Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Bringing Governance to an Existing Cloud at NASA’s Jet Propulsion Laboratory (JPL): A Case Study

9.561 visualizaciones

Publicado el

Amazon Web Services provides JPL with a vast array of capabilities to store, process, and analyze mission data. JPLers were early to adopt AWS services to build complex solutions, but quickly grew to over 50 AWS accounts, 80 IAM users, and hundreds of resources. To deal with this complexity, a team of engineers inside JPL's Office of the CIO developed a cloud governance model. The true challenge was implementing it on existing deployments. Learn about their model and how they overcame the challenges.

Publicado en: Tecnología
  • Sé el primero en comentar

Bringing Governance to an Existing Cloud at NASA’s Jet Propulsion Laboratory (JPL): A Case Study

  1. 1. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 speaker@company.com Bringing Governance to an Existing Cloud at NASA’s Jet Propulsion Laboratory Jonathan Chiang Matthew Derenski
  2. 2. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Introductions • Jonathan Chiang – IT Chief Engineer • Matthew Derenski – Cyber Security Engineer
  3. 3. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Agenda • Provide a brief background of JPL • Detail why JPL uses Amazon Web Services • Understand JPL uses cases for AWS • Describe JPL’s early engagement with AWS • Review JPL’s implementation of its governance plan • Utilizing governance to achieve organizational efficiency • Measuring the value
  4. 4. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Who Is JPL? • We are a federally funded research and development center (FFRDC) managed by Caltech • We have 21 spacecraft and 9 instruments conducting active missions • We manage NASA’s Deep Space Network (DSN) • We “dare mighty things”
  5. 5. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Why Does JPL Use AWS? • Quick and easy to provision/deprovision • Reduce CapEx and large initial investments • Pay as you go, only for what you use • Automation and reusability
  6. 6. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 How JPL Uses AWSHPC/data processing
  7. 7. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 How JPL Uses AWS Mars Exploration Program Mars.jpl.nasa.gov Eyes on the Solar System Eyes.jpl.nasa.gov Night Sky Network Nightsky.jpl.nasa.gov Public outreach
  8. 8. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 How JPL Uses AWSStorage, backup, and disaster recovery Mars exploration rovers Station fires
  9. 9. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 How JPL Uses AWSCollaboration Rapid development Enterprise applications
  10. 10. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Early AWS Engagement • Issued 60+ root level AWS accounts to various project teams • Added all accounts to consolidated billing • Associated a single project/task number for charge back and bill back
  11. 11. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 The Problem
  12. 12. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Key Principles of JPL’s Governance Model 1. Understand your users and their use cases – Identify the services they will be utilizing – Do any of the services conflict with institutional offerings? Do they interface with existing services? 2. Apply policy and accountability – Ensure roles and responsibilities are understood – Define and deploy a clear account management model – Identify training needs and opportunities – Create a hosting or provisioning account
  13. 13. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Key Principles of JPL’s Governance Model 3. Provide auditing and traceability – Create “describe” API roles in each account – Enforce tagging policy for shared accounts – Create a security response and forensics plan 4. Leverage an iterative implementation – The cloud is agile enough to conform to a changing governance model – Don’t wait to implement all aspects of governance before using the cloud
  14. 14. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Account Management Resources IAM accounts AWS root – MFA, managed by IT Sec Consolidated Billing Consolidated Billing (No users or resources) MSL account IAM user 01 auditing IAM user 02 MSL developer AMI 1 AMI 2 MER account IAM user 02 MER developer AMI 1 AMI 2 Hosting account IAM user 01 auditing IAM user hosting provisioning AMI 1 AMI 2 +50 more
  15. 15. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 C&A Package 15
  16. 16. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Organizational Efficiency (DevOps) • Automated configuration management • Monitoring, notification, escalation • Networking and security operations • Verification and validation Dev Ops
  17. 17. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 AWS at JPL • All standard work loads are run in GovCloud – Using GovCloud and VPC allows traffic to be inspected and protected by JPLs existing security systems – Public AWS is reserved for unique deployments 17
  18. 18. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 IAM Account Creations • Account for forensics – Power User • Account for asset tracking – Read only API access • Account for account owners – Power User access – Cannot make changes to networking or IAM – Responsible for and maintains full access to all AWS resources and resource creation 18
  19. 19. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Common Mistakes • Incorrect meta data • Instances left running • Default user accounts • Unpatched systems • Using the wrong cloud
  20. 20. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Measure the Value • Calculate the cost of implementing governance along with the cost of cloud resources • Consider the benefits of organizational efficiencies gained by cloud and governance • Compare agility and speed to market vs. adoption of governance
  21. 21. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Thank You Jonathan Chiang Matthew Derenski

×