This webinar features Shane Shelton - Sr. Director of Application Performance and Development Operations at McGraw-Hill Education, discussing how Sumo Logic helps his team gain critical operational and security insights into their AWS environment.
Amazon Web Services Head of Application & Industry Vertical Technology Alliances, Scott Barneson, and Sumo Logic Senior Product Manager, Ben Newton, discuss how to:
* Set up the Sumo Logic service within days with 100% automated collection
* Rapidly identify and troubleshoot issues across the infrastructure stack
* Leverage real-time alerts to fix issues before they impact release cycles
* Foster collaboration across teams while retaining control with RBAC
* Reduce MTTI e.g. converting 150 pages of logs into 5 pages of patterns
* Monitor and audit critical security changes in AWS to meet security policies
The Future of Software Development - Devin AI Innovative Approach.pdf
How McGraw Hill Uses Sumo Logic and AWS for Operational and Security Intelligence
1. How McGraw Hill uses Sumo Logic and AWS for
operational and security intelligence
Shane Shelton – Sr. Dir., Application Performance and Development Operations, McGraw-Hill Education
Scott Barneson – Head of Application and Industry Vertical Technology Alliances, Amazon Web Services
Ben Newton – Sr. Product Manager, Sumo Logic
Sumo Logic Confidential
2. Agenda
Sumo Logic Overview
Demo
Customer Use Case: McGraw Hill
AWS Overview
Q&A
3. Search
Visualize
Predict
The Machine Data Challenge
Applications
Network and Server
Mobile
Internet of Things
4. Powerful & Secure Architecture, Effortless Deployment
Hybrid Data Sources
On-Prem Data Centers
Cloud Sources
Collector
Collector
Private Public
SaaS
IaaS PaaS
Hosted
Collector
5. Sumo Logic Confidential
Use Cases
Availability &
Performance
Customer
Insights
Security and
Compliance
5
10. Introduction
• McGraw-Hill Education
• Recently divested from McGraw-Hill Companies
• Rapidly transitioning to a digital and SaaS model
• Investing heavily in digital
10
11. Sumo Logic Agent Deployment with Puppet
1) Came up with a Collector and Source Category naming scheme for RBAC
inside of Sumo Logic
2) Created listing of log paths on all servers per tier
3) Created list of users needing access
4) Enabled a Puppet Sumo Logic Access Key and User for automated setup via
their API.
5) Wrote the Puppet module that deploys the agent on any server deployed in our
Performance or higher environments.
a. The module reads the AWS server name and then auto configures the
Collector name and log collection paths, calls the Sumo Logic API and sets
up the server automatically in the Sumo Logic Console.
6) Deployed Puppet modules in our environments.
7) Trained our users via Sumo Logic Professional Services
11
12. Sumo Logic Agent Deployment with Puppet
12
Example of Roles in MHE’s Sumo Logic Account (Names Removed)
Example of Collectors and Source Categories in MHE’s Sumo Logic Account
13. Troubleshooting and Real Time Alerting
• When issues are found, we use Sumo Logic to search millions of rows of
logs in minutes.
• No longer is it just Operations that can view logs in Production, we give log
access to multiple groups inside our company to help resolve issues faster
without having to give access to ANY Production systems.
• We have cross-functional teams that have access to multiple product logs to
allow for quicker troubleshooting of issues in QA. This is enable via Roles in
the Sumo Logic console. This feature is extremely helpful in Development.
• Created numerous alerts from our logs on known events that can occur.
Sumo Logic’s alerting engine notifies you in real time for agent based nodes.
13
14. Alerting Examples
14
Example of Some of our Alerts
Drilldown into Weblogic DB Connection Issue Alert (Recipients Removed)
15. Sumo Logic LogReduce Feature
• When trying to find issues across 100’s and 1000’s of servers, it’s not helpful
to look at a detailed view.
• Sumo Logic LogReduce let’s MHE take 1000’s of pages of logs and reduce
it into patterns that are easier to troubleshoot.
• This was particularly helpful when the Bash vulnerability came out and we
had to filter out how many servers got attacked and by whom before we got
the final fix from Red Hat.
15
16. LogReduce Example
Example without LogReduce Across an MHE Application Tier searching for Java Exceptions
(11,229 pages)
16
With LogReduce Enabled (15 pages)
17. Amazon Web Services Auditing
• Sumo Logic allows for integration with Amazon Web Services (AWS)
CloudTrail Audit logs
• Note one caveat is that alerting is not real time with CloudTrail Logs inside of
Sumo Logic. Logs are consumed every 15-20 minutes.
Steps:
1) Enable CloudTrail in your AWS account and send it to an S3 bucket per
AWS best practices
2) Give Sumo Logic access to the S3 bucket for log consumption
3) Setup CloudTrail Collector inside of the Sumo Logic console.
17
18. Amazon Web Services Auditing
• MHE DevOps has to have MHE Cloud Security approval whenever we are
making any security related change in any of our AWS accounts.
• The Sumo Logic alerts allow MHE Cloud Security to verify that approved
changes are going out by the approved parties.
• Non-approved changes are escalated and handled on a case by case basis.
Alert Examples
18
22. Strategies Enterprises Are Using on AWS…
Development & Testing
New Workloads
Supplement Existing Workloads with the Cloud
Supplement Workloads with Existing On-Premises Infrastructure
Migrating Existing Applications
Data Center Migration
All-in – IT Entirely in the Cloud
1
2
3
4
5
6
7
24. Broad and deep
services drive real world, production
workloads of all shapes and sizes
25. Enterprise
Applications Virtual Desktops Collaboration and Sharing
Platform
Services
Databases Analytics App Services Deployment & Management Mobile Services
Relational
No SQL
Caching
Hadoop
Real-time
Data
Warehouse
Data
Workflows
Queuing
Orchestration
App Streaming
Transcoding
Email
Search
Containers
Dev/ops Tools
Resource Templates
Usage Tracking
Monitoring and Logs
Identity
Sync
Mobile Analytics
Notifications
Foundation
Services
Compute
(VMs, Auto-scaling
and Load Balancing)
Storage
(Object, Block
and Archive)
Security &
Access Control
Networking
Infrastructure
Regions Availability Zones CDN and Points of Presence
26. 2014 Magic Quadrant for
Cloud Infrastructure as a Service
Gartner “Magic Quadrant for Cloud Infrastructure as a Service,” Lydia Leong, Douglas
Toombs, Bob Gill, Gregor Petri, Tiny Haynes, May 28, 2014. This Magic Quadrant graphic
was published by Gartner, Inc. as part of a larger research note and should be evaluated in
the context of the entire report. The Gartner report is available at
http://aws.amazon.com/resources/analyst-reports/. Gartner does not endorse any vendor,
product or service depicted in its research publications, and does not advise technology users
to select only those vendors with the highest ratings. Gartner research publications consist of
the opinions of Gartner's research organization and should not be construed as statements of
fact. Gartner disclaims all warranties, expressed or implied, with respect to this research,
including any warranties of merchantability or fitness for a particular purpose.
27. AWS Governance
Fine-grained access control over data and resources
Geographic data locality Fine-grained access control AWS CloudTrail
Control over regional replication Policies, resource level
permissions, temporary
credentials
In-depth audits
INTROS
For those of you new to Sumo Logic, we’re a Silicon Valley-based startup - founded by industry experts with strong backgrounds in Data Science, Enterprise Software & Internet Services and backed by some of the top VC firms in the Business Today.
We were founded with a simple but far-reaching goal:
To meet the challenge of the largest data explosion in history and help turn that data—whatever its type, location or volume—into actionable IT and business insights.
It you are in IT today you have a choice in front of you. You can choose to to look at the machine data output of your infrastructure as just fumes and exhaust from your Apps, servers and Network OR you can look at it as the Life Blood of your Operation and Business. The Pulse.
We are here to talk about how SumoLogic is disrupting the Status Quo and what that means to you. By Status Quo we are talking about the prior generation of On-Premise software, Home Grown solutions, and that one we all know…”Ignore and Wait.” Our intent is to break the barriers that were previously in front of you regarding Data Silos, inability to handle ever growing Volumes of data, Antiquated Architectures, and manual analytics.
From Top to Bottom here we have a distinct focus on Customer Satisfaction and doing things the Right Way. We do this all as a Service – Secure, Reliable, Flexible with a ground breaking Time to Value.
So let’s get started.
Why Machine data insights are critical for organizations
1.Customer challenges:
Massive Explosion of data types and sources ( apps, cloud, on-prem, IOT) is resulting in:
-Fragmented infrastructures (cloud/on-prem) and gaining end to end visibility across these environments is becoming challenging
--Complex application environments and plethora of devices is adding to the chaos as IT is loosing visibility and control
- This results in Amplified availability, security and compliance challenges
2. Sumo Logic is a cloud based machine data intelligence service that helps organizations get comprehensive visibility across all infrastructures, applications, networks etc. and helps you transform these challenges into business advantages:
Powerful analytics engine helps you get meaningful insights such as availability, performance, security and customer insights through search, pattern recognition , brilliant visualization and proactive machine learning features.
We are different! We are a service. We are in the cloud.
Because we are a SaaS service, we can overcome the limitations of traditional solutions and offer unique differentiators such as:
We can ingest data from any source including on-prem and any cloud source, so you get a single solution to query across your entire infrastructure
Sumo Logic offers guaranteed 5X plus elastic index bursting to help customers meet seasonal and unexpected surges on-demand, without investing in expensive hardware.
Sumo Logic offers Service Level Agreements (SLAs) on query performance
Also notice what is missing in this picture. The machines monitoring the machines!. We are an effortless service offering industry –leading Mean time to value. The service can be set up within minutes and requires no additional investment
We run on AWS, the most reliable cloud platform. We leverage the performance and security features the platform offers and have build additional capabilities on top of it. We are secure by design - SOC 2 Type II, HIPAA, FIPS 140, US-EU Safe Harbor , encryption at rest and in transit
We are also a AWS advanced technology partner and a big data competency partner
SPEAKER NOTES
We launched this business eight years ago, and the functionality added between then and now is night and day
A question that we get asked quite a bit, is how are enterprises thinking about the cloud now, in 2014?
There are about seven strategies that we see frequently
SPEAKER NOTES
We are seeing enterprise adopt AWS in a variety of ways, ranging from test and development to enterprises going all-in on AWS.
SPEAKER NOTES
Cloud computing is no longer simply about acquiring raw compute, storage, and networking on demand.
Over the past eight years, AWS has introduced 35 discrete services and released over 950 new features. This year alone, we’ve had over 300 releases.
It is this pace of innovation to constantly expand the breadth and depth of capability that allows AWS to handle a broad array of production scenarios.
SPEAKER NOTES
To sum up, AWS has developed the broadest collection of services available from any cloud provider.
Our approach to regions, availability zones, and POPs provides global coverage for high availability, low latency applications.
Foundation services across compute, storage, security, and networking offer customers flexibility in their architecture. We have a full spectrum of options to meet most price-to-performance scenarios.
We offer the capability for both managed and unmanaged database options.
The offerings for Analytics and Application Services enable advanced data processing and workloads.
AWS Redshift, our cloud-based data warehouse, is the fastest growing service in the history of AWS.
Our management tools offer a lot of insight and flexibility to let you manage your AWS resources through either our tools or the management tools you’re already familiar with.
Recent expansion into enterprise applications has been entirely driven by customer feedback on where they’d like us to deliver value.
SPEAKER NOTES
AWS has been located in the Leader’s quadrant every year since Gartner began the Cloud IaaS MQ four years ago.
Gartner stated that AWS has more than five times the compute capacity in use than the aggregate total of the other fourteen providers in this Magic Quadrant.
Gartner identified AWS as the provider most commonly selected for strategic adoption.
Gartner recommends clients use AWS for all evaluated use cases, including enterprise applications, cloud-native applications, batch computing, e-business hosting, general business applications, and test and development.
Notably, AWS is the only “Leader” recommended for enterprise applications.
SPEAKER NOTES
You must assign a geographic location for all data on AWS, and it will only move from that geo when you actively change it.
AWS IAM can manage users (federated and non-federated) and their access, as well as roles and permissions across most AWS services.
If you already use a SAML 2.0 supported corporate directory, such as Microsoft Active Directory, AWS is able integrate with it and extend your existing directory into the cloud.
AWS CloudTrail is a fully managed service that enables granular security analysis, resource change tracking, operational troubleshooting, and compliance auditing.
You can answer questions such as, what actions did a given user take over a given time period? For a given resource, which user has taken actions on it over a given time period? What is the source IP address of a given activity? Which activities failed due to inadequate permissions?