Important step with cloud adoption is to manage quick cycles of learning and improvement of the cloud environment. The following presentation brought you by Amazon AWS guys contains great amount of slides including best practices and examples for Continuous Deployment, Optimization and Integration.
“Newvem is the leader in enhancing cloud usage effectiveness through data analytics. Newvem’s suite of tools utilize both cloud data analysis and crowd sourcing to enable DevOps, IT Managers and other Cloud Stakeholders to get to the bottom of their cloud faster by operating more efficient, secure, and cost effective clouds” Interview with Zev Laderman, co-founder and CEO
———————————————————-
Earlier in his career Zev managed several business units at Oracle and later led several successful startups, including Aduva which was acquired by Sun MicroSystems and Tradeum which was acquired by VerticalNet.
Although more and more cloud newcomers are grasping the essence of the cloud, the challenges are still great. EU or US “cloud regulations” with regard to security and privacy is still a popular topic of discussion in the cloud social sphere. NIST, a US government research organization, with its cloud program is one of leaders in pushing to define the cloud with its “right rules” supported by relevant standards.
“Cloud computing can and does mean different things to different people. The common characteristics most interpretations share are on-demand scalability of highly available and reliable pooled computing resources, secure access to metered services from nearly anywhere, and displacement of data and services from inside to outside the organization. While aspects of these characteristics have been realized to a certain extent, cloud computing remains a work in progress. This publication provides an overview of the security and privacy challenges pertinent to public cloud computing and points out considerations organizations should take when outsourcing data, applications, and infrastructure to a public cloud environment”
Newvem analytic Indicator refers to a meaningful raw cloud usage metric or a simple calculation of these metrics. Newvem analytic service detects and records these indicators in order to generate full visibility and forecast of your cloud usage. For example number of instances or the projected costs.
Newvem Analytic service locates regions of interest and meaningful usage patterns and generates insights out of them. Newvem Insights are are qualitative indicators or meaningful conclusions resulted of a comprehensive calculation of several indicators.
Newvem insight is a compound of the three following parts:
Introduction
We have noticed that you have at least one EC2 instance behind an Elastic Load Balancer that is accepting connection from IP addresses on the port to which the ELB is directing traffic.
AWS defines a special Security Group associated with the ELB. Users can configure EC2 instances behind ELBs to receive connections to an IP port only from this special SG, thus assuring that only traffic coming from the respective ELB will reach that port. We recommend you change the security group configuration for those EC2 instances in a way that assure that those EC2 instances only accept traffic to the port targeted by the ELB, coming from this special ELB Security Group
Identification
Our identification of the issue is based on detecting EC2 instances behind an ELB, accepting connections from IP addresses on the Internet, on the same port to which the ELB is sending traffic.
Instructions
AWS Management Console
Command Line Tools -
Enter the following command:
PROMPT> ec2-describe-group [group ...]
Amazon EC2 returns output similar to the following example.
GROUP sg-455b6c31 999988887777 WebServers web
PERMISSION 999988887777 WebServers ALLOWS tcp 80 80 FROM CIDR 0.0.0.0/0 ingress
Tip: To filter the list to return only the security group with the open ports, use the ip-permission.from-port and the ip-permission.to-port filters.
How to add a rule to a security groups
AWS Management Console
To add a rule to a security group -
5. Click Add Rule.
An asterisk appears on the Inbound tab.
6. Click Apply Rule Changes.
The new rule is created and applied to all instances that belong to the security group.
Additional Relevant Resources
Using Security Groups on Amazon AWS
Understanding Amazon EC2 Security Groups and Firewalls
Check Dome9 to control and manage your ports on-demand
Recipe: Programmatically Creating and Updating AWS security groups
AWS offers a diverse variety of instance types and sizes for their operation. Although flexible, we found that many users pick instances that are far more powerful than they actually needed, which can lead to unnecessary costs.
Besides picking instance types that provide (and cost) more than what you need, another common over-provisioning mistake is running too many instances in clusters or behind load balancers. Forgetting the on-demand aspect of the cloud becomes common – you don’t need to kick-off all the nodes of your cluster you may need on peak loads. You can add nodes as needed, and you can automate that too – AWS even has an auto-scaling functionality built in its platform.
