View
1.715
Download
1
Category
Preview:
DESCRIPTION
Citation preview
Overview: Acquia Managed CloudPlatform As A Service
Kieran Lal
Technical Director, Enterprise Sales
Hosting vs. Platform as a Service
Mission critical Drupal applications require more than just virtual machines
Virtual Machines
Bring us your code and files..
and we’ll handle the rest.
Vs.
Drupal Lifecycle events
Requires expert skills and significant time
Set-up/LaunchSet-up/Launch ProductionProduction Site EvolutionSite Evolution
Build•Load balancers•Fast page cache•App Servers•Database•File systems•Web servers•App Configuration•HA architecture
Deploy•Integrated Git/SVN•Drag and drop content management
Drupal Lifecycle events
Requires expert skills and significant time
Set-up/LaunchSet-up/Launch ProductionProduction Site EvolutionSite Evolution
Build
Deploy
Application updates• Drupal App code
• Security release
Infrastructure updates• OS• Debugging• Security
Operations• 24X7 monitoring & alerts• Backups• Load testing
Drupal Lifecycle events
Requires expert skills and significant time
Set-up/LaunchSet-up/Launch ProductionProduction Site EvolutionSite Evolution
Build
Deploy
Application updates
Infrastructure updates
Operations
Diagnosis•Site/App failure•Infrastructure failure•Security Breach
•DDOS
•Traffic spike
Resolution•Resize•Recover (Multi-region)
•Staging/QA
•Caching strategies
•Customize
Can I build this myself?
Platform as a Service stack
Low Cost, Flexible, Reliable
Virtual elastic cloud resources, High
availability, Configuration management, Monitoring,
Optimization, Caching
Platform Features
ApplicationLifecycle
Management
Customized environment, Analyze, Code management, Workflow, Cloud migration
Platform Architecture
Search, Spam, Insight, Mobile, Functional testing, Marketing testing, Load testing,
Runtime reporting
Application NetworkServices
24/7 break-fix, Advisory support, Technical account managers, Audits: Site, security,
performance
World Class Application Support
Sure, but some assembly is required
Traditional hosting
• Hardware
• Virtual machine
• Power
• Network
• Operating System
Managed hosting providers
• Will provide high availability architecture
- Installation only
• Will reboot servers
• Will call you when the servers or virtual machines fail
How do I make my Drupal application secure, scalable and high-performance?
Automated configuration management
• Dozens of config files
• Cloud servers fail. You need to recover quickly.
• Site traffic increases and decreases. You need to resize quickly.
• Configuration files need changing. Policy based configuration keeps files secure.
Optimization
• Systems• Load balancer
• Memcache
• Web server
• PHP
• Opcode cache
• File Server
• Drupal
• Database – Percona
• Newrelic for diagnosis
• XHProf, Maatkit for resolution
• Systems resources monitoring: top, freemem, etc
Monitoring
• What to monitor?• Load balancer
• Memcache
• Web server
• PHP
• File Server
• Drupal
• Database – MySQL
• CPU
• Memory
• Disk space, etc
• Expert response to 25 different alerts
Development lifecycle
• 10 principles of continuous integration
• Software deployment best practices
10 principles of continuous integration
• Maintain a code repository
• Automate the build
• Make the build self testing
• Everyone commits to the build everyday
• Every commit (to the baseline) should be built
• Keep the build fast
• Test in a clone of the production environment
• Make it easy to get the latest deliverables
• Everyone can see the results of the latest build
• Automate the deployment
Software deployment
• Release
• Install and activate
• Deactivate
• Adapt
• Update
• Built-in
• Version tracking
• Uninstall
• Retire
Remote administration
• Security patching to staging & prod envs
• PHP error & Drupal log review
• Best practices in site layout
• Deploy code, config site
• Proactive site fixing
• Set-up staging environments
Network Services – Acquia Network• Acquia Search (managed Solr)
• Mollom (SPAM blocking)
• New Relic (stack monitoring)
• Visual Website Optimizer
• Drupalize.me
• SEO Grader
• Lingotek
• Blitz.io
• Yotta
• Blazemeter
• Buildamodule
• Chartbeat
• Tracelytics
Drupal support and advisory hours
• Break-fix support
• 24/7 response on Service Level Agreement
• Advisory support
- Security
- Scalability
- Performance
- Deployment
- Configuration mgmt
- Staging
Expert Services
Consulting Services:
• Architecture assessments
• Load testing
• Site audits
• Performance & scalability audits
Your custom code and database
• Your custom code
• Your custom theme
• Your database
• Your assets
• Your web services
• Your content editors
• Your site developers
Flying as a Service
Current US Government Compliance LandscapeFISMA, DIACAP and FedRAMP are standardized approaches to security assessment,
authorization, and continuous monitoring for information systems utilized by the Federal government.
FISMA - Federal Information Security Management Act of 2002. Applicable to non-DoD agencies.
DIACAP – Department of Defense Information Assurance Certification and Accreditation Process. Applicable to DoD related agencies.
With both FISMA and DIACAP each information system must be documented, reviewed by independent third party assessor and authorized by authorizing officials.
Can be time consuming, expensive
FedRAMP – The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services
FISMA, DIACAP and FedRAMP Process
Federal Compliance - High Level Process1. Categorize the System –
FIPS 199Confidentiality, Integrity,
Availability
2. Select the controls – NIST 800-53
3. Implement the controls and document them
-System Security Plan-Privacy Impact Assessment
4. Assess – Contract with Third Party Assessor
-3PAO reviews SSP and creates STE & POA&M
5. Authorize – This package of documents submitted to the
Authorizing Official who reviews, comments, asks for
revisions.-grants IATC and/or ATO
6.Monitor – Continuous update to SSP , continuous mitigation of items identified in STE and
POA&M
FedRAMP - Federal Risk and Authorization Management Program
• Establishes an “authorize once, use many times” framework for cloud computing products and services. FedRAMP is meant to supersede FISMA and DIACAP for cloud products.
• FedRAMP was established on Dec 8, 2011 via a memorandum produced by the Federal Chief Information Officer and is due to achieve Initial Operating Capacity in 2012.
• Based on the same NIST publications as FISMA with added controls pertinent to the cloud
• Acquia Managed Cloud Controls and Documentation are “future proof as they include all the FedRAMP controls
FedRAMP
FISMA Compliance in Acquia CloudAcquia Managed Cloud is a Shared Responsibility Model: PaaS (AMC) built on IaaS (Amazon AWS)Three primary layers in the shared responsibility model:•Application Layer (Drupal)•OS Stack Layer (Linux, Windows, Database, etc)•Infrastructure Layer (Datacenter, network)
*Each entity must document the controls for which they are responsible for.*
Acquia Cloud Customers inherit the controls from Acquia Managed Cloud and Amazon AWS
Achieving FISMA Compliance in Acquia Cloud
Acquia Cloud High Level Control Overview
Extensive documentation
https://docs.acquia.com/cloud/arch/security
Dedicated Federal Sales team
Contact Sean Burns sean.burns@acquia.com
Acquia can provide agencies existing FISMA System Security Plans (Acquia and Amazon).
Follow up with Acquia
Recommended