identity and Access Management (IAM), and the underlying physical infrastructure and the AWS Management Environment. For more information please visit our PCI DSS Level 1 FAQs. ISO AWS has achieved ISO certification of our Information Security Management System (ISMS) covering our infrastructure, data centers, and services including Amazon Elastic Compute Cloud (Amazon EC2), Amazon Simple Storage Service (Amazon S3) and Amazon Virtual Private Cloud (Amazon VPC). ISO 27001/27002 is a widely-adopted global security standard that sets out requirements and best practices for a systematic approach to managing company and customer information that s based on periodic risk assessments. In order to achieve the certification, a company must show it has a systematic and ongoing approach to managing information security risks that affect the confidentiality, integrity, and availability of company and customer information. This certification reinforces Amazon s commitment to providing transparency into our security controls and practices. AWS s ISO certification includes all AWS data centers in all regions worldwide and AWS has established a formal program to maintain the certification. A copy of our ISO certificate, available to AWS customers, describes the ISMS services and geographic scope. For more information please visit our ISO FAQs. International Traffic In Arms Compliance The AWS GovCloud (US) region supports US International Traffic in Arms Regulations (ITAR) compliance. As a part of managing a comprehensive ITAR compliance program, companies subject to ITAR export regulations must control unintended exports by restricting access to protected data to US Persons and restricting physical location of that data to US land. AWS GovCloud (US) provides an environment physically located in the US and where access by AWS Personnel is limited to US Persons, thereby allowing qualified companies to transmit, process, and store protected articles and data under ITAR. The AWS GovCloud (US) environment has been audited by an independent third party to validate the proper controls are in place to support customer export compliance programs for this requirement. 319 NetWorks Page 13
13 FIPS The Federal Information Processing Standard (FIPS) Publication is a US government security standard that specifies the security requirements for cryptographic modules protecting sensitive information. To support customers with FIPS requirements, the Amazon Virtual Private Cloud VPN endpoints and SSL-terminating load balancers in AWS GovCloud (US) operate using FIPS validated hardware. AWS works with AWS GovCloud (US) customers to provide the information they need to help manage compliance when using the AWS GovCloud (US) environment. 319 Visual Monitoring: One time a quarter 319 Technical Staff review data form all cloud resources for current and future planning. This data provides us with insight to potential future needs that may arise before they arise. Commitment 319 NetWorks is committed to reliability and security for all resources on its networks and continually improves our technology, processes and procedures. 319 NetWorks Page 14
Simone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud
Simone Brunozzi, AWS Technology Evangelist, APAC Fortress in the Cloud AWS Cloud Security Model Overview Certifications & Accreditations Sarbanes-Oxley (SOX) compliance ISO 27001 Certification PCI DSS
More informationWith Eversync s cloud data tiering, the customer can tier data protection as follows:
APPLICATION NOTE: CLOUD DATA TIERING Eversync has developed a hybrid model for cloud-based data protection in which all of the elements of data protection are tiered between an on-premise appliance (software
More informationAWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II
AWS Security CJ Moses Deputy Chief Information Security Officer Security is Job Zero! Overview Security Resources Certifications Physical Security Network security Geo-diversity and Fault Tolerance GovCloud
More informationAmazon Web Services: Overview of Security Processes May 2011
Amazon Web Services: Overview of Security Processes May 2011 (Please consult http://aws.amazon.com/security for the latest version of this paper) 1 Amazon Web Services (AWS) delivers a scalable cloud computing
More informationVIEWABILL. Cloud Security and Operational Architecture. featuring RUBY ON RAILS
VIEWABILL Cloud Security and Operational Architecture featuring RUBY ON RAILS VAB_CloudSecurity V1 : May 2014 Overview The Viewabill.com cloud is a highly-secure, scalable and redundant solution that enables
More informationFamly ApS: Overview of Security Processes
Famly ApS: Overview of Security Processes October 2015 Please consult http://famly.co for the latest version of this paper Page 1 of 10 Table of Contents 1. INTRODUCTION TO SECURITY AT FAMLY... 3 2. PHYSICAL
More informationApplication Security Best Practices. Matt Tavis Principal Solutions Architect
Application Security Best Practices Matt Tavis Principal Solutions Architect Application Security Best Practices is a Complex topic! Design scalable and fault tolerant applications See Architecting for
More informationSimple Storage Service (S3)
Simple Storage Service (S3) Amazon S3 is storage for the Internet. It is designed to make web-scale computing easier for developers. Amazon S3 provides a simple web services interface that can be used
More informationAmazon Web Services: Risk and Compliance January 2011
Amazon Web Services: Risk and Compliance January 2011 (Please consult http://aws.amazon.com/security for the latest version of this paper) 1 This document intends to provide information to assist AWS customers
More informationHow To Create A Walkme.Com Walkthrus.Com Website And Help With Your Website Or App On A Pc Or Mac Or Ipad (For Pc) Or Mac (For Mac) Or Ipa (For Ipa) Or Pc
WALKME SOLUTION ARCHITECTURAL WHITE PAPER WHAT IS WALKME FOR SALESFORCE? WalkMe enables Salesforce to build and overlay interactive Walk-Thrus that intuitively guide users to self-task successfully with
More informationNetop Environment Security. Unified security to all Netop products while leveraging the benefits of cloud computing
Netop Environment Security Unified security to all Netop products while leveraging the benefits of cloud computing Contents Introduction... 2 AWS Infrastructure Security... 3 Standards - Compliancy...
More informationAmazon Web Services: Risk and Compliance July 2012
Amazon Web Services: Risk and Compliance July 2012 (Please consult http://aws.amazon.com/security for the latest version of this paper) 1 This document intends to provide information to assist AWS customers
More informationLive Guide System Architecture and Security TECHNICAL ARTICLE
Live Guide System Architecture and Security TECHNICAL ARTICLE Contents 1. Introduction... 2 2. Hosting Environment... 2 2.1. Standards - Compliancy... 3 2.2. Business Continuity Management... 3 2.3. Network
More informationBuilding Energy Security Framework
Building Energy Security Framework Philosophy, Design, and Implementation Building Energy manages multiple subsets of customer data. Customers have strict requirements for regulatory compliance, privacy
More informationCloud S ecurity Security Processes & Practices Jinesh Varia
Cloud Security Processes & Practices Jinesh Varia Overview Certifications Physical Security Backups EC2 Security S3 Security SimpleDB Security SQS Security Best Practices AWS Security White Paper Available
More informationOverview and Deployment Guide. Sophos UTM on AWS
Overview and Deployment Guide Sophos UTM on AWS Overview and Deployment Guide Document date: November 2014 1 Sophos UTM and AWS Contents 1 Amazon Web Services... 4 1.1 AMI (Amazon Machine Image)... 4 1.2
More informationAmazon Web Services: Risk and Compliance January 2013
Amazon Web Services: Risk and Compliance January 2013 (Please consult http://aws.amazon.com/security for the latest version of this paper) Page 1 of 59 This document intends to provide information to assist
More informationCloud Portal Office Security Whitepaper. October 2013
Cloud Portal Office Security Whitepaper October 2013 Table of Contents Introduction... 2 Accessing Cloud Portal Office... 2 Account Authentication and Authorization... 2 Strong Password Policies... 3 Single
More informationUsing ArcGIS for Server in the Amazon Cloud
Federal GIS Conference February 9 10, 2015 Washington, DC Using ArcGIS for Server in the Amazon Cloud Bonnie Stayer, Esri Amy Ramsdell, Blue Raster Session Outline AWS Overview ArcGIS in AWS Cloud Builder
More informationExpand Your Infrastructure with the Elastic Cloud. Mark Ryland Chief Solutions Architect Jenn Steele Product Marketing Manager
Expand Your Infrastructure with the Elastic Cloud Mark Ryland Chief Solutions Architect Jenn Steele Product Marketing Manager Today we re going to talk about The Cloud Scenarios Questions You Probably
More informationOpsview in the Cloud. Monitoring with Amazon Web Services. Opsview Technical Overview
Opsview in the Cloud Monitoring with Amazon Web Services Opsview Technical Overview Page 2 Opsview In The Cloud: Monitoring with Amazon Web Services Contents Opsview in The Cloud... 3 Considerations...
More information19.10.11. Amazon Elastic Beanstalk
19.10.11 Amazon Elastic Beanstalk A Short History of AWS Amazon started as an ECommerce startup Original architecture was restructured to be more scalable and easier to maintain Competitive pressure for
More informationAlfresco Enterprise on AWS: Reference Architecture
Alfresco Enterprise on AWS: Reference Architecture October 2013 (Please consult http://aws.amazon.com/whitepapers/ for the latest version of this paper) Page 1 of 13 Abstract Amazon Web Services (AWS)
More informationAmazon Web Services: Risk and Compliance May 2011
Amazon Web Services: Risk and Compliance May 2011 (Please consult http://aws.amazon.com/security for the latest version of this paper) 1 This document intends to provide information to assist AWS customers
More informationKeyLock Solutions Security and Privacy Protection Practices
KeyLock Solutions Overview KeyLock Solutions hosts its infrastructure at Heroku. Heroku is a cloud application platform used by organizations of all sizes to deploy and operate applications throughout
More informationSecuring Amazon It s a Jungle Out There
ANALYST BRIEF Securing Amazon It s a Jungle Out There PART 1 CONTROLS AND OPTIONS OFFERED BY AMAZON Author Rob Ayoub Overview Infrastructure as a service (IaaS) is a foundational component of modern cloud
More informationSecurity Practices, Architecture and Technologies
Security Practices, Architecture and Technologies CONTACT: 36 S. Wall Street Columbus, OH 43215 1-800-VAB-0300 www.viewabill.com 1 CONTENTS End-to-End Security Processes and Technologies... 3 Secure Architecture...
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationCONTENT OUTLINE. Background... 3 Cloud Security... 3. Instance Isolation:... 4. SecureGRC Application Security... 5
Page 2 Disclaimer THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF THE LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET
More informationDLT Solutions and Amazon Web Services
DLT Solutions and Amazon Web Services For a seamless, cost-effective migration to the cloud PREMIER CONSULTING PARTNER DLT Solutions 2411 Dulles Corner Park, Suite 800 Herndon, VA 20171 Duane Thorpe Phone:
More informationWALKME WHITEPAPER. WalkMe Architecture
WALKME WHITEPAPER WalkMe Architecture Introduction WalkMe - the Enterprise Class Guidance and Engagement Platform - drives users to action as they use software or websites. WalkMe is used by Enterprises
More informationCLOUD COMPUTING WITH AWS An INTRODUCTION. John Hildebrandt Solutions Architect ANZ
CLOUD COMPUTING WITH AWS An INTRODUCTION John Hildebrandt Solutions Architect ANZ AGENDA Todays Agenda Background and Value proposition of AWS Global infrastructure and the Sydney Region AWS services Drupal
More informationDeploying for Success on the Cloud: EBS on Amazon VPC. Phani Kottapalli Pavan Vallabhaneni AST Corporation August 17, 2012
Deploying for Success on the Cloud: EBS on Amazon VPC Phani Kottapalli Pavan Vallabhaneni AST Corporation August 17, 2012 Agenda Amazon AWS Global Infrastructure AWS VirtualPrivateCloud(VPC) Architecture
More informationAmazon EC2 Product Details Page 1 of 5
Amazon EC2 Product Details Page 1 of 5 Amazon EC2 Functionality Amazon EC2 presents a true virtual computing environment, allowing you to use web service interfaces to launch instances with a variety of
More informationEvery Silver Lining Has a Vault in the Cloud
Irvin Hayes Jr. Autodesk, Inc. PL6015-P Don t worry about acquiring hardware and additional personnel in order to manage your Vault software installation. Learn how to spin up a hosted server instance
More informationService Organization Controls 3 Report
Service Organization Controls 3 Report Report on the Amazon Web Services System Relevant to Security For the Period April 1, 2013 March 31, 2014 Ernst & Young LLP Suite 1600 560 Mission Street San Francisco,
More informationAmazon Web Services: Overview of Security Processes March 2013
Amazon Web Services: Overview of Security Processes March 2013 (Please consult http://aws.amazon.com/security/ for the latest version of this paper) Page 1 of 48 Table of Contents Shared Responsibility
More informationDiamondStream Data Security Policy Summary
DiamondStream Data Security Policy Summary Overview This document describes DiamondStream s standard security policy for accessing and interacting with proprietary and third-party client data. This covers
More informationDoD-Compliant Implementations in the AWS Cloud
DoD-Compliant Implementations in the AWS Cloud Reference Architectures Paul Bockelman Andrew McDermott April 2015 Contents Contents 2 Abstract 3 Introduction 3 Getting Started 4 Shared Responsibilities
More informationT2 IaaSand PCI Compliance. Robert Zigweid, IOActive
T2 IaaSand PCI Compliance Robert Zigweid, IOActive Introduction Robert M. Zigweid Principal Compliance Consultant at IOActive, Inc. PCI QSA, PCI PA-QSA QSA for Amazon Web Services 2 Creating a PCI Compliant
More informationCloud Security Overview
UT DALLAS Erik Jonsson School of Engineering & Computer Science Cloud Security Overview Murat Kantarcioglu Outline Current cloud security techniques Amazon Web services Microsoft Azure Cloud Security Challengers
More informationAmazon Web Services: Risk and Compliance July 2015
Amazon Web Services: Risk and Compliance July 2015 (Consult http://aws.amazon.com/compliance/aws-whitepapers/ for the latest version of this paper) Page 1 of 128 This document is intended to provide information
More informationTable of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.
FME Cloud Security Table of Contents FME Cloud Architecture Overview Secure Operations I. Backup II. Data Governance and Privacy III. Destruction of Data IV. Incident Reporting V. Development VI. Customer
More informationTECHNOLOGY WHITE PAPER Jun 2012
TECHNOLOGY WHITE PAPER Jun 2012 Technology Stack C# Windows Server 2008 PHP Amazon Web Services (AWS) Route 53 Elastic Load Balancing (ELB) Elastic Compute Cloud (EC2) Amazon RDS Amazon S3 Elasticache
More informationAmazon Web Services Primer. William Strickland COP 6938 Fall 2012 University of Central Florida
Amazon Web Services Primer William Strickland COP 6938 Fall 2012 University of Central Florida AWS Overview Amazon Web Services (AWS) is a collection of varying remote computing provided by Amazon.com.
More informationTECHNOLOGY WHITE PAPER Jan 2016
TECHNOLOGY WHITE PAPER Jan 2016 Technology Stack C# PHP Amazon Web Services (AWS) Route 53 Elastic Load Balancing (ELB) Elastic Compute Cloud (EC2) Amazon RDS Amazon S3 Elasticache CloudWatch Paypal Overview
More informationBest Practices for Siebel on AWS
Best Practices for Siebel on AWS Contributors The following individuals and organizations contributed to this document Ashok Sundaram, Solutions Architect, Amazon Web Services Milind Waikul, CEO, Enterprise
More informationCloud Models and Platforms
Cloud Models and Platforms Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF A Working Definition of Cloud Computing Cloud computing is a model
More informationSecuring Amazon Web Services (AWS) and Simple Storage Service (Amazon S3) Security David Boland
Securing Amazon Web Services (AWS) and Simple Storage Service (Amazon S3) Security David Boland The Cloud Whether a company is using Facebook for marketing purposes or migrating their entire organization's
More informationDeploying for Success on the Cloud: EBS on Amazon VPC Session ID#11312
Deploying for Success on the Cloud: EBS on Amazon VPC Session ID#11312 Phani Kottapalli AST Corporation Our Services Oracle Partnership Oracle Specialized E-Business Suite Business Intelligence EPM-Hyperion
More informationSecuring the Microsoft Platform on Amazon Web Services
Securing the Microsoft Platform on Amazon Web Services Tom Stickle August 2012 (Please consult http://aws.amazon.com/whitepapers/ for the latest version of this paper) Page 1 of 22 Abstract Deploying Microsoft
More informationSecurity Essentials & Best Practices
Security Essentials & Best Practices Overview Overview of the AWS cloud security concepts such as the AWS security center, Shared Responsibility Model, and Identity and Access Management. 1 AWS Security
More informationHow To Create A Virtual Private Cloud In A Lab On Ec2 (Vpn)
Virtual Private Cloud - Lab Hands-On Lab: AWS Virtual Private Cloud (VPC) 1 Overview In this lab we will create and prepare a Virtual Private Cloud (VPC) so that we can launch multiple EC2 web servers
More informationChapter 11 Cloud Application Development
Chapter 11 Cloud Application Development Contents Motivation. Connecting clients to instances through firewalls. Chapter 10 2 Motivation Some of the questions of interest to application developers: How
More informationRunning Oracle Applications on AWS
Running Oracle Applications on AWS Bharath Terala Sr. Principal Consultant Apps Associates LLC June 09, 2014 Copyright 2014. Apps Associates LLC. 1 Agenda About the Presenter About Apps Associates LLC
More informationSolaris For The Modern Data Center. Taking Advantage of Solaris 11 Features
Solaris For The Modern Data Center Taking Advantage of Solaris 11 Features JANUARY 2013 Contents Introduction... 2 Patching and Maintenance... 2 IPS Packages... 2 Boot Environments... 2 Fast Reboot...
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
SOLUTION BRIEF PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP The benefits of cloud computing are clear and compelling: no upfront investment, low ongoing costs, flexible capacity and fast application
More informationData Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment
White Paper Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment Cisco Connected Analytics for Network Deployment (CAND) is Cisco hosted, subscription-based
More informationUsing ArcGIS for Server in the Amazon Cloud
Using ArcGIS for Server in the Amazon Cloud Randall Williams, Esri Subrat Bora, Esri Esri UC 2014 Technical Workshop Agenda What is ArcGIS for Server on Amazon Web Services Sounds good! How much does it
More informationHow AWS Pricing Works May 2015
How AWS Pricing Works May 2015 (Please consult http://aws.amazon.com/whitepapers/ for the latest version of this paper) Page 1 of 15 Table of Contents Table of Contents... 2 Abstract... 3 Introduction...
More informationDeploy Remote Desktop Gateway on the AWS Cloud
Deploy Remote Desktop Gateway on the AWS Cloud Mike Pfeiffer April 2014 Last updated: May 2015 (revisions) Table of Contents Abstract... 3 Before You Get Started... 3 Three Ways to Use this Guide... 4
More informationPrimex Wireless OneVue Architecture Statement
Primex Wireless OneVue Architecture Statement Secure, cloud-based workflow, alert, and notification platform built on top of Amazon Web Services (AWS) 2015 Primex Wireless, Inc. The Primex logo is a registered
More informationHow To Create A Virtual Private Cloud On Amazon.Com
Amazon Web Services Hands-On Virtual Private Computing 1 Overview Amazon s Virtual Private Cloud (VPC) allows you to launch AWS resources in a virtual network that you define. You can define an environment
More informationQuestion Name C 1.1 Do all users and administrators have a unique ID and password? Yes
Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more
More informationSecurity Overview Enterprise-Class Secure Mobile File Sharing
Security Overview Enterprise-Class Secure Mobile File Sharing Accellion, Inc. 1 Overview 3 End to End Security 4 File Sharing Security Features 5 Storage 7 Encryption 8 Audit Trail 9 Accellion Public Cloud
More informationRunning Oracle on the Amazon Cloud
Running Oracle on the Amazon Cloud Bryan Stroble RMOUG Training Days February 7, 2014 Oracle Experts, Easy to Work With Oracle experts Oracle Database Technology Consulting Oracle E-Business Suite Applications
More informationHow AWS Pricing Works
How AWS Pricing Works (Please consult http://aws.amazon.com/whitepapers/ for the latest version of this paper) Page 1 of 15 Table of Contents Table of Contents... 2 Abstract... 3 Introduction... 3 Fundamental
More informationDeploying Virtual Cyberoam Appliance in the Amazon Cloud Version 10
Deploying Virtual Cyberoam Appliance in the Amazon Cloud Version 10 Document version 1.0 10.6.2.378-13/03/2015 Important Notice Cyberoam Technologies Pvt. Ltd. has supplied this Information believing it
More informationWeb Application Deployment in the Cloud Using Amazon Web Services From Infancy to Maturity
P3 InfoTech Solutions Pvt. Ltd http://www.p3infotech.in July 2013 Created by P3 InfoTech Solutions Pvt. Ltd., http://p3infotech.in 1 Web Application Deployment in the Cloud Using Amazon Web Services From
More informationEnsuring Enterprise Data Security with Secure Mobile File Sharing.
A c c e l l i o n S e c u r i t y O v e r v i e w Ensuring Enterprise Data Security with Secure Mobile File Sharing. Accellion, Inc. Tel +1 650 485-4300 1804 Embarcadero Road Fax +1 650 485-4308 Suite
More informationLearning Management Redefined. Acadox Infrastructure & Architecture
Learning Management Redefined Acadox Infrastructure & Architecture w w w. a c a d o x. c o m Outline Overview Application Servers Databases Storage Network Content Delivery Network (CDN) & Caching Queuing
More informationCloud models and compliance requirements which is right for you?
Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,
More informationActive Directory Domain Services on the AWS Cloud: Quick Start Reference Deployment Mike Pfeiffer
Active Directory Domain Services on the AWS Cloud: Quick Start Reference Deployment Mike Pfeiffer March 2014 Last updated: September 2015 (revisions) Table of Contents Abstract... 3 What We ll Cover...
More informationSecurity Whitepaper. NetTec NSI Philosophy. Best Practices
Security Whitepaper NetTec NSI provides a leading SaaS-based managed services platform that to efficiently backup, monitor, and troubleshoot desktops, servers and other endpoints for businesses. Our comprehensive
More informationAmazon Web Services: Overview of Security Processes June 2014
Amazon Web Services: Overview of Security Processes June 2014 (Please consult http://aws.amazon.com/security/ for the latest version of this paper) Page 1 of 68 Table of Contents Shared Responsibility
More informationServers. Servers. NAT Public Subnet: 172.30.128.0/20. Internet Gateway. VPC Gateway VPC: 172.30.0.0/16
.0 Why Use the Cloud? REFERENCE MODEL Cloud Development April 0 Traditionally, deployments require applications to be bound to a particular infrastructure. This results in low utilization, diminished efficiency,
More informationAmazon Compute - EC2 and Related Services
Amazon Compute - EC2 and Related Services G-Cloud Service 1 1.An overview of the G-Cloud Service Arcus Global are approved to sell to the UK Public Sector as official Amazon Web Services resellers. Amazon
More informationPATCH MANAGER what does it do?
PATCH MANAGER what does it do? PATCH MANAGER SAAS maps all your physical assets and physical infrastructure such as network and power cabling, racks, servers, switches, UPS and generators. It provides
More informationHow To Use Aws.Com
Crypto-Options on AWS Bertram Dorn Specialized Solutions Architect Security/Compliance Network/Databases Amazon Web Services Germany GmbH Amazon.com, Inc. and its affiliates. All rights reserved. Agenda
More informationSonicWALL PCI 1.1 Implementation Guide
Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard
More informationArcGIS 10.3 Server on Amazon Web Services
ArcGIS 10.3 Server on Amazon Web Services Copyright 1995-2015 Esri. All rights reserved. Table of Contents Introduction What is ArcGIS Server on Amazon Web Services?............................... 5 Quick
More informationSecurity Gateway R75. for Amazon VPC. Getting Started Guide
Security Gateway R75 for Amazon VPC Getting Started Guide 7 November 2011 2011 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright
More informationAmazon Cloud Storage Options
Amazon Cloud Storage Options Table of Contents 1. Overview of AWS Storage Options 02 2. Why you should use the AWS Storage 02 3. How to get Data into the AWS.03 4. Types of AWS Storage Options.03 5. Object
More informationFortiGate-AWS Deployment Guide
FortiGate-AWS Deployment Guide FortiGate-AWS Deployment Guide September 25, 2014 01-500-252024-20140925 Copyright 2014 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard,
More informationStorReduce Technical White Paper Cloud-based Data Deduplication
StorReduce Technical White Paper Cloud-based Data Deduplication See also at storreduce.com/docs StorReduce Quick Start Guide StorReduce FAQ StorReduce Solution Brief, and StorReduce Blog at storreduce.com/blog
More informationLevel Agreements, and loss of availability due to security breach: Amazon EC2 and S3, Microsoft Windows Azure Compute and Storage.
Concordia University College of Alberta Master of Information Systems Security Management (MISSM) Program 7128 Ada Boulevard, Edmonton, AB Canada T5B 4E4 A comparative case study on Cloud Service Providers,
More informationPega as a Service. Kim Singletary, Dir. Product Marketing Cloud Matt Yanchyshyn, Sr. Mgr., AWS Solutions Architect
1 Pega as a Service Kim Singletary, Dir. Product Marketing Cloud Matt Yanchyshyn, Sr. Mgr., AWS Solutions Architect This information is not a commitment, promise or legal obligation to deliver any material,
More informationVirtual Data Centre. User Guide
Virtual Data Centre User Guide 2 P age Table of Contents Getting Started with vcloud Director... 8 1. Understanding vcloud Director... 8 2. Log In to the Web Console... 9 3. Using vcloud Director... 10
More informationFirewalls. Chapter 3
Firewalls Chapter 3 1 Border Firewall Passed Packet (Ingress) Passed Packet (Egress) Attack Packet Hardened Client PC Internet (Not Trusted) Hardened Server Dropped Packet (Ingress) Log File Internet Border
More informationMirantis OpenStack Express: Security White Paper
Mirantis OpenStack Express: Security White Paper Version 1.0 2005 2014 All Rights Reserved www.mirantis.com 1 Introduction While the vast majority IT professionals are now familiar with the cost-saving
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationNetworking Configurations for NetApp Cloud ONTAP TM for AWS
Technical Report Networking Configurations for NetApp Cloud ONTAP TM for AWS Kris Lippe, NetApp November 2014 TR-4352 TABLE OF CONTENTS 1 Introduction...3 1.1 Glossary of Terms:...3 1.2 Overview...4 1.3
More informationWhite Paper. BD Assurity Linc Software Security. Overview
Contents 1 Overview 2 System Architecture 3 Network Settings 4 Security Configurations 5 Data Privacy and Security Measures 6 Security Recommendations Overview This white paper provides information about
More information