Flux7 DevOps Blog

Global Audit Firm Builds AWS Disaster Recovery Solution with Flux7

Companies have ‘life events’ and we often get the opportunity to work with them at these times as they spur the need for change. In the case of the customer we’re highlighting today, they reached out to the AWS Premier Consulting Partners at Flux7 as they had recently acquired a Canadian-based company for whom they needed to complete a full Disaster Recovery (DR) build out. The firm is subject to Canadian regulations that state that data created in Canada needs to remain stored in Canada. As a result, this audit firm needed a Canadian DR facility that would store all data in country.

IT Modernization and DevOps News Week in Review

With the General Data Protection Regulation (GDPR) set to go live this Friday, we thought we’d focus this week’s DevOps news in review on using the cloud to help ensure compliance. If you aren’t already familiar with the upcoming GDPR, you should be. While it’s an EU regulation, it serves to protect the personal data of all EU citizens. As such, if you control or process data of EU citizens, the rule applies to you, squarely setting responsibility for protection of that data on your shoulders. It's noteworthy that fines are hefty for the regulation, reaching up to 20 Million Euro or 4% of annual turnover.

AWS Case Study Research Firm Attains Secure High Performance Computing

We recently had the opportunity to work with a privately-held clinical research organization that was interested in updating the systems that its internal team of research scientists uses for data analysis. It was interested in moving to the AWS cloud as the team’s large data-related demands had outgrown its on-premise system and needed the benefit of a highly secure, elastic, high performance computing environment.

Security in AWS: Flux7’s Take on the New Amazon GuardDuty

Security in AWS: Flux7’s Take on the New Amazon GuardDuty

At re:Invent just a few weeks ago, AWS announced Amazon GuardDuty, to enable secure monitoring. At the time, we lauded the announcement for its ability to grow security in AWS with a more holistic view of security in the cloud. In the past few weeks, we’ve fielded inquiries from several customers asking about the service, its features, and potential fit for their organization. Knowing that their questions may be indicative of a wider interest in the new managed service that monitors and detects malicious or unauthorized behavior across an organization’s AWS infrastructure, we are sharing today our analysis of Amazon GuardDuty.

How to Effectively Balance DevOpsSec in the AWS Cloud

As AWS DevOps partners, we are often asked the best approach to balance DevOpsSec within AWS environments. What are the AWS and DevOps best practices and how do you build in security in such a way that it propels the business forward? 

AWS Case Study: Pharmaceutical Migrates R&D Analytics to AWS

We recently had the opportunity to work with a pharmaceutical company that is breaking new ground when it comes to treatments for life-threatening ailments like cancer. Seeking to innovate across the organization -- from R&D to IT -- this company reached out to the DevOps team at Flux7 to help it migrate its Cloudera Hadoop-based analytics systems to AWS. Specifically, the vision was to take all of its diverse data sets to the cloud, establishing a highly available and secure environment where the firm could conduct data modeling and data analysis while protecting sensitive data and ensuring GxP and HIPAA compliance. Read on for the full AWS case study.

Visual Guide to Configuring Top AWS Config Rules

In our experience working with hundreds of organizations on compliance projects ranging from AWS PCI compliance and AWS HIPAA compliance to internal risk management initiatives, it’s clear that achieving and maintaining compliance is a delicate balance. Too many rules can slow progress and sometimes even cause teams to avoid complying at all. And too few guidelines can obviously result in unwanted fines, or in a worst case scenario, a security vulnerability that causes the business serious harm. Central to establishing and ensuring AWS risk and compliance efforts is the well-known practice of AWS configuration management. It plays a central role in keeping systems in a known, good state and with the application of automation can help organizations strike an optimal balance.

A Checklist for 6 Common IT Modernization Processes

Good AWS Security Hygiene: Limit Risk With Security by Design

A misconfigured data bucket in AWS Simple Storage Service (S3) led to a Republican contractor’s database of nearly every voter being left exposed on the Internet for 12 days, according to CRN. This news presents an unfortunate reminder of why good AWS security hygiene is important to designing, building and managing AWS environments. In this spirit, we’d like to explore two basic AWS best practices that when built-in can help stave off extreme events like this.

Fostering Cross Account AWS CodePipelines

AWS automation recently got a boost: the company introduced the ability to build an end-to-end release automation workflow that can deploy changes across multiple regions or different AWS accounts. And they subsequently featured an article on their blog on the steps to create a cross region CodePipeline. Today, however, we want to address the other half of this equation -- building cross account pipelines -- and thought it worthwhile to share with you here when and why we would recommend the benefits of this approach.

A Technical Look at Managing Secrets using AWS Parameter Store

As systems become more complex, it’s more important than ever to ensure you have a strategy for effective and efficient secrets management. While we will dive into the technical aspects of doing just this within AWS, let’s first review what exactly secrets are and why you need to manage them.

AWS Organizations: A New Era in Managing AWS Accounts

At re:Invent 2016, AWS announced Organizations, the ability to have and easily manage multiple accounts. Flux7 consultants have long recommended multiple accounts to clients as a best practice for maintaining separation of roles and applications to address security and compliance policies and now it’s even easier with the AWS Organizations Service. Let’s first walk through what makes it so easy and then we’ll share AWS and Flux7 best practices.

AWS ECS and Vault Paired for HIPAA-Compliant Secret Management

 

Controlling access to sensitive information, or secrets, required by your applications is a ubiquitous architectural requirement. Your applications need information like passwords, API keys, and certificates, and as the application owner you need to ensure this information is only accessed by the correct application. You also need to know when this information was accessed and by which entity.

AWS Case Study: Web Dev Firm Boosts eCommerce Performance & Security

At Flux7, we get the opportunity to work with organizations across many industries and with a variety of challenges. As a result, we often get asked how other companies approach and solve different challenges. One challenge we are frequently asked about is website performance, security and elasticity, especially as it relates to eCommerce. As such, we’re happy to share with you today the story of a customer who was looking to balance these goals and how with the help of Flux7 consultants they were able to do so.

Flux7 SmartStart Eases Vault Technology Adoption for Payment System Provider

 

Our DevOps consultants often get asked about the use of specific technologies and if they would make a good fit for the inquirer’s organization. One of those technologies that we frequently field questions about is HashiCorp Vault. As a result, we think you’ll be interested in this short story of a financial services organization who moved to Vault to improve its secret management system. (For a fuller version of this story, please access the case study here.)

Setting the Stage for SaaS Provider’s Microservices Architecture

 

An ounce of prevention is worth a pound of cure, and, that’s exactly what this SaaS sales application provider asked for the AWS experts at Flux7 to come in and provide. Knowing our deep background and knowledge of the ins and outs of AWS services -- and the ecosystem of technologies that work with it -- they asked if we could validate their AWS roadmap and help them take full advantage of the benefits AWS provides.

Flux7 Achieves AWS Consulting Partner Recognition For Amazon Aurora

Today we are delighted to be recognized as having achieved AWS Service Delivery Partner status for Amazon Aurora. As you can see from thenews release we issued, the AWS Service Delivery Program is designed to highlight AWS Consulting Partners who have a track record of delivering verified customer success for specific Amazon Web Services (AWS) products.

AWS Security Best Practice: Attach or Replace AWS IAM Roles to Existing EC2 Instances

One of the approaches our AWS Consultants consistently take is Security by Design. By building security in from the beginning--rather than as an afterthought--security rules, processes and controls are inherent to the system. We like to think of it as a race car with the roll cage built into the frame vs. a race car built and the roll cage added afterward. Truthfully, which car would you feel safer helming?

Urgent AWS Migration Shows Need for Automation, Preparation, Flexibility

We have been working closely with a customer who is undergoing a business transformation. As a multimedia equipment manufacturer, the organization has a loyal following of its high quality devices. However, like many companies facing the convergence of markets and new customer demands, the company has embarked on a metamorphosis. Traditionally very focused on hardware, their software was largely ignored even though it offered customers real value. Part of the company’s transformation was a move to treat their software like a full-fledged offering, rather than a free supplement. An upcoming product release marked the first (and biggest steps), in cementing this change in company direction.

Building a Service Catalog at a Healthcare Innovator

How Flux7 Helped Increase Developer Productivity with AWS Service Catalog

At Flux7, we are expert at helping healthcare organizations gain a competitive advantage in the market through IT modernization projects that amplify their inherent business strengths. So when were approached by this healthcare organization who sees technology as a competitive advantage, we were quite excited to dive in.

2016 Year in Review: Container Technology

Container technology was a well-read topic on the Flux7 blog in 2016, joining our blog on Continuous Integration Best Practices(CI/CD) and AWS Configuration Management as subject areas that received the most attention from our readers. From hardening containers to container based cloud migration frameworks and Docker-based microservices architecture, our DevOps consultants published a great deal of analysis, advice and best-practice approaches to help our readers achieve success with containers in AWS.

Ease of Use, Hybrid Cloud are Banner Themes at AWS re:Invent 2016

At re:Invent 2016 Werner Vogels, AWS CTO, donned a Transformer shirt to tell us we can be Transformers. And, Andy Jassy, AWS CEO, emphasized in his presentation that we can all be superheroes, with superpowers. This emphasis on the ability to easily control, manage and even transform your AWS environment -- from x-ray vision to immortality -- was a great way to frame the two themes of the show which boiled down to increased ease of use and a greater acceptance for the hybrid cloud model.

Now that the first wave of innovators and early adopters have moved their workloads to the cloud, we are seeing majority, more pragmatist organizations, migrating to the cloud. However, unlike early movers who were willing to navigate the complexity of AWS tools and technology, this second wave of organizations puts a higher premium on ease-of-use. Given that, let’s look at how AWS has done just this through our lens of operations, DevOps and Security.

Re:Invent Review: Deploying Scalable SAP Hybris Clusters using Docker

 At this year’s re:Invent, Flux7’s CEO, Aater Suleman, had the great pleasure of presenting with Hemanth Jayaraman, Rent-A-Center’s director of DevOps. (You can watch the full presentation here.)  We shared with the audience the story of how we worked with Rent-A-Center to help them address their challenge to architect, deploy, and manage a mission-critical SAP Hybris ecommerce platform that could scale to 6+ million users a month. 

AWS Web Application Firewall Grows Protection with Application Load Balancer Coverage

AWS recently announced the expansion of the AWS Web Application Firewall (WAF) to include coverage for application load balancers. Working with a wide variety of organizations to design and build secure applications within the AWS cloud, we frequently call upon WAF as a critical component of our solution. In fact, we were recently recognized for having achieved AWS Service Delivery Partner Status for AWS WAF.

Flux7 Achieves AWS Service Delivery Partner Status for AWS Web Application Firewall

Yesterday at re:Invent, we were delighted to be recognized as having achieved AWS Service Delivery Partner status for AWS Web Application Firewall (WAF). As you can see from the news release we issued, the AWS Service Delivery Program is designed to highlight AWS Partner Network (APN) Partners who have a track record of delivering verified customer success for specific Amazon Web Services (AWS) products.

Handling Secrets in Microservices

As we discussed recently, AWS microservices are being adopted widely across organizations and industries for their ability to increase service delivery and speed time to market while decreasing team overhead. As organizations begin traveling down the path to a microservices architecture, one hurdle that they often run into is enterprise password management or secret management. For, as the number of microservices increase, so too do the number of credentials—often exponentially so—creating a need for effective and efficient management.

Implementing PCI DSS on AWS

According to Innovative Retail Technologies, 52% of surveyed retailers plan to actively move applications to the cloud this year. The initially tepid response to cloud is waning as retailers learn more about its strengths for availability and innovation. Yet, one question our AWS consultants frequently field from retailers is about achieving AWS PCI Compliance in the cloud. As most readers of this blog know, the Payment Card Industry Data Security Standard, otherwise known as PCI DSS, is an information security standard requiring organizations to incorporate controls around customer data to prevent credit card fraud. There are several ways that AWS helps its retail clients build a foundation for PCI compliance and they’ve recently announced one more in the form of a Quick Start.

AWS EC2 Run Command Enhancements for Greater Control and Reliability through Automation

Automating common administrative tasks to improve workload reliability and decrease potential risk is a common theme our consultants at Flux7 help our clients with. Doing so simplifies administration, encourages security through consistency and helps improve control over users and permissions. Amazon launched EC2 Run Command in October 2015 to help attain these benefits.

Microservices Security: AWS Increases Container-Enabled App Security

As AWS experts we work closely with organizations who handle a wide variety of sensitive information – from patient health records to credit card data and more. Resultantly, we are always on the look-out for technology and best practice-based improvements to ensuring cloud-based security. With more and more of our clients looking to embrace a microservices architecture, cloud security and compliance naturally didn’t stop being a focus which is why we are happy at the news from AWS today that they’ve addressed how to help secure container-enabled applications with IAM Roles for ECS tasks.

Docker Security Scanning: Deep Visibility to Container-Based Vulnerabilities

 

Just last month we wrote about Docker upping the security ante with a number of new security controls built into Docker 1.10 and here we are yet again. Dockercon 16 is coming up fast - June 19-21, 2016  in Seattle - and we're looking forward to sharing the Dockercon stage for second time with a customer - Fugro this time -  to talk about how enterprises can use Docker and AWS to address common challenges. Check out the speaker list here 

AWS SSM for Improved Security, Auditability and Automation

Amazon Simple Systems Manager or SSM as we’ll refer to it throughout this article, is a great example of an important feature in the Amazon Web Services toolset that we try to highlight for our clients because of its DevOps, compliance and security benefits. As AWS partners recognized for our customer service and expertise, we are often asked about the implications of specific AWS features and their benefits.

AWS Cross Accounts Access: Part 2

Cross Accounts Access Set-Up and Benefits

AWS Cross Accounts Access: Part 1


Here at Flux7, as AWS partners, we perform hundreds of AWS account reviews and we always start at the same place
AWS partners, we perform hundreds of AWS account reviews and we always start at the same place: AWS Account Architecture.

Improved Security with AWS CodeCommit

 

 

AWS CodeCommit is a fully managed version control management service offered by Amazon Web Services. It is a highly scalable and fully managed hosted service. It is compatible with Git and hence all of the git commands work with AWS CodeCommit. AWS Codecommit is highly secure in the sense that the data is encrypted both at rest and in transit. The repositories offered under this service are private by default. AWS Codecommit supports both HTTPS and SSH protocols.

Docker Security, Hardened Containers and a Layered Strategy


Docker recently unveiled version 1.10 of its popular container technology. Security was a major focus of the release with several features designed to strengthen the security of Docker containers. According to the Docker blog,

“All the big features you’ve been asking for are now available to use: user namespacing for isolating system users, seccomp profiles for filtering syscalls, and an authorization plugin system for restricting access to Engine features. Another big security enhancement is that image IDs now represent the content that is inside an image, in a similar way to how Git commits represent the content inside commits.”

AWS Case Studies: Autoscaling:  A Multi-region High Availability Website

Flux 7 Helps HomeAway Save Christmas in the Nick of Time

 

As the world’s leading online marketplace for the vacation rental industry, HomeAway aims to help families and friends find the perfect vacation rental to create unforgettable travel experiences together.

And while many families like to get away for the holidays, two-thirds of kids worry that Santa won’t find them if they aren’t home on Christmas. As a result, this past holiday season HomeAway launched a marketing campaign to proactively address the issue.

Ansible Playbooks for Provisioning and Managing AWS Environments

 In our last blog post, we discussed how Ansible’s configuration management tools can benefit Amazon Web Services (AWS) environments – especially for DevOps focused organizations. Today we’d like to share how to realize those benefits with Ansible Playbooks.

Playbooks are Ansible’s configuration, deployment, and orchestration language. Keeping in line with Ansible’s focus on simplicity without sacrificing security and reliability, Playbooks purposefully have a minimum of syntax because they aren’t meant to be a programming language or script, but rather a model of a configuration or a process.

AWS Case Studies- DevOps: Creating Scalable IOT Infrastructure

AWS Case Studies: DevOps 

A Fortune 500 manufacturer was using Hadoop, internal data centers, Rackspace and CenturyLink to facilitate services that connected its customers with data insights using an Internet of Things model. The overarching goal: to facilitate continuous data-driven improvement within its customers’ operations. To help achieve this goal and overcome its Hadoop scaling issues, the company engaged with Flux7, DevOps consulting group and AWS partners. Additionally, the manufacturer sought a global solution that would comply with EU data privacy laws.

Making the Path to AWS Easier with Ansible Configuration Management

One of the key benefits of cloud computing is the opportunity to replace up-front capital infrastructure expenses with low variable costs that scale with your business. And, while it is easy to quickly spin up hundreds or thousands of new servers in minutes with Amazon Web Services (AWS), it’s much more difficult to ensure that those new machines are configured appropriately. Enter the marriage of configuration management tools and AWS.

AWS Config: A Configuration Manager To Save The Day

Part 2: How to Make AWS Config Work for You

One of the biggest fears that CIOs of the digital age have is not only server crashes, but the inability to recover the system to its last-known state. This is particularly painful in compliance-heavy industries that are subject to external audits to make sure everything is being performed to industry standards and within federal compliance. AWS Config is a service which picks out a detailed account of what happens with your AWS configuration while giving you the critical ability to go back in time and verify or check the state your AWS resources were at a given point of time.

AWS Security Best Practices: What Enterprises Need to Know About Open Source TLS

Cloud Computing in Healthcare: Best Practices for Life Sciences and Healthcare

Unique cloud strategies to gain business advantage

Cloud computing in healthcare is driving a new era of change.

Lessons Learned from Code Spaces: What to Do with AWS Now

Code Spaces. Its story is sending shivers up and down the spines of businesses and developers alike, and for good reason. But that doesn’t mean it should stop the progress of cloud migration or significantly change your strategy. In fact, the story brightly shines a light on an issue that is avoidable, and serves as a warning of what can happen in the complex world of cloud architecture.

Docker Tutorial Series, Part 5: Docker Security

Keeping in Check: Fire Drills and Disaster Readiness

This past weekend, we solved two problems for two customers. They both had working configuration management solutions. One used Puppet; the other used Chef. One was Red Hat-based; the other was Debian-based. But, both of them had the same problem.

AWS Summit in San Fran: From Monitoring & Log Management to VPC Peering … What Flux7 Learned

As we expected it to be, the AWS Summit this week was an excellent experience. We talked to a lot of interesting people, new and old. We gathered several customer leads, shared technology best practices, talked about business development strategies, and explored several partnership opportunities. As promised, I am now sharing with you my experience in San Francisco, so please read on.

AWS Summit in San Fran: A Bevy of Breakout Sessions that Excites Our Flux7 Team: Security, HPC & Certifications

After my post last week about using AWS in the cloud, I thought I’d share the sessions at the upcoming AWS Summit in San Francisco that have us excited. These sessions are heavily influenced by my own interest coming from my role within Flux7 and the technology development I work on both internally at Flux7 and for our professional services clients.

6 reasons why large enterprises should move to Amazon Web Services

Amazon has changed the face of the world of startups with its cloud services. Now it’s possible for two men in a garage to set up large computer clusters for zero capital cost.

How to: Handle multiple AWS accounts conveniently using AWSma

At Flux7, we believe in high productivity, so each of our engineers handle multiple AWS client accounts, and sometimes multiple engineers handle one client. As a team leader who manages 10s of client accounts, I need to switch in and out of each account several times an hour, which is a real challenge because so much customer-specific information must be loaded into files and environments that we call “customer profiles”. Each includes the following:

Virtual Private Cloud (VPC) Best Configuration Practices

As we at Flux7 Labs AWS partners work on deployments for our customers, many ask questions about basic AWS security issues, including those addressed by using Virtual Private Clouds (VPCs). So in this post we provide a guide for setting up and using VPCs in order to help guide your AWS setup. This AWS VPC tutorial is based on our experience from using VPN in AWS deployments both for Flux7 Labs’ internal systems and for our customers’ systems. VyScale, our cost- and performance-management solution, is an excellent tool for setting up systems inside of VPCs.

Subscribe to Flux7's Blog

Posts by Topic

see all

Recent Posts