Why managed AWS isn't just about managing AWS
Amazon Web Services (AWS) is like an F-16 Fighting Falcon. In the right hands it can be nimble, graceful, and extremely powerful. Not to mention that it often destroys other cloud platforms in a dogfight… However, an important part of the analogy is the understanding that the AWS fighter plane comes in a thousand pieces with “some assembly required.”
Managed AWS services attempt to take care of some of this assembly for you. Most AWS management partners and platforms will cover the basic features and customize them for your architecture. For example, if you’re moving from an in-house datacenter to the cloud, an AWS management service will take the configuration of your infrastructure and translate that into AWS features and services.
Hardware like CPU and RAM become services like Elastic Compute (EC2). Switch and router configurations become networking services like Virtual Private Cloud (VPC). Load-balancers become elastic (ELB). Storage becomes simple (S3). Archives become Glacier. And so it goes.
However, there is also a long list of advanced features that many datacenters consider critical to operations that are outside of the core functionality of AWS. To extend the metaphor, these are like the weapons and navigation systems on your fighter plane. They’re not part of the standard package that comes off the assembly line, but they can be the special features that make your app battle-ready.
When shopping for on-board artillery and ancillary systems, AWS users turn to the AWS Marketplace. This is where third-party developers and ISV’s (independent software vendors) sell their wares.
Pricing is typically in line with AWS’ model, in other words you can buy software in units based on numbers of virtual machines and hours per month. Let’s take a look at three AWS Marketplace tools that provide some of the critical services you’d find in an enterprise datacenter. (The first one even shares the name of a missile, how about that?)
Stingray – The first weapon in our AWS Marketplace arsenal is Riverbed’s Stingray Traffic Management solution. Normally when setting up load-balancing rules in Elastic Load-Balancer, you would be able to distribute traffic between servers based on standard schemes like Round Robin (send each request to the next server) or Least Connections (send each request to the server that is least busy).
ELB will also perform health checks to make sure that it doesn’t send traffic to servers that are not available. With Stingray, you can add application-level logic to the load-balancing equation. This allows your load-balancer to act intelligently, sending different types of traffic along different paths. Now you can identify certain types of users (a shopper making a purchase, or a high-value stock trader) and treat their requests differently than the rest of your traffic.
Alert Logic – Alert Logic’s Threat Manager and Log Manager are like private security firms that live on top of AWS. Threat Manager is an Intrusion Detection System (IDS) that monitors and alerts you to malicious activity on your system. Log Manager is an analysis and archival system for security information that provides regular reports based on compliance standards like PCI and HIPAA controls.
Native AWS tools allow you to do important things like VPN tunnels, isolated VLANS for sensitive data, and dedicated instances for the processing of confidential data. Adding Alert Logic gives you the scanning and reporting capabilities to diagnose and prevent threats designed to penetrate these types of defences.
OpenVPN – Virtual Private Cloud (VPC) allows you to set up LAN-to-LAN VPN tunnels to and from AWS. This is helpful in configuring secure “always on” connections from other locations like corporate datacenters and offices.
However native VPC does not solve the problem of needing individual client-based VPN tunnels. If you have developers that need secure access when they’re on the road or working from home, OpenVPN is the weapon of choice. Install the OpenVPN client on administrators’ desktops or laptops and allow them to launch a VPN session for encrypted secure access to your servers at AWS.
The ability to recommend, configure, and operate AWS Marketplace tools can be a key differentiator in choosing an AWS management service. Incorporating these types of features can be critical in supporting security and compliance-oriented sites like healthcare and finance applications.
In other words, when you choose your mechanic make sure she’s sending you up in a fighter plane that’s fully locked and loaded!
- » Why it continues to make sense for IT ops to move to the cloud: A guide
- » How does privileged access security work on AWS and other public clouds?
- » What enterprise IT teams can learn from Google Cloud’s June outage: A guide
- » Public cloud revenue will reach $500 billion in 2023: The key factors driving it