NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale
-
Upload
amazon-web-services -
Category
Technology
-
view
25 -
download
1
Transcript of NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale
![Page 1: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/1.jpg)
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Dean SamuelsManager, Solutions Architecture
Hong Kong & Taiwan
19th January 2017
New Launch!Amazon EC2 Systems Manager
Hybrid Cloud Management at Scale
![Page 2: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/2.jpg)
What to Expect from the Session
• Overview of Systems Manager and its capabilities
• Learn how to configure and manage your cloud and hybrid IT environments at scale
• Demos
![Page 3: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/3.jpg)
Cloud is the new normal – enterprises of all sizes are moving to the cloud to take
advantage of increased agility, lower costs, and a global reach
![Page 4: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/4.jpg)
Many enterprises often bring their traditional on-premises toolset to manage their cloud and
hybrid environments
![Page 5: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/5.jpg)
What we heard from customers
• Traditional IT tools not built for the cloud• Managing resources at scale is difficult• Lack of visibility into configuration and
execution history • Multiple vendors; complex licensing
Managing cloud and hybrid environments using traditional tools is complex and costly
![Page 6: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/6.jpg)
Introducing EC2 Systems Manager
A set of capabilities that enable automated configuration and ongoing management of systems at scale, across all of your Windows and Linux workloads, running in Amazon EC2 or
on-premises
![Page 7: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/7.jpg)
![Page 8: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/8.jpg)
Why should I care?
Hybrid Cross-platform Scalable
Secure Easy-to-write automation
Reduced TCO
Click icon to add picture Click icon to add picture Click icon to add picture
Click icon to add picture Click icon to add picture Click icon to add picture
![Page 9: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/9.jpg)
Systems Manager capabilities
Run Command Maintenance Window
Inventory
State Manager Parameter Store
Patch Manager
Automation
Deploy, Configure,and Administer
Track andUpdate
Shared Capabilities
![Page 10: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/10.jpg)
Documents
![Page 11: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/11.jpg)
Parameter Store
• Parameters reference-able via a Run Command, State Manager, and Automation Service
• Granular access control limits unwanted data access
• Encrypt sensitive information using your own AWS KMS keys
• Eliminates on-going maintenance challenge of critical enterprise assets
Centralized management of IT assets such as passwords and connection strings
New!
![Page 12: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/12.jpg)
Parameter Store – Getting Started
1. Set parameters as key-value pairs
3. Reuse: In Documents and easily reference at runtime across EC2 Systems manager using {{ssm:parameter-name}}
4. Access Control: Create an IAM policy to control access to specific parameter
2. Secure strings: encrypt sensitive parameters with your own KMS or default account encryption key
![Page 13: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/13.jpg)
Maintenance Window
• Define one or more recurring windows of time during which it is acceptable for disruptive actions to occur
• Built-in integration with Run Command and Patch Manager
• Helps improve availability and reliability of your workloads by automatically performing tasks in a well-defined window of time
Schedule disruptive tasks in well-defined window to minimize downtime
New!
![Page 14: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/14.jpg)
Run Command
• Example: Running shell and PowerShell scripts
• Easily define new tasks using simple JSON-based Documents – no specialized skillset required
• Leverage Documents built by AWS and the broader community
• Delegate access, perform audit, receive notifications
• Helps improve security posture by eliminating the need to SSH or RDP
Perform common administrative tasks remotely at scale
![Page 15: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/15.jpg)
Run Command – Getting Started
1. Instance: Setup agent, AWS Identity & Access Management (IAM) role on your instance. On-premise servers: create activation code, deploy agent and activate
3. Command and Command Invocation on target instances and on-premise servers
4. View status and output – granular results
2. Create Document to author your intent, define the plugins to run and parameters to use
![Page 16: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/16.jpg)
State Manager
• Example: Configuring firewall and updating anti-malware definitions
• Define new policies using simple JSON-based Documents
• Control how and when a configuration is applied and maintained
• Helps enforce enterprise-wide compliance of configuration policies
• Re-apply to keep servers from drifting
• Track aggregate status for your fleet
Define and maintain a consistent configuration of OS and applications
New!
![Page 17: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/17.jpg)
State Manager – Getting Started
1. Create Document to author your intent
3. Schedule: When to apply your association
4. Status: Check the state of your association at an aggregate or instance level
2. Association: Binding between a document and a target
![Page 18: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/18.jpg)
Automation Service
• Optimized for building and maintaining Amazon Machine Images (AMIs)
• Start with an AMI perform automation steps like OS patching and drive updates produce a new AMI
• Express your workflow as automation steps in a JSON-based Document
• Support for Run Command, AWS Lambda functions, AWS CloudTrail, IAM and Amazon CloudWatch integrations
• Eliminates the overhead in managing ‘golden’ enterprise images
Automate common tasks using simplified workflowsNew!
![Page 19: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/19.jpg)
Automation – Getting Started
1. Create an automation document
2. Run automation 3. Monitor your automation
![Page 20: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/20.jpg)
Walkthrough Demo
![Page 21: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/21.jpg)
Inventory
• Example: Instance and OS details, network configuration, list of files, installed software and patches
• Collect data from predefined inventory types or write a custom one using JSON Document
• AWS Config integration enables tracking the history of changes
• Simplifies management scenarios, such as licensing usage tracking and identifying zero-day vulnerabilities
Scalable way of collecting, querying, and auditing detailed software inventory information
New!
![Page 22: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/22.jpg)
Inventory – Getting Started
1. Configure Inventory policy
2. Apply Inventory policy
3. Query inventory
![Page 23: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/23.jpg)
Walkthrough Demo
![Page 24: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/24.jpg)
Inventory – System Diagram
SSMAgent
EC2 Windows Instance
SSMAgent
EC2 Linux
Instance
SSMAgent
On-Premises Instance
AWS SSM Service
State Manager
EC2 Inventory SSM document
Inventory Store
EC2 Console, SSM CLI/APIs
AWS Config
AWS Config Console + CLI/APIs
![Page 25: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/25.jpg)
Patch Manager
• Express custom patch policies as patch baselines, e.g., apply critical patches on day 1 but wait 7 days for non-critical patches
• Perform patching during scheduled maintenance windows
• Built-in patch compliance reporting
• Eliminates manual intervention and reduces time-to-deploy for critical updates and zero-day vulnerabilities
Roll out Windows OS patches using custom-defined rules and pre-scheduled maintenance windows
New!
![Page 26: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/26.jpg)
Patch Manager – Getting Started
1. Create a Patch Baseline to define approved patches
3. Maintenance Window executes patching
4. Audit results with Patch Compliance
2. Create a Maintenance Window to schedule patching for a set of instances
![Page 27: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/27.jpg)
Patch Manager - Overview
Prod Environment
Instance A
Patch Group:Prod
Patch Baseline
- Critical, High- 5 days or older
1
Maintenance Window
- Sundays @ 1AM- 2 hrs. long- Task: Patching
2 3
Patch Compliance
2up to date
0missingupdates
1error
4
Instance B
Patch Group:Prod Patch Group:Prod
![Page 28: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/28.jpg)
Best-practices and FAQs
• What OS platforms are supported? • Update your SSM agent today to get started!• What ports or network access do my instances need?• Is there anything different to set up on-premises servers?• Use notifications, velocity control• For disruptive actions, use Run Command with Maintenance
Window• Fine-grained access control through IAM policies on resources (e.g.
documents)• Customize configuration with idempotent scripts for State Manager
![Page 29: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/29.jpg)
Systems Manager availability
• No charge – only pay for AWS resources you manage
• Available in multiple regions
![Page 30: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/30.jpg)
Systems Manager capabilities
Run Command Maintenance Window
Inventory
State Manager Parameter Store
Patch Manager
Automation
Deploy, Configure,and Administer
Track andUpdate
Shared Capabilities
![Page 31: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/31.jpg)
Your Feedback is Important!
• These services are available today• Learn more at
https://aws.amazon.com/ec2/run-command/ • Technical documentation at http://
docs.aws.amazon.com/AWSEC2/latest/UserGuide/run-command.html
• Please send your feedback, improvements, requests to [email protected]
![Page 32: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/32.jpg)
Next steps
• Learn more at https://aws.amazon.com/ec2/systems-manager/
• Join us at the booth! We’d love to hear your feedback.
![Page 33: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/33.jpg)
Remember to complete your evaluations!
![Page 34: NEW LAUNCH! Amazon EC2 Systems Manager for Hybrid Cloud Management at Scale](https://reader036.fdocuments.net/reader036/viewer/2022070509/58a377b51a28abaa488b5707/html5/thumbnails/34.jpg)
Thank you!Dean Samuels
Manager, Solutions ArchitectureHong Kong & Taiwan
18/01/2017