INFOSYS735 Lab Project 1 – Part I & IICustomer requirements and company analysisEdit this document to add your responses to the questions or tasks below. 1.0 Customer Analysis: (slides 13-17)NB: How would you answer/explain these concepts to the customer for THEIR understanding1.What is high availability?High availability is about ensuring that your application’s downtime is minimized as much as possible with the need for human intervention. For example, if the availability level is 99%, there are 3.65 days per year when the application is not accessible, but if the availability level is 99.999%, there are only 5.25 minutes per year when the app is not accessible. Therefore, high accessibility can provide our users with better user experience and user satisfaction2.Why do I need to worry about high availability? I have a disaster recovery plan.Disaster recovery plan refers to that when the system fails and catastrophic damages occur to the system, the service can be re-established. The establishment process usually requires a certain amount of downtime and human intervention. While high availability focused on technology design and implementation is usually required in the establishment process. High availability, on the other hand, can be automated without human intervention to reduce system downtime.3.Our customers have asked us if our application is highly available. So, if all of our resources are in the cloud in one Availability Zone in the US West (Oregon), can we tell our customers that we are highly available?No, if we only have one Availability Zone, when a disaster happens, we will lose all resources and files, and the system will be inaccessible immediately.4.What is the difference between load balancing and elasticity?Load balancing acts as the “traffic cop” to distribute a large number of network requests to different servers to balance the load. Elasticity scales in or out plans or resources depend on our usage.5.The system will store a lot of sensitive personal information. We need to make sure that we can strictly control access. How do we do that?We can use IAM to strictly control the access rights of sensitive data, and only assign a few users who can access the data access rights.6.Due to the nature of our application, we track all of the app related access. How will we track all of the infrastructure access?With CloudTrail, we can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of our AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.1.2 Identify AWS Services (slide 20)Identify the POTENTIAL services needed and the purpose for each service that will be used to move A Medical Company’s current environment to AWS1 Glacier: Medical companies have a large number of documents that are not accessed for a long time, and Glacier provides a very low-cost storage space to do this.2 RDS: To store some user relational data, as well as data required by the web server.3 EC2: EC2 is used to deploy the websites of the medical company. It can be used to browse products provided by the company and conduct online consultation through the website.4 Server Migration Service: By using SMS, we can easily migrate a on-premise server to a代做INFOSYS735作业、代写company analysis作业、代写web/html编程作业、代做web课程设计 cloud server with just a few clicks on the console.5 IAM: Control access rights for different users and roles to ensure the security of data. For example, only a part of the users has access to read user profiles and personal information stored on Glacier.6.VPC: Use VPC to place the database of company in a private subnet that cannot access the network to ensure the data security of the database.7. Load Balance: When a user visits a companys website, a large number of requests are assigned to different instances, which can reduce the probability of network congestion.8. Autoscaling Group: To?increase or decrease number of instances according to the amount of visit flexibility and reducing the cost.1.3 User Authentication (slides 21-23)Document groups, users and roles that need to be created.Group Name: System administratorGroup Permissions: programmatic access and Admin permissions for all resourcesUsers in Group: 2 usersGroup Name: Database administratorGroup Permissions: All permissions for RDSUsers in Group: 2 usersGroup Name: MonitoringGroup Permissions: Read permissions for all EC2 RDS S3Users in Group: 4 monitorsRole Name: auditorRole Permissions: read/write S3Complete the following table:Requirement SolutionShould be at least 8 characters and 1 uppercase, 1 lowercase, 1 special character, and a number To set rules of a password policy in IAM that define the type of password,Change passwords every 90 days and ensure that the previous three passwords can’t be reused. Enable password expiration in password policy of IAM.All administrators require programmatic access Create an access key (access key ID and a secret access key) for that user.Administrator sign-in to the AWS Management Console requires the use of Virtual MFA Force the user to open a Virtual MFA Device 2.0 Detailed RequirementsUse this space to sketch a diagram of your proposed network. Just draw (free-hand) a proposed architecture for this problem using slide 25 as a guide.2.1 Network and SecurityComplete this chart to document the VPC solutionVPC Region Purpose Subnets Azs CIDR RangeComplete this chart to document the DEV subnet solutionSubnet Name VPC Subnet Type(Public / Private) AZ Subnet AddressComplete this chart to document the TEST subnet solutionSubnet Name VPC Subnet Type(Public / Private) AZ Subnet Address2.2 Web and Application TierComplete this chart to describe the type, size, and justification for the instances you will use for each tierTier Tag* OS Type Size Justification # of instances User Data?Complete these charts to describe the load balancer and instance securityLoad Balancer Name* External/Internal Subnets SG Name* Rule SourceFor Web Tier web-elb web-elb-sg For App Tier app-elb app-elb-sg Instance Tier SG Name* Rule SourceWeb Tier web-tier-sg App Tier app-tier-sg Database Tier db-tier-sg2.3 Business ContinuityComplete this chart to describe the automatic scaling launch configurationTier OS Type Size Configuration Name* Role SecurityComplete this chart to describe the automatic scaling groupsTier Launch Configuration* Group Name* Group Size VPC Subnets ELB TagsWeb WebTier WebTier App AppTier AppTier 2.4 AuditingAdministrators must be able to track every AWS service related action in the account. How can these requirements be satisfied using AWS?转自:http://www.7daixie.com/2019051813955028.html
网友评论