Minfy MS Workloads Use Case

Similar documents
Minfy MS Workloads Use Case

Minfy-Vara Migration Use Case

Minfy-SREI Migration Use Case

Minfy-SREI Migration Use Case

Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content

Cloud Computing /AWS Course Content

Amazon Web Services Training. Training Topics:

Amazon Web Services (AWS) Training Course Content

Title: Planning AWS Platform Security Assessment?

Amazon Web Services. Block 402, 4 th Floor, Saptagiri Towers, Above Pantaloons, Begumpet Main Road, Hyderabad Telangana India

SignalFx Platform: Security and Compliance MARZENA FULLER. Chief Security Officer

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Simple Security for Startups. Mark Bate, AWS Solutions Architect

Understanding Perimeter Security

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure

Securing Amazon Web Services (AWS) EC2 Instances with Dome9. A Whitepaper by Dome9 Security, Ltd.

CASE STUDY Application Migration and optimization on AWS

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Best Practices in Securing a Multicloud World

Look Who s Hiring! AWS Solution Architect AWS Cloud TAM

ActiveNET. #202, Manjeera Plaza, Opp: Aditya Park Inn, Ameerpetet HYD

CPM. Quick Start Guide V2.4.0

AWS Solution Architect Associate

Are You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

AWS Well Architected Framework

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Magento Commerce Architecture and Security Model Last updated: Aug 2017

Hardening the Cloud: Assuring Agile Security in High-Growth Environments (Moving from span ports to virtual appliances)

Training on Amazon AWS Cloud Computing. Course Content

CogniFit Technical Security Details

INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.

25 Best Practice Tips for architecting Amazon VPC

Using AWS Data Migration Service with RDS

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

AWS Solutions Architect Associate (SAA-C01) Sample Exam Questions

SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS

epldt Web Builder Security March 2017

Introduction to Cloud Computing

Security on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

OptiSol FinTech Platforms

Cloud Infrastructure Security Report. Prepared for Acme Corp

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

Security Camp 2016 Cloud Security. August 18, 2016

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo

ALIENVAULT USM FOR AWS SOLUTION GUIDE

Security Readiness Assessment

Best Practices for Cloud Security at Scale. Phil Rodrigues Security Solutions Architect Amazon Web Services, ANZ

NGF0502 AWS Student Slides

Architecting for Greater Security in AWS

Security Solutions. Overview. Business Needs

CPM Quick Start Guide V2.2.0

Minfy-Magnaquest Migration Use Case

SAA-C01. AWS Solutions Architect Associate. Exam Summary Syllabus Questions

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Hackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm

PCI DSS Compliance. White Paper Parallels Remote Application Server

We are ready to serve Latest IT Trends, Are you ready to learn? New Batches Info

Enroll Now to Take online Course Contact: Demo video By Chandra sir

Access Governance in a Cloudy Environment. Nabeel Nizar VP Worldwide Solutions

Additional Security Services on AWS

A Security Admin's Survival Guide to the GDPR.

Launching a Highly-regulated Startup in the Cloud

Security Aspekts on Services for Serverless Architectures. Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

HALO IN ACTION COMPLIANCE DON T LET LEGACY SECURITY TOOLS HOLD UP PCI COMPLIANCE IN THE CLOUD. Automated PCI compliance anytime, anywhere.

At Course Completion Prepares you as per certification requirements for AWS Developer Associate.

Best Practices for Securing Your AWS Cloud Network

Adopting Modern Practices for Improved Cloud Security. Cox Automotive - Enterprise Risk & Security

AWS Course Syllabus. Linux Fundamentals. Installation and Initialization:

25 Best Practice Tips for architecting Amazon VPC. 25 Best Practice Tips for architecting Amazon VPC. Harish Ganesan- CTO- 8KMiles

Go mobile. Stay in control.

Who done it: Gaining visibility and accountability in the cloud

Oracle WebLogic Server 12c on AWS. December 2018

Getting Started with AWS Security

SECURE DATA EXCHANGE

AWS Security. Stephen E. Schmidt, Directeur de la Sécurité

8/3/17. Encryption and Decryption centralized Single point of contact First line of defense. Bishop

Filters AWS CLI syntax, 43 Get methods, 43 Where-Object command, 43

Accessing CharityMaster data from another location

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Hackproof Your Cloud Responding to 2016 Threats

Application Control Review. August 4, 2012

Exam Questions AWS-Certified- Developer-Associate

AUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs

Security Overview of the BGI Online Platform

Principal Solutions Architect. Architecting in the Cloud

Make Cloud the Most Secure Environment for Business. Seth Hammerman, Systems Engineer Mvision Cloud (formerly Skyhigh Networks)

Google Cloud Platform: Customer Responsibility Matrix. December 2018

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

Administrator Guide Administrator Guide

Lift and Shift, Don t Lift and Pray: Pragmatic Cloud Migration Strategies

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Cloud & AWS Essentials Agenda. Introduction What is the cloud? DevOps approach Basic AWS overview. VPC EC2 and EBS S3 RDS.

Secure Access & SWIFT Customer Security Controls Framework

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

InterCall Virtual Environments and Webcasting

AWS FREQUENTLY ASKED QUESTIONS (FAQ)

Security & Compliance in the AWS Cloud. Amazon Web Services

Transcription:

Contents Scope... 3 About CUSTOMER... Error! Bookmark not defined. Use Case Description... 3 Technical Stack... 3 AWS Architecture... Error! Bookmark not defined. AWS Solution Overview... 4 Risk Identified & Mitigation Plan... Error! Bookmark not defined. Security... 4 Benefits... 5

Scope This document provides a detailed use case study on Hosting Ambit Application & kastel built on.net v4.x, using database as Oracle 11GR2 from the scratch on AWS by following AWS best practices with guidelines for implementation. Also CUSTOMER developed a few custom Applications which runs on.net v4.x, and backend DB as Oracle & MSSQL. About Customer Customer is one of India's largest holistic infrastructure institutions, constantly and consistently delivering innovative solutions in the infrastructure space. Use Case Description To Host the Complete Ambit, Kastel & few other Custom Developed Applications on AWS by leveraging the Advantages of different AWS Services. Starting with DR Environment and then Production. Complete Architecture was designed referring to the AWS best Practices in each and every layer. Each Application stack was segregated by smaller network segments called as subnets in the Virtual Private Cloud. Each resources were properly tagged and Security best practices driven audit is performed on regular basis to eradicate the Flaws. Technical Stack Technology Stack Web Server: Windows 2008 R2,.NET v4.x AD Server: Windows 2008 R2 DB As a Service (RDS) : MSSQL Web Edition 12.00.5546.0.v1 AWS Service Stack EC2 VPC ELB NAT Cloud Trail Cloud Watch IAM RDS ACM Direct Connect S3 KMS Lambda

AWS Solution Overview Segregate each Application Stack into Different sub network classification within a VPC called Subnets. Concluded the instance types to be used each environment Created Network Layout Diagram Created Architecture Diagram Setup Direct Connect connectivity. Setup Client2Site VPN to access AWS VPC with MFA for management. Addressed dependencies like local firewall and internet blockage to establish connectivity via VPN with AWS Configure Lambda Function within the VPC with Specific Subnets Configured IDS/IPS Solution on all the servers Configured Squid proxy server to provide SFTP Access locally. Setup DNS name mapping against C-Name of the provided AWS resources against ELB as per the Environment. Configured Secondary Domain Controller with the Client Domain Name shared. And Setup all the instances as a part of it. Imported Custom SSL certificate to AWS-ACM to be further used on ELB level. S3 Endpoint Configured from VPC to have any s3 to & fro transactions. Security CloudTrail Security Configurations Enabled CloudTrail across all geographic regions and AWS services to prevent activity monitoring gaps Turned on CloudTrail log file validation so that any changes made to the log file after it has been delivered to the S3 bucket is trackable to ensure log file integrity Enabled access logging for CloudTrail S3 bucket so that you can track access requests and identify potentially unauthorized or unwarranted access attempts Turned on multifactor authentication (MFA) to delete CloudTrail S3 buckets, and encrypt all CloudTrail log files in flight and at rest Identity and Access Management (IAM) Best Practices When creating IAM policies, we ensured that they re attached to groups or roles rather than individual users to minimize the risk of an individual getting excessive and unnecessary permissions or privileges by accident Provisioned access to a resource using IAM roles instead of providing an individual set of credentials for access to ensure that misplaced or compromised credentials don t lead to unauthorized access to the resource Ensured IAM users are given minimal access privileges to AWS resources that still allows them to fulfil their job responsibilities As a last line of defence against a compromised account, ensured all IAM users have multifactor authentication activated for their individual accounts, and limit the number of IAM users with administrative privileges Rotated IAM access keys regularly and standardized on a selected number of days for password expiration to ensure that data cannot be accessed with a potential lost or stolen key Enforced a strong password policy requiring minimum of 14 characters containing at least one number, one upper case letter, and one symbol. Applied a password reset policy that prevents users from using a password they may have used in their last 24 password resets AWS Database and Data Storage Services Ensured that no S3 Buckets are publicly readable/writeable unless required by the business Encrypted data stored in EBS as an added layer of security

Encrypted Amazon RDS as an added layer of security Restrict access to RDS instances to decrease the risk of malicious activities such as brute force attacks, SQL injections, or D-Dos attacks Custom Applications Maintained inventory and categorized all existing custom applications deployed on AWS Involved IT security teams throughout the application development lifecycle Granted minimal privileges possible for application users Enforced a single set of data loss prevention policies Benefits Cost Savings - A Cloud Hosted Desktop provides you with scalable computing power, while minimizing IT requirements and physical data storage, providing you with significant savings Security - Perhaps the weakest link in the initial days of cloud adoption was security concerns. But today, more people have begun to realize these concerns are misguided. Cloud IT service providers actually provide higher levels of security and data integrity. Why? Because they make huge investments in the resources and technology, along with a skilled team of IT experts and engineers smaller businesses just can t afford to do on their own Connectivity & Accessibility - Keep users connected no matter where they work with anytime, anywhere access. Users may access files anytime, anywhere, using any device. That means no more risk of files being stored on any computer Reduced Risk of Data Loss - Even more security for users by backing-up data offsite decreasing the potential for hackers, viruses, ransomware, and other cybersecurity problems. Let s repeat that again, more security Faster Deployment - Cloud-based services can be deployed within just an hour or a few days rather than the weeks, months or years it can take to strategically plan, buy, build and implement an internal IT infrastructure with internal personnel Increased Collaboration - Cloud computing enables employees situated in various locations to collaborate easily. By providing simultaneous syncing, working and sharing documents and records in real time, cloud computing helps increase the collaboration and efficiency of employees Improved Efficiency - After migrating to the cloud, you no longer need to worry about power requirements, space considerations, expensive computer hardware, or software updates. You get to keep your entire company focused on generating revenue and relationships, not on IT

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback