NGAP: Compliance as a Service in the Public Cloud

Slides:

Advertisements

Similar presentations

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Advertisements

Ivan Pleština Amazon Simple Storage Service (S3) Amazon Elastic Block Storage (EBS) Amazon Elastic Compute Cloud (EC2)

B. Ramamurthy 4/17/ Overview of EC2 Components (fig. 2.1) 10..* /17/20152.

Take your CMS to the cloud to lighten the load Brett Pollak Campus Web Office UC San Diego.

Infrastructure as a Service (IaaS) Amazon EC2

An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.

Matt Bertrand Building GIS Apps in the Cloud. Infrastructure - Provides computer infrastructure, typically a platform virtualization environment, as a.

Next Generation Application Platform (NGAP) Andrew Mitchell WGISS-39 Tsukuba, Japan Monday, May 11,

Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.

A Brief Overview by Aditya Dutt March 18 th ’ Aditya Inc.

Cloud Computing for the Enterprise November 18th, This work is licensed under a Creative Commons.

Let's build a media sharing website # 1 Hosting.

Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over the Internet. Cloud is the metaphor for.

Lecture 8 – Platform as a Service. Introduction We have discussed the SPI model of Cloud Computing – IaaS – PaaS – SaaS.

Cloud Computing. What is Cloud Computing? Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable.

Cloud Computing & Amazon Web Services – EC2 Arpita Patel Software Engineer.

Presented by: Sanketh Beerabbi University of Central Florida COP Cloud Computing.

How AWS Pricing Works Jinesh Varia Technology Evangelist.

Cloud Computing is a Nebulous Subject Or how I learned to love VDF on Amazon.

Cloud services Amazon Web Service (AWS) Intro and usage.

Launch Amazon Instance. Amazon EC2 Amazon Elastic Compute Cloud (Amazon EC2) provides resizable computing capacity in the Amazon Web Services (AWS) cloud.

Alfresco Enterprise on Azure Shah Rahman Founder and CEO, CloudlyIO.

KAASHIV INFOTECH – A SOFTWARE CUM RESEARCH COMPANY IN ELECTRONICS, ELECTRICAL, CIVIL AND MECHANICAL AREAS

Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.

Alfresco on Azure Shah Rahman Founder and CEO, CloudlyIO.

© 2015 MetricStream, Inc. All Rights Reserved. AWS server provisioning © 2015 MetricStream, Inc. All Rights Reserved. By, Srikanth K & Rohit.

Amazon Web Services. Amazon Web Services (AWS) - robust, scalable and affordable infrastructure for cloud computing. This session is about:

INTRODUCTION TO AMAZON WEB SERVICES (EC2). AMAZON WEB SERVICES  Services  Storage (Glacier, S3)  Compute (Elastic Compute Cloud, EC2)  Databases (Redshift,

SEMINAR ON.  OVERVIEW -  What is Cloud Computing???  Amazon Elastic Cloud Computing (Amazon EC2)  Amazon EC2 Core Concept  How to use Amazon EC2.

Structured Container Delivery Oscar Renalias Accenture Container Lead (NOTE: PASTE IN PORTRAIT AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP)

Deploying Docker Datacenter on AWS © 2016, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Project Cumulus Overview March 15, End Goal Unified Public & Private PaaS for GlassFish/Java EE Simplify deployment of Java EE Apps on top of.

SESIP-0716-BM NGAP: A (Brief) Update PaaS, IaaS, Onboarding, and the Future Brett McLaughlin & Andrew Pawloski NASA EED2/ESDIS Summer ESIP, 2016 This work.

Architecting Enterprise Workloads on AWS Mike Pfeiffer.

Prof. Jong-Moon Chung’s Lecture Notes at Yonsei University

Microsoft Azure Virtual Machines

Avenues International Inc.

THE BATTLE OF CLOUDS Openstack vs. Amazon

100% Exam Passing Guarantee & Money Back Assurance

Amazon AWS Solution Architect Associate Exam Questions PDF associate.html AWS Solution Training Exam.

Architectural Overview Of Cloud Computing

Deploy, Manage, and Scale Your Apps with OpsWorks, Elastic Beanstalk, and CodeDeploy Part 1 – Elastic Beanstalk © 2017 Amazon Web Services, Inc. and.

New Heights by Guiding Them into the Cloud

Cloud Data platform (Cloud Application Development & Deployment)

Platform as a Service.

Cherwell Service Management is an IT Service Management Solution that Makes it Easier for Users to Capitalize on Power of Microsoft Azure MICROSOFT AZURE.

Logo here Module 3 Microsoft Azure Web App. Logo here Module Overview Introduction to App Service Overview of Web Apps Hosting Web Applications in Azure.

Welcome to AWS Certification Exam

Chapter 21: Cloud Computing and Related Security Issues

Chapter 22: Cloud Computing Technology and Security

Acutelearn Amazon Web Services Training Classroom Training Instructor led trainings at Acutelearn premises Corporate Training Custom tailored trainings.

AWS. Introduction AWS launched in 2006 from the internal infrastructure that Amazon.com built to handle its online retail operations. AWS was one of the.

Web Based Application Cloud services, in the form of centralized web-based applications, also appeal to the IT professional. One instance of an application.

Amazon AWS Solution Architect Associate Exam Dumps For Full Exam Info Visit This Link:

AWS DevOps Engineer - Professional dumps.html Exam Code Exam Name.

Amazon AWS Solution Architect Associate Exam Questions PDF associate-dumps.html AWS Solution Training.

2018 Amazon AWS DevOps Engineer Professional Dumps - DumpsProfessor

Buy September 2018 Valid Amazon AWS-SysOps Dumps Questions - Amazon AWS-SysOps Braindumps Realexamdumps.com

Managing Clouds with VMM

Yellowfin: An Azure-Compatible Business Intelligence Platform That Connects People with Their Data for Better Decision Making MICROSOFT AZURE APP BUILDER.

Scalable SoftNAS Cloud Protects Customers’ Mission-Critical Data in the Cloud with a Highly Available, Flexible Solution for Microsoft Azure MICROSOFT.

Logsign All-In-One Security Information and Event Management (SIEM) Solution Built on Azure Improves Security & Business Continuity MICROSOFT AZURE APP.

Brandon Hixon Jonathan Moore

AWS Cloud Computing Masaki.

Last.Backend is a Continuous Delivery Platform for Developers and Dev Teams, Allowing Them to Manage and Deploy Applications Easier and Faster MICROSOFT.

Deploying Your First Full Stack Application to the Cloud

Cloud Computing: Concepts

Cloud Security AWS as an example.

Cloud Security AWS as an example.

System Center Configuration Manager Cloud Services – Cloud Distribution Point Presented By: Ginu Tausif.

Presentation transcript:

NGAP: Compliance as a Service in the Public Cloud Andrew Pawloski – andrew@element84.com Brett McLaughlin – brett@element84.com Dan Pilone – dan@element84.com Marc Huffnagle – marc@element84.com Peter Plofchan – peter.g.plofchan@raytheon.com

Traditional Application Hosting Data centers are never actually this sexy

Traditional Application Hosting Estimate magnitude Order/install hardware Manage on premises until hardware EOL

The cloud is a bit different.. This is the view of your data center when you’re in the cloud (That’s a poorly executed slide. You’re looking at an “ec2 describe” command listing our infrastructure)

The cloud is a bit different.. Unlimited* virtual machines Hosts are created/disposed frequently IP addresses change Instance storage clears Shared trust model Hardware Managed software services *Not really, but enough capacity for us to think of it this way

With natural “wins” of its own Iteration is faster Resources procured via API calls Pay for what you use Leverage provider’s economy of scales Scaling is easy, automatable Vertical/horizontal High availability is trivial Managed load balancer services How do we leverage these wins in a way that meets the security and compliance standards

NGAP pitch statements & Goals

*NGAP=Next Generation Application Platform NGAP in 10 seconds NGAP* is a cloud platform for Earthdata applications. It offers scalable, highly-available deployments in a NASA-sanctioned, control-compliant environment. *NGAP=Next Generation Application Platform A NASA-sanctioned, controls-compliant

NGAP in 60 seconds NGAP’s intent is to handle much of the undifferentiated heavy lifting that application teams must go through to get up and running with an application or experiment. By maintaining a common underlying platform and leveraging certain advantages of the cloud, it allows developers and application owners to rapidly deploy their projects in a NASA-compliant environment.

$ ngap-deploy hello-world hello-world.tar NGAP in one second $ ngap-deploy hello-world hello-world.tar TO https://hello-world.earthdata.nasa.gov NASA.GOV domain name – secure, sanctioned NASA environment

1,000 Foot Overview NGAP Base AMI ECC (Secure) - ESDIS “blessed” component ECC (Code testing, tracking, deployment) NGAP Builder (Creates “slug” from ECC-hosted codebases) App Source Code NGAP-compliant AMI (Application) NGAP-compliant AMI (Application) NGAP-compliant AMI (Application) NGAP Services (Monitoring, Logging, Security, Autoscaling, Billing, etc.) Usable cloud “platform” OCIO GP-MCE* (AWS Reseller) *General Purpose Managed Compute Environment

NGAP Architecture

NGAP Applications 12-Factor (http://12factor.net/) Externalized state, configuration Interacts with services via port binding No distinction between local/remote services Disposable Fast startup / graceful shut down Logging via STDOUT and STDERR Let process manager handle log stream

Twelve-Factor App methodology https://12factor.net

NGAP Components API Nodes Routers App Nodes Serve NGAP platform requests Deploys applications Maintains system state Routers Directs traffic from ELB to application nodes Enable wildcard DNS for NGAP platform App Nodes Platform requests – deploying applications, reporting statuses, changing environment variables

App Hosting Architecture *.ngap.earthdata.nasa.gov Balances between routers. High-availability entry point Elastic Load Balancer Availability Zone Availability Zone Nginx Routes to all hosts Router Router Host Host Host Host Hardened RedHat AMI App 1 App 1 App 2 App 1 App 2 Amazon RDS NGAP Hosted Apps

NGAP Platform platform.ngap.earthdata.nasa.gov Elastic Load Balancer Self-Service Console Availability Zone Availability Zone Log Aggregation Router Router Monitoring Host Host Host Host App 1 App 1 App 2 App 1 App 2 Backups NGAP Platform Amazon RDS NGAP Hosted Apps

NGAP App Deployment

1. Build Slug Language Buildpacks Git repo Artifact Metadata Bamboo platform.ngap.earthdata.nasa.gov *.ngap.earthdata.nasa.gov Elastic Load Balancer Language Buildpacks Git repo Slug Builder Availability Zone Availability Zone Router Router Artifact Metadata Application Slugs Application Settings NGAP Platform Amazon RDS NGAP Hosted Apps

2. Start Instance(s) Git repo Artifact Metadata Bamboo platform.ngap.earthdata.nasa.gov *.ngap.earthdata.nasa.gov Elastic Load Balancer Git repo Slug Builder Availability Zone Availability Zone Router Router Artifact Metadata Host Host Application Slugs Application Settings NGAP Platform Amazon RDS NGAP Hosted Apps

3. Fetch slug from S3 Git repo Artifact Bamboo platform.ngap.earthdata.nasa.gov *.ngap.earthdata.nasa.gov Elastic Load Balancer Git repo Slug Builder Availability Zone Availability Zone Router Router Artifact Host Host Application Slugs NGAP Platform Amazon RDS NGAP Hosted Apps

4. Start slug Git repo Artifact Metadata Bamboo platform.ngap.earthdata.nasa.gov *.ngap.earthdata.nasa.gov Elastic Load Balancer Git repo Slug Builder Availability Zone Availability Zone Router Router Artifact Metadata Host Host App 1 App 1 Application Slugs Application Settings NGAP Platform Amazon RDS NGAP Hosted Apps

5. Update routers Git repo Artifact Metadata Bamboo platform.ngap.earthdata.nasa.gov *.ngap.earthdata.nasa.gov Elastic Load Balancer Git repo Slug Builder Availability Zone Availability Zone Router Router Artifact Metadata Host Host App 1 App 1 Application Slugs Application Settings NGAP Platform Amazon RDS NGAP Hosted Apps

NGAP Services

NGAP Services System maintenance Logging Monitoring Hardened images, Updates Logging Platform Elasticsearch/Logstash/Kibana Offsite Splunk forwarding Monitoring Nagios CloudWatch

NGAP Services (cont’d) SSL/TLS Highly Available Deployments Application Maintenance Mode Ingress/Egress Firewall Database infrastructure* ACLs, encryption Backups/Disaster Recovery * DBI is really RDS. We provide instances using a compliant configuration (access control, encryption, etc)

1,000 Foot Overview NGAP Base AMI ECC (Secure) - ESDIS “blessed” component ECC (Code testing, tracking, deployment) NGAP Builder (Creates “slug” from ECC-hosted codebases) App Source Code NGAP-compliant AMI (Application) NGAP-compliant AMI (Application) NGAP-compliant AMI (Application) NGAP Services (Monitoring, Logging, Security, Autoscaling, Billing, etc.) Usable cloud “platform” OCIO GP-MCE* (AWS Reseller) *General Purpose Managed Compute Environment

NGAP: Compliance as a Service in the Public Cloud Andrew Pawloski – andrew@element84.com Brett McLaughlin – brett@element84.com Dan Pilone – dan@element84.com Marc Huffnagle – marc@element84.com Peter Plofchan – peter.g.plofchan@raytheon.com

This material is based upon work supported by the National Aeronautics and Space Administration under Contract Number NNG15HZ39C.