AWS Gov Cloud Summit II AWS GovCloud (US) CJ Moses Deputy Chief Information Security Officer
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
AWS Gov Cloud Summit II
AWS GovCloud (US) CJ Moses
Deputy Chief Information Security Officer
Fault Separation and Geographic Diversity
Amazon CloudWatch
Note: Conceptual drawing only. The number of Availability Zones may vary
EU Region (IRE)
Availability Zone A
Availability Zone B
US East Region (N. VA)
Availability Zone A
Availability Zone C
Availability Zone B
APAC Region
(Tokyo)
Availability Zone A
Availability Zone B
US West Region (N. CA)
Availability Zone A
Availability Zone B
APAC Region (Singapore)
Availability
Zone B Availability
Zone A
Availability Zone C
BUT:
Data has to stay in CONUS
Must meet Federal standards for security and
privacy controls
US Persons only access
Data Isolation, Network Isolation, Machine
Isolation
a new region…
AWS GovCloud (US)
AWS GovCloud (US): A New Region
Ashburn, VA / Dallas, TX / Jacksonville, FL / Los Angeles, CA / Miami, FL / Newark, NJ / New York, NY / Palo Alto, CA / Seattle, WA / St. Louis, MO / Amsterdam / Dublin / Frankfurt / London / Hong Kong / Paris / Stockholm / Tokyo / Singapore
US East (Northern Virginia) US West (Northern California) GovCloud (US) (West Coast) Europe (Dublin) Asia Pacific (Singapore) Asia Pacific (Tokyo)
6 AWS Regions
19 AWS CloudFront Locations
Targeted to US Government Customers
US governmental entity or supporting company FISMA Moderate Compliant Controls
US Persons-Only access (Physical & Logical)
AWS will screen direct customers prior to providing access to the AWS GovCloud (US). Direct customers must be:
U.S. Persons; not subject to export restrictions; and comply with U.S. export control laws and regulations, including the International
Traffic In Arms Regulations.
Data Isolation (Service & IAM Controls) Network Isolation (VPC required, FIPS 140-2 Compliant endpoints)
Machine Isolation (Dedicated instances optional)
Customer’s
Network
Amazon
Web Services
Cloud Secure VPN
Connection over
the Internet
Subnets
Customer’s isolated
AWS resources
Amazon VPC Architecture
Router VPN
Gateway
Internet NAT
Security is Job Zero
http://aws.amazon.com/security/
Certifications and Accreditations
• FISMA Moderate Compliant Controls
• SAS70 Type II (next report SOC1 - SSAE 16)
• ISO 27001
• PCI DSS Level 1
• FIPS 140-2 Compliant Endpoints (GovCloud)
AWS GovCloud (US) Services
Amazon Elastic Compute Cloud (EC2)
Two Availability Zones
Standard, High-Mem and High-CPU Instances available
Amazon Simple Storage Service (S3) Full durability, designed at 99.999999999%
Amazon Elastic Block Store (EBS)
Amazon Virtual Private Cloud (VPC)
Required for all customers
Amazon CloudWatch
AWS Identity and Access Management (IAM)
Command Line API Access (No Console)
elasticfox (Firefox plugin)
AWS Deployment Models
Logical
Server and
Application
Isolation
Granular
Information
Access
Policy
Logical
Network
Isolation
Physical
server
Isolation
Government
Only Physical
Network and
Facility
Isolation
ITAR
Compliant
(US
Persons
Only)
Sample Workloads
Commercial
Cloud Public facing apps.
Web sites, Dev
test, FISMA Low
Virtual Private
Cloud (VPC) Data Center
extension, TIC
environment,
email, FISMA
Moderate
AWS
GovCloud
(US)
USP Compliant
and Government
Specific Apps.
Use Cases
Over 100 Government Agencies
Including:
Agencies using AWS to support
their mission . . .
GSA Infrastructure-as-a-Service
BPA Award
NASA US RATB US Treasury USDA
NASA – Jet Propulsion Laboratory
Mars Exploration
Rovers
Mars Science
Laboratory
Deep Space
Network Carbon in the Arctic Reservoir
Vulnerability Experiment
Lunar Mapper
Mission Project
ATHLETE
Robot
Mars Science Lab - Curiosity
Fast Motion Field Test - Image Processing in the Cloud
• Massively parallel computations on EC2
Image Stitching (panorama generation)
Stereo Correlation (depth perception)
Large Image Tiling
Elasticity
• Zero to a few hundred cores, back to zero – in a few weeks
Pay-as-you-go
• Mission paid only for what it used
Scalable – NASA JPL
“[AWS] allowed us to process nearly 200,000 Cassini images within a few hours under $200. [Before AWS] we were only able to use a single machine locally and spent more than 15 days on the same task.”
- Khawaja Shams, Sr. Solutions Architect, NASA JPL
European Space Agency
ESA Centre for Earth
Observation
• Data collected by Satellites
stored in Amazon Simple
Storage Service (S3)
• Earth science data provided to
organizations around the world –
50,000 users at peak, 30 TB at a time
Scalability
• Scale up storage infrastructure as much as needed
Speed and Agility
• Avoided time to procure dedicated hardware with on-demand
service
Government Solution Providers
“This new offering will enable the US federal government to continue to improve their organization’s performance, effectiveness, and efficiency with increased transparency. ESRI is pleased to continue working with AWS to offer federal agencies the powerful coupling of the cloud with ESRI’s suite of tools for mapping and geographic analysis.”
-Jack Dangermond, President, ESRI
AWS Gov Cloud Summit II
• Customers who are interested in learning more about the AWS GovCloud (US) should contact their government sales representative by filling out the Contact Us form on the AWS GovCloud (US) website.
• http://aws.amazon.com/govcloud-us/contact/ or call us at 703-561-9600
Getting Started
AWS Gov Cloud Summit II
• Steven Halliwell – GM SLED at [email protected] or (954) 778-6667
• Steve Spano – Global Defense and Aerospace at [email protected]
• Thomson Nguy or Cindy Brent – Civilian Agencies: Thomson at
[email protected] or (703)-371-8541 and Cindy at [email protected] or (703) 402-0880
• Brett McMillien – Healthcare and Department of Energy [email protected] or (571) 239-8860
• Mark Fox – Department of Defense at [email protected] or (703) 598-5822
• Dave Hirko – Intelligence Community [email protected] or (571) 421-7729
or go direct to:
AWS Gov Cloud Summit II
Thank You!!
Related Documents
