Scribd Logo
Upload

Welcome to Scribd!

  • AWS Case Study

    Uploaded by

    ramesh
    220 views9 pages
    AWS solution architect case studies

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    AWS solution architect case studies

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    220 views9 pages

    AWS Case Study

    Uploaded by

    ramesh
    AWS solution architect case studies

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 9

    AWS Case Study

    Prepared by: Sachin Jadhav

    06th Sep 2017

    IBM CONFIDENTIAL © 2012 IBM Corporation


    ©©2017
    2012IBM
    IBMCorporation
    Corporation
    DWP ADep Security Team 10 Commandments
     No Live Data
    – We do not accept live data from any source. Report any potentially live data to Account Security.
     No External or USB Storage devices
    – Approved external transfer devices are available for use from Account Security only
     Document Handling and classification.
    – All documentation must be correctly classified. We do not handle above HMG OFFICIAL. We do not handle ADep software or
    assets on Blue.
     Information is “Need to know”
    – Always consider to whom, what and where you discuss our high profile project.
     Vetting
    – BPSS clearance (or BPSS equivalent) is minimum standard for all. SC clearance is required for privileged users.
     Site access
    – Green = IBM Yellow = Contractor Red = Visitor who must be escorted at all times. Badges allocated once appropriate clearance
    obtained.
     Display ID badges at all times
    – IBM and Site access badges.
     No Tailgating
    – Access to our offices are restricted.
     Project Networks
    – Dedicated machines for dedicated networks, colour coded for ease. Do not cross over.
     Security is a business enabler and is the responsibility of us all
    – Security is a critical client business requirement. We must work together to succeed if in doubt please ask the Security team for
    advice and guidance.

    2 IBM CONFIDENTIAL © 2017 IBM Corporation


    Version Control
    Version Date Summary of changes Revision
    number marks
    1.0 06/09/2017 Prepare AWS solution architecture for the sample on-premise solution N/A

    © 2017 IBM Corporation


    Objectives, Discoveries

    Objective
     Migrate the existing on-premise infra solution for Apps & DB Servers onto AWS
     Use AWS best practises for design and operation module
     Align or extend DevOps processes (may be what we have in place) to AWS infrastructure while designing
     Document the results and architecture

    Discoveries

    4 IBM CONFIDENTIAL © 2017 IBM Corporation


    On-premise Solution Architecture

    5 IBM CONFIDENTIAL © 2017 IBM Corporation


    Solution Review & Actions
    # Action Description Comments Status Date

    1 create Users and groups create users and groups using IAM with designated password policies
    divide users and groups based on security groups (for restricted access across the
    2 create secrurity Groups environment)
    where you canc ontrol and route the incoming traffic from web using Internet
    Gateways, route tables, NACL (if we decided to use NACL we cant assign Security
    3 created VPC groups to it).
    create servers/ server groups with auto scaling policies by enabling monitoring
    services with cloud watch service from AWS. Use ELB service to distribute load
    4 create EC2 instances across the servers
    Using RDS we can create and configure DB services. We can create auto
    5 create a DB (RDS) backup,monitoring services,

    6 Application Deployment Deploy application and configure DB conncetivity and Test it

    You can use Microsoft AD to enable multi-factor authentication by integrating


    with your existing RADIUS-based MFA infrastructure to provide an additional layer
    of security when users access AWS applicatio

    6 IBM CONFIDENTIAL © 2017 IBM Corporation


    Solution Review & Actions
    # Action Description Comments Status Date
    Security, Identity &
    Compliance ---> Directory
    Services Integrate our AD to directory services in AWS to accomplish following things

    Manage users and groups

    Provide single sign-on to applications and services

    Create and apply group policy

    Securely connect to Amazon EC2 Linux and Windows instances


    Simplify the deployment and management of cloud-based Linux and Microsoft
    Windows workloads

    You can use Microsoft AD to enable multi-factor authentication by integrating


    with your existing RADIUS-based MFA infrastructure to provide an additional layer
    of security when users access AWS applicatio

    7 IBM CONFIDENTIAL © 2017 IBM Corporation


    Solution Review - Questions
    # Action Description Comments Status Date

    10

    11

    8 IBM CONFIDENTIAL © 2017 IBM Corporation


    Thank You

    9 IBM CONFIDENTIAL © 2017 IBM Corporation

    You might also like