Embed Size (px)
DESCRIPTION
Amazon Web Services provides JPL a vast array of capabilities to store, process, and analyze mission data. JPLers were early to adopt AWS services to build complex solutions. However, we quickly grew to over 50 AWS accounts, 80 IAM users, and hundreds of resources. A team of engineers inside JPL's Office of the CIO developed a cloud governance model. The true challenge was implementing it on existing deployments. Learn about our model and how we overcame the challenges.
Citation preview
© 2013 California Institute of Technology. Government sponsorship acknowledged.
Bringing Governance to an Existing Cloud at
NASA’s Jet Propulsion Laboratory
Jonathan Chiang, Matt Derenski – NASA/JPL
November 12–15
Introductions
• Jonathan Chiang – IT Chief Engineer
• Matthew Derenski – Cyber Security Engineer
Agenda
• Provide a brief background of JPL
• Detail why JPL uses AWS
• Understand JPL use cases for AWS
• Describe JPL’s early engagement with AWS
• Review JPL’s implementation of its governance plan
• Utilizing governance to achieve organizational efficiency
• Measuring the value
What is JPL?
• We are a Federally Funded Research and Development Center (FFRDC) managed by Caltech
• We have 21 spacecraft and 9 instruments conducting active missions
• We manage NASA’s Deep Space Network (DSN)
• We “dare mighty things”
Why JPL use AWS?
• Quick and easy to provision/de-provision
• Reduce CapEx and large initial investments
• Pay as you go, only for what you use
• Automation and reusability
How JPL uses AWS HPC/Data Processing
How JPL Uses AWS
Mars Exploration Program
Mars.jpl.nasa.gov
Eyes on the Solar System
Eyes.jpl.nasa.gov
Night Sky Network
Nightsky.jpl.nasa.gov
Public Outreach
How JPL Uses AWS Storage, Backup, and Disaster Recovery
Mars Exploration Rovers Station Fires
How JPL Uses AWS Collaboration
Rapid Development
Enterprise Applications
Early AWS Engagement
• Issued 60+ root level AWS accounts to various
project teams
• Added all accounts to consolidated billing
• Associated a single project/task number for
chargeback and bill back
The Problem
Key Principles of JPL’s Governance Model
Understand your users and their use cases
Apply policy and accountability
Provide auditing and traceability
Leverage an iterative implementation
Account Management
Resources
IAM Accounts
AWS Root – MFA, Managed By IT Sec
Consolidated Billing Consolidated
Billing
(No Users or Resources)
MSL Account
IAM User 01
Auditing
IAM User 02
MSL Developer
AMI 1 AMI 2
MER Account
IAM User 02
MER Developer
AMI 1 AMI 2
Hosting Account
IAM User 01
Auditing
IAM User Hosting
Provisioning
AMI 1 AMI 2
+50 More
Organizational Efficiency (DevOps)
•Automated Configuration
Management
•Monitoring, Notification,
Escalation
•Networking and Security
Operations
Development
Quality Assurance
Operations
Dev
Ops
Measure the Value
• Calculate the cost of implementing governance
along with the cost of cloud resources
• Consider the benefits of organizational
efficiencies gained by cloud and governance
• Compare agility and speed to market vs.
adoption of governance
Summary
We are eager to hear your feedback
on this presentation and on re:Invent.
ENT201
Please fill out an evaluation form when
you have a chance.
