lessons learned from reviewing 150 infrastructures
play

LESSONS LEARNED FROM REVIEWING 150 INFRASTRUCTURES_ JON TOPPER | - PowerPoint PPT Presentation

Jan 27, 2024 •126 likes •631 views

LESSONS LEARNED FROM REVIEWING 150 INFRASTRUCTURES_ JON TOPPER | @jtopper | he/him/his $ whoami Founder/CEO/CTO The Scale Factory Working in hosting/infrastructure for 20 years Infrastructure / AWS / DevOps @jtopper @jtopper REVIEWS RUN _

  2. LESSONS LEARNED FROM REVIEWING 150 INFRASTRUCTURES_ JON TOPPER | @jtopper | he/him/his

  3. $ whoami Founder/CEO/CTO The Scale Factory Working in hosting/infrastructure for 20 years Infrastructure / AWS / DevOps @jtopper

  4. @jtopper

  5. REVIEWS RUN _ 180 135 90 45 0 Mar-2018 May-2018 Jul-2018 Sep-2018 Nov-2018 Jan-2019 Mar-2019 May-2019 Jul-2019 Sep-2019 Nov-2019 Jan-2020 @jtopper

  6. TODAY’S AGENDA_ What is Well-Architected? What is a Well-Architected Review? Common Review Findings @jtopper

  7. WHAT IS WELL-ARCHITECTED?_ @jtopper

  8. Catalogue of emergent good practices WELL Observed by AWS Field Solutions Architects ARCHITECTED Codified and shared ORIGINS _ Platform agnostic* @jtopper

  9. ������������������������������ ��������� ������������������������������������������������������������������������������������������� ����������������������������������������������������������������������������������������������� ����������������������������������������������������������������������������������������������������� �������������������������������������� ������� ����������������������������������� White Papers Review Tool @jtopper

  10. Operational Performance Cost Excellence Security Reliability Efficiency Optimisation @jtopper

  11. Lenses High Serverless Performance IoT Applications Computing (Internet of Things) @jtopper

  12. Gap analysis / planning USING Teaching WELL-ARCHITECTED _ Team alignment @jtopper

  13. WHAT IS A WELL-ARCHITECTED REVIEW?_ @jtopper

  14. WELL Foundational questions ARCHITECTED Up to 4 hours REVIEW _ Qualitative @jtopper

  15. Operational Performance Cost Excellence Security Reliability Efficiency Optimisation Well Architected 11 8 9 46 9 9 Core Serverless 1 1 3 2 2 9 Applications High Performance 2 4 3 3 4 16 Computing IoT 10 11 35 4 6 4 (Internet of Things) @jtopper

  16. How do you determine what your priorities are? QUESTION • Evaluate external customer needs OPS 1_ • Evaluate internal customer needs • Evaluate compliance requirements • Evaluate threat landscape • Evaluate tradeoffs • Manage benefits and risks • None of these @jtopper

  17. How do you determine what your priorities are? QUESTION • Evaluate external customer needs OPS 1_ WA • Evaluate internal customer needs WA • Evaluate compliance requirements WA • Evaluate threat landscape NI • Evaluate tradeoffs NI • Manage benefits and risks NI • None of these CI @jtopper

  18. How do you determine what your priorities are? QUESTION • Evaluate external customer needs OPS 1_ WA • Evaluate internal customer needs WA • Evaluate compliance requirements WA High Risk • Evaluate threat landscape NI • Evaluate tradeoffs NI • Manage benefits and risks NI • None of these CI @jtopper

  19. How do you determine what your priorities are? QUESTION • Evaluate external customer needs OPS 1_ WA • Evaluate internal customer needs WA • Evaluate compliance requirements WA Medium Risk • Evaluate threat landscape NI • Evaluate tradeoffs NI • Manage benefits and risks NI • None of these CI @jtopper

  20. How do you determine what your priorities are? QUESTION • Evaluate external customer needs OPS 1_ WA • Evaluate internal customer needs WA • Evaluate compliance requirements WA Medium Risk • Evaluate threat landscape NI • Evaluate tradeoffs NI • Manage benefits and risks NI • None of these CI @jtopper

  21. How do you determine what your priorities are? QUESTION • Evaluate external customer needs OPS 1_ WA • Evaluate internal customer needs WA • Evaluate compliance requirements WA Well Architected • Evaluate threat landscape NI • Evaluate tradeoffs NI • Manage benefits and risks NI • None of these CI @jtopper

  22. COMMON REVIEW FINDINGS_ @jtopper

  23. THE GOOD_ @jtopper

  24. How do you determine what your priorities are? QUESTION • Evaluate external customer needs 93% OPS 1_ WA • Evaluate internal customer needs 87% WA • Evaluate compliance requirements 90% Well Architected WA 77% • Evaluate threat landscape 85% NI • Evaluate tradeoffs 89% NI WA Rank: 1 • Manage benefits and risks 89% NI • None of these 0% CI @jtopper

  25. How do you select your storage solution? QUESTION PERF 3_ • Understand storage characteristics and 84% WA requirements Well Architected • Evaluate available configuration options 78% NI 70% • Make decisions based on access 73% NI WA Rank: 2 patterns and metrics • None of these 5% CI @jtopper

  26. How do you implement change? QUESTION REL 5_ • Deploy changes in a planned manner 83% Well Architected WA 63% • Deploy changes with automation 67% NI • None of these 6% CI WA Rank: 3 @jtopper

  27. THE BAD_ @jtopper

  28. How do you plan for disaster recovery? QUESTION • Define recovery objectives for downtime 33% WA and data loss REL 9_ • Use defined recovery strategies to meet 33% WA the recovery objectives High Risk • Test disaster recovery implementation to 79% 25% WA validate the implementation (87%) • Manage configuration drift on all HRI Rank: 1 39% NI changes • Automate recovery 16% NI • None of these 31% CI @jtopper

  29. How do you respond to a [security] incident? • Identify key personnel and external 51% QUESTION WA resources SEC 11_ 27% • Identify tooling WA 39% • Develop incident response plans WA High Risk 0% • Automate containment capability NI 75% 11% • Identify forensic capabilities NI (93%) HRI Rank: 2 27% • Pre-provision access NI 10% • Pre-deploy tools NI 3% • Run game days NI 35% • None of these CI @jtopper

  30. How do you classify your data? QUESTION SEC 8_ • Define data classification requirements 61% WA • Define data protection controls 39% WA High Risk • Implement data identification 17% WA 75% • Automate identification and classification (88%) 4% NI HRI Rank: 3 • Identify the types of data 59% NI • None of these 23% CI @jtopper

  31. How do you evaluate new services? QUESTION • Establish a cost optimisation function 34% WA COST 9_ • Develop a workload review process 26% WA • Review and implement services in an 84% NI High Risk unplanned way 71% 43% • Review and analyse this workload NI (79%) regularly HRI Rank: 4 • Keep up to date with new service 63% NI releases 1% CI • None of these @jtopper

  32. How do you test resilience? QUESTION • Use playbooks for unanticipated failures 25% WA REL 8_ • Conduct root cause analysis and share 73% WA results High Risk • Inject failures to test resiliency 6% NI 67% • Conduct game days regularly 0% NI (92%) HRI Rank: 5 • None of these 16% CI @jtopper

  33. THE NOTABLE_ @jtopper

  34. How do you reduce defects, ease remediation, and improve flow into production? 90% QUESTION Use version control • WA 87% Test and validate changes • WA OPS 3_ 78% Use config management systems • NI 82% Use build/deploy systems • NI Well Architected 37% Perform patch management • NI 14% 57% Share design standards • NI 83% Implement practices to improve code quality • NI WA Rank: 23 81% Use multiple environments • NI 63% Make frequent, small, reversible changes • NI 52% Fully automate integration and deployment • NI 3% None of these • CI @jtopper

  35. How do you understand the health of your workload? QUESTION Identify key performance indicators 53% • WA OPS 6_ Define workload metrics 62% • WA Collect and analyse workload metrics 72% • WA Establish workload metric baselines 51% NI • Well Architected 46% Learn expected patterns of activity for workload 54% NI • Alert when workload outcomes are at risk 40% • NI WA Rank: 21 Alert when workload anomalies are detected 34% • NI Validate the achievement of outcomes and the 37% • NI effectiveness of KPIs and metrics 14% None of these CI • @jtopper

  36. How do you control human access? QUESTION • Define human access requirements 70% SEC 2_ WA • Grant least privileges 58% WA • Allocate unique credentials per person 90% High Risk WA 47% • Manage credentials based on lifecycle 70% NI (88%) • Automate credential management 13% NI HRI Rank: 20 • Grant access through roles or federation 62% NI • None of these 3% CI @jtopper

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From

Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From

Protg 2006, July 26th, Stanford I R I S A C 1 R E C Saint-Cyr Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From Ontology Ontology Design Design Ontology Ontology Design Design Jean Andr B

371 views • 12 slides
Institutionalizing Lessons Learned October 25, 2006 Loren Plisco Region II Background

Institutionalizing Lessons Learned October 25, 2006 Loren Plisco Region II Background

Institutionalizing Lessons Learned October 25, 2006 Loren Plisco Region II Background SEP 2002 Davis-Besse Lessons Learned Task Force AUG 2004 - Effectiveness Review Lessons Learned Task Force JAN 2005 - EDO Charters

269 views • 22 slides
OSHA Lessons Learned Adam Fries OSHA Compliance Officer February 13, 2018 OSHA Lessons Learned

OSHA Lessons Learned Adam Fries OSHA Compliance Officer February 13, 2018 OSHA Lessons Learned

OSHA Lessons Learned Adam Fries OSHA Compliance Officer February 13, 2018 OSHA Lessons Learned Jobsite Safety and Health Inspections/Audits better known as; PAPER WORK You hate it, Your safety director requires it, OSHA loves it, Does it

926 views • 35 slides
3/8/2019 Epidemiology, Risk Factors, and Outcomes of Pediatric PVD: LESSONS learned from the

3/8/2019 Epidemiology, Risk Factors, and Outcomes of Pediatric PVD: LESSONS learned from the

3/8/2019 Epidemiology, Risk Factors, and Outcomes of Pediatric PVD: LESSONS learned from the Spanish Registry: Lessons Learned from the Registries o Is It possible (and worthy) to do a national registry? Lessons learned from the o

1.16k views • 43 slides
DEBUGGING LESSONS LEARNED WHILE DEBUGGING LESSONS LEARNED WHILE FIXING NETBSD FIXING NETBSD

DEBUGGING LESSONS LEARNED WHILE DEBUGGING LESSONS LEARNED WHILE FIXING NETBSD FIXING NETBSD

DEBUGGING LESSONS LEARNED WHILE DEBUGGING LESSONS LEARNED WHILE FIXING NETBSD FIXING NETBSD ABOUT ME ABOUT ME maya@NetBSD.org coypu@sdf.org NetBSD/pkgsrc for the last 3 years THIS TALK THIS TALK Mix of a bunch of bugs Not solo work

695 views • 31 slides
Reviewing Scientific Code Chris Morris STFC SECSE2008 Nearly silent error handling

Reviewing Scientific Code Chris Morris STFC SECSE2008 Nearly silent error handling

Some Lessons Learned Reviewing Scientific Code Chris Morris STFC SECSE2008 Nearly silent error handling ServerThread() { .... try { .... } catch (IOException ex) { ex.printStaceTrace(); } // what postcondition? } Hypothesis: Lack of

431 views • 9 slides
Lessons Learned A Value Added Product of the Project Life Cycle R Gilman April 19, 2006 Agenda

Lessons Learned A Value Added Product of the Project Life Cycle R Gilman April 19, 2006 Agenda

Lessons Learned A Value Added Product of the Project Life Cycle R Gilman April 19, 2006 Agenda Introduction What are Lessons Learned? Value to the Project Process and Organization Keanes Approach to Lessons Learned Keys to

261 views • 24 slides
Four Major Events in Our History and the Lessons Learned Coleen Reiswig, Isobel McDonald, Ted

Four Major Events in Our History and the Lessons Learned Coleen Reiswig, Isobel McDonald, Ted

Four Major Events in Our History and the Lessons Learned Coleen Reiswig, Isobel McDonald, Ted Pincock, Carolyn Bouchard Joanne Archer Outline: 1) Common Themes 2) The Event and lessons learned: Spanish Influenza 1918 SARS

417 views • 38 slides
Lessons Learned from Japans NPL Experience Ladies and gentlemen, today I would like to discuss

Lessons Learned from Japans NPL Experience Ladies and gentlemen, today I would like to discuss

Beijing International Finance Forum Chairman Junichi Ujiie 2004/05/19 Lessons Learned from Japans NPL Experience Ladies and gentlemen, today I would like to discuss the lessons to be learned from Japans NPL problems: first, the disposal

344 views • 3 slides
Some lessons learned from Team Science Some lessons learned from Team Science Lewis Cantley Weill

Some lessons learned from Team Science Some lessons learned from Team Science Lewis Cantley Weill

Some lessons learned from Team Science Some lessons learned from Team Science Lewis Cantley Weill Cornell Medical College, New York Presbyterian Hospital Past participation in Team Science Period Period Type of grant Type of grant Role in Grant

380 views • 20 slides
MDG-SDG TRANSITION IN IVORY COAST: LESSONS LEARNED AND IMPLICATIONS ON CURRENT PUBLIC POLICIES

MDG-SDG TRANSITION IN IVORY COAST: LESSONS LEARNED AND IMPLICATIONS ON CURRENT PUBLIC POLICIES

MDG-SDG TRANSITION IN IVORY COAST: LESSONS LEARNED AND IMPLICATIONS ON CURRENT PUBLIC POLICIES SAKO G. . Oumar CONTENTS I. Context II. Assessment and lessons learned from implemention of MDGs III. Domestication/contextaulisation of SDGs

151 views • 12 slides
VALUE: Lessons Learned Kate McConnell & Erin Horan Association of American Colleges and

VALUE: Lessons Learned Kate McConnell & Erin Horan Association of American Colleges and

VALUE: Lessons Learned Kate McConnell & Erin Horan Association of American Colleges and Universities Todays session Overview of the MSC Scoring and reporting Lessons learned as related to validity Unintended consequences?

661 views • 40 slides
FACILITATED BY: Robin Booth, CPA 2 Training Topics Lessons Learned Best Practices

FACILITATED BY: Robin Booth, CPA 2 Training Topics Lessons Learned Best Practices

Office of Housing Counseling Best 9/20/2016 Practices/Lessons Learned - LHCAs U.S. Department of Housing and Urban Development Office of Housing Counseling Best Practices/Lessons Learned LHCAs September 20, 2016 12:00 PM Eastern Standard

569 views • 9 slides
MTN-001 Menu Lessons Learned Patrick Karugaba MU-JHU Core Lab, Kampala Uganda Objectives

MTN-001 Menu Lessons Learned Patrick Karugaba MU-JHU Core Lab, Kampala Uganda Objectives

MTN-001 Menu Lessons Learned Patrick Karugaba MU-JHU Core Lab, Kampala Uganda Objectives Introduction Identifying strength & resources at our disposal. Enumeration of challenges/tasks Lessons learned Conclusion

614 views • 13 slides
Lessons learned - viewpoints on increasing analytical capabilities Elizabeth Riczko, FCAS,

Lessons learned - viewpoints on increasing analytical capabilities Elizabeth Riczko, FCAS,

Lessons Learned 3/22/2011 Lessons learned - viewpoints on increasing analytical capabilities Elizabeth Riczko, FCAS, MAAA, CPCU 1 What are we doing? 2 It starts with a goal NOT a method A business question Ask why (and repeat)

338 views • 10 slides
Lessons Learned (the Hard Way) in an Organization from Predictive Modeling Projects Predictive

Lessons Learned (the Hard Way) in an Organization from Predictive Modeling Projects Predictive

Lessons Learned: Viewpoints on Increasing Analytical Capabilities Lessons Learned (the Hard Way) in an Organization from Predictive Modeling Projects Predictive Modeling Projects from a Company Perspective Greg Hansen, FCAS, MAAA Actuarial

349 views • 18 slides
IT Updates Maryland Health Benefit Exchange Board Meeting January 26, 2014 Presented by: Kevin

IT Updates Maryland Health Benefit Exchange Board Meeting January 26, 2014 Presented by: Kevin

IT Updates Maryland Health Benefit Exchange Board Meeting January 26, 2014 Presented by: Kevin Yang CIO, MHBE A service of Maryland Health Benefit Exchange Agenda Key Online Enrollment Statistics HIX Program Management Consumer Experience

349 views • 9 slides
Know Your Customers Who Are Your Rotary club Customers ? How Do Rotary clubs Make Money ?

Know Your Customers Who Are Your Rotary club Customers ? How Do Rotary clubs Make Money ?

Know Your Customers Who Are Your Rotary club Customers ? How Do Rotary clubs Make Money ? Defining Customer /Rotary club Participant Rotarians Rotaractors Interactors RYLArians Rotary Youth Exchange students

309 views • 26 slides
Organization of financial capacities training - Croatian experience Mirna Juri Central

Organization of financial capacities training - Croatian experience Mirna Juri Central

Organization of financial capacities training - Croatian experience Mirna Juri Central Harmonization Unit Ministry of Finance of the Republic of Croatia the Hague, 6 & 7 November 2018 Topics 1. Introduction State Treasury

693 views • 31 slides
2019 Risk & Compliance Conference Office of Internal Audit Objectives Introduce Internal

2019 Risk & Compliance Conference Office of Internal Audit Objectives Introduce Internal

April 4, 2019 2019 Risk & Compliance Conference Office of Internal Audit Objectives Introduce Internal Auditing Identify One Control Enhancement Take- away Avoid Being Boring University of Alabama System Office of

848 views • 16 slides
MY PERSONAL JOURNEY IN QUALITY: GROWTH AND OPPORTUNITIES Presented by Monica Daneshrad, MSQA

MY PERSONAL JOURNEY IN QUALITY: GROWTH AND OPPORTUNITIES Presented by Monica Daneshrad, MSQA

MY PERSONAL JOURNEY IN QUALITY: GROWTH AND OPPORTUNITIES Presented by Monica Daneshrad, MSQA AGENDA Change in Topic Learning Objectives Background Rock Bottom Challenges/Opportunities/Quality Theory Interpersonal Dealings

298 views • 27 slides
Andrea White, Human Resource Manager Gail Bair, Administrative Specialist Jennifer Wilfong, Clerk

Andrea White, Human Resource Manager Gail Bair, Administrative Specialist Jennifer Wilfong, Clerk

Andrea White, Human Resource Manager Gail Bair, Administrative Specialist Jennifer Wilfong, Clerk II - Payroll Wha t do e s HR Do ? Human Resource Management is the practice of recruiting, hiring and managing the organizations employees.

207 views • 17 slides
RULES OF ENGAGEMENT B E INVOLVED B E ENGAGED B E PREPARED TO BE CALLED UPON B E

RULES OF ENGAGEMENT B E INVOLVED B E ENGAGED B E PREPARED TO BE CALLED UPON B E

TOOLS FOR INTENTIONAL EXCELLENCE IN WORKING WITH INTERNAL STAKEHOLDERS D R . R UBIN C OCKRELL RULES OF ENGAGEMENT B E INVOLVED B E ENGAGED B E PREPARED TO BE CALLED UPON B E OPEN MINDED B E WILLING TO UNLEARN LEARNED

403 views • 28 slides
Addendum to Low Speed Bearing Analysis Paper Bruce Weathersby May 2015 1. Cost of

Addendum to Low Speed Bearing Analysis Paper Bruce Weathersby May 2015 1. Cost of

Addendum to Low Speed Bearing Analysis Paper Bruce Weathersby May 2015 1. Cost of outages for bearing replacement and production losses during those outages were not included in the original paper. 2. The real root cause of the bearing

128 views • 8 slides

More recommend