PREPARING FOR DISASTER

Similar documents
Information Security Policy

Security Precognition: Chaos Engineering in Incident Response

WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM

Logging, Monitoring, and Alerting

Disaster Recovery and Mitigation: Is your business prepared when disaster hits?

Cloudreach Data Center Migration Services

Microservices at Netflix Scale. First Principles, Tradeoffs, Lessons Learned Ruslan

CLOUD WORKLOAD SECURITY

AKF Partners Case Study Engagement Type: Long Term Interim CTO Role Industry: Online Marketing Analytics

PCI DSS Compliance. White Paper Parallels Remote Application Server

Designing Fault-Tolerant Applications

Resilience Validation

TSC Business Continuity & Disaster Recovery Session

Developing Microsoft Azure Solutions

DATA LOSS. - Whitepaper - A look at various data loss issues, how they happen and how you can solve the problem of data loss.

BC/DR Strategy with VMware

The Time For IT Resilience Is NOW

Data Integrity in Stateful Services. Percona Live, Santa Clara, 2017

Buyer s Guide: DRaaS features and functionality

Projectplace: A Secure Project Collaboration Solution

AWS Course Syllabus. Linux Fundamentals. Installation and Initialization:

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo

Copyright 2016 EMC Corporation. All rights reserved.

DevOps on AWS Deep Dive on Continuous Delivery and the AWS Developer Tools

Our key considerations include:

WHITE PAPER- Managed Services Security Practices

Pasiruoškite ateičiai: modernus duomenų centras. Laurynas Dovydaitis Microsoft Azure MVP

Disaster Recovery Guide

IBM Spectrum Protect Plus

High Availability & Disaster Recovery. Witt Mathot

Hystax. Live Migration and Disaster Recovery. Hystax B.V. Copyright

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Business Continuity and Disaster Recovery Disaster-Proof Your Business

BeBanjo Infrastructure and Security Overview

Starting the Avalanche:

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY

NEXT GENERATION CLOUD SECURITY

The intelligence of hyper-converged infrastructure. Your Right Mix Solution

6/21/2013. The Business Risk of NOT Considering a Cloud/Managed IT Services Strategy. Christian Brothers Information & Technology Services

Introduction to Business continuity Planning

FROM VSTS TO AZURE DEVOPS

TRACKVIA SECURITY OVERVIEW

Twilio cloud communications SECURITY

EASILY DEPLOY AND SCALE KUBERNETES WITH RANCHER

Security Camp 2016 Cloud Security. August 18, 2016

Database Engineering. Percona Live, Amsterdam, September, 2015

Security Overview. Technical Whitepaper. Secure by design. End to end security. N-tier Application Architecture. Data encryption. User authentication

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Leveraging Adaptive Auth and Device Trust for Enhanced Security and Compliance

Title: Planning AWS Platform Security Assessment?

database reliability engineering what. why. how. Percona Live, Dublin, 2017 Laine Campbell, Sr. Dir, Production Engineering, Fastly

How Netflix Leverages Multiple Regions to Increase Availability: Isthmus and Active-Active Case Study

Disaster Recovery Solutions for Oracle Database Standard Edition RAC. A Dbvisit White Paper By Anton Els

The Common Controls Framework BY ADOBE

Microservices on AWS. Matthias Jung, Solutions Architect AWS

Exam : Implementing Microsoft Azure Infrastructure Solutions

Hosting Roadmap Upgrades, Improvements and Changes

Hybrid Cloud Data Protection & Storage

Disaster Recovery-to-the- Cloud Best Practices

A Practical Guide to Efficient Security Response

HCX SERVER PRODUCT BRIEF & TECHNICAL FEATURES SUMMARY

Implementing Microsoft Azure Infrastructure Solutions

THE DEFINITIVE GUIDE TO BACKUP FOR OFFICE 365

Disaster Recovery Webinar August 11, 2015

Getting Started Guide

DevSecOps Why Aren t You Doing It? Brian Liceaga, CISSP 1

Disaster Recovery as a Service

The case for cloud-based data backup

Cloud Native Architecture 300. Copyright 2014 Pivotal. All rights reserved.

Now I can sleep at night

The Software Development Process at Amazon

Azure DevOps. Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region

Microservices Architekturen aufbauen, aber wie?

CLOUD ARCHITECT Certification. Cloud Architect

The Value Of NEONet Cybersecurity. Why You Need To Protect Your The Value Of NEOnet Cybersecurity. Private Student Data In Ohio

Continuous Integration and Delivery with Spinnaker

v February 2016

Google Cloud & the General Data Protection Regulation (GDPR)

Pro2SQL. OpenEdge Replication. for Data Reporting. for Disaster Recovery. March 2017 Greg White Sr. Progress Consultant Progress

Business Continuity Planning Keeping Pace with New Technology

YOUR APPLICATION S JOURNEY TO THE CLOUD. What s the best way to get cloud native capabilities for your existing applications?

CLOUD Virtualization. Certification. Cloud Virtualization. Specialist

The OnApp Cloud Platform

Welcome to Docker Birthday # Docker Birthday events (list available at Docker.Party) RSVPs 600 mentors Big thanks to our global partners:

Achieving Continuous Availability for Mainframe Tape

MS SQL Server 2012 DBA Course Contents

MUG WNY. IBM i Data Resiliency yikes without Tape!

CLOUD STORAGE SPECIALIST Certification. Cloud Storage Specialist

CANVAS DISASTER RECOVERY PLAN AND PROCEDURES

Making Non-Distributed Databases, Distributed. Ioannis Papapanagiotou, PhD Shailesh Birari

Data Integrity in Stateful Services. Velocity, China, 2016

Architecting DR Solutions with VMware Site Recovery Manager

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

IPM Secure Hardening Guidelines

Information Security at Veritext Protecting Your Data

SM-B09: Confidently Virtualize Business Critical Applications On VMware, KVM, LPAR and LDOM with ApplicationHA 6.0

Data Management at Cloud Scale CommVault Simpana v10. VMware Partner Exchange Session SPO2308 February 2013

The Latest EMC s announcements

CTS performs nightly backups of the Church360 production databases and retains these backups for one month.

Transcription:

PREPARING FOR DISASTER INTEGRATING BCDR PRINCIPLES INTO YOUR DEVOPS PRACTICE Jeremy Heffner SANS Secure DevOps Summit & Training October 2017

CODE SPACES Source: https://arstechnica.com/information-technology/2014/06/aws-console-breach-leads-to-demise-of-service-with-proven-backup-plan/

MAJOR AWS S3 OUTAGE, 2/2017 The Internet grinds to a halt Source: https://aws.amazon.com/message/41926/

WHAT IS BCDR? BUSINESS CONTINUITY CAPABILITY OF THE ORGANIZATION TO CONTINUE DELIVERY OF PRODUCTS OR SERVICES AT ACCEPTABLE PREDEFINED LEVELS FOLLOWING DISRUPTIVE INCIDENT [SOURCE ISO 22300] DISASTER RECOVERY TECHNOLOGY TO ENABLE THE BUSINESS CONTINUITY PLAN

DISASTER - CAUSES NATURAL POWER FAILURES, STORM SYSTEMS, EARTHQUAKES TECHNOLOGY BUGS, HARDWARE FAILURE MAN-MADE ACCIDENTS BAD CODE, TYPOS, BACK-HOE, FISHING TRAWLER, WRONG ACCOUNT MAN-MADE MALICIOUS WAR, HACKERS, DISGRUNTLED EMPLOYEES

DATA LOSS DISASTER - EFFECTS SYSTEMS CRASH CONNECTIVITY LOSS SERVICE OUTAGE LOSS OF REVENUE REPUTATION DAMAGE WORSE

TRADITIONAL DISASTER RECOVERY BACKUPS OFFSITE STORAGE FAILOVER SITES HOT/COLD STANDBY EVERYTHING HERE IS OVER THERE BINDERS FULL OF RUNBOOKS PEOPLE WITH PAGERS

WHAT ISN T DR HIGH AVAILABILITY LOAD BALANCING CLOUD BACKUPS CONTINUOUS-INTEGRATION / CONTINUOUS-DEPLOYMENT

DR IN THE CLOUD PAIN POINTS OPAQUE CLOUD SERVICES DEFINING OFFSITE IS DIFFICULT VENDOR LOCK-IN DATA/NETWORK TRANSIT GETS COST PROHIBITIVE RELIANCE ON COMPLEX CI/CD PIPELINES CONNECTIVITY

CLOUD DR USING THE CLOUD CLOUD STORAGE FOR BACKUPS STORE IT AS A BACKUP, NOT JUST ON A CLOUD SERVICE OFF-SITE BACKUPS DIVERSIFY TECHNOLOGY / PROVIDER AUTHENTICATION DOMAIN DIVERSE ENVIRONMENTS AUTOMATION SYSTEMS INTERFACING DIFFERENT SERVICES

PATH TO SUCCESS THE #1 RULE FOR DISASTER RECOVERY TEST IT

NETFLIX 100% IN THE CLOUD! NO DATACENTER FOR LOCAL BACKUPS HOSTED IN AWS LOCATION DIVERSITY BUT NO TECH DIVERSITY HEAVILY AUTOMATED DEPLOYMENT AND INTEGRATION PATH CONSTANTLY LEARNING FROM FAILURES, EXPERIMENTS A/B TESTING IS BUILT INTO EVERYTHING MANY MICROSERVICES, NO MONOLITHIC SERVICES

NETFLIX RESILIENCY TESTS CHAOS MONKEY CHAOS KONG ARMAGEDDON MONKEY

NETFLIX DISASTER RECOVERY EXERCISES BASED ON AND PARALLEL TO EXISTING ERM, BCP, DR PLANS TEAM OF ENGINEERS FROM KEY AREAS SEPARATE AWS ENVIRONMENT START UP BASIC SERVICES MOVING TARGET DOCUMENT DEPENDENCIES, PROCEDURES

NETFLIX ARMAGEDDON PROJECT GOALS AUTOMATE RUNBOOKS WITH PYTHON VALIDATE SERVICE ASSUMPTIONS PROGRAMMATICALLY VERIFY DEPENDENCY GRAPHS EXPERIMENT TO LEARN RESILIENCY DETERMINE WHAT DATA WE NEED TO BACKUP

ARMAGEDDON PROJECT FIRST HURDLES UPDATE RUNBOOKS BACKUP CONFIGURATION AND ENVIRONMENTAL DATA BACKUP CI/CD PIPELINE CONFIGURATIONS IDENTIFY BOOTSTRAP DATA BUILD FOUNDATIONAL SERVICES AND TOOLS

ARMAGEDDON PROJECT BACKUP SERVICE STORES IMPORTANT DATA OFFSITE TECHNOLOGY / PROVIDER DIVERSITY INTEGRATED WITH CI/CD TOOLS OBJECT LEVEL ENCRYPTION AND VALIDATION RETAINS HISTORY SERVER-LESS AWS PRIMITIVES

ARMAGEDDON PROJECT ENV/CONFIG BACKUP UTILIZES THE ARMAGEDDON BACKUP SERVICE GATHERS DATA VIA SECOPS TOOLING GATHERS CI/CD DEVOPS PIPELINE CONFIGURATION

ARMAGEDDON ENV/CONFIG REPLICATOR UTILIZES CONFIGURATION BACKUP DATA CONFIGURES FRESH AWS ENVIRONMENT WHITELISTED SET OF SERVICES CONFIGURES NEEDED NETWORK, SECURITY GROUP, AND ROLES TEARS DOWN ENVIRONMENT AFTER EXERCISE IS COMPLETED

ARMAGEDDON PROJECT AUTOMATED EXERCISE PYTHON SCRIPT WITH DEFINED DEPENDENCY GRAPH BRINGS SERVICES ON-LINE IN PROPER ORDER SCRIPTED POST CONFIGURATION VERIFIES SERVICES ARE RUNNING, STARTS NEXT SERVICES PROVIDES ALERTING ON FAILURE DESIGNED TO BE RUN IN A LOOP VIA AWS LAMBDA REPORTING BACK VIA SNS TO A DASHBOARD (WIP)

ARMAGEDDON PROJECT SUCCESS CLEAN AWS ACCOUNT IN NON-PRODUCTION REGION AUTOMATED BACKUPS AND RESTORES INITIAL SET OF CORE NETFLIX SERVICES AUTOMATED AND TESTED ABILITY TO DETECT AND IDENTIFY FAILURES IN SERVICE AUTOMATION INITIAL TIES INTO MAIN DEVOPS AND SECOPS PIPELINES

EXPERIMENT FINDINGS THE GOOD EXISTING DEVOPS PIPELINE HELPS TO FIND THE MICROSERVICES HAVING STRONG APIS FOR CI/CD TOOLS ENABLES DR AUTOMATION MICROSERVICES HELP WITH FAULT ISOLATION AND IDENTIFICATION SCALING DOWN FOR A TEST IS EASY A DR DEVOPS PIPELINE CAN KEEP UP WITH DEVELOPER VELOCITY

EXPERIMENT FINDINGS THE BAD MANY MICROSERVICES MEAN MANY DEPENDENCIES MAPPING FULL THE DEPENDENCY GRAPH IS PROBLEMATIC PAST 1 DEEP A/B TESTING MEANS THE SERVICES IS NEVER OFFLINE. EVER. FAULT ISOLATION FAILS WITH COMMON LIBRARY AND APPLICATION SERVERS DATA CREATED IN THE CLOUD IS HARD TO MOVE OUT OF THE CLOUD REGRESSIONS ARE COMMON

HARDENING MICROSERVICES AUTOMATED ISOLATED TESTING ENVIRONMENT EXTEND CHAOS LIKE TESTS TO SERVICE TIERS INCREASE TRACEABILITY OF SERVICES TO ANALYZE DEPENDENCIES STATIC ANALYSIS OF CODE AND BUILD SYSTEMS FOR DEPENDENCIES AUTOMATE ANY CONFIGURATION OR MIGRATION TOOL DISCOURAGE DEVELOPERS FROM SYSTEM ACCESS

DISASTER RECOVERY IN DEVOPS PROVE YOUR BACKUPS WORK EVERY DAY! EXTEND A/B TESTING IDEAS TO DR TESTING DR SYSTEMS PROVIDE FEEDBACK TO THE CI/CD PIPELINE ISOLATE AND TEST TIERS/GROUPING OF SERVICES ENCOURAGE SERVICE PROVIDERS WITH APIS AND EXPORT MECHANISMS

QUESTIONS? THANKS! JEREMY.HEFFNER@VIASAT.COM

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback