how mcgraw hill uses sumo logic and aws for operational and security intelligence
DESCRIPTION
This webinar features Shane Shelton - Sr. Director of Application Performance and Development Operations at McGraw-Hill Education, discussing how Sumo Logic helps his team gain critical operational and security insights into their AWS environment. Amazon Web Services Head of Application & Industry Vertical Technology Alliances, Scott Barneson, and Sumo Logic Senior Product Manager, Ben Newton, discuss how to: * Set up the Sumo Logic service within days with 100% automated collection * Rapidly identify and troubleshoot issues across the infrastructure stack * Leverage real-time alerts to fix issues before they impact release cycles * Foster collaboration across teams while retaining control with RBAC * Reduce MTTI e.g. converting 150 pages of logs into 5 pages of patterns * Monitor and audit critical security changes in AWS to meet security policiesTRANSCRIPT
How McGraw Hill uses Sumo Logic and AWS for operational and security intelligence
Shane Shelton – Sr. Dir., Application Performance and Development Operations, McGraw-Hill Education
Scott Barneson – Head of Application and Industry Vertical Technology Alliances, Amazon Web Services
Ben Newton – Sr. Product Manager, Sumo Logic
Sumo Logic Confidential
Sumo Logic OverviewDemoCustomer Use Case: McGraw HillAWS Overview Q&A
Agenda
Search
Visualize
Predict
Applications
Mobile
Internet of Things
Network and Server
The Machine Data Challenge
On-Prem Data Centers
Cloud Sources
Collector
Collector
Powerful & Secure Architecture, Effortless Deployment
Hybrid Data Sources
Private Public
PaaSIaaS
SaaS
Hosted Collector
Sumo Logic Confidential
Use Cases
Availability &
Performance
Customer Insights
Security and
Compliance
5
SUMO LOGIC DEMO
Sumo Logic Confidential
Cloud Machine Learning
The Sumo Logic Difference
Effortless Elastic LogReduceAnomaly Detection
Sumo Logic Confidential
Low TCO Any Data Human ContextTransaction Analytics
7
MCGRAW-HILL USE CASE
Sumo Logic Confidential
Sumo Logic Confidential9
Introduction
• McGraw-Hill Education • Recently divested from McGraw-Hill Companies • Rapidly transitioning to a digital and SaaS model• Investing heavily in digital
10
Sumo Logic Agent Deployment with Puppet
1) Came up with a Collector and Source Category naming scheme for RBAC inside of Sumo Logic
2) Created listing of log paths on all servers per tier3) Created list of users needing access4) Enabled a Puppet Sumo Logic Access Key and User for automated setup via
their API.5) Wrote the Puppet module that deploys the agent on any server deployed in
our Performance or higher environments. a. The module reads the AWS server name and then auto configures the
Collector name and log collection paths, calls the Sumo Logic API and sets up the server automatically in the Sumo Logic Console.
6) Deployed Puppet modules in our environments.7) Trained our users via Sumo Logic Professional Services
11
Sumo Logic Agent Deployment with Puppet
12
Example of Roles in MHE’s Sumo Logic Account (Names Removed)
Example of Collectors and Source Categories in MHE’s Sumo Logic Account
Troubleshooting and Real Time Alerting
• When issues are found, we use Sumo Logic to search millions of rows of logs in minutes.
• No longer is it just Operations that can view logs in Production, we give log access to multiple groups inside our company to help resolve issues faster without having to give access to ANY Production systems.
• We have cross-functional teams that have access to multiple product logs to allow for quicker troubleshooting of issues in QA. This is enable via Roles in the Sumo Logic console. This feature is extremely helpful in Development.
• Created numerous alerts from our logs on known events that can occur. Sumo Logic’s alerting engine notifies you in real time for agent based nodes.
13
Alerting Examples
14
Example of Some of our Alerts
Drilldown into Weblogic DB Connection Issue Alert (Recipients Removed)
Sumo Logic LogReduce Feature
• When trying to find issues across 100’s and 1000’s of servers, it’s not helpful to look at a detailed view.
• Sumo Logic LogReduce let’s MHE take 1000’s of pages of logs and reduce it into patterns that are easier to troubleshoot.
• This was particularly helpful when the Bash vulnerability came out and we had to filter out how many servers got attacked and by whom before we got the final fix from Red Hat.
15
LogReduce Example
16
Example without LogReduce Across an MHE Application Tier searching for Java Exceptions (11,229 pages)
With LogReduce Enabled (15 pages)
Amazon Web Services Auditing
• Sumo Logic allows for integration with Amazon Web Services (AWS) CloudTrail Audit logs
• Note one caveat is that alerting is not real time with CloudTrail Logs inside of Sumo Logic. Logs are consumed every 15-20 minutes.
Steps:1) Enable CloudTrail in your AWS account and send it to an S3 bucket
per AWS best practices2) Give Sumo Logic access to the S3 bucket for log consumption3) Setup CloudTrail Collector inside of the Sumo Logic console.
17
Amazon Web Services Auditing
• MHE DevOps has to have MHE Cloud Security approval whenever we are making any security related change in any of our AWS accounts.
• The Sumo Logic alerts allow MHE Cloud Security to verify that approved changes are going out by the approved parties.
• Non-approved changes are escalated and handled on a case by case basis.
Alert Examples
18
Amazon Web Services Auditing
Alert Email Example:
19
Scott Barneson
Head of Application & Industry Vertical AlliancesAmazon Web Services
How are enterprises thinking about and using the cloud in 2014?
Strategies Enterprises Are Using on AWS…
Development & Testing
New Workloads
Supplement Existing Workloads with the Cloud
Supplement Workloads with Existing On-Premises Infrastructure
Migrating Existing Applications
Data Center Migration
All-in – IT Entirely in the Cloud
1
2
3
4
5
6
7
Why are companies adopting cloud computing and AWS so quickly?
Broad and deep services drive real world, production
workloads of all shapes and sizes
PlatformServices
Caching
Relational
No SQL
Hadoop
Real-time
Data Workflows
Data Warehouse
Queuing
Orchestration
App Streaming
Transcoding
Search
Containers
Dev/ops Tools
Resource Templates
Usage Tracking
Monitoring and Logs
Identity
Sync
Mobile Analytics
Notifications
FoundationServices
Compute(VMs, Auto-scaling and Load Balancing)
Storage(Object, Block and Archive)
Security & Access Control
Networking
Infrastructure
Regions CDN and Points of PresenceAvailability Zones
EnterpriseApplications Virtual Desktops Collaboration and
Sharing
Databases
Analytics
App Services Deployment & Management
Mobile Services
Gartner “Magic Quadrant for Cloud Infrastructure as a Service,” Lydia Leong, Douglas Toombs, Bob Gill, Gregor Petri, Tiny Haynes, May 28, 2014. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available at http://aws.amazon.com/resources/analyst-reports/. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
2014 Magic Quadrant for Cloud Infrastructure as a Service
AWS GovernanceFine-grained access control over data and resources
Control over regional replication
Policies, resource level permissions, temporary
credentials
In-depth audits
Geographic data locality Fine-grained access control AWS CloudTrail
Certifications and Accreditations for Workloads That Matter
Thank You