Tips and Tricks for Building Your CA Service Management Solution on AWS

Hands-on Lab:
Tips and Tricks for Building Your CA Service
Management Solution on AWS
Brian Poissant
AMX202L
SERVICE & ASSET MANAGEMENT
VP, Engineering Services
CA Technologies

2 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS
© 2017 CA. All rights reserved. All trademarks referenced herein belong to their respective companies.
The content provided in this CA World 2017 presentation is intended for informational purposes only and does not form any type
of warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA.
For Informational Purposes Only
Terms of this Presentation

Abstract
This session will cover tips and tricks associated with building out your CA Service
Management instance on Amazon Web Services (AWS), including topics like EC2 auto-
scaling, automation and notification management and automating your deployment. It
will include a hands-on component focused on how to leverage AWS to develop and test
an AWS implementation in a secured public cloud.
Brian
Poissant
CA Technologies
VP, Engineering
Services

Agenda
A QUICK PRIMER
CODE BASED ENVIRONMENT DEPLOYMENTS
KEY TAKEAWAYS CONCEPTS AND NEXT STEPS
NETWORK, ARCHITECTURE, AND CONSUMPTION CONSIDERATIONS
PRODUCT INTEGRATION AND AUTOMATION CONSIDERATIONS
BEST PRACTICES FOR AUTOMATING DEPLOYMENT'S
1
2
3
4
5
6

Why This Lab
 AWS Benefits
– Economy of Scale
– Trade CapEx for OpEx
– Stop Guessing About Capacity
– Increase Speed and Agility
– Minimize spend on running your own data centers
– Go global in minutes
“Why AWS”, “Why Automate”, “Why…”

Types of Cloud Computing Models
 IaaS
– Infrastructure as a Service. Basic building blocks for compute, storage and
network. Highest flexibility and management control and similar to what IT Orgs
are used to managing today.
 PaaS
– Platform as a Service. Removes need for org to manage infrastructure. Enables
laser focus on deployment and operations of solution only. Manage the solution
not the machines.
 SaaS
– Software as a Service. Provides completed product and supporting management
through service providers.

Deployment Models
 Cloud
– Application/Solution is completely deployed on the cloud service
providers environment.
 Hybrid
– Often driven by governance.
– Allows deployment and storage of data “on-premise” while
network, compute, scaling and fail-over are handled on the cloud
service provider.

Compliance for AWS
 Partial Listing of assurance programs AWS complies with
FISMA DIACAP FedRAMP
PCI DSS Lvl 1 ISO 9001 ISO 27001
ISO 27017 ISO 27018 CSA
FIPS 140-2 SEC Rule 17a-4(f) HIPAA
SOC 1/ISAE 3402 SOC 2 SOC 3
Ref: https://aws.amazon.com/compliance/

CA’s SM Integration Points
SDM xFlow Visualizer USS
Reporting Catalog PAM APM

Typical SDM Solution Deployment

Architectural Challenges
 Static on-prem Architecture
– Must be built to “worst case” scenarios
– Often physically house on same grid, backbone and physical
plant (DRP vs. Fault Tolerance)
– Difficult and expensive to build matching dev and QA
environments.
 AWS
– Can be built to scale horizontally or vertically as needed
– Globally supports distributed physical foot prints
– Avoid architecting and purchasing for the “worst case” scenario

Pets vs. Cattle
Pets Cattle
Given Names Given Random Numbers
Fed and loved Graze on their own
Nurtured Fend for themselves
Pay a lot to heal them Pay a lot to butcher them
Part of the family Replaced easily

OnPrem vs. Cloud Servers
On Prem Cloud
Given Names Given Random Numbers
Fed (patched) Replaced
Nurtured (healed when sick) Minimal Care
Pay to keep them healthy Replace as needed
Part of the family Part of a herd

Key Take Aways…

CA Service Management Success on AWS is…
 Secure
– Supports encrypted data at rest and in flight
– Shared security model
 Designed to expect failures in infrastructure
– Load Balanced, Auto-scaled, deployed on multiple AZ’s
– Automated failure detection and cutover
 Performance increase, coupled with cost savings

How Does AWS Work?

AWS Physical Layout
Availability Zones – Physically Distributed, Logically Defined
Region
Availability Zone
Data Center
Data Center
Availability Zone
Data Center
Data Center
Availability Zone
Data Center
Data Center
Low latency
resilient
fiber
connectivity

AWS Physical Layout
=Region
# =of AZ’s
=New Region
16 Regions, 43 Availability Zones
3
2
3 6
2
3
3 3
2
2
2
3
2
2
3
#
3 2

What is an AWS Data Center?
Amazon Perdix
IN 2012 it was estimated that AWS alone had over 450,000 blades deployed worldwide.*
*https://huanliu.wordpress.com/2012/03/13/amazon-data-center-size Perdix images used with permission from James Hamilton - copyright Amazon 2012

This Is Important To Know Because…
 Fault tolerance can be designed as low as Layer 2, as
each AZ is physically redundant and resilient
 Most AWS Architectures center on security, redundancy,
and cost (prioritized in order)
 Automation, and network best practices leverage the
physical model (think VPC peering)

Service
Management
Solutions
on AWS

Overview
 Security
 Performance
 Availability
 Automation
 Governance

Security
– Data Encryption needs
 at rest? in flight? both?
– Patching requirements
 OS (Auto or controlled)
 Do applications deployed support automated patching? (setup.exe,
silent install, bash script based, chef, puppet support)
– Key Management
 Root account, organization and user accounts, roles
– Authentication and Authorization to AWS resources
 AD, LDAP, oAuth

AWS Delivers
Direct migration of vmWare
vSphere environments
Complete lifecycle
management of code and
the environments it deploys
Cost savings with properly
architected solutions
Code Based
AWS IaaS can be
completely code based.
Code can be version
controlled
Define, secure, and manage
your environment by
changing code.
Code Enables
Blue/Green Deployments
Automated patching of
environments
Easy Rollbacks
Quickly standup/tear down
dev, qa environments as
needed.
Step 1 – Automate Everything

Other
Process Automation
Manager
CA API Gateway
AWS
CLI – Command Line
Interface (win, mac, _nix,
PowerShell)
SDK – java, android,
browser, iOS, node, .NET,
php, python, ruby, go, C++,
AWS Mobile SDK
IDE’s- Eclipse, VS, VSTS
CA Service
Manager
REST
SOAP
TEXT
Email
Jscript
Custom Notifications
Integration Points for Automation
SDK’s, API’s, Customer Triggers, and Automated Workflow

Step 2 - Performance
 Compute, storage and networking are configurable
– You pay for performance
– EC2 remember scaling can be elastically done for those products
that might support it so running on smaller instances may be
acceptable.
 SDM (Add App Servers or Secondary's dynamically)
 PAM (Add Orchestrator servers)
 Reporting (MSSQL Always On, leverage RDS)
– 1-256 CPU’s, 512K – 256GB Ram, Low <10MB – 25GB pipe

How is your solution going to be consumed
 TIP - Try to get an idea of transaction volumes
– SDM
 bop_logging for a 10 minute run during a busy time.
 TIP – Start with a general instance type (t2.large) for the
best cost/performance balance.
 Trick – You are able to scale up, by changing instance
type either programmatically or through the console.

Step 3 - Availability
 DRP Ideas
– Run prod in-house and replicate data to AWS for DRP purposes.
 When DR event occurs, change DNS to redirect to AWS environment.
– Run Prod, Dev on AWS in different Regions
 Higher level of utility segmentation
 Not really necessary
 TIP – balance loads between 2 private subnets (thus 2
different AZ’s)

Step 4 - Automation
 AWS Cloud Formation
– Describes your deployment in JSON or YAML as “code”
– Automatically deploys resources in proper order
– Enables versioned updates to your environment
– Supports multiple region deployments via Cloud formation Stack
Sets
 TIP - Spend time up front automating
– AWS tools, batch/bash scripts, chef, puppet, etc…

Governance
 New EU rules for data management
– Data (i.e. mdb) can reside in country either behind corporate
walls, or on that country’s AWS Region
 Trick - Put mdb in Germany, Frankfurt region, provision
VPC Peering so that Frankfurt is the hub, and VPC in
other regions are spokes for best performance.
 Certifications from AWS (SOC, FedRamp, etc…) can be
obtained through AWS Support/Sales.

LAB Part 1
Cloud Formation

Lab – Deploy SM Environment
 We will be deploying a basic development environment
for Service Management.
 Built with Cloud Formation Templates, EC2, S3,
Route53, VPC, Subnets, and Security Groups
 NOTE: Be sure to use the Lab Seat number for your
login.

AWS Console
 In your lab packet there is an invitation letter to AWS.
– Contains
 Your Lab Seats specific login URL
 Your Lab Seats specific credentials
 Go Ahead and login to the console using the information
in your packet

AWS Login Process for CAWLAB01

AWS Login Process for CAWLAB##

Find Cloud Formation Under the
Management Tools Section

Stacks == Environments
Made from Cloud Formation Templates

https://s3.us-east-2.amazonaws.com/caw2017lab/CAW2017LAB.json

Parameters
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"LabSeatNum": {
"Type": "String",
"ConstraintDescription": "Please select one of the valid values for Lab Number",
"AllowedValues": ["LAB01","LAB02","LAB03","LAB04","LAB05",
"LAB06","LAB07","LAB08","LAB09","LAB10","LAB11","LAB12",
"LAB34","LAB35","LAB36","LAB37","LAB38","LAB39","LAB40"
]
}
},

Tags – Ad Hoc Values {Key:Value}

Check the Monthly Cost For Your Stack and Then
Create

AWS Simple Monthly Calculator

Events Tab

Resources

EC2 – Detail Screen – Look for Status Checks

Review While We Wait
Region – A Collection of Availability Zones Defined globally
Availability Zone – A logically defined set of physical, distributed, and
segmented Data Centers
Data Center – A physical set of network, compute, storage resources
Resources – Virtual networking
VPC – Virtual Private Cloud
Subnets, Routes, Access Control
lists
Compute
EC2 – compute resource (CPU & Mem)
Security Groups, Access keys
Storage
EBS – Elastic Block Storage
S3 – Object Based Storage
Ephemeral Storage
Cloud Formation Templates define and configure your solution deployment
architecture.
AWS Ops-Works service defines the host software configurations

Template - Parameters
"Parameters": {
"LabSeatNum": {
"Type": "String",
"ConstraintDescription": "Please select one of the valid values for Lab Number",
"AllowedValues": ["LAB01","LAB02","LAB03","LAB04","LAB05",
"LAB34","LAB35","LAB36","LAB37","LAB38","LAB39","LAB40"
]
}
},

Template - Resources
"Resources": {
"CASM17": {
"Type": "AWS::EC2::Instance",
"Properties": {
"ImageId": "ami-f6ddf093",
"InstanceType": "t2.xlarge",
"SubnetId": {"Fn::FindInMap": ["LabSeatNum2Subnet", {"Ref": "LabSeatNum"}, "1"]}
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
"<script>",
"C:myautoexec.bat",
"</script>"
]]}},
},
"R53DNS": {
"Type": "AWS::Route53::RecordSet",
"Properties": {
"HostedZoneId": "ZH10D0QGPOJVN",
"Name": {"Fn::Join": ["",[{"Ref": "LabSeatNum"},".caswat.net"]]},
"Type": "A",
"TTL": "300",
"ResourceRecords": [
{"Fn::GetAtt": ["CASM17", "PublicIp"]}]
},

Template - Outputs
"Outputs": {
"xFlow": {"Description": "xFlow Analyst URL","Value": {
"Fn::Join": ["",["http://",{"Fn::GetAtt": ["CASM17","PublicDnsName"]},":9002"]]}},
"SDM": {"Description": "SDM URL","Value": {
"Fn::Join": ["",["http://",{"Fn::GetAtt": ["CASM17","PublicDnsName"]},":8080"]]}},
"CABI": {"Description": "CA Business Intelligence URL","Value": {
"Fn::Join": ["",["http://",{"Fn::GetAtt": ["CASM17","PublicIp"]},":8280/jasperserver-pro/login.html"]]}},

Template - Mappings
"Mappings": {
"LabSeatNum2Subnet": {
"LAB01": {"1": "subnet-4b93ae22"},
"LAB02": {"1": "subnet-788db011"},
"LAB03": {"1": "subnet-4c93ae25"},
.
.
.
"LAB39": {“1": "subnet-9e93aef7"},
"LAB40": {"1": "subnet-4393ae2a"},
"Resources": {
"CASM17": {
"Properties": {
"<script>",
"C:myautoexec.bat",
"</script>"
]]}},
},

CA Pre-Baked AMI
AMI – Amazon Machine Image (think vmWare Snapshot)
EC2 – Amazon Elastic Cloud Compute instance (think virtual machine w/ CPU &
mem)
Pre-Baked AMI – An AMI with the software pre-installed to a given configuration.
Todays Lab uses an AMI that has, SDM, CABI, xFlow, MSSQL, Visualizer,
Catalog, and other components of the CA Service Management Solution
installed on it.

The Challenges
How do I reconfigure SDM so that it works for every launch?
What if my Security needs for the environment change?
How do I patch the OS for these environments?
How do I patch the Service Management Products in a programmable fashion?
How can I monitor the consumption and utilization of the environment?

Updating and Patching The Environment
DONE BY MODIFYING THE CLOUD FORMATION TEMPLATE OR AMI
NO NEED TO VISIT EACH SERVER OR SERVICE MANUALLY
IS COMPLETELY VERSION CONTROLLED
PROCESS SUPPORTS BLUE/GREEN AND RED/GREEN DEPLOYMENTS
PROCESS SUPPORTS ROLL-BACK IN MINUTES
CAN BE WRITTEN FOR MULTI-REGION SUPPORT

Challenge #1: How do I reconfigure SDM so that it
works for every launch of the AMI?
"Resources": {
"CASM17": {
"Properties": {
"<script>",
"C:myautoexec.bat",
"</script>"
]]}},
},
REM Obtain the local instance info needed for manipulating the SM config
curl http://169.254.169.254/latest/meta-data/public-ipv4 > "C:PublicIP.txt"
curl http://169.254.169.254/latest/meta-data/instance-id > "C:InstanceID.txt"
curl http://169.254.169.254/latest/meta-data/local-ipv4 > "C:PrivateIP.txt"
REM Read in the file contents and set to local variables
set /p instanceID=<"C:instanceID.txt"
set /p publicIP=<"C:publicIP.txt"
set /p privateIP=<"C:privateIP.txt"
REM Display the variables as set in the batch file
echo %instanceID%
echo %publicIP%
echo %privateIP%
Cloud Formation
Template
myautoexec.bat installed on the c:
drive of the AMI (snapshot), which
gets called by CF Template at
instantiation

Challenge #1: How do I reconfigure SDM so that it
works for every launch of the AMI?
"Resources": {
"CASM17": {
"Properties": {
"<script>",
"C:myautoexec.bat",
"</script>"
]]}},
},
.
.
.
REM Update the NX.env file to point to the correct IP
fart "C:PROGRA~2CASERVIC~1NX.env" "casm.caswat.net" %publicIP%
Cloud Formation
Template
myautoexec.bat installed on the c:
drive of the AMI (snapshot), which
gets called by CF Template at
instantiation

Lets Check on our Environment
 In the console, go to Cloud Formation, Stacks, and click
on your Lab## deployment
 Open the Tab or Tree that says Output and click on one
of the links. Generally SDM is a good first try.
 If nothing comes up
the instance is still
auto configuring an
cycling services.

For Security Sake – We need to change our
endpoints to the PublicDnsName instead of IP

Back at our Cloud Formation
Select the Running Stack and Update Stack

Select “View/Edit in Designer”

Cloud Formation Designer – Click Components

Click the Outputs Tab

Instead of PublicIP we want to output the
PublicDnsName
Replace “PublicIP” with
“PublicDnsName”

Check The Template

Look for word “Template Is Valid”, and then
Refresh

Finally – Click Upload

Click Thru using Next Accepting Defaults and
Finally Click Update

Update Will Begin once Completed Check the
Output Tab

The Items Updated to Public DNS Name Other will
remain as IP Address

How Do I Patch the OS and Products For These
Environments?
Options:
1. OS: AWS Systems Manager services, found under the EC2 section of the
console. You can use this service to manage and configure EC2 instances
and on-premise instances
2. Re-bake an AMI and update the stack with the new AMI (This is often the
preferred method for Application Patches)
3. Implement Chef/Puppet type solutions to automate the deployment of
patches.
IMPORTANT TIP
Always update the Environment through Cloud Formation templates. Directly updating EC2 instances will ultimately
defeat the purpose of automating the deployments.

How Can I Monitor My Environment?

Questions?

Stay connected at communities.ca.com
Thank you.

Agile Management
For more information on Agile Management,
please visit: http://cainc.to/CAW17-AM

Tips and Tricks for Building Your CA Service Management Solution on AWS

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Tips and Tricks for Building Your CA Service Management Solution on AWS

Similar to Tips and Tricks for Building Your CA Service Management Solution on AWS (20)

Recently uploaded

Recently uploaded (20)

Tips and Tricks for Building Your CA Service Management Solution on AWS

Editor's Notes