Cloud 101 - Episode 2 - SysOps: 10 ways the Cloud can serve your on-premise infra
More and more organizations adopt a hybrid approach to cloud, keeping on-premises their apps with lower requirements in terms of scalability or high availability. However, the Cloud can also bring value for them!
After a first post on the main value brought by cloud computing (TL;DR: align your IT teams on business stakes), I suggest we look at how the cloud can help you manage your on-premise infrastructure, with services some of whom are free and others on a pay-per-use model (without any initial cost).
1. An on-demand, virtually free, Disaster Recovery Plan
A disaster can always happen🔥, whether it a fire in your on-premise IT room or colocated datacenter (yes, even there cf. GlobalSwich or OVH Strasbourg fires). Or a ransomware for that matter.
With Disaster Recovery service, you can have a near real-time replication of you machines on the cloud, with instances ready to pop in in case of an incident (from the live version or using Point-in-Time Recovery in case of a ransomware). At the end of the incident you can bring your machines back to your on-premise infra.
2. Inventory and Patch management
One of the core AWS services for SysOps is AWS Systems Manager (SSM). Among its numerous features, it makes it possible to manage your on-premise Windows and Linux machines for free, just the same way you manage EC2 instances.
SSM Inventory enables you to centralise and visualise in one glance your OS, patches states as well as installed apps and packages, their version, and even list files or (Windows) registry keys.
SSM Patch Manager makes it possible to automatically apply OS and packages patches, managing deployment waves (for instance test servers one day, production the next day), set up policies (e.g. install critical patches on day 0, less critical ones on day 7) and respects your maintenance windows defined for each application.
3. Observability
Not all IT departments have the skills or availability to maintain ELK clusters, or the money to invest in Datadog 💰. AWS observability services can collect data from your on-premise app, for the same pricing as if they were running on the cloud.
- Logs can be pushed to Cloudwatch (where they can be easily queried, or converted to metrics to detect anomalous error rates, for instance)
- Metrics (e.g. disk space left) can be pushed to CloudWatch or to the AWS Managed Service for Prometheus (et can then be viewed with Grafana)
- App traces can be processed by X-Ray (helping you understand the root cause of app slowness).
4. Bastion
Being able to connect remotely to a machine using SSH or Remote Desktop without the machine being exposed publicly is the task of a bastion.
With SSM, you have a bastion with advanced feature, for instance the ability to control who can execute which runbook, or having a log of all commands that were entered.
On top of interactive shell sessions, you can define runbacks, that is predefined commands, enabling some user without tech skills to restart a service without granting them root access.
These runbacks can also be triggered automatically on any event, for instance if the app becomes unavailable.
5. Compliance and safety
Just two example of services in this area:
- AWS Config enables you to define policies (for instance " no app should run with root-level privileges on a Linux machine") and detect non-compliant resources, and trace their remediation.
- With AWS Verified Access, the Cloud can become the gate to your on-premise app. Traffic forwarding can be restricted only to authenticated users, and WAF (Web Application Firewall) rules can be applied.
6. Backup and restore
Being able to have an immutable backup of your resources is key to be able to restore your systems. All the more since ransomware have been part of the security landscape.
Cloud services offer various solutions to backup your data, with point-in-time recoveryavailable. For instance:
- AWS Backjup can manage backup for your on-premises VMWare environment..
- AWS DataSync can clone your network shared disks and maintain sync copies on the cloud.
In any case, the underlying S3 storage enable to store these (versioned) records in an immutable and cost-effective way (from $0.0036/Gb.month), removing the need to maintain tape backup systems.
7. SD-WAN
If you have multiple sites spread all over the world, you can interconnect them via the AWS backbone to dramatically reduce latency.
8. Provisioning
Provisioning apps and packages in Virtual Machines is possible using Chef, Ansible or Salt, to mention the most famous tools.
Systems Manager Stage Manager supports all those template / playbooks / recipe languages and can serve as their execution environment.
9. Some AWS Services can be hosted on-premises!
Sometimes, regulatory or technical constraints make it necessary to perform on-site processing. For instance, to process video feeds and limit the bandwidth necessary to upload them.
However, you may still want to benefit from the same advantages of the Cloud managed services (automation, for instance).
- With ECS/EKS Anywhere, it is possible to use your own servers to deploy containers, while keeping the control plan on AWS (scalability, container registry, etc.).
- With Outposts, you can rent servers capable to run EC2, S3, RDS? ECS, EKS.. on site.
10. Last but not least...
Create value for your on-premises infra requires your admins to learn cloud technologies. There's no AWS service for that. But fortunately there is TerraCloud !
If you want to deploy some of the aforementioned use cases, TerraCloud is here to help! Let's make an appointment! !