Cloud Automation Platform (eCAP). 3865 Wilson Blvd, Suite 500 | Arlington, VA 22203 | Office: (703) 652-0991 | Fax: (703
Cloud Automation Platform (eCAP) BENEFITS Hands-Off Deployment Improved Reliability Reduced Management Costs Baked-In Security
Automating for Reliability & Agility Instantaneously available cloud services are necessary for application agility -- but traditional systems deployment and administration need to be automated to fully realize the associated benefits. Automated administration replaces painstaking and error-prone manual intervention with a seamless ability to describe, unite, and wire together the cloud services we provision with the application capabilities we want to run.
Inefficient Costly Risky
Manual Deployment
Leveraged Authorization for Faster Approvals Increased Agility
Efficient Inexpensive Orderly
Automated Deployment VPC
VPC
Improved Application Portability
FEATURES Multitier Orchestration Multiple Operating Systems Rich AWS Integration Integrates Easily with In-House Portals
SECURITY Automated VPC and VPC Peering
eCAP Full LifeCycle Automation Open Source eCAP delivers a non-intrusive framework to orchestrate the entire provisioning and deployment process without requiring any changes to your application. eCAP integrates with existing tools like Jenkins and Git, provides orchestration for mid-level configuration management tools, and can deploy applications on a range of infrastructures from a full array of AWS services to virtualized environments and bare-metal servers. eCAP manages critical relationships between application code and cloud resources, gluing them together into a fully-functioning application. Previously manual tasks can now be developed once, in repeatable code form, and deployed many times with many variations. eCAP bridges the gap between cloud automation tools such as AWS CloudFormation and configuration management suites such as Chef, Ansible and Puppet, adding further value along the way in terms of security, continuous monitoring and log consolidation.
Secure Credential Store Continuous Monitoring, Malware and Intrusion Detection Geared Towards Federal Security Requirements
Easing Approval & Authorization Business approval and governance processes can increase the cost and effort of application development. eCAP provides auditable, documentable, and reusable platforms so that organizations can authorize an entire platform stack once, and tailor documentation only for what is unique to each application. Example authorizations can be shared across the eCAP Open Source Community, extending “platform as code” to authorization.
3865 Wilson Blvd, Suite 500 | Arlington, VA 22203 | Office: (703) 652-0991 | Fax: (703) 842-7591 | www.eglobaltech.com
Cloud Automation Platform (eCAP) eCAP Technical Overview eCAP securely deploys in its own virtual private cloud (VPC) within the AWS environment, and creates target VPCs for each deployment. Illustrated is a sample use case where eCAP deploys a complex combination of Windows and Linux application services in AWS, using two-tier load balancing, autoscaling, and failover. 1. Deployment is initiated from any authorized application or service, including command line. 2. Deployments target a “Basket of Kittens” descriptor defining target cloud resources, relationships, and configuration scripting. 3. eCAP “Momma Cat” process invokes AWS cloud APIs, creating, configuring and orchestrating “kitten” resources in the target VPC. 4. “Kitten” resources phone home to the “Momma Cat” for secure credentials, activating continuous monitoring and log consolidation.
Public Internet
Deployer
VPC
VPC
Orchestration Commands
Update Information Example Target Deployment
eCAP Deployment Server
Deployment Source Control
Continuous Monitoring Log Consolidation Secure Credentials
Application Source Control
eCAP Feature & Capability Highlights Deployment
Configuration Implementation
Rich configuration language implements parameters, includes, and dynamic logic for clarity and reuse
Generic configuration design, first implemented with Chef
Dependency management waits for new resources then configures to discovered resource specifications Runtime data synchronizes to automatically join Active Directory Domains, Mongo groups, Splunk servers, etc. Firewall rules dynamically reference other in-stack resources, for hands-off least privilege network access
Cloud Implementation
Supports and extends all configuration capabilities of the configuration plugin, e.g. full Chef Community recipes
Management and Monitoring Automatic continuous monitoring via Nagios, easy to add plugins to monitor specific services with more granularity Linux log consolidation to eCAP server, available to any application through rsyslog. Splunk integration available.
Architected for multicloud, implemented first on AWS
Malware scanning, intrusion detection and CIS compliance aligned with Federal requirements
Supports VPC peering, EC2, RDS, ELB, Autoscale, Cloudformation and most other services
Secure secret management via Chef Vault for credentials and certificates, or integrate with external service
Designed for multi-AZ load balancing for reliability
Deployment control via any authorized application including Jenkins (included), or command line
3865 Wilson Blvd, Suite 500 | Arlington, VA 22203 | Office: (703) 652-0991 | Fax: (703) 842-7591 | www.eglobaltech.com