The AWS Well-Architected Framework
At Amazon, they recommend following the AWS Well-Architected Framework to align plans, architecture, and their cloud best practices. It’s worth reviewing the framework for your own AWS-based projects for an in-depth look.
Since Cohesive Networks mainly focuses on networking and security, we’ll highlight parts from AWS’ Framework and other network and security best practices.
The AWS Well-Architected Framework is based around 4 “pillars”:
- Security – The ability to protect information systems and assets while delivering business value through risk assessments and mitigation strategies.
- Reliability – The ability to recover from infrastructure or service failures, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues.
- Performance Efficiency -The efficient use of computing resources to meet system requirements, and maintaining that efficiency as demand changes and technologies evolve.
- Cost Optimization – The ability to avoid or eliminate unneeded cost or suboptimal resources.
At Cohesive Networks, we have a process called “coalescence,” where we encourage customers to match ideal architectures to the realities of public cloud environments. Cloud users should both account for their current architecture and build with an end architecture in mind.
This way as the realities of cloud creep into the build-out you can be prepared for them. Follow security best practices from the beginning and always architect networks for recovery and connectivity.
Network planning and security highlights from the Well-Architected Framework:
- Limit access to networks and servers to the “least privilege” rule
- Capture and analyst network traffic logs
- Use AWS services to encrypt data at rest, and add on security features to encrypt data in transit
- Plan your cloud/ AWS resources to interact with any existing network topology on-prem
- Build networks for high availability, failover, and disaster recovery
- Test systems and network services for resiliency
- When building a network solution, consider location to reduce distance
- Take advantage of regions, placement groups, and edge locations to improve performance
Fitting it together: Mixing in VNS3 for application layer security
Security, customization and control were the 3 big reasons we created the overlay networking and VNS3. As Cohesive began to put its own computing systems into the cloud, we were uncomfortable with the loss of control of our network infrastructure.
VNS3 can help you literally extend enterprise firewall and security rules into the cloud to enclose, isolate, and control all cloud networks. VNS3 offers enhanced network services on top of the cloud platform network. Our customers use VNS3 to enhance VLAN peering, full encryption of data in motion, application layer firewalls, and cross-region peering.
In particular, VNS3:turret can secure applications in micro-perimeters to eliminate east-west vulnerability. These Application Security Controllers are deployed as an encrypted, clustered software-only virtual instances that secure mission critical business systems in public or private cloud. VNS3:turret provides the most comprehensive application security model available today.
By: Margaret Valtierra