Question

In: Computer Science

Your company Beta has some users, hosts, and data that require high-level of security protection

Your company Beta has some users, hosts, and data that require high-level of security protection, while some users, hosts, and data that don’t need high-level security protection, just need to prevent outsider to access their data. How will you design your system to accommodate both types of users, hosts, and data. Describe how you will design the cloud

Solutions

Expert Solution

Think Adaptive and Elastic

The AWS cloud architecture should be such that it support growth of users, traffic, or data size with no drop in performance. It should also allow for linear scalability when and where an additional resource is added. The system needs to be able to adapt and proportionally serve additional load. Whether the AWS cloud architecture includes vertical scaling, horizontal scaling or both; it is up to the designer, depending on the type of application or data to be stored. But your design should be equipped to take maximum advantage of the virtually unlimited on-demand capacity of cloud computing.

Consider whether your AWS cloud architecture is being built for a short-term purpose, wherein you can implement vertical scaling. Else, you will need to distribute your workload to multiple resources to build internet-scale applications by scaling horizontally. Either way, your AWS cloud architecture should be elastic enough to adapt to the demands of cloud computing.

Also, knowing when to engage stateless applications, stateful applications, stateless components and distributed processing, makes your cloud very effective in its storage.

Treat servers as disposable resources

One of the biggest advantages of cloud computing is that you can treat your servers as disposable resources instead of fixed components. However, resources should always be consistent and tested. One way to enable this is to implement the immutable infrastructure pattern, which enables you to replace the server with one that has the latest configuration instead of updating the old server.

It is important to keep the configuration and coding as an automated and repeatable process, either when deploying resources to new environments or increasing the capacity of the existing system to cope with extra load. AWS Bootstrapping, AWS Golden Images or a Hybrid of the two will help you keep the process automated and repeatable without any human errors.

Bootstrapping can be executed after launching an AWS resource with default configuration. This will let you reuse the same scripts without modifications.

But in comparison, the Golden Image approach results in faster start times and removes dependencies to configuration services or third-party repositories. Certain AWS resource types like Amazon EC2 instances, Amazon RDS DB instances, Amazon Elastic Block Store (Amazon EBS) volumes, etc., can be launched from a golden image.

When suitable, use a combination of the two approaches, where some parts of the configuration get captured in a golden image, while others are configured dynamically through a bootstrapping action.
Not to be limited to the individual resource level, you can apply techniques, practices, and tools from software development to make your whole infrastructure reusable, maintainable, extensible, and testable.

Automate Automate Automate

Unlike traditional IT infrastructure, Cloud enables automation of a number of events, improving both your system’s stability and the efficiency of your organization. Some of the AWS resources you can use to get automated are:

  • AWS Elastic Beanstalk: This resource is the fastest and simplest way to get an application up and running on AWS. You can simply upload their application code and the service automatically handles all the details, such as resource provisioning, load balancing, auto scaling, and monitoring.
  • Amazon EC2 Auto recovery: You can create an Amazon CloudWatch alarm that monitors an Amazon EC2 instance and automatically recovers it if it becomes impaired. But a word of caution – During instance recovery, the instance is migrated through an instance reboot, and any data that is in-memory is lost.
  • Auto Scaling: With Auto Scaling, you can maintain application availability and scale your Amazon EC2 capacity up or down automatically according to conditions you define.
  • Amazon CloudWatch Alarms: You can create a CloudWatch alarm that sends an Amazon Simple Notification Service (Amazon SNS) message when a particular metric goes beyond a specified threshold for a specified number of periods.
  • Amazon CloudWatch Events: The CloudWatch service delivers a near real-time stream of system events that describe changes in AWS resources. Using simple rules that you can set up in a couple of minutes, you can easily route each type of event to one or more targets: AWS Lambda functions, Amazon Kinesis streams, Amazon SNS topics, etc.
  • AWS OpsWorks Lifecycle events: AWS OpsWorks supports continuous configuration through lifecycle events that automatically update your instances’ configuration to adapt to environment changes. These events can be used to trigger Chef recipes on each instance to perform specific configuration tasks.
  • AWS Lambda Scheduled events: These events allow you to create a Lambda function and direct AWS Lambda to execute it on a regular schedule.

As an architect for the AWS Cloud, these automation resources are a great advantage to work with.

Implement loose coupling

IT systems should ideally be designed in a way that reduces inter-dependencies. Your components need to be loosely coupled to avoid changes or failure in one of the components from affecting others.

Your infrastructure also needs to have well defined interfaces that allow the various components to interact with each other only through specific, technology-agnostic interfaces. Modifying any underlying operations without affecting other components should be made possible.

In addition, by implementing service discovery, smaller services can be consumed without prior knowledge of their network topology details through loose coupling. This way, new resources can be launched or terminated at any point of time.

Loose coupling between services can also be done through asynchronous integration. It involves one component that generates events and another that consumes them. The two components do not integrate through direct point-to-point interaction, but usually through an intermediate durable storage layer. This approach decouples the two components and introduces additional resiliency. So, for example, if a process that is reading messages from the queue fails, messages can still be added to the queue to be processed when the system recovers.

Lastly, building applications in such a way that they handle component failure in a graceful manner helps you reduce impact on the end users and increase your ability to make progress on your offline procedures.

Focus on services, not servers

A wide variety of underlying technology components are required to develop manage and operate applications. Your AWS cloud architecture should leverage a broad set of compute, storage, database, analytics, application, and deployment services. On AWS, there are two ways to do that. The first is through managed services that include databases, machine learning, analytics, queuing, search, email, notifications, and more. For example, with the Amazon Simple Queue Service (Amazon SQS) you can offload the administrative burden of operating and scaling a highly available messaging cluster, while paying a low price for only what you use. Not only that, Amazon SQS is inherently scalable.

The second way is to reduce the operational complexity of running applications through server-less architectures. It is possible to build both event-driven and synchronous services for mobile, web, analytics, and the Internet of Things (IoT) without managing any server infrastructure.


Related Solutions

a) A new department has been established with 405 hosts that require addresses. Currently the company...
a) A new department has been established with 405 hosts that require addresses. Currently the company uses the 20.10.0.0/19 address space. How many bits must the network administrator borrow to provide addresses for this subnet without wasting addresses? b) Consider an Internet address of the form 12.42.184.0/20. What does the /20 signify?
Your boss has given you some data on a project (Project C). The project will require...
Your boss has given you some data on a project (Project C). The project will require an initial investment of $450,000 which will result in cash flows of $120,000 in the first three years, and $130,000 in the next three years. It is expected that $15,000 of the initial investment will be recoverable at the end of the project. Assuming a cost of capital of 12% calculate the following (you must provide the units): Assuming a cost of capital of...
Authentication and Access Controls Security enhancements designed to require users to present two or more pieces...
Authentication and Access Controls Security enhancements designed to require users to present two or more pieces of evidence or credentials when logging into an account is called multi-factor authentication. Legislation and regulations such as The Payment Card Industry (PCI) Data Security Standard requires the use of MFAs for all network access to a Card Data Environment (CDE). Security administrators should have a comprehensive understanding of the basic underlying principles of how MFA works. 1. Define all four factors of multifactor...
A security has a beta of 1.20. Is this security more or less risky than the?...
A security has a beta of 1.20. Is this security more or less risky than the? market? Explain. Assess the impact on the required return of this security in each of the following cases. a. The market return increases by? 15%. b. The market return decreases by? 8%. c. The market return remains unchanged. A security has a beta of 1.20. Is this security more or less risky than the? market????(Select the best choice? below.) A. The security and the...
Unit of Establish and maintain accounting information systems Identify and describe 2 data protection risks users...
Unit of Establish and maintain accounting information systems Identify and describe 2 data protection risks users face when using cloud computing services to store confidential financial data. (Compare and contrast methods of data protection).
Modern technology has presented some challenges and some benefits to security and privacy. In your own...
Modern technology has presented some challenges and some benefits to security and privacy. In your own words discuss this statement in relation to legal and ethical issues, with examples that may affect an IT professional, to illustrate both challenges and benefits described in your answer.?
How do you respond to users within your company who think that security measures just get...
How do you respond to users within your company who think that security measures just get in the way of their work? What could you do to help users view security policies in a more positive manner? 200 words or more, please.
Please provide a high-level professional answer (a) Identify four different users groups that will be interested...
Please provide a high-level professional answer (a) Identify four different users groups that will be interested in the information ina public company’s Annual Report. (b) Discuss the information in the Annual Report that will be of particularinterest to each of the groups that you identified in (a) (c) Discuss the Auditor’s Report and its usefulness to shareholders. (d) Discuss the information provided in a Cash Flow statement and critically assess itsusefulness to readers of the Annual Report
Why should users dictate your content? List some ways that users' needs determine content. this is...
Why should users dictate your content? List some ways that users' needs determine content. this is in realtion to online copywritting
Recall that a database has many types of users, each of whom may require a different...
Recall that a database has many types of users, each of whom may require a different view of the database. The database user responsible for creating database accounts in a DBMS like Oracle is called the: The database administrator (DBA) Database end user DBMS system builder Database designer none of the above Which of the following can be an example of a multi-valued attribute in ER modeling of a database? address last name middle name country none of the above...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT