Presentation is loading. Please wait.

Presentation is loading. Please wait.

NGAP: Compliance as a Service in the Public Cloud

Published byReynold Davidson Modified over 6 years ago

Similar presentations

Presentation on theme: "NGAP: Compliance as a Service in the Public Cloud"— Presentation transcript:

1 NGAP: Compliance as a Service in the Public Cloud
Andrew Pawloski – Brett McLaughlin – Dan Pilone – Marc Huffnagle – Peter Plofchan –

2 Traditional Application Hosting
Data centers are never actually this sexy

3 Traditional Application Hosting
Estimate magnitude Order/install hardware Manage on premises until hardware EOL

4 The cloud is a bit different..
This is the view of your data center when you’re in the cloud (That’s a poorly executed slide. You’re looking at an “ec2 describe” command listing our infrastructure)

5 The cloud is a bit different..
Unlimited* virtual machines Hosts are created/disposed frequently IP addresses change Instance storage clears Shared trust model Hardware Managed software services *Not really, but enough capacity for us to think of it this way

6 With natural “wins” of its own
Iteration is faster Resources procured via API calls Pay for what you use Leverage provider’s economy of scales Scaling is easy, automatable Vertical/horizontal High availability is trivial Managed load balancer services How do we leverage these wins in a way that meets the security and compliance standards

7 NGAP pitch statements & Goals

8 *NGAP=Next Generation Application Platform
NGAP in 10 seconds NGAP* is a cloud platform for Earthdata applications. It offers scalable, highly-available deployments in a NASA-sanctioned, control-compliant environment. *NGAP=Next Generation Application Platform A NASA-sanctioned, controls-compliant

9 NGAP in 60 seconds NGAP’s intent is to handle much of the undifferentiated heavy lifting that application teams must go through to get up and running with an application or experiment. By maintaining a common underlying platform and leveraging certain advantages of the cloud, it allows developers and application owners to rapidly deploy their projects in a NASA-compliant environment.

10 $ ngap-deploy hello-world hello-world.tar
NGAP in one second $ ngap-deploy hello-world hello-world.tar TO NASA.GOV domain name – secure, sanctioned NASA environment

11 1,000 Foot Overview NGAP Base AMI ECC
(Secure) - ESDIS “blessed” component ECC (Code testing, tracking, deployment) NGAP Builder (Creates “slug” from ECC-hosted codebases) App Source Code NGAP-compliant AMI (Application) NGAP-compliant AMI (Application) NGAP-compliant AMI (Application) NGAP Services (Monitoring, Logging, Security, Autoscaling, Billing, etc.) Usable cloud “platform” OCIO GP-MCE* (AWS Reseller) *General Purpose Managed Compute Environment

12 NGAP Architecture

13 NGAP Applications 12-Factor (http://12factor.net/)
Externalized state, configuration Interacts with services via port binding No distinction between local/remote services Disposable Fast startup / graceful shut down Logging via STDOUT and STDERR Let process manager handle log stream

14 Twelve-Factor App methodology

15 NGAP Components API Nodes Routers App Nodes
Serve NGAP platform requests Deploys applications Maintains system state Routers Directs traffic from ELB to application nodes Enable wildcard DNS for NGAP platform App Nodes Platform requests – deploying applications, reporting statuses, changing environment variables

16 App Hosting Architecture
*.ngap.earthdata.nasa.gov Balances between routers. High-availability entry point Elastic Load Balancer Availability Zone Availability Zone Nginx Routes to all hosts Router Router Host Host Host Host Hardened RedHat AMI App 1 App 1 App 2 App 1 App 2 Amazon RDS NGAP Hosted Apps

17 NGAP Platform platform.ngap.earthdata.nasa.gov
Elastic Load Balancer Self-Service Console Availability Zone Availability Zone Log Aggregation Router Router Monitoring Host Host Host Host App 1 App 1 App 2 App 1 App 2 Backups NGAP Platform Amazon RDS NGAP Hosted Apps

18 NGAP App Deployment

19 1. Build Slug Language Buildpacks Git repo Artifact Metadata Bamboo
platform.ngap.earthdata.nasa.gov *.ngap.earthdata.nasa.gov Elastic Load Balancer Language Buildpacks Git repo Slug Builder Availability Zone Availability Zone Router Router Artifact Metadata Application Slugs Application Settings NGAP Platform Amazon RDS NGAP Hosted Apps

20 2. Start Instance(s) Git repo Artifact Metadata Bamboo
platform.ngap.earthdata.nasa.gov *.ngap.earthdata.nasa.gov Elastic Load Balancer Git repo Slug Builder Availability Zone Availability Zone Router Router Artifact Metadata Host Host Application Slugs Application Settings NGAP Platform Amazon RDS NGAP Hosted Apps

21 3. Fetch slug from S3 Git repo Artifact Bamboo
platform.ngap.earthdata.nasa.gov *.ngap.earthdata.nasa.gov Elastic Load Balancer Git repo Slug Builder Availability Zone Availability Zone Router Router Artifact Host Host Application Slugs NGAP Platform Amazon RDS NGAP Hosted Apps

22 4. Start slug Git repo Artifact Metadata Bamboo
platform.ngap.earthdata.nasa.gov *.ngap.earthdata.nasa.gov Elastic Load Balancer Git repo Slug Builder Availability Zone Availability Zone Router Router Artifact Metadata Host Host App 1 App 1 Application Slugs Application Settings NGAP Platform Amazon RDS NGAP Hosted Apps

23 5. Update routers Git repo Artifact Metadata Bamboo
platform.ngap.earthdata.nasa.gov *.ngap.earthdata.nasa.gov Elastic Load Balancer Git repo Slug Builder Availability Zone Availability Zone Router Router Artifact Metadata Host Host App 1 App 1 Application Slugs Application Settings NGAP Platform Amazon RDS NGAP Hosted Apps

24 NGAP Services

25 NGAP Services System maintenance Logging Monitoring
Hardened images, Updates Logging Platform Elasticsearch/Logstash/Kibana Offsite Splunk forwarding Monitoring Nagios CloudWatch

26 NGAP Services (cont’d)
SSL/TLS Highly Available Deployments Application Maintenance Mode Ingress/Egress Firewall Database infrastructure* ACLs, encryption Backups/Disaster Recovery * DBI is really RDS. We provide instances using a compliant configuration (access control, encryption, etc)

27 1,000 Foot Overview NGAP Base AMI ECC
(Secure) - ESDIS “blessed” component ECC (Code testing, tracking, deployment) NGAP Builder (Creates “slug” from ECC-hosted codebases) App Source Code NGAP-compliant AMI (Application) NGAP-compliant AMI (Application) NGAP-compliant AMI (Application) NGAP Services (Monitoring, Logging, Security, Autoscaling, Billing, etc.) Usable cloud “platform” OCIO GP-MCE* (AWS Reseller) *General Purpose Managed Compute Environment

28 NGAP: Compliance as a Service in the Public Cloud
Andrew Pawloski – Brett McLaughlin – Dan Pilone – Marc Huffnagle – Peter Plofchan –

29 This material is based upon work supported by the National Aeronautics and Space Administration under Contract Number NNG15HZ39C.

Download ppt "NGAP: Compliance as a Service in the Public Cloud"

Similar presentations

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Ivan Pleština Amazon Simple Storage Service (S3) Amazon Elastic Block Storage (EBS) Amazon Elastic Compute Cloud (EC2)

Ivan Pleština Amazon Simple Storage Service (S3) Amazon Elastic Block Storage (EBS) Amazon Elastic Compute Cloud (EC2)
B. Ramamurthy 4/17/20151. Overview of EC2 Components (fig. 2.1) 10..* 1 1 1 1 4/17/20152.

B. Ramamurthy 4/17/ Overview of EC2 Components (fig. 2.1) 10..* /17/20152.
Take your CMS to the cloud to lighten the load Brett Pollak Campus Web Office UC San Diego.

Take your CMS to the cloud to lighten the load Brett Pollak Campus Web Office UC San Diego.
Infrastructure as a Service (IaaS) Amazon EC2

Infrastructure as a Service (IaaS) Amazon EC2
An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.

An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.
Matt Bertrand Building GIS Apps in the Cloud. Infrastructure - Provides computer infrastructure, typically a platform virtualization environment, as a.

Matt Bertrand Building GIS Apps in the Cloud. Infrastructure - Provides computer infrastructure, typically a platform virtualization environment, as a.
Next Generation Application Platform (NGAP) Andrew Mitchell WGISS-39 Tsukuba, Japan Monday, May 11, 2015 1.

Next Generation Application Platform (NGAP) Andrew Mitchell WGISS-39 Tsukuba, Japan Monday, May 11,
Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.

Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.
A Brief Overview by Aditya Dutt March 18 th ’ 2014 1Aditya Inc.

A Brief Overview by Aditya Dutt March 18 th ’ Aditya Inc.
Cloud Computing for the Enterprise November 18th, 2011. This work is licensed under a Creative Commons.

Cloud Computing for the Enterprise November 18th, This work is licensed under a Creative Commons.
Let's build a media sharing website # 1 Hosting.

Let's build a media sharing website # 1 Hosting.
Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over the Internet. Cloud is the metaphor for.

Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over the Internet. Cloud is the metaphor for.
Lecture 8 – Platform as a Service. Introduction We have discussed the SPI model of Cloud Computing – IaaS – PaaS – SaaS.

Lecture 8 – Platform as a Service. Introduction We have discussed the SPI model of Cloud Computing – IaaS – PaaS – SaaS.
Cloud Computing. What is Cloud Computing? Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable.

Cloud Computing. What is Cloud Computing? Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable.
Cloud Computing & Amazon Web Services – EC2 Arpita Patel Software Engineer.

Cloud Computing & Amazon Web Services – EC2 Arpita Patel Software Engineer.
Presented by: Sanketh Beerabbi University of Central Florida COP6087 - Cloud Computing.

Presented by: Sanketh Beerabbi University of Central Florida COP Cloud Computing.
How AWS Pricing Works Jinesh Varia Technology Evangelist.

How AWS Pricing Works Jinesh Varia Technology Evangelist.
Cloud Computing is a Nebulous Subject Or how I learned to love VDF on Amazon.

Cloud Computing is a Nebulous Subject Or how I learned to love VDF on Amazon.
Cloud services Amazon Web Service (AWS) Intro and usage.

Cloud services Amazon Web Service (AWS) Intro and usage.

Similar presentations

Ads by Google