Вы находитесь на странице: 1из 10

PROMETHEE PROJECT

AWS INFRASTRUCTURE LANDSCAPE

Solution – round 3

Copyright © 2019 Accenture All rights reserved. 1


AWS infrastructure landscape – main principles

AWS native Cloud capabilities Security by design Accenture – PSA Build Infrastructure right sizing
Accenture best practices and tools Highly available infrastructure Integration with PSA ecosystem Cost control & optimization
EGVO principles re-used 24/7 L3 operations Possible reversibility

The below slides present the orientations and assumptions that has been taken for the initial design in order to
contribute to the business case
Although it has been done by following best practices and by taking into account PSA main expectations and
concerns, several workstreams are already identified to fully assess security compliance & technical feasibility

Copyright © 2019 Accenture All rights reserved. 2


AWS infrastructure landscape – location & account
➢ Hosting of Guidewire application in AWS Ireland with the use of AWS Edge location in Europe to
improve performance
➢ Accenture holds the AWS subscription for PSA. Guidewire infrastructure is fully managed by
Accenture and can be viewed “as a service” by PSA.

3 availability
zone in
Ireland on
separate DC

Edge location
to improve
performance

Copyright © 2019 Accenture All rights reserved. 3


AWS infrastructure landscape – design orientations
AWS native authentication IaaS & PaaS
AWS native security & Accenture tools &
services to manage services in
performance services for standards for public
heterogeneous users Promethee private
internet facing applications cloud operations
> To be confirmed with user paths network

AWS complementary
tooling for
infrastructure
operations

Best practices for media VPN connection taken as assumption


exchanges with 3rd parties > To be confirmed with detailed study

Copyright © 2019 Accenture All rights reserved. 4


AWS infrastructure landscape – main services
AWS Cloud
VPC – Multiple Availability Zones

Guidewire Application Tier Guidewire ACP tools


Database Tier Amazon
CloudWatch

Monitoring
AWS WAF Amazon Cognito
ElastiCache for
Amazon Memcached
Route 53 Alarm
Discovery
EC2
Instances
Amazon AWS IAM Elastic Load Module X
Balancing EC2 Automation
CloudFront
Instances Oracle RDS AWS Config
Module Y
PSA DNS
Role
Qualys
Amazon S3
AWS Shield AWS
CloudTrail

VPN Connection
3rd
Parties Web
PSA Datacenters PSA tools channel

Copyright © 2019 Accenture All rights reserved. 5


AWS infrastructure landscape – next steps
➢ Launch several workstream to review & validation assumptions:
➢ Pre-requisite 1 : Receive from business teams the users & customers experiences & paths
➢ Pre-requisite 2 : Complete the Business & IT risk assessment

➢ Workstream 1 : Authentication & federation (AWS Cognito vs PSA tools, MFA etc.)
➢ Workstream 2 : AWS-PSA-3rd parties integrations (VPN, media exchange etc.)
➢ Workstream 3 : Continuity & resilience (DRP, Cyber attack prevention & resolution)
➢ Workstream 4 : Reversibility (AWS native services, Accenture tools & operations)

Copyright © 2019 Accenture All rights reserved. 6


ANNEXES

Copyright © 2019 Accenture All rights reserved. 7


AWS services in scope - glossary

Amazon Route 53 is a highly available and scalable Domain Amazon Cognito lets you add user sign-up, sign-in, and access
Name System (DNS) web service. More control to your web and mobile apps quickly and easily. More

Amazon Amazon Cognito


Route 53

Amazon CloudFront is a web service that speeds up distribution You can use AWS IAM to securely control individual and group
of your static and dynamic web content. More access to your AWS resources More

Amazon AWS IAM


CloudFront

AWS WAF is a web application firewall that helps protect web Elastic Load Balancing automatically distributes incoming
applications from attacks. More application traffic across multiple targets, such as Amazon EC2
instances. More
AWS WAF Elastic Load
Balancing

AWS Shield is a managed service that provides protection Amazon Simple Storage Service (Amazon S3) is an object
against Distributed Denial of Service (DDoS) attacks. More storage service that offers industry-leading scalability, data
availability, security, and performance. More
AWS Shield Amazon S3

Copyright © 2019 Accenture All rights reserved. 8


AWS services in scope - glossary

Amazon Virtual Private Cloud (Amazon VPC) lets you provision Memcached is an easy-to-use, high-performance, in-memory
a logically isolated section of the AWS Cloud where you can data store. More
launch AWS resources in a virtual network that you define. More
VPC Memcached

Private subnets allow to logically isolate applicative components Amazon CloudWatch is a monitoring and management service
for an enhanced security built for developers, system operators, site reliability engineers
(SRE), and IT managers. More
Private AWS
Subnets Cloudwatch

Amazon Elastic Compute Cloud (Amazon EC2) is a web service AWS Config is a service that enables you to assess, audit, and
that provides secure, resizable compute capacity in the cloud. evaluate the configurations of your AWS resources. More
More
AWS EC2 AWS
Config

Amazon Relational Database Service (Amazon RDS) makes it


AWS CloudTrail is a service that enables governance,
easy to set up, operate, and scale a relational database in the
compliance, operational auditing, and risk auditing of your AWS
cloud. More
AWS RDS account. More
AWS
Cloudtrail

Copyright © 2019 Accenture All rights reserved. 9


Guidewire Production infrastructure
AWS Cloud

VPC – eu-west-1

Guidewire Application Tier Guidewire Database Tier


Portals ELB
powered by
AWS S3: Claim center online Claim center batch Contact manager Webserver
• Customer Memcached Memcached
Elastic Load Balancers

engage for GW DB for Datahub


• Vendor
engage
Policy center online Policy center batch Datahub Authentication

Guidewire DB Datahub
Info center
(out of scope)
Billing center online Billing center batch

AZ / eu-west-1a

Same to AZ / eu-west-1a
for high availability
ELB AZ / eu-west-1b

Copyright © 2019 Accenture All rights reserved. 10