View
268
Download
8
Category
Tags:
Preview:
DESCRIPTION
Alert Logic demos Web Security Manager for Amazon Web Services
Citation preview
December 3, 2013
Alert Logic Web Security Manager for AWS
Jon VaughtSales Engineer
Diane GareyProduct Marketing
Today’s Agenda
• Web Security Manager for AWS Architecture – What you need to run Web Security Manager
• Getting Started– Quick Tour
• Next Steps– Trial– Q&A
Page 2
Alert Logic Web Security Manager WAF Introduction
Page 3
Active Protection for Web Applications, Management IncludedPositive & Negative Security Active protection using signatures and leading learning engine
Key Compliance Coverage Supports PCI 6.6 and OWASP Top 10 risks
Management Included 24x7 management by experienced security analysts
AWS Auto Scaling Protection scales dynamically with your web apps
Security Where You Need It Works wherever you have your datacenter
Web Security Manager Architecture
Amazon
Page 5
VPC
Availability Zone 1
Deployment for Auto Scaling and High Availability in AWS VPC
Availability Zone 2
Elastic Load Balancer
Web Server Web Server
Web Security Manager AWS System Overview
Internet Gateway
Amazon
Page 6
VPC
Availability Zone 1
Deployment for Auto Scaling and High Availability in AWS VPC
Availability Zone 2
Elastic Load Balancer
Web Server Web Server
Web Security Manager AWS System Overview
Internet Gateway
Worker Subnet
WSM Worker
Worker Subnet
WSM Worker
Elastic Load Balancer
Internal Elastic Load Balancer
ELB Master
S3
Master Subnet
WSM Master
Public Subnet
NAT Instance NAT Instance
Public Subnet
EBS Log Volume
Overview• 1 Master AS group with 1 master at all times• 1 Worker AS group with 2-n workers at all times
ELB Master• External interface for WSM Master• Management and monitoring (https and ssh)
ELB Worker• SSL Termination• Load balances web traffic to worker AS group
S3 Bucket• Persists configuration data
NAT Instances• Required for S3 access from private subnets
WSM Master• Acts as management node for configuration• Queues and transports logs, stats from workers
EBS Log Volume• Persists Deny Log and Stats data for master• Attached at instance start up
WSM Worker• Retrieves configuration on instance launch• Protects web traffic in front of internal ELB• Transports logs, stats to master queue
Amazon
VPC
Availability Zone 1
ELB Master
Worker Subnet
WSM Worker
Website Traffic Data Flow
Page 7
S3Availability Zone 2
Public Subnet
NAT Instance NAT Instance
Public Subnet
Master Subnet
WSM Master
Worker Subnet
Internet Gateway
Worker Subnet
EBS Log Volume
ELB Worker
WSM Worker WSM Worker
Internal ELB for your application
Web Server Web Server
Client
Website Traffic• Browser clients
connect to worker ELB
• Traffic is load balanced to Web Security Manager appliances
• Web Security Manager appliances connect to backend ELB
Web Security Manager Performance
Web Security Manager Master Instance Processing Capacity• The estimated processing capacity per Master instance is:
– m1.medium: 10 workers, 250 Mbps (inbound + outbound) total across workers
– m1.large: 25 workers, 1 Gbps (inbound + outbound) total across workers
Worker Processing Capacity in Mbps• Worker instance processing capacity:
– m1.small: 13 Mbps total (inbound + outbound)– c1.medium: 50 Mbps total (inbound + outbound)– c1.xlarge: 200 Mbps total (inbound + outbound)
Page 8
Auto Scaling Parameters
• The Cloud Formation template that creates the Web Security Manager stack allows for defining Auto Scaling Parameters.
• The difference in thresholds for scaling up and down is to mitigate the risk of removing capacity too quickly, or incorrectly reducing capacity.
Page 9
Setting Default
Scale up CPU utilization threshold 80%
Scale up when CPU is above threshold for more than 120 seconds
Scale down CPU utilization threshold 50%
Scale down when CPU is below threshold for more than 600 seconds
Auto Scaling Web Security Manager at re:Invent
https://www.youtube.com/user/AmazonWebServices
Try Web Security Manager
• Contact Alert Logic:– www.alertlogic.com– info@alertlogic.com
• Installation steps:– Set up an Alert Logic account– Gather information from your web application stack– Create internal ELB for backend web servers– Run Cloud Formation template that creates the Web Security
Manager stack– Move inbound traffic to Web Security Manager external ELB– Configure additional web sites (if required)
Page 12
Thank You! Q&A
jvaught@alertlogic.comdgarey@alertlogic.com
Page 14
AWS Services Used to Deploy Web Security Manager
• Amazon Machine Image (AMI) - An encrypted machine image stored in Amazon Elastic Block Store or Amazon Simple Storage Service. AMIs are like a template of a computer's root drive. They contain the operating system and can also include software and layers of your application, such as database servers, middleware, web servers, and so on.
• Amazon Virtual Private Cloud (VPC) - A web service that enables you to create a virtual network for your AWS resources.
• Auto Scaling - A web service designed to launch or terminate instances automatically based on user-defined policies, schedules, and health checks.
• Auto Scaling group - A representation of multiple Amazon Elastic Compute Cloud instances that share similar characteristics, and that are treated as a logical grouping for the purposes of instance scaling and management.
• Availability Zone (AZ) - A distinct location within a region that is insulated from failures in other Availability Zones, and provides inexpensive, low-latency network connectivity to other Availability Zones in the same region.
• AWS CloudFormation - A service for writing or changing templates that create and delete related AWS resources together as a unit.
• Elastic Load Balancing - Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances. Customers can enable Elastic Load Balancing within a single Availability Zone or across multiple zones for even more consistent application performance. Elastic Load Balancing can also be used in an Amazon Virtual Private Cloud (“VPC”) to distribute traffic between application tiers.
Recommended