how mcgraw hill uses sumo logic and aws for operational and security intelligence

How McGraw Hill uses Sumo Logic and AWS for operational and security intelligence

Shane Shelton – Sr. Dir., Application Performance and Development Operations, McGraw-Hill Education

Scott Barneson – Head of Application and Industry Vertical Technology Alliances, Amazon Web Services

Ben Newton – Sr. Product Manager, Sumo Logic

Sumo Logic Confidential

Sumo Logic OverviewDemoCustomer Use Case: McGraw HillAWS Overview Q&A

Agenda

Search

Visualize

Predict

Applications

Mobile

Internet of Things

Network and Server

The Machine Data Challenge

On-Prem Data Centers

Cloud Sources

Collector

Collector

Powerful & Secure Architecture, Effortless Deployment

Hybrid Data Sources

Private Public

PaaSIaaS

SaaS

Hosted Collector

Sumo Logic Confidential

Use Cases

Availability &

Performance

Customer Insights

Security and

Compliance

5

SUMO LOGIC DEMO

Sumo Logic Confidential

Cloud Machine Learning

The Sumo Logic Difference

Effortless Elastic LogReduceAnomaly Detection

Sumo Logic Confidential

Low TCO Any Data Human ContextTransaction Analytics

7

MCGRAW-HILL USE CASE

Sumo Logic Confidential

Sumo Logic Confidential9

Introduction

• McGraw-Hill Education • Recently divested from McGraw-Hill Companies • Rapidly transitioning to a digital and SaaS model• Investing heavily in digital

10

Sumo Logic Agent Deployment with Puppet

1) Came up with a Collector and Source Category naming scheme for RBAC inside of Sumo Logic

2) Created listing of log paths on all servers per tier3) Created list of users needing access4) Enabled a Puppet Sumo Logic Access Key and User for automated setup via

their API.5) Wrote the Puppet module that deploys the agent on any server deployed in

our Performance or higher environments. a. The module reads the AWS server name and then auto configures the

Collector name and log collection paths, calls the Sumo Logic API and sets up the server automatically in the Sumo Logic Console.

6) Deployed Puppet modules in our environments.7) Trained our users via Sumo Logic Professional Services

11

Sumo Logic Agent Deployment with Puppet

12

Example of Roles in MHE’s Sumo Logic Account (Names Removed)

Example of Collectors and Source Categories in MHE’s Sumo Logic Account

Troubleshooting and Real Time Alerting

• When issues are found, we use Sumo Logic to search millions of rows of logs in minutes.

• No longer is it just Operations that can view logs in Production, we give log access to multiple groups inside our company to help resolve issues faster without having to give access to ANY Production systems.

• We have cross-functional teams that have access to multiple product logs to allow for quicker troubleshooting of issues in QA. This is enable via Roles in the Sumo Logic console. This feature is extremely helpful in Development.

• Created numerous alerts from our logs on known events that can occur. Sumo Logic’s alerting engine notifies you in real time for agent based nodes.

13

Alerting Examples

14

Example of Some of our Alerts

Drilldown into Weblogic DB Connection Issue Alert (Recipients Removed)

Sumo Logic LogReduce Feature

• When trying to find issues across 100’s and 1000’s of servers, it’s not helpful to look at a detailed view.

• Sumo Logic LogReduce let’s MHE take 1000’s of pages of logs and reduce it into patterns that are easier to troubleshoot.

• This was particularly helpful when the Bash vulnerability came out and we had to filter out how many servers got attacked and by whom before we got the final fix from Red Hat.

15

LogReduce Example

16

Example without LogReduce Across an MHE Application Tier searching for Java Exceptions (11,229 pages)

With LogReduce Enabled (15 pages)

Amazon Web Services Auditing

• Sumo Logic allows for integration with Amazon Web Services (AWS) CloudTrail Audit logs

• Note one caveat is that alerting is not real time with CloudTrail Logs inside of Sumo Logic. Logs are consumed every 15-20 minutes.

Steps:1) Enable CloudTrail in your AWS account and send it to an S3 bucket

per AWS best practices2) Give Sumo Logic access to the S3 bucket for log consumption3) Setup CloudTrail Collector inside of the Sumo Logic console.

17

Amazon Web Services Auditing

• MHE DevOps has to have MHE Cloud Security approval whenever we are making any security related change in any of our AWS accounts.

• The Sumo Logic alerts allow MHE Cloud Security to verify that approved changes are going out by the approved parties.

• Non-approved changes are escalated and handled on a case by case basis.

Alert Examples

18

Amazon Web Services Auditing

Alert Email Example:

19

Scott Barneson

Head of Application & Industry Vertical AlliancesAmazon Web Services

How are enterprises thinking about and using the cloud in 2014?

Strategies Enterprises Are Using on AWS…

Development & Testing

New Workloads

Supplement Existing Workloads with the Cloud

Supplement Workloads with Existing On-Premises Infrastructure

Migrating Existing Applications

Data Center Migration

All-in – IT Entirely in the Cloud

1

2

3

4

5

6

7

Why are companies adopting cloud computing and AWS so quickly?

Broad and deep services drive real world, production

workloads of all shapes and sizes

PlatformServices

Caching

Relational

No SQL

Hadoop

Real-time

Data Workflows

Data Warehouse

Queuing

Orchestration

App Streaming

Transcoding

Email

Search

Containers

Dev/ops Tools

Resource Templates

Usage Tracking

Monitoring and Logs

Identity

Sync

Mobile Analytics

Notifications

FoundationServices

Compute(VMs, Auto-scaling and Load Balancing)

Storage(Object, Block and Archive)

Security & Access Control

Networking

Infrastructure

Regions CDN and Points of PresenceAvailability Zones

EnterpriseApplications Virtual Desktops Collaboration and

Sharing

Databases

Analytics

App Services Deployment & Management

Mobile Services

Gartner “Magic Quadrant for Cloud Infrastructure as a Service,” Lydia Leong, Douglas Toombs, Bob Gill, Gregor Petri, Tiny Haynes, May 28, 2014. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available at http://aws.amazon.com/resources/analyst-reports/. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

2014 Magic Quadrant for Cloud Infrastructure as a Service

AWS GovernanceFine-grained access control over data and resources

Control over regional replication

Policies, resource level permissions, temporary

credentials

In-depth audits

Geographic data locality Fine-grained access control AWS CloudTrail

Certifications and Accreditations for Workloads That Matter

Thank You