Cloud Automation Platform (eCAP) - SLIDEBLAST.COM

12 downloads 248 Views 2MB Size Report
Cloud Automation Platform (eCAP). 3865 Wilson Blvd, Suite 500 | Arlington, VA 22203 | Office: (703) 652-0991 | Fax: (703
Cloud Automation Platform (eCAP) BENEFITS Hands-Off Deployment Improved Reliability Reduced Management Costs Baked-In Security

Automating for Reliability & Agility Instantaneously available cloud services are necessary for application agility -- but traditional systems deployment and administration need to be automated to fully realize the associated benefits. Automated administration replaces painstaking and error-prone manual intervention with a seamless ability to describe, unite, and wire together the cloud services we provision with the application capabilities we want to run.

Inefficient Costly Risky

Manual Deployment

Leveraged Authorization for Faster Approvals Increased Agility

Efficient Inexpensive Orderly

Automated Deployment VPC

VPC

Improved Application Portability

FEATURES Multitier Orchestration Multiple Operating Systems Rich AWS Integration Integrates Easily with In-House Portals

SECURITY Automated VPC and VPC Peering

eCAP Full LifeCycle Automation Open Source eCAP delivers a non-intrusive framework to orchestrate the entire provisioning and deployment process without requiring any changes to your application. eCAP integrates with existing tools like Jenkins and Git, provides orchestration for mid-level configuration management tools, and can deploy applications on a range of infrastructures from a full array of AWS services to virtualized environments and bare-metal servers. eCAP manages critical relationships between application code and cloud resources, gluing them together into a fully-functioning application. Previously manual tasks can now be developed once, in repeatable code form, and deployed many times with many variations. eCAP bridges the gap between cloud automation tools such as AWS CloudFormation and configuration management suites such as Chef, Ansible and Puppet, adding further value along the way in terms of security, continuous monitoring and log consolidation.

Secure Credential Store Continuous Monitoring, Malware and Intrusion Detection Geared Towards Federal Security Requirements

Easing Approval & Authorization Business approval and governance processes can increase the cost and effort of application development. eCAP provides auditable, documentable, and reusable platforms so that organizations can authorize an entire platform stack once, and tailor documentation only for what is unique to each application. Example authorizations can be shared across the eCAP Open Source Community, extending “platform as code” to authorization.

3865 Wilson Blvd, Suite 500 | Arlington, VA 22203 | Office: (703) 652-0991 | Fax: (703) 842-7591 | www.eglobaltech.com

Cloud Automation Platform (eCAP) eCAP Technical Overview eCAP securely deploys in its own virtual private cloud (VPC) within the AWS environment, and creates target VPCs for each deployment. Illustrated is a sample use case where eCAP deploys a complex combination of Windows and Linux application services in AWS, using two-tier load balancing, autoscaling, and failover. 1. Deployment is initiated from any authorized application or service, including command line. 2. Deployments target a “Basket of Kittens” descriptor defining target cloud resources, relationships, and configuration scripting. 3. eCAP “Momma Cat” process invokes AWS cloud APIs, creating, configuring and orchestrating “kitten” resources in the target VPC. 4. “Kitten” resources phone home to the “Momma Cat” for secure credentials, activating continuous monitoring and log consolidation.

Public Internet

Deployer

VPC

VPC

Orchestration Commands

Update Information Example Target Deployment

eCAP Deployment Server

Deployment Source Control

Continuous Monitoring Log Consolidation Secure Credentials

Application Source Control

eCAP Feature & Capability Highlights Deployment

Configuration Implementation

Rich configuration language implements parameters, includes, and dynamic logic for clarity and reuse

Generic configuration design, first implemented with Chef

Dependency management waits for new resources then configures to discovered resource specifications Runtime data synchronizes to automatically join Active Directory Domains, Mongo groups, Splunk servers, etc. Firewall rules dynamically reference other in-stack resources, for hands-off least privilege network access

Cloud Implementation

Supports and extends all configuration capabilities of the configuration plugin, e.g. full Chef Community recipes

Management and Monitoring Automatic continuous monitoring via Nagios, easy to add plugins to monitor specific services with more granularity Linux log consolidation to eCAP server, available to any application through rsyslog. Splunk integration available.

Architected for multicloud, implemented first on AWS

Malware scanning, intrusion detection and CIS compliance aligned with Federal requirements

Supports VPC peering, EC2, RDS, ELB, Autoscale, Cloudformation and most other services

Secure secret management via Chef Vault for credentials and certificates, or integrate with external service

Designed for multi-AZ load balancing for reliability

Deployment control via any authorized application including Jenkins (included), or command line

3865 Wilson Blvd, Suite 500 | Arlington, VA 22203 | Office: (703) 652-0991 | Fax: (703) 842-7591 | www.eglobaltech.com