AWS FREQUENTLY ASKED QUESTIONS (FAQ)

Similar documents
Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content

Cloud Computing /AWS Course Content

Amazon Web Services Training. Training Topics:

Amazon Web Services (AWS) Training Course Content

AWS Course Syllabus. Linux Fundamentals. Installation and Initialization:

Amazon Web Services. Block 402, 4 th Floor, Saptagiri Towers, Above Pantaloons, Begumpet Main Road, Hyderabad Telangana India

At Course Completion Prepares you as per certification requirements for AWS Developer Associate.

AWS Solution Architect Associate

Training on Amazon AWS Cloud Computing. Course Content

LINUX, WINDOWS(MCSE),

AWS Administration. Suggested Pre-requisites Basic IT Knowledge

Introduction to cloud computing

NGF0502 AWS Student Slides

25 Best Practice Tips for architecting Amazon VPC

Introduction to Cloud Computing

Get the Most Out of GoAnywhere: Achieving Cloud File Transfers and Integrations

American Commercial Lines: Migrating Oracle E-Business Suite to AWS

ActiveNET. #202, Manjeera Plaza, Opp: Aditya Park Inn, Ameerpetet HYD

Enroll Now to Take online Course Contact: Demo video By Chandra sir

Cloud security 2.0: Joko nyt pilveen voi luottaa?

We are ready to serve Latest IT Trends, Are you ready to learn? New Batches Info

Oracle WebLogic Server 12c on AWS. December 2018

Advanced Architectures for Oracle Database on Amazon EC2

Performing an ObserveIT Upgrade Using the Interactive Installer

Deploy. A step-by-step guide to successfully deploying your new app with the FileMaker Platform

Amazon AWS-Solution-Architect-Associate Exam

Microsoft Azure for AWS Experts

HySecure Quick Start Guide. HySecure 5.0

CIT 668: System Architecture. Amazon Web Services

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Building a Modular and Scalable Virtual Network Architecture with Amazon VPC

Aurora, RDS, or On-Prem, Which is right for you

Security Camp 2016 Cloud Security. August 18, 2016

CPM. Quick Start Guide V2.4.0

Deploying High Availability and Business Resilient R12 Applications over the Cloud

Amazon AWS-Solutions-Architect-Professional Exam

Oracle DBA workshop I

P a g e 1. Teknologisk Institut. Online kursus k SysAdmin & DevOps Collection

Security Aspekts on Services for Serverless Architectures. Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

Upgrading an ObserveIT One-Click Installation

AWS Solution Architect (AWS SA)

SnapCenter Software 4.0 Concepts Guide


How the Cloud is Enabling the Disruption of the Construction Industry. AWS Case Study Construction Industry. Abstract

HPE Digital Learner AWS Certified SysOps Administrator (Intermediate) Content Pack

ArcGIS 10.3 Server on Amazon Web Services

Object Storage Service. Product Introduction. Issue 04 Date HUAWEI TECHNOLOGIES CO., LTD.

Filters AWS CLI syntax, 43 Get methods, 43 Where-Object command, 43

SUREedge Migrator Installation Guide for Amazon AWS

High School Technology Services myhsts.org Certification Courses

PCI DSS Compliance. White Paper Parallels Remote Application Server

Minfy MS Workloads Use Case

Minfy MS Workloads Use Case

ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS

About Intellipaat. About the Course. Why Take This Course?

Course Outline. Module 1: Microsoft Azure for AWS Experts Course Overview

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

ROYAL INSTITUTE OF INFORMATION & MANAGEMENT

Introduction: Is Amazon Web Service (AWS) cloud supports best cost effective & high performance modern disaster recovery.

CogniFit Technical Security Details

OUR CUSTOMER TERMS CLOUD SERVICES - INFRASTRUCTURE

Simple Security for Startups. Mark Bate, AWS Solutions Architect

Puppet on the AWS Cloud

Actifio Test Data Management

Database Level 100. Rohit Rahi November Copyright 2018, Oracle and/or its affiliates. All rights reserved.

Technical White Paper NetBackup 8.1 and later. NetBackup in the AWS Cloud: Required setup to use Amazon EFS as the NetBackup CloudCatalyst cache

Zadara Enterprise Storage in

Using SQL Server on Amazon Web Services

Developing Microsoft Azure Solutions (70-532) Syllabus

Exam : Implementing Microsoft Azure Infrastructure Solutions

Edge Device Manager R15 Release Notes

Virtualizing Oracle on VMware

VMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway

Oracle 1Z Oracle Cloud Solutions Infrastructure Architect Associate.

AWS Well Architected Framework

ForeScout CounterACT. (AWS) Plugin. Configuration Guide. Version 1.3

Using AWS Data Migration Service with RDS

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

Modernize Your Backup and DR Using Actifio in AWS

What is Cloud Computing? What are the Private and Public Clouds? What are IaaS, PaaS, and SaaS? What is the Amazon Web Services (AWS)?

Baremetal with Apache CloudStack

Alliance Key Manager A Solution Brief for Partners & Integrators

Deep Freeze Cloud. Architecture and Security Overview

Introduction to Virtualization

Cloudera s Enterprise Data Hub on the Amazon Web Services Cloud: Quick Start Reference Deployment October 2014

Confluence Data Center on the AWS Cloud

Experiences with OracleVM 3.3

Overview of AWS Security - Database Services

Cloud & AWS Essentials Agenda. Introduction What is the cloud? DevOps approach Basic AWS overview. VPC EC2 and EBS S3 RDS.

70-532: Developing Microsoft Azure Solutions

How can you implement this through a script that a scheduling daemon runs daily on the application servers?

Installation of Informatica Services on Amazon EC2

Welcome to the. Migrating SQL Server Databases to Azure

Alliance Key Manager A Solution Brief for Technical Implementers

Cloud Security Best Practices

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web


25 Best Practice Tips for architecting Amazon VPC. 25 Best Practice Tips for architecting Amazon VPC. Harish Ganesan- CTO- 8KMiles

VMware Notification Service v2.0 Installation and Configuration Guide Configure ENS2 for cloud and on-premises deployments

Transcription:

UCPATH @ AWS FREQUENTLY ASKED QUESTIONS (FAQ) ARCHITECTURE WHAT WILL CHANGE DURING THIS MOVE TO AWS? All environments use a standardized format using Cloud Formation Scripts. They are also all encapsulated into their own environment and do not share any information in between them. Further details are in the Solution Design document. WHAT IS THE ARCHITECTURE DESIGN REGARDING FOLDER STRUCTURES? CACHE? LOGS? Each environment will have a dedicated EFS Folder that contains the same paths as you use today; we are removing the environment component of the path. Further details are in the PeopleSoft File System Configuration document HOW ARE THE PRODUCTION INSTANCES SEPARATED FROM NON-PROD INSTANCES? Production instances and non-production are contained in completely separate AWS accounts with separate credentials, VPC, security groups and ACLS. WILL AWS USE PROJECT CACHE PRE-LOAD?, we are using cache project created by UCOP. It is currently loaded and complete. IS IT A RAC ENVIRONMENT? No, but it is highly scalable up to 64 CPUs and 488g of RAM for DB, which will accommodate our anticipated 200K+ user base. HOW WILL YOU IMPLEMENT ELASTIC SEARCH? DLZP will build Elastic Search architecture into our existing System Architecture and provide to UCOP. WHAT ARE THE NAMING CONVENTIONS FOR AWS? Naming conventions procedures can be found in the Solution Design Document.

HOW DO YOU INSURE DATA INTEGRITY IN A SHARED STORAGE MODEL? Amazon guarantees data integrity. For example, AMIs are not accessible via S3 proper: instead they are only available via the CLI or Management console which are strictly controlled via IAM identity management, MFA, credentials. See: https://aws.amazon.com/compliance/data-privacy-faq https://aws.amazon.com/premiumsupport/knowledge-center/data-integrity-s3/ HOW DO YOU PREVENT CROSS-ACCESS IN A SHARED TENANCY MODEL AWS isolates resources from other customers even when they share the same physical resources. Underneath the covers in AWS, there is a physical host with a hypervisor running on it to handle the virtualization of CPU, memory, storage, and other resources HOW DO YOU ADDRESS IMAGE SPRAWL ISSUE IN CLOUD ENVIRONMENTS? Image sprawl is managed under AWS Best Practices for image control. See: https://aws.amazon.com/answers/account-management/aws-tagging-strategies/ https://awsinsider.net/articles/2016/08/29/curb-vm-sprawl-with-aws-tags.aspx WHERE CAN I GET MORE INFORMATION ABOUT ARCHITECTURE? Please reference the architectural diagrams as well as the in the Solution Design document. CHANGE MANAGEMENT WHAT CHANGES DOES AWS BRING WHEN IT COMES TO DEVELOPMENT MIGRATIONS? We have improved on the process of migration objects with STAT and can now migrate all objects using stat. We are hoping to eliminate the need for manual migrations via App Designer. WHAT IS THE APPROACH ON AN AWS PLATFORM FOR UPGRADES AND UPDATES? PUM Updates should follow the same standards as all PUM upgrades. A PUM server is deployed and will be available, changes for application fixes will need to be migrated to DEV and then any retrofits applied. Infrastructure changes involve updating the Cloud Formation scripts and then migrating the changes up through environments. HOW WILL REGULAR ENVIRONMENT MAINTENANCE BE PERFORMED? Environment Maintenance will be an automated process moving forward. It is AWS centric. More details are available in AWS Certificate Management Process document and Security Design Document.

HOW WILL ENVIRONMENT CONFIGURATION AND INTEGRATION CHANGES BE MADE? Environment Configuration will be an automated process moving forward. HOW WILL ENVIRONMENT REFRESHES BE CONDUCTED? Environment refreshes will be an automated process moving forward. WHAT IS THE CHANGE MANAGEMENT PROCESS AT AWS? There will be no change to current CM process that utilizes SN to initiate change protocols. There will be no impact to Jira functions and/or uses. HOW WILL STAT WORK WITH AWS? STAT will function the same as it does now- but better! We are enabling the capability to migrate files. DESCRIBE THE TOOLS UPGRADE WITH AWS It is the same process as currently used: Use PUM image to define change packages. Use change assistant to apply packages. WHAT ABOUT COBOL MANAGEMENT? We will set up a compile server. COBOLS are stored in file system for each environment. WHAT IS THE PROCESS TO UPDADTE CUSTOM LOGOUT HTML?- With AWS, there will be no change to the current process/procedures. Whatever process is currently utilized to promote to correct WebLogic domain(s) will remain in place. DISASTER RECOVERY WHAT IS THE ESCALATION PROCEDURE IN CASE OF A PRODUCTION FAILURE? Process will remain the same as currently established. There will be no change necessary for AWS migration. HOW IS THE DATA SYNCHRONIZED BETWEEN DATA CENTERS? CAN IT BE CONTROLLED BY UCPATH? No, UCPath cannot control data synchronization. AWS handles the synchronization via automation. Project X FAQ V1.0 HOW ARE YOU PLANNING FOR BACKUPS?

All backups are completed automatically. Multiple availability zones and regions will be utilized. Backup and Failure recovery process can be found in Disaster Recovery Design Architecture document. MFT HOW WILL PCSSC WILL INTERACT WITH AWS ENVIRONMENTS FOR FILE TRANSFERS PCSSC is connecting over the public Internet using a White Listed Entry point. All other functionality remains the same as today. WHAT IS THE ARCHIVE & RETENTION STRATEGY FOR UCPATH INTERFACE OUTPUT FILES? All data will be archived and maintained as it is today. WHAT IS THE PROCESS FOR TEAM MEMBERS TO ACCESS INTERFACE FILES? We are providing multiple ways for team members to access the files Users can access the files using the GoAnywhere client Users can access the files using PeopleSoft Performance Monitor (after the 8.56.06 update has been completed) MONITORING WILL WE USE ORACLE ENTERPRISE MANAGER FOR MONITORING UCPATH APPLICATIONS AT AWS?. OEM will still be maintained. UCPath will be responsible for security monitoring from OS up. Security monitoring process is outlined in the Security Design Document. WILL WE BE ABLE TO SET THE PARAMETERS FOR OEM MONITORING No. HOW DO WE GET A REPORT ON RESOURCES, SUCH AS WHEN DOES IT SPAWN ANOTHER SERVER? Reporting information is available via numerous means. We would need specific requirements to set up report mappings, etc. HOW DO YOU ENSURE THAT THERE IS AN ADEQUATE AUDIT TRAIL OF THE RELEASE OF RESOURCES?

Cloud Trail feature is primary way to request and review audit trail (AWS Control Panel). Authentication is required for any infrastructure shutdown (Termination Protection). These types of details will be captured in audit trail available through Cloud Trail feature. WHAT IS THE CRITERIA FOR AUTOMATED SERVER RESTARTS? HOW DO WE DEAL WITH ERRORS IN LOOP? We have enabled Cloud Watch metrics for monitoring of these types of issues; in addition we have built selfhealing capabilities into the servers should they have any issues. WILL UCOP, AWS/HCM, AWS/INFLIGHT BE INCLUDED IN ONE VPC FOR PERFORMANCE PURPOSES?. NETWORK WHAT IS THE PROCESS FOR ACCOMMODATING THE IP CHANGES? All servers use DNS. No IP's are to be used on AWS, since they will change frequently depending on what tier of the application they are. We are aware of issues with STAT/Control-M that have a limit on the length of DNS and have accounted for this in the design. DO WE NEED TO REQUEST A WHITE LISTING BETWEEN SERVERS OF THE SAME STACK IN THE SAME VPC? No. No whitelisting is required. HOW ARE CERTIFICATES MANAGED AT AWS? Certificate Management process is described in the AWS Certificate Management Process document as well as Security Design document. WHAT IS PUBLIC TO THE INTERNET WITH AWS Only DNS is public. WHERE CAN I GET INFORMATION AROUND SECURITY SERVICES AND AUDITING? Information regarding specific security services and procedures are available in Security Design document. Logs and audit trails are available via multiple means in AWS. ARE YOU PLANNING TO USE VIRTUAL PRIVATE CLOUD (AMAZON VPC) OR AMAZON DIRECT CONNECT?

Current architecture includes VPC only. ROLES AND RESPONSIBILITIES HOW WILL ROLES AND RESPONSIBILITIES BE DEFINED? WHO HANDLES SECURITY? Security setup will be the same as it is done currently. There will be no change associated with the migration to AWS. Roles and responsibilities will continue to be defined by UCOP and implemented via established UCOP security standards. WHO WILL DO TAX UPDATES? No change to current tax update procedure. WHO WILL DO CPU PATCHING Request process will remaining the same (ServiceNow). WILL WE HAVE SUDO/SYSADM/SYSDBA ACCESS? No for sudo. for sysadmin. No for sysdba. CAN WE TAKE EXPORTS AS WE DO TODAY AND DEFINE DIRECTORIES?. Directory structure will not change. WHO DOES THE BOUNCE OF THE APP/WEB SERVER? Request process will remain the same (ServiceNow). SECURITY HOW ARE CERTIFICATES MANAGED AT AWS? WHAT IS THE PROCESS FOR TRACKING AND RENEWAL Certificate Management process is described in the AWS Certificate Management Process document as well as Security Design document. DOES THIS SERVICE HAVE CAPABILITIES FOR FILE INTEGRITY MONITORING?. Details are outlined in PS File System Configuration document. WHERE IS TWO-WAY SSL BEING IMPLEMENTED?

Secure communications are enabled through the whole stack right from the User Entry point all the way to the DB (this is a combination of CERTS and Configurations of the applications that enable this) WHAT IS THE SECURITY MODEL ACROSS THE VARIOUS TIERS OF THE PEOPLESOFT ARCHITECTURE? Security is the same except that we have worked to normalize it and have better controls on it. Things like setting up GOA for File transfers to be able to audit the movement of files into and out of the environment. From a Developer perspective, we have provided a standardized Shared Utility server with all the applications required to support the system. Users will have access to the Oracle Databases as per the current UCOP Standards of Access Users will have access to the Oracle Enterprise Manager for DB Monitoring User will have access to PeopleTools Users will have access to PeopleSoft Performance Monitor. When an application is installed do we need to make a prior request on the port ranges? No. No specific requests for port ranges are necessary. Requests for new applications will follow current procedures. ARE THE CAPABILITIES FOR DOS/DDOS BUILT INTO THE SERVICE? DoS/DDoS capabilities, from internal UCOP perspective, will not change. Responsibilities are outlined in Security Design Document and Disaster Recovery Architecture. HOW DO YOU PROTECT SECURITY CREDENTIALS EMBEDDED WITHIN AMI? New images are developed by UCPath. All encryption, etc. will be done by AWS based on the images provided UCPath. HOW AND WHEN IS THE DATA ENCRYPTED? AMIs and EBS volumes are encrypted. TDE can be deployed. CAN YOU GIVE ME INFORMATION ABOUT FIREWALLS? Specific details regarding firewall deployment and validations are available in the Security Design Document. HOW DO YOU ENSURE SECURE COMMUNICATIONS BETWEEN THE ADMINISTRATOR AND THE SERVER, DATABASE OR APPLICATION THAT THEY MANAGE?

Specific detail regarding secure communications are available in Solution Design document and System Architecture diagrams. THIRD PARTY INTEGRATIONS HOW ARE CONTROL-M AGENTS AND ASSOCIATED PLUGINS INSTALLED AT AWS? The installation of the Control-M agent has been standardized and each environment will be deployed with its own Control-M/GOA Entry point. Production will be deployed with 2-4 Control-M/GOA Entry Points. IF SERVER INSTANCES ARE BUILT AUTOMATICALLY HOW WILL THIS IMPACT 3RD PARTY INSTALLATIONS? This will have no impact on 3rd party installations, as the ones that are necessary have already been included in the build scripts. As we identify additional software requirements, we can incorporate them into the build as necessary. WHAT ARE IMPACTS TO FILE DISTRIBUTION DASHBOARD FUNCTIONALITY WITH AWS AND MULESOFT? We have setup VPC Peering with the MuleSoft environment and it will connect to the appropriate IB End Point for the environment that it is connecting too. These endpoint DNS entries will remain the same for each Environment (DEV, TEST, UAT, PRD WHAT HAPPENS TO CANDIDATE GATEWAY URLS? URLs will be imported if present in source DB. DO YOU SUPPORT INTEGRATION WITH VENDOR ENCRYPTION? Certs/keys to import (message level encryption) will be the same as currently done. CAN WE PLACE CUSTOM JAR FILES (TALEMETRY, CONTROL-M) ON THE APP SERVERS CAN YOU SUPPORT OUR BRANDING REQUIREMENTS FOR DP1? Objects will be imported from source DB. HOW DOES AWS AFFECT THIRD PARTY PROCESSES (CG, TALEMETRY, UNIVERSAL BACKGROUND CHECK)?

There will be no change to current process. TOOLS & ACCESS WILL WE HAVE APP DESIGNER ACCESS?, App Designer is available on Utility servers. ARE WE GOING TO HAVE MULTIPLE JUMP SERVERS?, both Windows and Linux jump servers will be available. HOW WILL EXCELTOCI BE DONE? There is no change to current procedure. WILL ANY CONFIGURATION MANAGEMENT TOOLS AVAILABLE? CAN WE INSTALL UTILITY APPLICATIONS?, as long as they comply with internal UCOP IT security policies. HOW WILL WE SCHEDULING CRON JOBS? We will use an automated process moving forward. WILL WE HAVE ACCESS TO APP SERVER AND WS LOGS? All logs available on file server. WILL WE BE ABLE TO DELETE TRACE FILES? CAN WE SET TRACES AT THE APP SERVER/WEB SERVER - CAN WE CHANGE THE CONFIGURATION? No for configuration; for traces. CAN WE DO PUMS AS WE DO TODAY AND KEEP PAST PUMS?

WILL WE HAVE ROOT ACCESS ON THE SERVERS? No, you will not have root access to servers in AWS. WILL WE HAVE WEBLOGIC CONSOLE ACCESS, the console will be available. WILL WE HAVE ACCESS TO COPY ITEMS (TREES, FILES, ETC.)? IS THERE A PROCESS TO RUN DMS - UTILITY SERVER? FOR IB LOAD BALANCING SETTING, WILL WE HAVE ACCESS TO SEE/CHANGE IRULES? No WILL WE HAVE OEM TOOLS? WILL PEOPLESOFT PLUGIN WITH OEM BE AVAILABLE? No WILL WE STILL USE FILEZILLA? That is still to be determined by UCOP.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback