www.fortinet.com 1 Auto Scaling Infrastructure Security for AWS Cloud Security has become an essential enabler of application and service delivery in cloud environments. For organizations, contemplating the migration of essential activities to the cloud, the ability to match security to workloads is a key business consideration. For users of cloud computing services like the AWS cloud, the effective application of security requires an ability to scale up and down in concert with the workload. The most operationally advantageous way to support this dynamic need is with automation. As organizations migrate their production infrastructure to the cloud, many leverage Amazon’s Auto Scaling web service to automatically scale their cloud compute resources according to conditions they define. This provides an excellent means of optimizing cloud costs, detecting faulty instances, identifying unhealthy applications and automating replacement. As cloud workloads are scaled-out, the concerns of secured data protection persist and require a scaling automation capability able to match changes in utilized compute resources. Automating security in the cloud is not trivial. Fortinet has developed an Auto Scaling cloud template which adds FortiGate enterprise firewall instances automatically based on user defined criteria while using AWS integrated scripts and templates to maintain a familiar UI and initiate security elasticity for optimal network utilization. SOLUTION BRIEF Highlights n Provides timely protection as workloads scale horizontally n Delivers automatic scaling for the best-in-class advanced security in Amazon AWS n Pre-tunes “minimum” and “maximum” security optimization parameters to provide refined security policy influence n Minimizes Cloud instance over-subscription and OPEX spending n Eliminates error-prone manual intervention in security configurations
4
Embed
Auto Scaling Infrastructure Security for AWS Cloud - · PDF file 1 Auto Scaling Infrastructure Security for AWS Cloud Security has become an essential enabler of application and service
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
www.fortinet.com 1
Auto Scaling Infrastructure Security for AWS CloudSecurity has become an essential enabler of application and service delivery in cloud environments. For organizations, contemplating the migration of essential activities to the cloud, the ability to match security to workloads is a key business consideration.
For users of cloud computing services like the AWS cloud, the effective application of security requires an ability to scale up and down in concert with the workload. The most operationally advantageous way to support this dynamic need is with automation.
As organizations migrate their production infrastructure to the cloud, many leverage Amazon’s Auto Scaling web service to automatically scale their cloud compute resources according to conditions they define. This provides an excellent means of optimizing cloud costs, detecting faulty instances, identifying unhealthy applications and automating replacement. As cloud workloads are scaled-out, the concerns of secured data protection persist and require a scaling automation capability able to match changes in utilized compute resources.
Automating security in the cloud is not trivial. Fortinet has developed an Auto Scaling cloud template which adds FortiGate enterprise firewall instances automatically based on user defined criteria while using AWS integrated scripts and templates to maintain a familiar UI and initiate security elasticity for optimal network utilization.
SOLUTION BRIEF
Highlights
nn Provides timely protection as workloads scale horizontally
nn Delivers automatic scaling for the best-in-class advanced security in Amazon AWS
nn Pre-tunes “minimum” and “maximum” security optimization parameters to provide refined security policy influence
nn Minimizes Cloud instance over-subscription and OPEX spending
nn Eliminates error-prone manual intervention in security configurations
SOLUTION BRIEF: AUTO SCALING INFRASTRUCTURE SECURITY FOR AWS CLOUD
2
To ensure availability and optimization of FortiGate advanced threat protection over the entire Auto Scaling groups, Fortinet maps your AWS security postures to scale up and down with your EC2 in an AWS CloudFormation template. This template can be held in a repository, making it reproducible and easily deployable as new instances require secure elasticity.
Figure 1: Auto Scale FortiGate Appliances Utilizing AWS native tool and templates
SOLUTION BRIEF: AUTO SCALING INFRASTRUCTURE SECURITY FOR AWS CLOUD
3
Auto Scaling helps you maintain security availability and allows you to scale your Amazon EC2 capacity up or down automatically according to conditions you define.
Figure 2: Select CloudFormation Template in Auto Scaling Web Service
Figure 3: Identify FortiGate Instance Type and Define Parameter Thresholds per CPU Utilization
Security is applied dynamically whenever a pre-selected application demand criterion is met. Workload spikes and off-peak periods are nearly impossible to predict − Auto Scaling removes the guesswork while delivering true pay-as-you-go cloud consumption.
SOLUTION BRIEF: AUTO SCALING INFRASTRUCTURE SECURITY FOR AWS CLOUD
Suggested Scaling Guidelines for On-Demand Instance / FortiGate-VM-AWS / FortiWeb-VM-AWS
Template: CPU Utilization
Medium Instance FG-VM01-AWS FWB-VM01-AWS
Large Instance FG-VM02-AWS FWB-VM02-AWS
Xlarge Instance FG-VM04-AWS FWB-VM04-AWS
2Xlarge Instance FG-VM08-AWS FWB-VM08-AWS
Scale Up Threshold 80 80 80 80
Scale Down Threshold 70 70 70 70
Template: Memory Utilization
Medium Instance FG-VM01-AWS FWB-VM01-AWS
Large Instance FG-VM02-AWS FWB-VM02-AWS
Xlarge Instance FG-VM04-AWS FWB-VM04-AWS
2Xlarge Instance FG-VM08-AWS FWB-VM08-AWS
Scale Up Threshold 80 80 80 80
Scale Down Threshold 70 70 70 70
Template: Concurrent Sessions
Medium Instance FG-VM01-AWS FWB-VM01-AWS
Large Instance FG-VM02-AWS FWB-VM02-AWS
Xlarge Instance FG-VM04-AWS FWB-VM04-AWS
2Xlarge Instance FG-VM08-AWS FWB-VM08-AWS
Scale Up Threshold 1500 8000 30,000 120,000
Scale Down Threshold 1200 6000 24,000 100,000
Template: Session Set-Up Rate
Medium Instance FG-VM01-AWS FWB-VM01-AWS
Large Instance FG-VM02-AWS FWB-VM02-AWS
Xlarge Instance FG-VM04-AWS FWB-VM04-AWS
2Xlarge Instance FG-VM08-AWS FWB-VM08-AWS
Scale Up Threshold 320,000 450,000 1,000,000 3,000,000
Scale Down Threshold 270,000 400,000 8,000,000 2,400,000
Fortinet has the complete advanced security portfolio available in the Amazon AWS Marketplace where you can choose Bring-Your-Own-License (BYOL), hourly or annually on-demand consumption. For more use case information or test drive FortiGate firewall in AWS, please visit fortinet.com/aws.