Important step with cloud adoption is to manage quick cycles of learning and improvement of the cloud environment. The following presentation brought you by Amazon AWS guys contains great amount of slides including best practices and examples for Continuous Deployment, Optimization and Integration.
“Newvem is the leader in enhancing cloud usage effectiveness through data analytics. Newvem’s suite of tools utilize both cloud data analysis and crowd sourcing to enable DevOps, IT Managers and other Cloud Stakeholders to get to the bottom of their cloud faster by operating more efficient, secure, and cost effective clouds” Interview with Zev Laderman, co-founder and CEO
Zev Laderman, CEO & Co-Founder at Newvem
Earlier in his career Zev managed several business units at Oracle and later led several successful startups, including Aduva which was acquired by Sun MicroSystems and Tradeum which was acquired by VerticalNet.
Although more and more cloud newcomers are grasping the essence of the cloud, the challenges are still great. EU or US “cloud regulations” with regard to security and privacy is still a popular topic of discussion in the cloud social sphere. NIST, a US government research organization, with its cloud program is one of leaders in pushing to define the cloud with its “right rules” supported by relevant standards.
“Cloud computing can and does mean different things to different people. The common characteristics most interpretations share are on-demand scalability of highly available and reliable pooled computing resources, secure access to metered services from nearly anywhere, and displacement of data and services from inside to outside the organization. While aspects of these characteristics have been realized to a certain extent, cloud computing remains a work in progress. This publication provides an overview of the security and privacy challenges pertinent to public cloud computing and points out considerations organizations should take when outsourcing data, applications, and infrastructure to a public cloud environment”
Newvem analytic Indicator refers to a meaningful raw cloud usage metric or a simple calculation of these metrics. Newvem analytic service detects and records these indicators in order to generate full visibility and forecast of your cloud usage. For example number of instances or the projected costs.
Newvem Analytic service locates regions of interest and meaningful usage patterns and generates insights out of them. Newvem Insights are are qualitative indicators or meaningful conclusions resulted of a comprehensive calculation of several indicators.
Newvem insight is a compound of the three following parts:
The Data – the related indicators and raw metrics.
The Conclusion – the insight’s qualitative results.
The Recommendation – Newvem analytic provides an information and tools on how to act in order to achieve an improvement.
We have noticed that you have at least one EC2 instance behind an Elastic Load Balancer that is accepting connection from IP addresses on the port to which the ELB is directing traffic.
AWS defines a special Security Group associated with the ELB. Users can configure EC2 instances behind ELBs to receive connections to an IP port only from this special SG, thus assuring that only traffic coming from the respective ELB will reach that port. We recommend you change the security group configuration for those EC2 instances in a way that assure that those EC2 instances only accept traffic to the port targeted by the ELB, coming from this special ELB Security Group
Our identification of the issue is based on detecting EC2 instances behind an ELB, accepting connections from IP addresses on the Internet, on the same port to which the ELB is sending traffic.
Click Security Groups in the Navigation pane. The console displays a list of security groups that belong to the account.
Select an EC2 security group. Its rules appear on the Inbound tab in the lower pane.
To add a rule:
From the Create a new rule: drop-down list, select the option you want
Specify a port or port range. In this case we suggest that you reduce the number of open ports to a minimum, limiting access from the outside world only to web-facing services (e.g. ports 80 for HTTP and 443 for HTTPS).
In the Source field, specify one of the following:
Name or ID of a security group (to allow access from that group). If the group isn’t in your AWS account, prefix the group name with the AWS account ID and a forward slash (e.g., 111122223333/OtherSecurityGroup).
IP address range in CIDR notation (to allow access from that IP address range). For example, enter 0.0.0.0/0 to allow all IP addresses to access the specified port range. Enter an IP address or range of addresses to limit access to one computer or a network, for example 203.0.113.5/32.
5. Click Add Rule.
An asterisk appears on the Inbound tab.
6. Click Apply Rule Changes.
The new rule is created and applied to all instances that belong to the security group.
AWS offers a diverse variety of instance types and sizes for their operation. Although flexible, we found that many users pick instances that are far more powerful than they actually needed, which can lead to unnecessary costs.
Besides picking instance types that provide (and cost) more than what you need, another common over-provisioning mistake is running too many instances in clusters or behind load balancers. Forgetting the on-demand aspect of the cloud becomes common – you don’t need to kick-off all the nodes of your cluster you may need on peak loads. You can add nodes as needed, and you can automate that too – AWS even has an auto-scaling functionality built in its platform.