Cloud Migration and Support
stackArmor engineers have been assisting customers with cloud migrations since 2009, designing and developing AWS based solutions for security conscious customers that include large US Federal Agencies, Financial Services, Non-profit and Commercial clients. Our SecurityFirst design approach begins with understanding our customers’ security posture with regard to confidentiality, integrity and availability. Based on an understanding of the nature of the data and the potential threat vectors, a customized cloud solution is developed which includes:
- Network access engineering using VPN, SSH, Dedicated Connection
- Optimal cloud virtual machine selection based on workload to optimize performance & cost
- High-availability design through the use of multiple regions and data center availability zones
- Strong network and access isolation using a multi-zone architecture within a virtual private cloud
- Cost and performance efficiency using auto- scaling, reserved & spot instance strategies
- Technology specific design for Microsoft, Linux, Oracle or SAP based systems and applications
All stackArmor designs are documented and reviewed with clients to ensure that the designed solution performs to client expectations. stackArmor also offers a unique Design Assist and Review where stackArmor Cloud Solution Architects can help review and assist client teams looking to design their own solutions. All of our designs follow AWS Cloud engineering best practices and follow the Well Architected Framework (WAF). The diagram below shows a typical AWS Virtual Private Cloud (VPC) design developed by stackArmor engineers.
Once the cloud hosting enclave is ready and the application is migrated and operational, it is critical to ensure secure and reliable operations. stackArmor has developed a holistic approach to system maintenance and operations. The diagram below shows the 4 cornerstones of our Cloud Operations framework.
The services delivery framework is supported by policies and procedures that are highly focused on “code-based” compliance and operations techniques including the use of new services from AWS e.g. AWS Inspector (depending on the clients’ security posture) and APM solutions such as New Relic as samples. Each one of the key areas for Cloud Service Operations are described in greater detail below.
System Operations: This work stream covers the full-stack operations on the platform and includes proactive monitoring and management from the operating system and up. The system operations work stream includes performance of virtual machines, network, and storage. Typical activities include logging and monitoring of performance bottlenecks on routers, cloud elements, databases and other services. Systems Operations includes system administration and technical support activities such as 24/7 support is provided to resolve urgent incidents and ensure a service level as defined in the Service Level Agreement (SLA) as well as Backups/Restores.
Security Operations: The Security Operations activity stream covers the tactical security hygiene and operational actions including:
- Patching and Vulnerability scanning using tools such as Tenable Nessus
- Continuous monitoring and log aggregation & analysis Regular Cloud Foundry release updates
- Gold image creation and system hardening using DISA STIG’s
- Creating and providing continuous monitoring and FISMA/FedRAMP compliance reports
- Monitoring and implementing security best practices such as key rotation, using IAM policies, System/Service Accounts
Financial Operations: It is critical to ensure the optimal financial performance of the platform by leveraging reserved instances, turning off unused instances, right-sizing instances, deleting unused snpshots/storage on EBS and S3.
End-User Experience: Given the high profile and visibility associated with cloud programs, it is essential that workload users on the platform have a superior end user experience. This is accomplished through the use of policies, procedures and tools such as APM technologies like NewRelic that provide an operational view of the applications to identify bottlenecks and choke points. Further, all service requests are clearly categorized with the level of severity and urgency to help triage support issues and help manage expectations.
The overall quality of the service delivered on the platform is captured through SLA’s, periodic reporting on the SLA’s and continuous improvement through automation.
Please contact us at solutions@stackArmor.com for a Free consultation with a AWS Certified Solution Architect and Managed Services expert.