Cloud

Multi-Cloud Connectivity Options (AWS + Azure)

Posted on by Reid Badgett

You may have requirements to bridge different cloud providers, including regulatory, compliance or organizational needs.

There are a few ways to bridge the Amazon Web Services (AWS) cloud with the Microsoft Azure cloud. Here a few approaches that we’ve seen work well for our customers:

  1. Set up a Virtual Private Network (VPN) connection between the two clouds. This will allow you to establish a secure, private connection between your AWS and Azure environments. You can use either a site-to-site VPN or a client VPN, depending on your needs. (Step-by-Step instructions).

  2. Use the AWS Direct Connect service to establish a dedicated network connection between your on-premises data center and the AWS cloud. This can help reduce network costs and improve performance for workloads running in both clouds.

  3. Use the Azure ExpressRoute service to establish a dedicated network connection between your on-premises data center and the Azure cloud. This can also help reduce network costs and improve performance for workloads running in both clouds.

  4. Use a virtual direct connection service, such as Megaport Cloud Router, to achieve similar performance to Direct Connect and ExpressRoute without the setup and maintenance complexity.

Regardless of which approach you choose, it is important to carefully plan and test your cloud bridge to ensure that it meets the needs of your organization. You should also consider factors such as security, cost, and performance when deciding which approach is best for your use case.

AWS, Cloud Migration

What you need to know about migrating to the AWS Cloud

Posted on by Lee Brinckley

Over the last several years, we have seen a mass exodus from on-premise and colo infrastructure to the cloud. There are several reasons organizations are moving to the cloud, but one of the main reasons is a reduction costs to maintain their applications. It is true that applications migrated to the cloud reduce costs in the long run. However, if the migration was not thought out well or done incorrectly, the organization can be leaving money on the table when it comes to cost savings (and other positive outcomes).

The first thing an organization needs to do is determine the best migration for their applications. Most migrations fall within 4 categories.

The Lift and Shift –

Lift and Shift requires the least up-front costs. In a nutshell, it is lifting the existing application from one infrastructure and moving it (“shifting it”) to another infrastructure. With this method there is effectively zero modification to the code. This method usually takes the least amount of time, but it may not always save the organization money because the application may not be optimized for the cloud. The organization is likely minimally leveraging the power of the AWS cloud at the end of this step.

The Lift, Shift, and Optimize –

Lift, Shift, and Optimize is very similar to Lift and Shift with the addition of making some code changes and updates to the app improve performance and stability. Organizations may go this route if they know their application needs minor updates to be compatible with AWS cloud, but do not want to go the route of a full rebuild. Although this usually reduces costs in the long run, the cost savings are still limited because it cannot fully leverage all of AWS’ cloud features.

Refactoring –

An organization may want to move their application to the cloud but is incompatible. In this case, refactoring is an option. Refactoring is restructuring or making major changes to the application’s code. When an organization refactors their application for AWS cloud, they can leverage AWS cloud’s power and features. In the long run, the organization will experience great cost savings over time, but there will be increased upfront costs to achieve the refactoring.

Rebuild –

The final option is not really a migration. It is rebuilding the application from the ground up in AWS cloud. This is potentially a very good choice to couple with a modernization effort. The additional benefit of a rebuild is taking advantage of all that AWS cloud has to offer. It means the organization can map out the cloud infrastructure and build the application to be scalable, secure, and optimized for performance and cost savings. This, like refactoring, can be a large undertaking, but the organization will reap significant cost savings in the long run.

The second thing an organization needs to do is decide who will do the migration. Will it be done in-house with available resources or an AWS consulting partner. There are pros and cons to both.

Using in-house resources in your IT department may save costs in the migration, but there are other factors an organization should evaluate such as time required of the resources. They should look at the resource’s knowledge and experience with cloud environments as the cloud is very different from on-premise infrastructures. In-house resources are probably equipped for Lift and Shift and Lift, Shift, and Optimize, but may be too inexperienced for Refactoring or Rebuilding.

If the organization wants to Refactor or Rebuild their applications in the cloud, an AWS Consulting Partner would be a better choice. The cost to hire a consultant may be higher up front, but with assurance the cloud infrastructure and app will be built correctly, the organization will drastically reduce costs in the long run. They can also teach your internal resources what they need to know so as to support the applications in the long run.

The best way to migrate is not always an easy decision, but you want to make the right decision that reduce costs in the long run. As an AWS Consulting Partner, we would be happy to discuss your options and help you decide the best method to migrate your application. Feel free to contact us.

4 ways to migrate to the cloud
Free Download
AWS

What’s an AWS Well-Architected Review and is it Worth it?

Posted on by Lee Brinckley

Amazon Web Services (AWS) has become very popular as a cloud solution for many organizations. Pay-per-use model, the ability to scale based on usage, self-service, and high resiliency are all attractive benefits to AWS. As a result, organizations see lower IT costs, better quality and quicker time to market, but this is not always the case. AWS noticed that many technology teams were building systems for their applications with legacy practices instead of AWS best practices. AWS’s best practices are built on five pillars – operational excellence, security, reliability, performance efficiency, and cost optimization. When a technology team builds with legacy practices, they are actually building against the AWS framework,  causing their AWS environment to produce high costs, lower quality and slower time to market. This means an organization could be spending 1,000s more a month than necessary. When performance is slow, it keeps their team from working efficiently and troubleshooting preventable issues and the organization could be losing profitable opportunities.

The Well-Architected Framework Review was created by AWS as a way to test the system against their five pillars. The goal of the review is to see what has been done right and what needs to be addressed immediately. AWS empowers their Advanced Consulting Partners to conduct the Well-Architected Framework Review and remediate any architectural concerns.

Does a Well-Architected review really make that much difference? Let’s look at each pillar to answer this question with a few self-assessing questions.

Operational Excellence – As your business and technology continue to evolve, can your operations support the change? Can your procedures support your business needs and respond effectively as your business grows?

Security – Did you put into place the necessary security practices before you launched your system? Do you have a well-defined process for security incidents to prevent catastrophic financial losses? Is your environment architected in a way to meet changing compliance regulations?

Reliability – Do you have monitoring and mechanisms in place for changes in demand (such as bandwidth) or requirements? Can your system detect an issue and resolve it? Can your system stand the test of time?

Performance Excellence – Can your system make tradeoffs to improve performance, such as using compression or caching, or relaxing consistency requirements? Can your system enable different features or solutions to improve performance?

Cost Optimization – Can your system use appropriate instances or resources to have the most cost-efficient impact? Are you overcompensating to be safe or taking the time to benchmark for the best possible cost outcome?

If you answered “no” or “I don’t know” to any of the questions, it would be a good idea to do a Well-Architected Framework Review. On average, it takes less than a week to complete and requires only a few hours of your time. It is possible that you could be wasting money and production time and losing profitable opportunities. If your AWS system is not built on the strong foundation of the AWS pillars, you may experience several costly issues that take months to fix.

To learn more about the AWS Well-Architecture Framework Review, contact us.

Receive $5,000 in AWS credits when we do a remediation
based on our review

Please select a valid form

AWS

Could a Well-Architected Framework Review Have Prevented the Capital One Breach?

Posted on by Lee Brinckley
06
Aug

On the heels of the Equifax data breach settlement, Capital One announced their disastrous data breach. According Capital One, the breach took place on March 22 and 23, 2019. The hacker gained access to approximately 106 million records of personal information that included names, addresses, dates of birth, credit scores, transaction data, social security numbers and bank account numbers.

Capital One hosts its data on AWS servers. Because of the breach, AWS has come under scrutiny, but upon further investigation, the breach was caused by an open-source Web Application Firewall (WAF) misconfiguration on Capital One’s part, not AWS. The WAF had too many permissions, therefore allowing the hacker to trick the server with a well-known method called a Server Side Request Forgery (SSRF) attack and gain access to the data.

SSRF is becoming a problem for organizations who host their data on AWS. Although the underlying infrastructure of the AWS cloud server is secure and stable, it is common for developers to build servers with outdated practices. Therefore, the organization’s data becomes vulnerable to an SSRF attack and other methods of compromise.

Amazon knows this very well and created the Well-Architected Framework service for AWS customers to help them build their architecture securely and detect common exploitation techniques. Amazon’s Well-Architected Framework is built on the five pillars of AWS:

Operational Excellence

The operational excellence pillar includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.

Security

The security pillar includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.

Reliability

The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues.

Performance Efficiency

The performance efficiency pillar includes the ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve.

Cost Optimization

The cost optimization pillar includes the ability to avoid or eliminate unneeded cost or suboptimal resources.

As an AWS Partner, we perform Well-Architected reviews for your AWS and application architecture by following the five pillars. We look for vulnerabilities, misconfigurations and identify what needs to be remediated.  We work with you to remediate any issues we’ve found so that you can rest knowing that your architected solution is built solidly on the five pillars. For a limited time, receive $5,000 in AWS credits when we do a remediation based on our review.

An AWS Well-Architected Framework Review would have caught Capital One’s disastrous misconfiguration. No one wants to be on the homepage of a news outlet like Capital One (and Equifax) because their data was stolen. If you are an AWS customer and you have never had your application architecture inspected, it is time.

I want to learn more about the AWS Well-Architected Review.

Please select a valid form
Posted in AWS  |  Tagged