DevOps for Business Transformation at Ellucian

REĀN Cloud:

Disaster Recovery Using DevOps on AWS

REANCloud.com

Location: US (Herndon, Philadelphia, Los

Angeles), India (Udaipur, Hyderabad), Israel (Tel

Aviv)

2

REĀN Organization Profile

Established: 2013

Presence: USA, Israel and India

Number of Employees: 150+

AWS Certifications: 80+ (including 8 Professional Certifications)

Management team consisting of executives formerly from Fortune 500 Enterprises - AWS, Amdocs, Booz Allen Hamilton, Capgemini, PWC and Merck with deep AWS cloud computing experience

AWS Competencies IncludeMigration Competency

Life Sciences

DevOps

Managed Services

24x7 follow the sun model with offices around the world with continuous operations in multiple time zones - EST, PST, and IST

REAN AWS Certifications

4

REĀN Capabilities

REAN Capabilities

Consulting Services

AWS Managed

Cloud Solutions

AWS Managed

Cloud Services

AWS Test Drive

5

REĀN Enterprise Service OfferingREAN ENTERPRISE CLOUD MANGEMENT (ECM) PORTFOLIO

RE

AN

SE

RV

ICE

S

MIGRATION

NATIVE AWS

APPLICATION

DEVELOPMENT

BILLING AS

a SERVICE

BU

SIN

ES

S

CO

NS

UL

TIN

G

CLOUD OPERATIONS STRATEGY

CLOUD ARCHITECTURE DEVOPS STRATEGY

ROI & BUSINESS CASE JUSTIFICATION SECURITY & RISK ASSESSMENTCLOUD

ADOPTION

STRATEGY

GOVERNANCE & COMPLIANCEACCOUNT MANAGEMENT

DR & BUSINESS

CONTINUITY

PLANNING (BCP)

SECURE

INFRASTRUCTU

RE SETUP

INF

RA

SE

RV

ICE

S

AWS INFRASTRUCTURE HYBRID ON-PREM INFRASTRUCTURE

MANAGED

CLOUD

SERVICES

DEVOPS (CD

|CI)

IMPLEMENTATI

ON

6

Application Deployment

Automation on AWS

Account

•Dev Environment

•Test Environment

•Staging Environment

•Production Environment

Identity/Access

•Server Admin

•Storage Admin

•Network Admin

•Machine (API)

•CloudTrail (Audit)

Network

•Subnets

•Route Tables

•DNS

•Access Control List

•Gateways

Application

•Load Balancer

•Web Server

•Application Server

•Database Server

7

Scope of Offering

DEVSECOPS – CICD AUTOMATION

ComplianceHIPAA, PCI, FedRAMP

Assessment Remediation

Operations Monitoring Patching Backup Logging

Application Setup Configuration DB Migration

Automated Infrastructure

Build/ValidationIAM VPC

EnvironmentsDev, Test,

Prod

SE

CU

RIT

Y

IDS

, IP

S, W

AF

, A

D,

EN

CR

YP

TIO

N

Disaster Recovery

10

Proposed Scope of Work High Availability and Disaster Recovery on AWS

Lift & Shift using Cloud Endure

Runbook/DevOps based Deployment

11

Elastic Load

Balancer

CloudWatchAuto Scaling

Server icons courtesy of http://creativecommons.org/licenses/by-nd/3.0/.

Latency

Utilization

Metrics

Architecture –Scale Up and Down On-

Demand

12

Auto Scale

Amazon S3

US WEST

Amazon S3

Network IO EBS

Snapshot

EBS

Snapshot

EC2

Network IO

EBS

Snapshot

EC2

Ephemeral

US EAST

Availability Zone - A Availability Zone - BLoad Balancer

Source: Amazon Web Services

Architecture - High Reliability

13

Migration – Lift & Shift (CloudEndure)

14

Migration – Runbook/Devops2

DNS Changes

15

Cross Account Deployment

REĀN Security Differentiator

17

Responsibility & Compliance Model

18 Source: Amazon Web Services VPC Architecture

Datacenter

Amazon Web ServicesSecure VPN Connection over the Internet

Subnets

AWS resources

Router

VPN Gateway

NAT

VPC

Internet

REĀN Virtual Private Cloud (VPC)

Architecture

19

Controls Necessary to Meet Compliance

| REAN Secure VPC Solution

20 | REAN Secure VPC Solution

Security Framework Controls

21

REAN OS/Application Controls + AWS IaaS GSS Controls

+ Customer Operations and Management = Compliance

| REAN Custom Application

Security and Compliance Benefits

AWS Account & Users

23

End User 4

End User 3

Consolid

ate

d B

illin

gId

entity

& A

ccess M

anag

em

ent

End User 1

End User 2

End User 5

Linked Account

Department 1

End User 3

End User 1

End User 2

End User 3

End User 2

End User 1

End User 4

End User 3

End User 1

End User 2

End User 4

Linked Account

Department 4

Linked Account

Department 2

Linked Account

Department 3

University Paying Account

End User Group

Use IAM for Access Control

24

• Users and Groups within Accounts

• Unique security credentials

–Access keys

–Login/Password

–MFA device

• Policies control access to AWS APIs

• Deep integration into S3

–policies on objects and buckets

• AWS Management Console now

supports User log on

• Not for Operating Systems or

Applications

–use LDAP, Active Directory, ADFS,

etc...

AWS IAM Fine Grained Identity Controls

25

User Management

REĀN Billing Services

27

REĀN Enterprise Billing

Capabilities

Billing as a Service RI Recommendation Engine

Customer/Account Provisioning and

ManagementAPI Integration

Enterprise Billing Solution

28

Multilayer flow through Provisioning

Accounts

Product | Service Groups

Divisions | Regions

Enterprise University

School #1

Dept #1

Account#1 Account#2

Dept #2

School#2

Dept #3

Account#3.1 Account#3.2

29

REĀN Enterprise Billing Solution (EBS)

Key Features

Simplify Billing and Chargebacks

• Track actual usage charges across every AWS product

• Generate bills and invoices in AWS format

• Package your own subscription-based services

• Define how usage and charges are billed through the use of SKUs and bundle in third-party services

Track Individual and Aggregate Usage

• Intuitive dashboards

• Customizable reports

• Multi-tier visibility of usage and accurate cost

• View aggregated usage across all resellers, customers, and accounts

• Organize and track costs and profitability

• Access granular usage details

Customer Provisioning

• Optimize the process of creating new AWS accounts

• Streamline process of provisioning new cloud accounts

• Integrate new accounts with consolidated bill

• Reduce costs of operations related to cloud

• Allow reseller or customer to grow on-demand

• Simplifies billing as resellers/customers onboard or grow

30

Billing Analytics vs Transactions

Billing Analytics

• Trend reporting

• Spend by project or server

• Recommendations for

opportunities to save money (e.g.

Reserved Instance

recommendations)

• Analysis of utilization vs. expense

Billing Transactions

• A verifiable transaction log of all

charges;

• 100% accuracy and audit-ability;

• The ability to lock/compare

historical billing against changes;

• Ensuring all charges are accurate

for each individual customer at

their agreed upon rates and level

of services;

• Seamless handling of additional

charges including support;

• True visibility to where charges

belong for all organizations and

customersAWS Detailed Consolidated Bill

ReconciledInvoiced to

Customer

3rd Party

Analytics/Dashb

oard

Dashboards

Thank You