Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale

Download as PPTX, PDF
Amazon Web Services
Amazon Web Services

Today, we are announcing EC2 Systems Manager. Amazon EC2 Systems Manager is a management service that helps you automatically collect software inventory, apply OS patches, create system images, and configure Windows and Linux operating systems. These capabilities help you define and track system configurations, prevent drift, and maintain software compliance of your EC2 and on-premises configurations. This session provides an overview of these newly announced services and how they work together within the larger AWS ecosystem to provide comprehensive management capabilities.

1 of 34
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Dean Samuels Manager, Solutions Architecture Hong Kong & Taiwan 19th January 2017 New Launch! Amazon EC2 Systems Manager Hybrid Cloud Management at Scale
What to Expect from the Session • Overview of Systems Manager and its capabilities • Learn how to configure and manage your cloud and hybrid IT environments at scale • Demos
Cloud is the new normal – enterprises of all sizes are moving to the cloud to take advantage of increased agility, lower costs, and a global reach
Many enterprises often bring their traditional on-premises toolset to manage their cloud and hybrid environments
What we heard from customers • Traditional IT tools not built for the cloud • Managing resources at scale is difficult • Lack of visibility into configuration and execution history • Multiple vendors; complex licensing Managing cloud and hybrid environments using traditional tools is complex and costly
Introducing EC2 Systems Manager A set of capabilities that enable automated configuration and ongoing management of systems at scale, across all of your Windows and Linux workloads, running in Amazon EC2 or on-premises
NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale
Why should I care? Hybrid Cross-platform Scalable Secure Easy-to-write automation Reduced TCO
Systems Manager capabilities Run Command Maintenance Window Inventory State Manager Parameter Store Patch Manager Automation Deploy, Configure, and Administer Track and Update Shared Capabilities
Documents
Parameter Store • Parameters reference-able via a Run Command, State Manager, and Automation Service • Granular access control limits unwanted data access • Encrypt sensitive information using your own AWS KMS keys • Eliminates on-going maintenance challenge of critical enterprise assets Centralized management of IT assets such as passwords and connection strings
Parameter Store – Getting Started 1. Set parameters as key-value pairs 3. Reuse: In Documents and easily reference at runtime across EC2 Systems manager using {{ssm:parameter- name}} 4. Access Control: Create an IAM policy to control access to specific parameter 2. Secure strings: encrypt sensitive parameters with your own KMS or default account encryption key
Maintenance Window • Define one or more recurring windows of time during which it is acceptable for disruptive actions to occur • Built-in integration with Run Command and Patch Manager • Helps improve availability and reliability of your workloads by automatically performing tasks in a well-defined window of time Schedule disruptive tasks in well-defined window to minimize downtime
Run Command • Example: Running shell and PowerShell scripts • Easily define new tasks using simple JSON-based Documents – no specialized skillset required • Leverage Documents built by AWS and the broader community • Delegate access, perform audit, receive notifications • Helps improve security posture by eliminating the need to SSH or RDP Perform common administrative tasks remotely at scale
Run Command – Getting Started 1. Instance: Setup agent, AWS Identity & Access Management (IAM) role on your instance. On-premise servers: create activation code, deploy agent and activate 3. Command and Command Invocation on target instances and on-premise servers 4. View status and output – granular results 2. Create Document to author your intent, define the plugins to run and parameters to use
State Manager • Example: Configuring firewall and updating anti-malware definitions • Define new policies using simple JSON-based Documents • Control how and when a configuration is applied and maintained • Helps enforce enterprise-wide compliance of configuration policies • Re-apply to keep servers from drifting • Track aggregate status for your fleet Define and maintain a consistent configuration of OS and applications
State Manager – Getting Started 1. Create Document to author your intent 3. Schedule: When to apply your association 4. Status: Check the state of your association at an aggregate or instance level 2. Association: Binding between a document and a target
Automation Service • Optimized for building and maintaining Amazon Machine Images (AMIs) • Start with an AMI  perform automation steps like OS patching and drive updates  produce a new AMI • Express your workflow as automation steps in a JSON-based Document • Support for Run Command, AWS Lambda functions, AWS CloudTrail, IAM and Amazon CloudWatch integrations • Eliminates the overhead in managing ‘golden’ enterprise images Automate common tasks using simplified workflows
Automation – Getting Started 1. Create an automation document 2. Run automation 3. Monitor your automation
Walkthrough Demo
Inventory • Example: Instance and OS details, network configuration, list of files, installed software and patches • Collect data from predefined inventory types or write a custom one using JSON Document • AWS Config integration enables tracking the history of changes • Simplifies management scenarios, such as licensing usage tracking and identifying zero-day vulnerabilities Scalable way of collecting, querying, and auditing detailed software inventory information
Inventory – Getting Started 1. Configure Inventory policy 2. Apply Inventory policy 3. Query inventory
Walkthrough Demo
Inventory – System Diagram SSMAgent EC2 Windows Instance SSMAgent EC2 Linux Instance SSMAgent On- Premises Instance AWS SSM Service State Manager EC2 Inventory SSM document Inventory Store EC2 Console, SSM CLI/APIs AWS Config AWS Config Console + CLI/APIs
Patch Manager • Express custom patch policies as patch baselines, e.g., apply critical patches on day 1 but wait 7 days for non-critical patches • Perform patching during scheduled maintenance windows • Built-in patch compliance reporting • Eliminates manual intervention and reduces time-to-deploy for critical updates and zero-day vulnerabilities Roll out Windows OS patches using custom-defined rules and pre-scheduled maintenance windows
Patch Manager – Getting Started 1. Create a Patch Baseline to define approved patches 3. Maintenance Window executes patching 4. Audit results with Patch Compliance 2. Create a Maintenance Window to schedule patching for a set of instances
Patch Manager - Overview Prod Environment Instance A Patch Group:Prod Patch Baseline - Critical, High - 5 days or older 1 Maintenance Window - Sundays @ 1AM - 2 hrs. long - Task: Patching 2 3 Patch Compliance 2 up to date 0 missing updates 1 error 4 Instance B Patch Group:Prod Patch Group:Prod
Best-practices and FAQs • What OS platforms are supported? • Update your SSM agent today to get started! • What ports or network access do my instances need? • Is there anything different to set up on-premises servers? • Use notifications, velocity control • For disruptive actions, use Run Command with Maintenance Window • Fine-grained access control through IAM policies on resources (e.g. documents) • Customize configuration with idempotent scripts for State Manager
Systems Manager availability • No charge – only pay for AWS resources you manage • Available in multiple regions
Systems Manager capabilities Run Command Maintenance Window Inventory State Manager Parameter Store Patch Manager Automation Deploy, Configure, and Administer Track and Update Shared Capabilities
Your Feedback is Important! • These services are available today • Learn more at https://aws.amazon.com/ec2/run- command/ • Technical documentation at http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ run-command.html • Please send your feedback, improvements, requests to ec2-ssm-feedback@amazon.com
Next steps • Learn more at https://aws.amazon.com/ec2/systems- manager/ • Join us at the booth! We’d love to hear your feedback.
Remember to complete your evaluations!
Thank you! Dean Samuels Manager, Solutions Architecture Hong Kong & Taiwan 18/01/2017

More Related Content

NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale

  • 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Dean Samuels Manager, Solutions Architecture Hong Kong & Taiwan 19th January 2017 New Launch! Amazon EC2 Systems Manager Hybrid Cloud Management at Scale
  • 2. What to Expect from the Session • Overview of Systems Manager and its capabilities • Learn how to configure and manage your cloud and hybrid IT environments at scale • Demos
  • 3. Cloud is the new normal – enterprises of all sizes are moving to the cloud to take advantage of increased agility, lower costs, and a global reach
  • 4. Many enterprises often bring their traditional on-premises toolset to manage their cloud and hybrid environments
  • 5. What we heard from customers • Traditional IT tools not built for the cloud • Managing resources at scale is difficult • Lack of visibility into configuration and execution history • Multiple vendors; complex licensing Managing cloud and hybrid environments using traditional tools is complex and costly
  • 6. Introducing EC2 Systems Manager A set of capabilities that enable automated configuration and ongoing management of systems at scale, across all of your Windows and Linux workloads, running in Amazon EC2 or on-premises
  • 8. Why should I care? Hybrid Cross-platform Scalable Secure Easy-to-write automation Reduced TCO
  • 9. Systems Manager capabilities Run Command Maintenance Window Inventory State Manager Parameter Store Patch Manager Automation Deploy, Configure, and Administer Track and Update Shared Capabilities
  • 11. Parameter Store • Parameters reference-able via a Run Command, State Manager, and Automation Service • Granular access control limits unwanted data access • Encrypt sensitive information using your own AWS KMS keys • Eliminates on-going maintenance challenge of critical enterprise assets Centralized management of IT assets such as passwords and connection strings
  • 12. Parameter Store – Getting Started 1. Set parameters as key-value pairs 3. Reuse: In Documents and easily reference at runtime across EC2 Systems manager using {{ssm:parameter- name}} 4. Access Control: Create an IAM policy to control access to specific parameter 2. Secure strings: encrypt sensitive parameters with your own KMS or default account encryption key
  • 13. Maintenance Window • Define one or more recurring windows of time during which it is acceptable for disruptive actions to occur • Built-in integration with Run Command and Patch Manager • Helps improve availability and reliability of your workloads by automatically performing tasks in a well-defined window of time Schedule disruptive tasks in well-defined window to minimize downtime
  • 14. Run Command • Example: Running shell and PowerShell scripts • Easily define new tasks using simple JSON-based Documents – no specialized skillset required • Leverage Documents built by AWS and the broader community • Delegate access, perform audit, receive notifications • Helps improve security posture by eliminating the need to SSH or RDP Perform common administrative tasks remotely at scale
  • 15. Run Command – Getting Started 1. Instance: Setup agent, AWS Identity & Access Management (IAM) role on your instance. On-premise servers: create activation code, deploy agent and activate 3. Command and Command Invocation on target instances and on-premise servers 4. View status and output – granular results 2. Create Document to author your intent, define the plugins to run and parameters to use
  • 16. State Manager • Example: Configuring firewall and updating anti-malware definitions • Define new policies using simple JSON-based Documents • Control how and when a configuration is applied and maintained • Helps enforce enterprise-wide compliance of configuration policies • Re-apply to keep servers from drifting • Track aggregate status for your fleet Define and maintain a consistent configuration of OS and applications
  • 17. State Manager – Getting Started 1. Create Document to author your intent 3. Schedule: When to apply your association 4. Status: Check the state of your association at an aggregate or instance level 2. Association: Binding between a document and a target
  • 18. Automation Service • Optimized for building and maintaining Amazon Machine Images (AMIs) • Start with an AMI  perform automation steps like OS patching and drive updates  produce a new AMI • Express your workflow as automation steps in a JSON-based Document • Support for Run Command, AWS Lambda functions, AWS CloudTrail, IAM and Amazon CloudWatch integrations • Eliminates the overhead in managing ‘golden’ enterprise images Automate common tasks using simplified workflows
  • 19. Automation – Getting Started 1. Create an automation document 2. Run automation 3. Monitor your automation
  • 21. Inventory • Example: Instance and OS details, network configuration, list of files, installed software and patches • Collect data from predefined inventory types or write a custom one using JSON Document • AWS Config integration enables tracking the history of changes • Simplifies management scenarios, such as licensing usage tracking and identifying zero-day vulnerabilities Scalable way of collecting, querying, and auditing detailed software inventory information
  • 22. Inventory – Getting Started 1. Configure Inventory policy 2. Apply Inventory policy 3. Query inventory
  • 24. Inventory – System Diagram SSMAgent EC2 Windows Instance SSMAgent EC2 Linux Instance SSMAgent On- Premises Instance AWS SSM Service State Manager EC2 Inventory SSM document Inventory Store EC2 Console, SSM CLI/APIs AWS Config AWS Config Console + CLI/APIs
  • 25. Patch Manager • Express custom patch policies as patch baselines, e.g., apply critical patches on day 1 but wait 7 days for non-critical patches • Perform patching during scheduled maintenance windows • Built-in patch compliance reporting • Eliminates manual intervention and reduces time-to-deploy for critical updates and zero-day vulnerabilities Roll out Windows OS patches using custom-defined rules and pre-scheduled maintenance windows
  • 26. Patch Manager – Getting Started 1. Create a Patch Baseline to define approved patches 3. Maintenance Window executes patching 4. Audit results with Patch Compliance 2. Create a Maintenance Window to schedule patching for a set of instances
  • 27. Patch Manager - Overview Prod Environment Instance A Patch Group:Prod Patch Baseline - Critical, High - 5 days or older 1 Maintenance Window - Sundays @ 1AM - 2 hrs. long - Task: Patching 2 3 Patch Compliance 2 up to date 0 missing updates 1 error 4 Instance B Patch Group:Prod Patch Group:Prod
  • 28. Best-practices and FAQs • What OS platforms are supported? • Update your SSM agent today to get started! • What ports or network access do my instances need? • Is there anything different to set up on-premises servers? • Use notifications, velocity control • For disruptive actions, use Run Command with Maintenance Window • Fine-grained access control through IAM policies on resources (e.g. documents) • Customize configuration with idempotent scripts for State Manager
  • 29. Systems Manager availability • No charge – only pay for AWS resources you manage • Available in multiple regions
  • 30. Systems Manager capabilities Run Command Maintenance Window Inventory State Manager Parameter Store Patch Manager Automation Deploy, Configure, and Administer Track and Update Shared Capabilities
  • 31. Your Feedback is Important! • These services are available today • Learn more at https://aws.amazon.com/ec2/run- command/ • Technical documentation at http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ run-command.html • Please send your feedback, improvements, requests to ec2-ssm-feedback@amazon.com
  • 32. Next steps • Learn more at https://aws.amazon.com/ec2/systems- manager/ • Join us at the booth! We’d love to hear your feedback.
  • 34. Thank you! Dean Samuels Manager, Solutions Architecture Hong Kong & Taiwan 18/01/2017

Editor's Notes

  1. Automation pain point: AMI building Triggers: patching, hardening, application bake-in Never-ending Time consuming, especially when builds fail Overhead of maintaining build service
  2. What we heard: Accurate software inventory is critical for understanding fleet configuration and license usage Legacy solutions not optimized for cloud Self-hosting requires additional overhead
  3. What we heard about patching enterprise systems: Time consuming, tedious, repetitive Existing solutions are inadequate Enterprise patching is manual and complex Errors result in downtime, compliance issues