Phil Robinson – Cloud Progress at Cornell Student Services IT
First AWS account – July 2015 – adopted a cloud first strategy. Now have about 30 apps on AWS (migrations, rewrites, new apps). Automate with Jenkins and Ansible. Retiring on-prem VMs.
Custom class-roster app, used by students to decide what to take. Added central syllabi feature this year. Using SNS+SQS as message bus, orchestrating events; CloudFront delivery for syllabi; On fly ClamAV scans on upload; ElasticSearch for searching; SES for notifications by email. Developed in 3632 hours.
Looking towards containerizing and VDI.
Gerard Schockley – BU iPaas RDS AWS
IPaaS ODS in RDS – integration service designed to integrate many data feeds into SnapLogic platform. Operational Data Store. Using AWS Aurora.
Bob Winding – Cloud Automation Journey
Most fully automated in GovCloud project. CloudFormation (VPCs, IAM, Security Groups, Centralized alerts); ANsible and CloudFormation for server builds; Consol federation with ADFS; Consistent process for all project accounts; new project account in a couple of hours; decentralized maintenance of CF Templates.
What does “cloud native” mean at Penn?
Case study 1 – online giving portal: Data ETL (Talent); to Postgres RDS (fundraising metadata); S3 / Cloudfront; to Oracle on prem. Near real-time
Case study 2: Service ordering (VDI and Backup requests). On prep powershell makes changes in AD groups, sends messages through SQS
Case study 3 – Device registration. On prep registration; does API keys in Lambda
Sara Jeanes – Considerations in moving HPC workloads to the cloud
Initial framing questions: Do they have a preference for which cloud provider (do they have credits, different tech); Is there a multi-cloud resiliency need?
Workload questions: Can it be interrupted (use spot instances), large workloads firewall considerations (ScienceDMZ);
Jeff Minelli – Penn State – CloudCheckr enabling transparency at Penn State
Gain insights into financial transparency, spend optimization, resource utilization and right-sizing, cost allocation, best practices, security & compliance, collection and unification of AWS API data, continuous monitoring, reporting and alerts
Working with CloudCheckr to enable SAML. Basic group email notifications. Configuration of $100 spending alerts.
Trying to get CloudCheckr into InCommon.
Network Firewall Policies for Hybrid Cloud – Brian Jemes – University of Idaho
In cloud managing firewalls with server tags. Gets complicated when managing across on-prem and cloud. On prep have Cisco tools to manage ASA firewalls.
Options: manage hybrid cloud policy in on-prem firewall; manage hybrid policies with traditional firewalls in cloud; develop a hybrid tool.
Looking at a startup called Bracket Computing – cloud firewall policy manager. brkt.com – Provides micro-segmentation.
John Bailey – Washington University (St. Louis). Cloud IAM
Balance between security and usability. Enhncing usability with SPNEGO integrated auth. leverages kerberos token from machine login to perform a web SSO login, making the web login invisible to the customer.
Lou Tiseo – how categorizing resources help to understand cloud usage
Requiring seven different tags. Using Cloudyn management dashboard. Helped save costs by using reserved instances.
Chris Malek Caltech – Automation tools for AWS ECS and Batch
deployfish – configure almost all aspects of an ECS services (load balancing, app autoscaling, volumes, environment, etc). They’ve open sourced it. Create, inspect, scale, update, destroy and restart ECS services with single commands; manage multiple environments (test, qa, prod, etc). Integrates directly with terraform. YAML driven
batchbeagle — allowing people to manage AWS Batch. Create, update, disable, and destroy queues. Create, update, disable, and destroy compute environments. Create job descriptions. Submit and manage jobs, etc.
Amanda Tan – Washington
Enabling cost notifications on AWS. Cost monitoring is difficult – should be zero effort. Two prong attack: auto-tag resources, send email notification with total spend and resource usage daily. Cloud Formation Template sets up Cloudwatch which invokes auto tag lambda function. AutoTag tags resources with owner and principal-id. Notification works off DLT billing records, provided in S3 buckets twice a day.