Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale


Published on

by Ananth Vaidyanathan, Sr. Product Manager, AWS

  • Login to see the comments

Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale

  1. 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Ananth Vaidyanathan, Sr. Product Manager March 2017 Amazon EC2 Systems Manager Fleet Management Automation
  2. 2. Customer challenges Traditional IT toolset not built for cloud scale infrastructure Maintaining enterprise-wide visibility is challenging Deploying multiple products is a significant overhead Licensing costs & complexity Managing cloud and hybrid environments using a traditional toolset is complex and costly
  3. 3. Introducing Amazon EC2 Systems Manager A set of capabilities that... ...enable automated configuration... ...and ongoing management of systems at scale... ...across all of your Windows and Linux workloads... ...running in Amazon EC2 or on-premises… no charge; only pay for AWS resources you manage
  4. 4. Why should I care? Support for hybrid Architecture Cross-platform Scalable Secure Easy-to-write automation Expected Reduction in Total Cost of Ownership (TCO)
  5. 5. Part of range of AWS services
  6. 6. Amazon EC2 Systems Manager – Components Run Command State Manager Inventory Maintenance Window Patch Manager Automation Parameter Store
  7. 7. Documents
  8. 8. Remotely and securely manage servers or virtual machines at scale running in your data center or in AWS  Lock down SSH and RDP access to machines – improve security posture  Execute commands across multiple instances simultaneously  Support for AWS and on-premises infrastructure  Granular permissions to control access through AWS Identity & Access Management  Logging using AWS CloudTrail Run Command: Overview
  9. 9. Bootstrap, Configure and Manage Software  provides predefined commands for both Linux and Windows  Simplify bootstrapping of varied software / agents Run Command: Use Cases Operating System Configuration  Perform operating system changes  Manage local users & permissions  Support for PowerShell and Linux commands
  10. 10. Configure Diagnostics & Monitoring  Check the health of services and remotely stop/start processes  Monitor and action instance stats such as disk system usage Run Command: Use Cases Centrally Gather Configuration Information  Execute custom commands or scripts that check for updates  Configure and act upon log or other instance data
  11. 11. Define and maintain consistent configuration of operating systems and applications running in your data center or in AWS  Control configuration details such as anti-virus settings, iptables, etc.  Define your own schedules for deployment reviews  Compare actual deployments against specified configuration policy  State Manager reapplies policies if state drift is detected  Query State Manager to view status of deployments at aggregate or at an instance level State Manager: Overview
  12. 12. Maintain a Consistent Configuration  Specify and automatically maintain the desired configuration  Automatically apply configuration changes, settings or patches State Manager: Use Cases Reduce Configuration Drift  Periodically reapply policies to your instances  Query the status of your configurations at any time
  13. 13. Bootstrap and Auto- remediation  Bootstrap applications through State Formation – CloudFormation integration  Set up AWS Config Rules to trigger an association from a Lambda function to remediate the instance State Manager: Use Cases Configure Applications in an AutoScaling Group  Bootstrap instances on launch in an AutoScaling group  Ensure these instances are configured throughout lifecycle
  14. 14. Provides visibility into the software catalogue and configuration for your Amazon EC2 instances and on-premises servers  Gather detail on a variety of attributes, such as:  Installed applications & OS details  AWS components and agents  Network configuration  Inventory attributes are stored in AWS Config for auditing  Assess compliance of configurations using AWS Config Rules Inventory: Overview
  15. 15. Discover and Audit your Software  Collect detailed information on the software in your instances  Measure usage of licensed software across your fleet Inventory: Use Cases Security & Incident Analysis  Historical record of inventory changes over time  proactive notification if your configurations become non-compliant
  16. 16. Define one or more recurring windows of time during which it is acceptable for any disruptive operation to occur  Associate your instances with defined maintenance windows  Create different maintenance windows for different groups of servers  Works with both Amazon EC2 and on-premises infrastructure Maintenance Window: Overview
  17. 17. Automatically perform tasks in defined windows of time  Define a maintenance window using cron or rate expressions  Schedule maintenance so it doesn't overlap key business periods Maintenance Window: Use Cases Prioritise tasks and define timeout criteria  Facilitate prioritization of key tasks during maintenance windows  Execute tasks with specific IAM roles for granular security control
  18. 18. CRON/Task Scheduler Replacement  Move from instance-based scheduling to service-initiated scheduling  Single location for job history and logs  CloudWatch Events support for task status and results Maintenance Window: Use Cases
  19. 19. Automated tool that helps you simplify your Windows operating system patching process  Select the patches you want to deploy  Control timing for patch roll-outs and instance reboots  Define auto-approval rules for patches  Ability to black-list or white-list specific patches  Schedule the automatic roll out through maintenance windows Patch Manager: Overview
  20. 20. Automate Patch Approvals  Define patch baselines by products, categories & severities  Define approval rules and exceptions Patch Manager: Use Cases Manage Patch Compliance  Get up to date information on patch compliance  Identify instances with missing patches
  21. 21. Simplifies common maintenance and deployment tasks, such as updating Amazon Machine Images (AMIs)  Patch, update agents, or bake applications into your AMIs  Build workflows to accomplish complex tasks  Use pre-defined workflows or build your own Automation: Overview
  22. 22. Maintain and Update your AMIs  Integrates with CloudWatch for proactive notifications  Use in conjunction with Maintenance Windows Automation: Use Cases Include Applications in your AMIs  Bake applications into an image  Incorporate Automation as part of your change management process
  23. 23. Centralized store to manage your configuration data, including plain-text data or secrets, encrypted through AWS Key Management System (KMS)  Critical information stored securely within your environment  Integrates with AWS IAM, AWS KMS, AWS CloudTrail  Access control at parameter-level or even at API level  Re-use across your AWS configuration and automation workflows  Amazon EC2 Systems Manager capabilities (Run Command, Automation, State Manager, etc.)  AWS services (Amazon ECS, AWS Lambda, etc.) Parameter Store: Overview
  24. 24. Easy configuration of applications  Create env-specific parameters and reference in workflow  Perform config-management at scale without plain-text passwords Parameter Store: Use Cases Secure domain join  Create secure string parameter with domain join password  Control access to specific users and refer using simple syntax
  25. 25. Secure application deployment  Improve security posture by not hardcoding configuration secrets in source code using CodeDeploy or Code Pipeline  Deploy containerized apps by using parameters in Amazon ECS task definitions Parameter Store: Use Cases
  26. 26. In summary... Hybrid Cross-platform Scalable Secure Easy-to-write automation Expected Reduction in Total Cost of Ownership (TCO)
  27. 27. Ananth Vaidyanathan Sr. Product Manager E: