Category: Advanced (300)

As you consider migrating to VMware Cloud on AWS or have already done so, you could have the requirement to protect web servers residing in a vSphere environment on the AWS global infrastructure. To provide one aspect of security for these workloads, you can leverage the AWS WAF, a web application firewall that helps protect your apps or APIs against common web exploits and bots. AWS WAF provides scanning of designated HTTP/HTTPS traffic to protect against various attacks.

HAQM OpenSearch Service is frequently used by SaaS providers to address a broad range of use cases. The use of HAQM OpenSearch Service in a multi-tenant environment, however, introduces a collection of new considerations that will influence how you partition, isolate, deploy, and manage your solution. Explore the strategies and patterns that are used to address these common issues, and look at the specific models used to represent and isolate each tenant’s data with HAQM OpenSearch Service constructs.

It’s often required for a partner solution running on HAQM Web Services to access AWS accounts owned by their customers (third-party AWS accounts). This kind of access is known as cross-account access. In such scenarios, a cross-account AWS Identity and Access Management (IAM) role with external ID should be used. Explore the best practices for using external ID to avoid the confused deputy problem it is designed to solve.

HP Anyware from HP Teradici is the first high-performance remote desktop solution for EC2 Mac instances, providing a graphics-intensive computing experience with high color fidelity, crisp text, and up to 4K UHD resolution. HP Anyware enables you to remotely access your EC2 Mac instances as if they were on a local machine, with the resolution and color fidelity you need for the best desktop experience.

Learn how to set up Active Directory authentication with authorization for Postgres. Heimdall Data provides synchronization scripts for other databases as well, allowing all HAQM RDS instance types to be supported in a similar way. Using Active Directory authentication allows organizations to standardize their password and authorization management via a globally available authentication store, reducing management overhead and improving security and auditing capabilities.

As customers adopt VMware Cloud on AWS, it’s important to provide scalable and reliable hybrid connectivity to help integrate SDDCs with on-premises and cloud-native services. VMware Cloud on AWS customers have additional network security requirements including network encryption, firewall integration, and traffic segmentation. Learn about hybrid network design patterns and considerations, and go through various network architecture design options and use cases addressing customer requirements.

Data security is a particularly important topic for multi-tenant SaaS applications that handle customers’ sensitive data. How to securely segregate tenant data and how to provide data access to customers will vary depending on the SaaS solution’s architecture and its requirements. This post explores how SaaS vendors can build secure, scalable, and cost-effective data exchange mechanisms using SFTP (SSH File Transfer Protocol) with AWS managed services like AWS Transfer Family.

Today, many organizations trust HAQM Web Services (AWS) to host their business’s applications and infrastructure. As they continue to innovate, their applications and environments become increasingly complex. This post explores how AWS customers can leverage Gremlin to improve the resiliency and reliability of their applications. Learn how to apply chaos engineering principles to your HAQM EKS environment to increase uptime, reduce incidents, and build more resilient applications, systems, and services.

HAQM EKS and Calico Cloud’s combined solution provides proof of security compliance to meet organizational regulatory requirements, but building and running cloud-native applications in EKS requires communication with other AWS and external third-party services. Learn how you can apply zero-trust workload access controls along with microsegmentation for workloads on EKS, and explore what implementing zero-trust workload access controls and identity-aware microsegmentation means for you.

The increase in market uncertainty over the last couple of years has demonstrated the need for market participants to have a dynamic view of the risks and impacts due to market moves on their portfolios. This post explores how Validus, a leading independent technology-enabled financial services firm, built a Bloomberg real-time market data integration using serverless managed services on AWS.