AppSec USA 2014 Denver, Colorado Auto Scaling Web Application Security in the Cloud Misha Govshteyn Alert Logic.

Slides:



Advertisements
Similar presentations
Running Your Startup on Amazon Web Services Alex Iskold Founder/CEO AdaptiveBlue Feature Writer ReadWriteWeb.
Advertisements

2013 Trend Micro 25th Anniversary 2014/6/11 Amazon Web Service AWS Technical Professional.
Leverage Amazon Web Services to build Elastic IT-Infrastructure Architectures…
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
The Platform as a Service Model for Networking Eric Keller, Jennifer Rexford Princeton University INM/WREN 2010.
Ivan Pleština Amazon Simple Storage Service (S3) Amazon Elastic Block Storage (EBS) Amazon Elastic Compute Cloud (EC2)
B. Ramamurthy 4/17/ Overview of EC2 Components (fig. 2.1) 10..* /17/20152.
University of Notre Dame
© 2010 VMware Inc. All rights reserved Amazon Web Services.
Clouds are like cotton candy, and irons … make shirts flat? Barney Boisvert
Futures – Alpha Cloud Deployment and Application Management.
Using ArcGIS for Server in the Amazon Cloud
1 NETE4631 Cloud deployment models and migration Lecture Notes #4.
Infrastructure as a Service (IaaS) Amazon EC2
Amazon EC2 Quick Start adapted from EC2_GetStarted.html.
Introduction to Amazon Web Services (AWS)
What’s New with AWS Jeff Barr- Chief
A Brief Overview by Aditya Dutt March 18 th ’ Aditya Inc.
Experiences with AWS and RightScale By: Max Gribov Presented at New York PHP, March 22, 2011
Cloud Computing for the Enterprise November 18th, This work is licensed under a Creative Commons.
Cloud Computing. What is Cloud Computing? Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable.
SCALING ON AWS – FROM MVP TO 100 MILLION USERS by: Muhammad Umair Cloudifie: Cloud for
1 NETE4631 Amazon Cloud Offerings Lecture Notes #6.
Cloud Computing & Amazon Web Services – EC2 Arpita Patel Software Engineer.
AWS Simple Icons v15.9 AWS Simple Icons: Usage Guidelines Check to make sure you have the most recent set of AWS Simple Icons This version was last updated.
Cloud Computing – UK IUA 2010 Ray Fan & Jay Hankinson.
How AWS Pricing Works Jinesh Varia Technology Evangelist.
CLOUD WITH AMAZON. Amazon Web Services AWS is a collection of remote computing services Elastic Compute Cloud (EC2) provides scalable virtual private.
Licensed under Creative Commons Attribution-Share Alike 3.0 Unported License Cloud Hosting Practices Lessons DuraSpace has learned Bill Branan Open Repositories.
CMI Cloud Solutions Overview. 2 Experts in Cloud Architecture Architect and deploy complex AWS and SoftLayer environments (EC2, EBS, ELB, RDS, Route 53,
Cloud Computing is a Nebulous Subject Or how I learned to love VDF on Amazon.
Cloud services Amazon Web Service (AWS) Intro and usage.
Web Technologies Lecture 13 Introduction to cloud computing.
Launch Amazon Instance. Amazon EC2 Amazon Elastic Compute Cloud (Amazon EC2) provides resizable computing capacity in the Amazon Web Services (AWS) cloud.
Alfresco on AWS Provisioning and deploying Alfresco solutions on Amazon Web Services.
100% Exam Passing Guarantee & Money Back Assurance
#SummitNow Alfresco Deployments on AWS Cost-Effective, Scalable & Secure Michael Waldrop Director, Solutions Engineering .
Alfresco on Azure Shah Rahman Founder and CEO, CloudlyIO.
© 2015 MetricStream, Inc. All Rights Reserved. AWS server provisioning © 2015 MetricStream, Inc. All Rights Reserved. By, Srikanth K & Rohit.
100% Exam Passing Guarantee & Money Back Assurance
INTRODUCTION TO AMAZON WEB SERVICES (EC2). AMAZON WEB SERVICES  Services  Storage (Glacier, S3)  Compute (Elastic Compute Cloud, EC2)  Databases (Redshift,
St. Petersburg, 2016 Openstack Disk Storage vs Amazon Disk Storage Computing Clusters, Grids and Cloud Erasmus Mundus Master Program in PERCCOM Author:
AMAZON SIMPLE CLOUD DEPLOYMENT Matt Quill Charlie Cano.
S3 Lifecycle Policies to Glacier
Fault – Tolerant Distributed Multimedia Streaming Web Application By Nirvan Sagar – Srishti Ganjoo – Syed Shahbaaz Safir
Deploying Docker Datacenter on AWS © 2016, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Architecting Enterprise Workloads on AWS Mike Pfeiffer.
Security Group Amazon RDS Mysql Media Request S3
100% Exam Passing Guarantee & Money Back Assurance
Blue Mixology.
Continuous Deployment tool
Welcome to AWS Certification Exam
AWS COURSE DEMO BY PROFESSIONAL-GURU. Amazon History Ladder & Offering.
Acutelearn Amazon Web Services Training Classroom Training Instructor led trainings at Acutelearn premises Corporate Training Custom tailored trainings.
Compliance and Control of AWS Resources at Scale with Cloud Custodian
Amazon AWS Solution Architect Associate Exam Dumps For Full Exam Info Visit This Link:
Where can I download Aws Devops Engineer Professional Exam Study Material - Get Updated Aws Devops Engineer Professional Braindumps Dumps4downlaod.us
2018 Amazon AWS DevOps Engineer Professional Dumps - DumpsProfessor
Get Amazon AWS-DevOps-Engineer-Professional Exam Real Questions - Amazon AWS-DevOps-Engineer-Professional Dumps Realexamdumps.com
Buy September 2018 Valid Amazon AWS-SysOps Dumps Questions - Amazon AWS-SysOps Braindumps Realexamdumps.com
Get Amazon AWS-SysOps Exam Free Study material | Dumps4download.us
Get Amazon AWS-Solution-Architect-Associate Exam Free Study material | Dumps4download.us
AWS Administrator overview  SV Trainings AWS Training –provides real time and placement oriented Amazon Web Services (AWS) Online Training. Our AWS Course.
Automating Security in the Cloud
AWS Cloud Computing Masaki.
Docker in AWS ECS.
Amazon AWS Certified Solutions Architect Professional solutions-architect-professional-practice-test.html.
Setting up PostgreSQL for Production in AWS
Amazon Web Services (AWS)
Presentation transcript:

AppSec USA 2014 Denver, Colorado Auto Scaling Web Application Security in the Cloud Misha Govshteyn Alert Logic

Misha Govshteyn Founder & Chief Strategy Officer Introduction

Topics We’ll Cover High-scale web app architecture components Auto scaling principles Common tools and approaches Implications on security infrastructure Architecting security infrastructure for auto scaling Q&A – What about PaaS?

Majority of applications in cloud environments are now using high-scale architecture Most operational functions are automated – Deployments are bootstrapped from Chef, Puppet, CloudFormation, Ansible – Scaling is driven programmatically Security is largely left behind Cloud Architecture is Evolving

Security vs DevOps role based organizationsrole based infrastructure management UIsAPIs command line promptsorchestration templates deployment docs & run books recipes & containers appliances & softwareservices change management windowscontinuous deployment scale upscale out deployment projectsauto-scaling

Amazon ELB with Auto Scaling groups Health monitoring – CloudWatch Bootstrapping/configuration automation – AWS CloudFormation – Chef/Puppet/Cfengine Basic Auto Scaling Tools Orchestrator on Google App Engine Auto Scale on Rackspace Cloud

Manage unhealthy EC2 compute instances Ensure minimum number instances are always running Launched new instances in event of failure or performance degradation (assume seconds in most conditions) Seamlessly attach auto scaled compute instances to load balancer (ELB) Basic Auto Scaling Capabilities

AWS ELB provides load balancing service with thousands of EC2 servers behind them AWS ELB will automatically Scale up /down the load balancing servers in backend The theoretical maximum response rate of AWS ELB is limitless It can handle 20,000+ concurrent requests easily Elastic Load Balancer

Configuring Auto Scaling in AWS Launch Configuration Parameters for launching instances Auto Scaling Groups Post-launch parameters Auto Scaling Policy Scaling triggers Scaling EventAct of scaling itself

Configuring Auto Scaling in AWS Launch Configuration Set of parameters used to launch EC2 instances – AMI, instance size, security groups Auto Scaling Groups Defines the post-launch parameters Auto Scaling Policy Rules for scaling or terminating autoscaled instances Scaling EventAct of scaling itself AMI ID Instance size Block devices Key pairs Security groups

Configuring Auto Scaling in AWS Launch Configuration Set of parameters used to launch EC2 instances – AMI, instance size, security groups Auto Scaling Groups Defines the post-launch parameters - AZ, ELB, min & max servers to run Auto Scaling Policy Rules for scaling or terminating autoscaled instances Scaling Event Act of scaling itself Minimum & maximum number of EC instances to run Cooldown parameters AZ & VPC ids where these instances will run

Configuring Auto Scaling in AWS Launch Configuration Set of parameters used to launch EC2 instances – AMI, instance size, security groups Auto Scaling Groups Defines the post-launch parameters Auto Scaling Policy Rules for scaling or terminating autoscaled instances Scaling EventAct of scaling itself Initiate scaling activity Use CloudWatch metrics as triggers – EC2: CPU, dish, memory, network – ELB: healthy instances, HTTP code, latency, request count – RDS: CPU, database connections, memory, latency

Configuring Auto Scaling in AWS Launch Configuration Set of parameters used to launch EC2 instances – AMI, instance size, security groups Auto Scaling Groups Defines the post-launch parameters Auto Scaling Policy Rules for scaling or terminating autoscaled instances Scaling EventAct of scaling itself Act of scaling up/down Notification of scaling activity

as-create-auto-scaling-group my-appsec-asg --launch-configuration my-test-config --availability-zones us-east-1b --min-size 1 --max-size 40 --default-cooldown desired- capacity 1 --load-balancers my-waf-elb1 Creating an Auto Scaling Group group name launch config min/max instances temporarily suspends time between scaling activities while new instances warm up

Create Auto Scaling Policy Use AWS CloudFormation templates to set defaults Allow admins to tune for specific requirements

Auto Scaling In Action

1.DESIGN FOR FAILURE 2.MULTIPLE AVAILABILITY ZONES 3.SCALING 4.SELF-HEALING 5.LOOSE COUPLING Designing for Scale

Architecture Principles Designed for failure – Horizontally scaled – Fast bootstrap – Health/load conditions as scaling triggers Loosely coupled – Independent components – As stateless as possible – Minimal interactions web tier is easiest to scale if you make right design decisions if you make right design decisions …security infrastructure is another matter …security infrastructure is another matter

Simple auto-scaling stack – 2 layers of Elastic Load Balancers (ELB) – WAF Proxies – Web server tier Problems – Extremely slow bootstrap – Tightly coupled Auto Scaling Web App Firewalls? ELB WAF ELB HTTP

Make your security application stack stateless – Every component is a black box – Decouple interactions between management and data processing planes – Use cloud infrastructure to make interactions asynchronous Abstracting Application Security Components ELB WAF ELB HTTP WAF Master ELB S3/EBS

ASG Group 1 - Master Controller Min-size 1 Max-size 1 ELB health checks to ensure an instance is up Will recreate itself from configuration data in S3 ASG Group 2 - Processing Workers Min-size 2 Max-size (depends) Use Auto Scaling policy to scale on-demand 1.Separate Processing & Control Planes

Store instance configuration data in S3 – Master instance stores data in Amazon S3 – Worker instances retrieve configuration as they spin up – Simple way to make resource instantiation asynchronous 2. Reduce and Abstract Interactions

3. Store Persistent Data on EBS Amazon EBS Log Volume Store all log and statistics data for master instance Persist data in case of master instance termination If master has to be restarted, persisted data remains intact – nothing stops working – nothing stops working

Web Traffic Flow Browser clients connect to worker Amazon ELB Traffic is load balanced to WAF workers WAF workers proxy traffic Amazon ELB that scales web server instances

Complete Stack – Prior to Automation Amazon Web Services Amazon ELB Master Group Amazon ELB Worker Group Amazon S3 Buckets NAT Instances WAF Master Instance Amazon EBS Log Volumes WAF Worker Instances

Using CloudFormation Templates 1 2 3

Command Line Example $ cfn-create-stack test-backend --template-file wsm-test-backend-only.cloudformation.template --parameters "sshKeyName=wsm-dev" arn:aws:cloudformation:us-east-1: :stack/test-backend/26028db e3-895a a66ca8 Use cfn-create-stack to start creation.cfn-create-stack $ watch cfn-describe-stack-events test-backend Every 2.0s: cfn-describe-stack-events test-backend Mon Aug 12 08:23: STACK_EVENT test-backend test-backend AWS::CloudFormation::Stack T13:24:20.321Z CREATE_COMPLETE STACK_EVENT test-backend eipNAT2 AWS::EC2::EIP T13:24:17.802Z CREATE_COMPLETE STACK_EVENT test-backend eipNAT1 AWS::EC2::EIP T13:24:17.769Z CREATE_COMPLETE STACK_EVENT test-backend routeNAT2 AWS::EC2::Route T13:24:01.615Z CREATE_COMPLETE STACK_EVENT test-backend routeNAT1 AWS::EC2::Route T13:24:01.144Z CREATE_COMPLETE You can use cfn-describe-stack-events along with watch to view the stack creation.cfn-describe-stack-events Once complete, cfn-describe-stacks will return the cloud formation stack outputs.cfn-describe-stacks $ cfn-describe-stacks test-backend STACK test-backend CREATE_COMPLETE Cloud Formation for Auto Scaling Alert Logic Web Security Manager vpc=vpc-591b9337;elbBackend=test-back- elbBacke-17N275T20CGQ us-east-1.elb.amazonaws.com;routeTableNAT1=rtb-e71b9389;routeTableNAT2=rtb- e61b9388;paramsForWSM=vpc=vpc-591b9337;elbBackend=test-back-elbBacke-17N275T20CGQ us-east- 1.elb.amazonaws.com;routeTableNAT1=rtb-e71b9389;routeTableNAT2=rtb-e71b9389;subnetPublic1=subnet-fd1b9393;subnetPublic2=subnet-e21b938c T13:21:51.116Z

Base WAF Stack Ready

10gbps Environment Test

Questions? Thank you

What happens when applications look like this?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.