Enhanced Security for Public Cloud Infrastructure

May 26, 2017 |

All the solutions that REAN Cloud architects follow the AWS Security and Architecture Best Practices. A part of those practices suggests the deployment of applications using the 3-Tier design – Web Server, Application Server, and Database Server. By doing this, we enable our customers and partners to build highly scalable and available applications, that are optimized to run in the AWS cloud.

The Architecture

REAN Cloud has devised a secure virtual private cloud (S-VPC) framework that provides assurance of information protection with additional security controls to ensure the confidentiality, integrity, and availability of information. The S-VPC wraps your application in a secure shell to meet the internal governance and ensure compliance.

REAN Cloud Secure - VPC
REAN Cloud S-VPC

Our solution architectures allow users to deploy critical components of their application across multiple Availability Zones and help replicate their data appropriately. Also, applications are designed to handle dynamic IP addressing when the instance restarts, and there are continuous monitoring and response to events in place. Failover clusters and the AlwaysOn Availability Groups make for a Highly Available and Robust application environment.

REAN Cloud HA Architecture
REAN Cloud HA Architecture

A Sophos UTM server provides for enhanced security, that easily secures their data, applications, and servers in the Cloud. This also enables faster deployments without compromising the performance.

The Complete Security Solution

Sophos UTM scales automatically by adding and removing UTM Workers in tandem with AWS instances, based on traffic increases or decreases. Sophos UTM on AWS also offers High Availability (HA) to help ensure that your applications and users can always connect. With Sophos and REAN Cloud you get an all-in-one security solution with server protection that blocks intrusion attempts and secures remote access. Sophos UTM provides a modular, network firewall that includes network access control, stateful packet inspection, networking tools, routing and secure remote access. With advanced threat protection, Multiple technologies like IPS, Web control, App control, and selective sandboxing analysis combine to provide a layered defense against Advanced Persistent Threats (APTs), command and control traffic, and targeted attacks. With this solution, you can quickly identify infected hosts on your network before they turn into a problem.

The Solution Components

With REAN Cloud’s depth and expertise in the security and cloud space, we can help you implement a Cloud and Sophos solution.

Cloud Components

  1. Managed Security VPC: Sophos UTM Solution Deployment.
  2. VPC Peering: To route the traffic between Managed Security VPC & Remote Ditech Workloads VPC.
  3. AutoScaling: HA, Auto Healing of UTM instances and Scaling the Sophos UTM solutions.
  4. IAM Roles: For Sophos EC2 Instances to run through AWS CLI commands to manage the auto scaling, S3 configuration, log shipping etc.
  5. CloudFormation – To Launch UTM + OGW Stacks.

Sophos Components

  1. Sophos Controller(Queen): To control and manage the configuration of licenses, the configuration of workers and outbound gateways.
  2. Sophos Workers(Swarm): To process the traffic of Inbound/Outbound of the configured VPCs.
  3. Sophos Outbound Gateways: VPC NAT Gateways that forward the traffic to Sophos Worker environments.

Here are the high-level steps for implementation of the Sophos UTM+OGW Solution.

  1. Sophos UTM Controller + Workers Deployment.
  2. Setting up VPC Peering, Route Table, NACL updates of UTM VPC + Remote Ditech VPC’s.
  3. UTM OGW Deployment on Ditech Remote VPC.
  4. UTM Controller Configuration along with OGW Setup.
  5. Minimum Viable Outbound Gateway Protection Configuration.
  6. Routing OGW Change.
  7. Test Plan.
  8. Roll Back Plan.
  9. Environment Handover.
  10. Logging and Reporting.

The Benefits

One of our customers, Veritas Technologies, an international data management software company, chose REAN Cloud to implement a Sophos UTM solution for providing enhanced security for their infrastructure on AWS. REAN Cloud worked with Veritas to implement a highly available and scalable Sophos UTM solution in the AWS environment. The Sophos setup was successfully completed in a Worker – Controller model, and the Sophos UTM Workers were deployed in an AutoScaling group.

Sophos UTM on AWS automatically scales to provide protection for your web applications. It is a purpose-built, layered security platform, optimized for inbound and outbound traffic to AWS. With a simple, web-based management console, it also provides extensive real-time and historical reporting and logging options.

End Note

REAN Cloud, a Premier Consulting Partner in the Amazon Web Services (AWS) Partner Network (APN) and AWS Managed Services Partner, is a cloud-native firm with deep experience in supporting enterprise IT infrastructures and implementing continuous integration, continuous delivery pipelines. To learn more about building such scalable and secure solutions, please reach out to us at info@reancloud.com.

Related Blog Posts

Blog

Top 5 Reasons to Utilize Cloud Computing in Financial Services
Read More
Blog

Is Migrating to the Cloud Safe for Financial Sector Companies?
Read More
Blog

REAN Cloud is one of the few AWS Premier Partners to achieve both AWS DevOps Competency and MSP Designation
Read More
Blog

7 Ways DevOps Can Save Your Company…Time and Money
Read More