View
221
Download
2
Category
Preview:
Citation preview
Manage AWS ServicesCost, Security, Best Practice and Troubleshooting
Elias Haddad | Principal Product ManagerPeter Chen | Principal Software Engineer
September 2017 | Washington, DC
▶ Challenges in Managing Enterprise Level AWS Services▶ Get Data In – AWS Add-on▶ Data Analysis and Visualization – AWS App▶ Case Study▶ Q & A
Agenda
ChallengesinManagingEnterpriseLevelAWSServices
CostOptimization▶ Multi accounts▶ Budget planning▶ RI planning▶ Cost forecasting▶ Anomaly detection▶ Smart alerting
Challenges inManagingEnterpriseLevelAWSServices
SecurityStrategy▶ Access monitoring▶ API call monitoring▶ User management▶ Anomaly detection▶ Smart alerting
CostOptimization
Challenges inManagingEnterpriseLevelAWSServices
BestPractice
▶ Config Rule▶ Inspector▶ EC2▶ ELB
SecurityStrategy
CostOptimization
▶ EBS▶ EIP▶ SG▶ IAM
Challenges inManagingEnterpriseLevelAWSServices
BestPractice
SecurityStrategy
CostOptimization
Troubleshooting
▶ Change management▶ Network topology▶ Association analysis
Splunk SolutionAWS App & Add-on
Splunk Add-on for AWS
Explore AnalyzeDashboard Alert
Splunk App for AWS
EC2
EMR
Kinesis
R53
VPC
ELB
S3
CloudFront
CloudTrail
CloudWatch
RedshiftSNS
API Gateway
Config
RDS
CF
IAM
Lambda
AWS Add-onGet Data In
Kinesis S3CloudWatchConfig SQS CloudTrail Billing
Multiaccounts AssumeRole Highthroughput
EasyconfigurationScaleoutDistributedjob
Real-timecollection
HealthMonitoring
More
…...
KeyNewFeaturesinAWSAdd-on4.3and4.4New Input: SQS-Based S3
CloudTrail AccessLogs Config PlainText
S3 Event Notification
SQS
DLQFail over
Batch Process
Adaptable Downloader
Pluggable Decoder
▶ Higher throughput
▶ Real-time ingestion
▶ Cost efficient
▶ High availability
▶ Scale out capability
Best Practice of Get Data InExample 1: Get CloudTrail Data of Hundreds Accounts in Real-time
Account 1
Account 2
Account 3
Account 100
S3
Centralized account
SQS
CloudTrail FilesCross account delivery
S3 event notification
Forwarder 1
Splunk Add-on for AWS
Forwarder 2
Splunk Add-on for AWS
Forwarder 3
Splunk Add-on for AWS
Index Cluster
SQS-Based S3 Input
Bucket 1
Bucket 2
Bucket 3
Best Practice of Get Data InExample 2: Get Data More Securely
EC2 with Instance Role
Splunk
Account 1
Account 2
Account 3
AssumeRole
Kinesis
S3
CloudWatchConfig
SQS
CloudTrail
Billing
Config Rule Inspector
AWS AppData Analysis and Visualization
SavedSearch LookupDataModelsSummary
Dashboard
DataTransformation
SearchAcceleration
MachineLearning
SecurityStrategy
NetworkTopology
ForecastAnalysis
OverlayLayers
RIPlanning
ChangePlayback
BestPractice
Timeline
AnomalyDetection
Real-timeStatus
SmartAlerting
ReportAcceleration
▶ Add support of “Instance Size Flexibility”
Key NewFeaturesin AWSApp5.1Reserved Instance Inventory and Planner
AZ 1
AZ 2
AZ 1
AZ 2
Region
Unitsnano 32x
large
4xlarge
AZ Scope Regional Benefit
Instance Size Flexibility
▶ Add support of “Instance Size Flexibility”
Key NewFeaturesin AWSApp5.1Reserved Instance Inventory and Planner
▶ Add support of Platform and Tenancy in RI planer▶ Support window selection in RI Planer
Key NewFeaturesin AWSApp5.1Reserved Instance Inventory and Planner
▶ Manage anomaly detection jobs
▶ Manage alerts▶ View anomalies
detected
Key NewFeaturesin AWSApp5.1Dedicated Dashboard for Anomaly Detection
Key NewFeaturesin AWSApp5.1More Insights
EC2
EBS
EIP
SG
ELBIAM COST OPTIMIZING
SECURITY
PERFORMANCE
FAULT TOLERANCE
Key NewFeaturesin AWSApp5.1Decoupled Dependency of AWS Add-on
Search Head
Splunk App for AWS
Forwarder
Splunk Add-on for AWS
Forwarder
Splunk Add-on for AWS
▶ Not available in hybrid environment▶ Not able to connect multiple forwarders
Indexer Cluster
Key NewFeaturesin AWSApp5.1Decoupled Dependency of AWS Add-on
Search Head
Splunk App for AWS
Forwarder
Splunk Add-on for AWS
Forwarder
Splunk Add-on for AWS
Summary IndexAccounts InfoInputs Info
UseCase– ManageBillingReport
3 kinds of reports, different granularity▶ CloudWatch Estimated Cost▶ Monthly Report▶ Detailed Billing Report
Budget planning and tracingCost analysis on different grouping rulesCost analysis on customized tags
Case Study – Optimize Reserved Instance
Statistics of RI Best purchase plan of RI▶ Based on historical data▶ Based on forecasting▶ Based on adjusted forecasting
▶ Support 3 payment options▶ Support Regional RI▶ Support Size Flexibility
▶ Distribution & utilization ▶ Detail information
Case Study – Topology
Interactive network topologyInteractive IAM association presentingExport to picture
Multiple overlaysPlayback of changes
CaseStudy– AnomalyDetection
Customvisualizationonanytimechart Nativesupportofalerting
▶ Email, SNS, ServiceNow▶ Number of instance launched daily▶ Amount of money spent daily
Recommended