In Asia, where many workloads still reside on premises, companies are accelerating their move to the cloud post-pandemic to get more flexibility and business agility.
A born-in-the-cloud company, Cloud Comrade has helped more than 500 customers navigate their cloud migration journeys since it started operations in 2014. Headquartered in Singapore, it specializes in the delivery of cloud IT services, including strategy and design, deployment, migration and management of IT infrastructure. It also offers managed services and managed security services that provide 24/7 monitoring, maintenance, backup and recovery solutions.
Cloud Comrade Is Skilled at Implementing Cloud Infrastructure
As the only AWS Partner Network Premier Tier Consulting Partner, Google Premier Partner and Microsoft Gold Cloud Competency Partner headquartered in Southeast Asia, Cloud Comrade is adept at implementing cloud infrastructure for public and commercial customers across all industries.
“We have a wide variety of clients, ranging from 2-month-old startups to big enterprises, from banks and insurance companies to the Singapore government. And they all want the same thing—modernize their infrastructure and run it in a secure and structured way so they can serve their customers better.” Andy Waroma, Co-Founder and Co-Managing Director, Cloud Comrade
Cloud Comrade started partnering with VMware in 2019, when it realized that there was a segment of enterprise customers on VMware infrastructure that wanted to migrate to the cloud.
“VMware Cloud is a natural choice for many of our customers, because it helps them to migrate very rapidly onto a cloud platform and without too much testing.” Andy Waroma
VMware Multi-Cloud Helps Customers Grow Their Operations to Cloud and Cross-Cloud Services
VMware Multi-Cloud enables customers to extend their platform and operations from an on-premises environment to cloud and cross-cloud services over time. It enables customers to utilize a single pane of glass to simplify their operations and management as well as accelerate their execution as they transform.
To ensure that its 100-strong employees are ready to serve customers at the highest level, Cloud Comrade has embarked on the path to achieve the VMware Cloud on AWS Master Services Competency by getting their consultants certified.
“We see that the market is ready for VMware Cloud, and this is the first step in our journey with VMware. We are very much looking forward to working with our enterprise customers, transforming them on VMware Cloud to a modern enterprise.” Andy Waroma
As part of Singapore Government five-year plan to embark on a cloud-first journey to migrate majority of their on-premise infrastructure to the commercial cloud, EMA has selected Cloud Comrade as their partner to leverage on our endorsed capabilities to ensure a smooth migration.
Cloud Comrade has earned the highest standards of Microsoft by attaining Gold Cloud Platform Competency. Our high level of competence and expertise with Microsoft technologies as well as best-in-class capabilities for deploying the Microsoft business solutions allow us to design and deploy a strategy that aligns with EMA’s main goals.
“By migrating to a cloud platform, EMA is able to optimize their workloads with flexibility to scale. The time saved from certain automatic functions such as backup and patching allows the company to spend more time in innovation. In addition to the enhanced security available on the platform, migration to Microsoft Azure Cloud on GCC allows EMA to further protect their data with leading ICT capabilities that are augmented by robust cybersecurity measures and systems.
Being a statutory board, it is also important for EMA to ensure that compliance requirements are met in which Microsoft Azure Cloud have specialized offerings aligned with the regulations. The single screen also allows users to easily manage and monitor their IT infrastructure.” – Wong Chee, Assistant Director of IT Infrastructure EMA.
As part of the project kick-off, Cloud Comrade embarked on the planning journey by first fully understanding EMA’s IT infrastructure and finalizing the details. Our solutions architecture then design the infrastructure followed by deployment, testing and validation. The deployment was separated into 3 stages; infrastructure foundation, UAT deployment and Production deployment.. Once the deployment is completed, various testings and validation commenced; such as backup, recovery and performance testing. The project was then completed with transition to EMA’s managed services.
To understand more about how Microsoft Azure Cloud can help your company achieve agility and resilience, speak to one of our comrades and find out more.
About Energy Market Authority
The Energy Market Authority (EMA) is a statutory board under the Ministry of Trade and Industry. Our main goals are to ensure a reliable and secure energy supply, promote effective competition in the energy market and develop a dynamic energy sector in Singapore. Through our work, EMA seeks to forge a progressive energy landscape for sustained growth. For more information on EMA, visit https://www.ema.gov.sg.
About Cloud Comrade
Cloud Comrade (https://www.cloudcomrade.com) is a Singapore-based cloud computing consultancy company with a regional footprint in Indonesia and Malaysia. The company offers a comprehensive range of services from strategy and design to deployment, migration, and management of customers’ IT infrastructure. Cloud Comrade partners with the best solution providers in the field of cloud computing and is a preferred Amazon Web Services (AWS) consulting partner in ASEAN, as well as a managed service provider for AWS, Google, and Alibaba Cloud. For more information on Cloud Comrade, visit cloudcomrade.com.
Cloud technology began as a backup storage option. But in recent years, it has evolved and grown to become an all-inclusive computing platform that has fundamentally transformed the way organizations use, store, and share information.
As we move into a new normal, it is clear that cloud computing is set to be a key enabler of the digital future. Amid a hybrid work revolution, businesses continue to move workloads and data to the cloud to enable employee productivity and collaboration on-the-go.
As enterprises scale up their use of the cloud, they also need to rethink how they protect their business-critical data and applications. In fact, a research found that almost all breaches in the cloud stem from misconfiguration, rather than from attacks that compromise the underlying cloud infrastructure. For organizations who need help with ensuring an intelligent, effective security stance for cloud, AWS Premier Consulting Partners such as Cloud Comrade can provide the support you need for your cloud journey and assist you in building a resilient, secure, and high-performing cloud infrastructure.
Leave your cloud security to us
In the rapidly changing security landscape of today, many businesses face challenges with regards to cloud security which can directly bring about business risks.
AWS’ industry-first Level 1 Managed Security Services are uniquely designed to help protect and monitor your essential AWS resources. They are delivered to you as a fully managed service available for purchase in AWS Marketplace in the Managed Security Service (MSSP) solution area, or directly from AWS Partners that provide Managed Security Services.
Cloud Comrade is one such AWS partner that can help you take care of ten specific 24/7 security service areas, each with technical and operational requirements defined by AWS security experts. These requirements were designed to help MSSPs to deliver protection, monitoring, and response services for essential AWS resources.
AWS infrastructure vulnerability scanning: Routine scanning of AWS infrastructure resources for known software vulnerabilities.
AWS resource inventory visibility: Continuous scanning and reporting of all AWS resources and their configuration details, updated automatically with newly added or removed resources.
AWS security best practices monitoring: Detects when AWS accounts and the configuration of deployed resources do not align to security best practices.
AWS compliance monitoring: Scanning AWS environments for compliance standards on two or more of the following: CIS AWS Foundations, PCI DSS, HIPAA, HITRUST, ISO 27001, MITRE ATT@CK, and SOC2.
Monitor, triage security events: A combination of automated tooling and security experts continuously monitor aggregated AWS resource logs across network, host, and API layers to analyze and triage security events.
24/7 incident alerting and response: Notification of high priority security events and expert guidance on recommended remediation steps 24/7.
Distributed Denial of Service (DDoS) mitigation: A system backed by technology and security experts monitoring 24/7 for DDoS attacks against your AWS applications.
Managed Intrusion Prevention System (IPS): From known and emerging network threats that seek to exploit known vulnerabilities.
Managed Detection and Response (MDR) for AWS-based endpoints: A combination of technology and cloud security experts working to continuously detect, investigate, and remove threats from within AWS endpoints.
Managed Web Application Firewall (WAF): A firewall managed service designed to protect web-facing applications and APIs against common exploits.
Skilled expertise in cloud security, without the complexity
To help customers secure their cloud without increasing complexity or adding unnecessary cost, Cloud Comrade provides AWS Managed Security Services through a combination of AWS-native and third-party security technology. Where possible, this allows customers to utilize familiar or previously purchased tools.
Together with AWS Solution Architects, Cloud Comrade helped ERGO Insurance conduct an exhaustive study on the requirements to implement the Document Management System (DMS) on AWS. The solution also included AWS Security best practice by combining secure network architecture and 3rd party tools such as Trend Micro Deep Security. Amazon Simple Storage Service (S3) was used to securely deploy the DMS storage at a minimal cost. The Encryption in transit and at rest was achieved using Amazon Key Management Service (KSM) and Elastic Load Balancer (ELB) with Amazon Certificate Management (ACM).
Using DMS on AWS provided ERGO with agility and an advantage over its competitors – something that was not possible with its previous infrastructure. The new infrastructure reduced the costs while maintaining high performance, availability levels, and elasticity as the business grows.
Gain a peace of mind in the cloud
From business strategy to process design, and infrastructure management to training and support for your people, Cloud Comrade makes sure that your move to AWS cloud is swift, smooth, and secure. We help protect your AWS environment and provide you with 24/7 monitoring and remediation guidance, so that you can fully operationalize your cloud security to increase staff efficiency, and receive full security visibility across your AWS environment.
A key benefit of moving to AWS cloud is the ability to innovate and scale at speed – and we ensure that your cloud cybersecurity posture supports rather than hinders that.
The past two years have forced rapid and drastic shifts in businesses worldwide. Amid a global pandemic, organizations suddenly found themselves in a work-from-home model; and even as businesses return to the office, hybrid work is here to stay.
Chief Information Security Officers (CISOs) are now faced with a new reality. There has been a near-sevenfold increase in spear-phishing attacks since the pandemic began. In addition to enabling a secure and always-connected dispersed workforce, CISOs also need to address new network and data security threats that target remote employees.
Insights from a McKinsey research released in January 2022 highlighted four key cybersecurity challenges that organizations face as they adapt to the new normal; namely, a visibility gap, a fragmentation of technology, a talent gap, and the difficulties in measuring cybersecurity’s Return on Investment (ROI). This article outlines how AWS partners such as Cloud Comrade can provide Managed Security Services to help organizations tackle these issues and drive their business forward in the new normal.
The missing links
A key challenge that organizations have when it comes to cybersecurity is the lack of visibility in their digital infrastructure. This makes it difficult for them to recognize when, where, or why there is a problem. This can be detrimental because when it comes to safeguarding your business critical applications and data, nothing is more time-sensitive or important than threat detection. By bringing dangers out into the open, you’ll be able to minimize the reaction time taken to mitigate the risks.
CISOs are also faced with the issue of technology fragmentation. This is especially so when it comes to larger organizations; a lot of times, different technology, applications, and providers are used across an organization. In fact, a company may have more than 100 third-party security tools in use, with each contributing to the security complexity. This can cause decision paralysis; IT teams are fearful of reducing the number of security applications, including those that seem redundant, as they are unsure of the impact that can ensue. Afterall, no CISO desires to be the one who cancels the tool that might prevent the next big breach.
The cybersecurity-talent gap is part of a larger manpower shortage in the technology industry. It is not a new problem, but it’s one that is set to accelerate and affect a growing number of organizations. The International Information System Security Certification Consortium (ISC)² has projected a shortage of 1.8 million cybersecurity professionals in 2022.
As more organizations transform into digital businesses, a struggle they face is in understanding how to measure the return or value of a dollar spent on cybersecurity. The inability to accurately communicate or measure the ‘actual’ ROI of a cybersecurity investment, and map it to business priorities, would also make stakeholder buy-in difficult.
Engineering future-ready cybersecurity
When organizations adopt AWS services, the responsibility of security is shared between AWS and the customer. Regardless of the size of your organization, leveraging the expertise of an AWS Partner such as Cloud Comrade is a valuable way to increase your security posture.
The Managed Security services offered by Cloud Comrade include full security visibility across the AWS environment, such as AWS resource inventory visibility. This entails the continuous scanning and reporting of all AWS resources and their configuration details, which will be updated automatically with newly added or removed resources. Cloud Comrade also provides security events monitoring and triage. A combination of automated tooling and security experts continuously monitor aggregated AWS resource logs across network, host, and API layers to analyze security events. Alerts and remediation guidance are provided to help customers resolve issues in their environments.
To help organizations to overcome the technology-fragmentation challenge, Cloud Comrade can operationalize both native AWS security services such as AWS Security Hub, Amazon GuardDuty, as well as third-party Security Competency (ISV) Partner products. We do so by providing the skill sets needed to implement tooling according to AWS recommended best practices. Where possible, customers can continue to utilize familiar or previously purchased tools.
We have worked closely with AWS security experts to develop offerings combining security tools, skill sets, and processes leveraging native AWS security services, AWS Solutions Implementations, and third-party solutions. A Premier AWS consulting partner such as Cloud Comrade is able to skillfully integrate, join forces, and work alongside your security teams or provide full outsourcing for your AWS security operations – eliminating the headache of cybersecurity talent shortages. We also offer additional security assessment, design, implementation, and training to support your cloud journey and ensure that your security posture supports your key business priorities.
A strategic approach to security
When done right, cybersecurity can unleash the full potential of your business. Amid a burgeoning threat landscape, an AWS Premier Tier Consulting Partner like Cloud Comrade can provide the Managed Security Services you need to address the challenges of meeting growing, and more sophisticated, cybersecurity threats. Leave it to us to help you protect your business-critical assets and bolster your security efficacy, so that your IT teams are free to focus on innovation and building your business.
Click here to find out more about AWS Managed Security Service.
The objective of Patch Management is to keep various systems within the network up to date and secure the systems from various kinds of cyber-attacks. Patch Management is the method of installing and managing the latest patches or code changes to fix security vulnerabilities on various systems within a network.
In this blog, lets deep dive into the advantage of AWS Next Generation automated patching over the Traditional Patch management.
Traditional Patch Management
Patch management is critical to the security of computers on a network. But patching is not a one-time process. The security team/ Subject Matter Expert (SME) within any organizations had to create a scheduled scan that will routinely check for missing patches, so that the team/SME can keep the computers on the network up to date.
For example, let’s get back to the good olden days on how Microsoft updates were applied to the systems using WSUS server. The team/SME had to perform a scan to find out which updates are missing from which computers. Each time there is a plan for deploying updates, the team/ SME will have to perform a new scan. Microsoft introduced WSUS server for patch management. The prerequisites were a server running Windows Server 2003 SP1 or greater, IIS 6.0 or greater, .NET 2.0 framework, and Report Viewer 2008 Redistributable 2008. Also, a dedicated team for patch management.
Demerits of Traditional Patch Management:
A dedicated resource/team to keep track of patches, schedule scans and updates
Possibility of human errors (miss out some critical security updates)
Decision on the patches to install and which one to ignore and what the optimum order of installation should be
Testing of patches before implementation requires a testing environment with spare hardware, software and SME ready adds to additional cost
As the organizations IT Head wish is to have seamless patch management. The businesses are currently moving towards the transformation journey for continuous delivery, AWS adds incredible value towards on-demand infrastructure resources and tools to empower the Devops practices.
AWS Next Gen Patching using Systems Manager
The automated enterprise patch management tools carry out the patching process by deploying or installing agents on target instances (Windows/Linux). These agents provide a connection between the centralized patch server and the computers to be patched. With AWS System Manager, the business can install and configure the SSM agent that can update, manage, and configure the AWS resources. By using the customized SSM document (part of DevOps) Cloud Comrade can ease the intricacy for the security team by running the patch baselines in the multi accounts and multi regions.
AWS Systems Manager key features:
Automatic deployment of operating system and software patches.
View resource groups recent API activity, resource configuration changes, related notifications, operational alerts, software inventory, and patch compliance status.
Centralized location where operations engineers and IT professionals can view, investigate, and resolve operational issues related to the resources and to have complete control over operations.
Customizable key insights dashboard, providing key insights and analysis into the operational health and performance of your AWS environment.
Secure remote management of instances at scale without logging into servers, replacing the need for bastion hosts, SSH, or remote PowerShell.
Using session manager, the business can control which users can access each instance, including the option to provide non-root access to specified users.
Option for auto-approve select categories of patches to be installed.
Maintenance window for patching.
With Systems Manager, the business can control configuration details such as server configurations, anti-virus definitions, firewall settings, and more.
In Cloud Comrade, we have strong expertise in centralized multi account and region patching using customized Systems Manager document. Connect with us to know more about AWS Next Gen Automation.
In this Cloud Computing world, organizations of all sizes continue to
focus on eliminating the need for monotonous tasks and improving processes.
However, many organizations still rely on using high valued resources to
perform manual tasks. Not only is this a waste of time and money, but it is
highly inefficient and will lead to human errors.
Traditional way of AMI:
Manually create an AMI from the instance.
Launch the instance for security patching and
install required software’s
Manually share the AMI to other accounts
Currently, many organizations are moving into cloud computing to scale
up their business. They spin up more workloads to Amazon Web Services (AWS).
But how does the team ensure when a new VM is provisioned: can be scalable, in
a reliable manner, error free, with no vulnerabilities.
A golden AMI is an AMI that can be standardized through configuration,
consistent security patching, and hardening. It also contains agents to approve
for logging, security, and performance monitoring.
AMIs use one of two types of virtualization: paravirtual (PV) or
hardware virtual machine (HVM). The main differences between PV and HVM AMIs
are the way in which they boot and whether they can take advantage of special
hardware extensions for better performance. Windows AMIs are HVM AMIs.
The old saying goes: if you are doing something more than a couple of times, automate it.
Golden AMI Pipeline
This blog is about building a secured, approved Golden AMI image for providing a reliable, scalable, and approved application stack factory that increases innovation swiftness, reduces effort, and increases the confidence of Securiy team to ensure that the teams are compliant.
Automated Golden AMI Pipeline Process Flow
AMI Factory Pipeline:
(optional): Subscribe to the AWS marketplace product you want to
Create a cross-account role in the child account
Set up the golden AMI pipeline environment
Step 4 (optional):
Set up a compliance check in the child account(s)
Create a golden AMI
Approve the golden AMI
Review the golden AMI metadata
(optional): Manually trigger continuous vulnerability assessment of golden
Distribute the golden AMI to child account
10: Decommission the golden AMI
Once you have shared the base golden AMI with
development teams, they can consume the latest golden AMI in the simplest way
possible, often through automation. They can customize the OS specific golden
AMIs with the required software components, but also ensure that the AMIs
continue to meet the organization’s requirements.
The development teams can repeat the above process. Each team within the business can use the golden OS AMI shared by the Security team and can add their own software and produce a new golden AMI that is secured, scanned, distributed, and consumed as necessary.
To assess different features of the
golden AMI pipeline:
Create golden AMI and then distribute the same to a child account.
Manually perform a continuous vulnerability assessment of the active golden AMI.
Deploy an instance of a golden AMI in a governed manner.
Finally, decommission the golden AMI.
Cloud Comrade’s expertise in Automation can help
businesses in setting up a consistent template model, which ensures consistency,
secured, scalable, and reliable Golden Image pipeline.
With traditional deployment, new versions of an application are released using various tools to pull the code from a repository and push it to a production server. Once the code has been pushed, each application process is restarted manually. While this process works, it is by no means an easy process to switch from running in the development environment to the production environment.
There are various issues with this traditional deployment process, for example different environments (development work and production server), application configuration management, and replication of an application environment.
Every software deployment involves processes and practices for successful execution & deployment of the deployment. The complications also increase in an exponential manner based on the project size. The organization should build an automated pipeline to develop, test, and release the software in a manner so that the release is done in an incremental manner thereby having minimal or no impact to the project deployment.
With CI/CD pipeline, it helps the organizations automate steps in your software delivery process, such as initiating code builds, running automated tests, and deploying to a staging or production environment. Some of the benefits of CI/CD Pipeline are cost effective, easy to make real time decision, early bug recognition remove manual errors, provide standardized development feedback loops and enable fast product iterations.
In this below diagram, lets have a look at how automated AWS Code pipeline with Code Commit, Code Build and Code Deploy integrated with AWS Landing Zone for “maker” and “approver” process along with creation of workload application account using Account Vending Machine from child member account.
Code Commit is to securely store the source codes to make easier for the teams to collaborate on code in a secure and highly scalable ecosystem. CodeBuild compiles your source code, runs unit tests, and produces artifacts that are ready to deploy. CodeBuild eliminates the need to provision, manage, and scale your own build servers. S3 bucket for artifacts is also setup with the first AWS CodeCommit repository and shared across all other AWS CodeCommit and AWS CodePipeline resources. For the AWS CodeCommit, CodePipeline, and CodeBuild it’s a best practice to use CloudFormation templates that allow organizations to automate the creation of accounts and resources.
With strong expertise in Automation, Cloud Comrade has proven examples offering their clients an Automated Account Creation with AWS Service Catalog and Cloud Development Toolkit to enhance the organization’s current Landing Zone.
The Cloud era has
brought a perilous challenge of managing application secrets, encryption, and
access to any resource in the Cloud. Securing and rotating secrets regularly
and properly, both in the Cloud and on-premise, can have a significant
As part of traditional method,
we love keeping configurations in text files, we store the database credentials
or sensitive data, for example securing remote login stored in the ~/.ssh/ directory,
the private key might commonly be found in a file called id_rsa, and
the public key might be in a file called id_rsa.pub..Then commit, push and everything goes to the code
The traditional concept has
its own flaws like changing the passwords, human errors like creating a public
repo, publicly available code repo etc.
Amazon Web Service’s Secrets Manager makes it effortless for organizations to store and retrieve the secrets using an API and Command Line Interface.
is AWS Secrets Manager
Manager helps you protect secrets needed to access your applications, services,
and IT resources. The service enables you to easily rotate, manage, and
retrieve database credentials, API keys, and other secrets throughout their
API keys and secrets are difficult to handle safely, and probably something we avoid thinking about.
Benefits of AWS Secrets
access with fine-grained policies
and audit secrets centrally
When CI/CD pipelines moved to the public cloud, credential management did not evolve with them. AWS Secrets Manager is a comprehensive solution for secure secret storage. The organizations can define a secret just once for your whole AWS account, then we give our consumers permission to use the secrets.
The database administrator creates a set of credentials on the Personnel database to use with an application called MyCustomApp(sample application created in my training account). The administrator also configures those credentials with the required permissions to access the Personnel database.
The database administrator stores the credentials as a secret in Secrets Manager named MyCustomAppCreds. Secrets Manager encrypts and stores the credentials within the secret as the protected secret text.
When MyCustomApp needs to access the database, the application queries Secrets Manager for the secret named MyCustomAppCreds.
Secrets Manager retrieves the secret, decrypts the protected secret text, and returns it to the client application over a secureHTTPS with TLS channel.
The client application parses the credentials, connection string, and any other required information from the response and then uses the information to access the database server.
Kindly note that Secrets Manager can natively rotate credentials for supported AWS databases without requiring additional programming. However, if organizations wants to rotate the secrets for other databases or services, Cloud Comrade has the expertise in creating custom Lambda function to define how Secrets Manager interacts with the database or service.
How to Centralize The Rotation of RDS Key Using Automation
In this example the RDS credentials on Workload Application Account will be stored in Shared Services Account (Landing Zone). The credentials will be rotated periodically.
How to Centralize The Rotation of API Key Credentials Using Automation
In this example the API Key credentials from Application Workload Account will be stored in the Shared Services Account (Landing Zone). The credentials will be rotated periodically.
Manager lets us manage a secret entry (name and metadata) separately from its
value, and it integrates with other AWS services that we already use:
entry management: Manual (Web console, AWS CLI) or with an infrastructure
management tool (Terraform, CloudFormation etc.)
value management: Manual (Web console, AWS CLI) or automatic (secret
rotation Lambda function).
control: AWS IAM policies (for both applications and human operators).
encryption: Amazon KMS automatically encrypts the secret value. Use either
the account’s default KMS key, or a customer-managed KMS key.
Auditing: AWS CloudTrail and CloudWatch
has strong expertise in automating AWS Secrets Manager and allows you to
consolidate the secrets into one place, and use them securely from Jenkins.
The market for Cloud Services has grown tremendously in recent years; many enterprises started thinking ‘when to migrate their SAP landscape into Cloud Services.’ However, the main topic of discussion among the stakeholders is ‘how to migrate current complex SAP landscape into Cloud Services.’
Let us see how Cloud Comrade expertise can help its customers to migrate SAP Workloads into AWS
Before that let’s have a close look at the benefits of Migrating the Workloads into Cloud over Traditional Workload Migration
Traditional Migration Processes- Manual
Assessing the Infrastructure
Proof of Concept
Conventionally, it’s challenging for any managed service providers to get 100% visibility of workloads in the infrastructure. Many technologies are outdated and unsupported by phones or tablets which results in a lack of future technical support. The old interface or legacy software could pose a significant security threat, downtime that will affect business productivity and efficiency.
Hence it’s a viable solution for organizations to consider migrating workloads (SAP) into cloud AWS. Like we all know the five R’s involved in the migration to cloud – Rehost, Refactor, Revise, Rebuild or Replace, we can choose based on the necessity.
Migrating SAP Workloads into AWS – Automated:
AWS has been an SAP Global Technology partner since 2011. AWS and SAP have partnered closely in coming up with various services to make fast and efficient deployment of SAP Workloads on AWS for lower costs, innovation, and simplified infrastructure management. With AWS Server Migration Service (SMS), we can migrate on-premises SAP workloads into AWS Cloud quickly and efficiently.
One of the critical benefits migrating SAP Workloads into AWS is the scalability, without worrying about how to accommodate the business growth. The ease of spin up/down/change the configurations.
After the workloads assessment, the service provider should know if there is a need for private/public or hybrid cloud migration. For example, there could be existing legacy systems at its performance limit that limits the SAP upgrades, then its advisable to have a private cloud migration which will help the clients to avoid additional hardware investment and achieve scalability.
Planning and choosing the right service partner is critical. Its critical for the service provider to have a proper understanding of migrating strategy as most of the decision makers struggle in understanding which applications to rehost, as some might require refactoring as well.
Cloud Comrade has a team of professionals who assess existing workloads and provides its customers with the step by step right strategy to migrate SAP Workloads into AWS. We offer a customized cloud infrastructure for highly regulated businesses to maximize their productivity and efficiency
Cloud Comrade successfully helped one of their key customers (Security Industry) in migrating their SAP workload from SAP ERP 6.0 on DB2 to SAP ERP 6.0 Suite on HANA using Software Update Manager(SUM) Database Migration Option(DMO) with System Move and SAP HANA Quick Start.
For the organizations to stay competitive in today’s technology world, have to think of ways to keep their infrastructure automated, highly available, flexible, reproducible, scalable for high productivity and reliability.
In this blog, we will see how the AWS powered NextGen Infrastructure as a code(IaC) helps us to achieve organizations objective compared to the traditional infrastructure as code (IaC).
Traditional Infrastructure as code:
The traditional IaC is to enable and manage the data centers, storage, networking manually. The respective admin will set up the disk, install operating systems and applications. The period required before the launch could be days or weeks. Not only it is time-consuming, but it consumes a big chunk of the workforce plus the higher cost. Imagine of hardware failure, the time required to wait for the manufacturer production, ship, and delivery. What if the hardware malfunctions after all the waiting period. Again the business had to wait for the subject matter expert to handle the situation.
NextGen Infrastructure as code:
With AWS powered DevOps Infrastructure as a code (IaC), we can automate the entire infrastructure setup. How easy does it sound? Simply put, IaC is to manage and provision the infrastructure through the code which pushes into the operational environment. The whole process flow of the development and test can deal with the complexity of the hybrid IT platform. With the NextGen Infrastructure as Code, the MSP can automate, reproduce the systems, and self-document the entire infrastructure. How easy will it be for anyone in the team, different teams, and the developers?
With the traditional IaC, flexibility, elasticity, scalability, reproducibility was a dream for the stakeholders. With the principles of NextGen IaC and AWS DevOps, it makes it easier for collaboration and automation. It has become easier to build custom templates, configure repeatable changes, deploy as a single service or as a group. We can automate the scaling resources based on the traffic.
The critical aspect of infrastructure is disaster recovery and backup. The traditional backup runs on fixed time intervals. Imagine, if there is a failure or network latency, it could lead to data loss that could affect the productivity and reliability of the organization. Cloud Computing has made it so simple and flexible for organizations to enhance data protection, easy deployment, and cost efficiency.
With the right back up strategy and predefined templates, we can implement cross region backups and recovery through automation. Using reliable AWS services like S3 and Direct Connect we can sync the backup solutions at defined regular intervals. For Business Continuity Planning/Disaster Recovery (BCP/DR), we can implement CloudFormation templates for ease of use to make a highly reliable, available, and scalable or upgradeable AWS infrastructure.
Necessity is the mother of all inventions, understanding this phrase in recent times isn’t that difficult. Over the past few weeks, we have seen many businesses across the globe innovate in their approach towards reaching customers and running their operations. This brings us to a juncture in understanding what is common apart from Covid-19 and lockdown across all these organizations, that “One Common” binding factor is going Cloud.
We as Cloud Comrade have always believed in cloud-first strategy for all our customers and globally, we now see that organizations that embarked on cloud strategy were able to adjust to the change in operations. However, all this said we still believe that post-Covid-19 all business needs to go back to the board and strategize. In this new strategy, their “One Common” aspect would be Cloud and Cloud Security. In this ever-changing world, the decision of securing the cloud infrastructure is as important as taking the cloud-first strategy and that is the reason we as CloudComrade work with partners such as InfraGuard
There are 3 steps to maintaining a strong Cloud Security practice, they are Access Control, Patch Management and SOP Automation.
Step 1 of a good security practice starts with absolute and monitored control of your infrastructure access. As a cloud computing consultancy, our suggestion to customers is to opt for a Zero-Trust model for bulletproof security.
Infraguard provides a custom access protocol that is built on role-based policies making sure only necessary personnel can access the server. The solution also provides built-in integration for existing identity providers that are available as part of the infrastructure. This custom access protocol makes sure that granular options are available to limit the actions that are available to each employee (both internal and external). All actions that have been performed are also preserved in forever logs for post-action audit and reporting.
The access controls in Infraguard.IO also have features such as Automated Key Expiry, Historical Key-Request logs, Multifunctional Key Rotation Policy and Ticketing System Integration that are part of the Privileged Access Management functionality. The standard process that is followed for an employee requesting access would follow a sequence such as Raise Key Request with Reason à A Ticket Number Allocation à Ticket Approval à Admin Approval Process à Approval or Denial Request resulting in time defined SSH/RDP key generation.
Step 2 of maintaining a strong and good cloud security practice is to make sure that the security patch is updated and this requires a good patch management solution. Infraguard.IO provide patch management as part of its server security management tool. Processes such as Selection and exclusion of patches, back up the creation and automated patching can be set scheduled across both Windows and Linux systems. This automation allows administrators to focus more on valuable tasks such as monitoring and acting on issues when required and send respective reports to stakeholders.
The 3rd and final step in making sure that good SOP Automation for cloud security practice is in place. SOP Automation, when set up correctly, can enormously reduce your operational error rates and plug security gaps that manual processes always leave open. There are 3 ways SOP automation can be placed are Central Script Inventory, Application Detection & Automation and Operational Policies.
Central Script Inventory
An easily accessible central script inventory is available on our dashboard. Privileged users can edit and run scripts from this view on multiple servers without remote login.
Create your own library of commonly run scripts reducing error rates. Allow only specific users to access this dashboard. Save time by executing on multiple servers at one go.
Application Detection & Automation
Common actions are encoded at button clicks and custom actions are turned into scripts that can run on an automated schedule.
Easily manage complicated applications through the same interface that manages your servers.
Need to Start/Stop instances at defined times? Clear caches on servers every few hours? Want to send scan reports at defined intervals? All actions can now be on auto-pilot.
Your SOPs can now be set at Company level, audited for compliance and then set on automation to remove manual intervention and errors.
Cloud Comrade is an integrated partner with Infraguard.IO. We are only South-East Asia headquartered AWS Partner Network Premier Tier Consulting Partner, Google Premier Partner, and Microsoft Gold Cloud Competency Partner. We partner with only the best solution providers working in the field of cloud computing such as to ensure that our customers have access to the highest quality, fastest-growing and most innovative cloud advisory toolsets that are available today.
GoCloud with Cloud Comrade will help ICT SMEs modernise their IT infrastructure and enhance their digital capabilities to be future-ready
SINGAPORE, 8 January 2020—Cloud Comrade, an enterprise-focused, Singapore-based cloud computing consultancy company and Google Cloud have joined forces to help ICT SMEs in Singapore take advantage of opportunities in a Services 4.0 era via GoCloud with Cloud Comrade, an Infocomm Media Development Authority (IMDA) initiative.
The GoCloud initiative by IMDA supports local ICT SMEs to transform traditional software architecture and development practices to applications deployed and delivered as Cloud Native applications using Microservices and DevOps, so that they can be more agile, flexible and scalable. IMDA-appointed Service Providers will provide consultancy and training to equip development teams of ICT SMEs with digital capabilities in Cloud Native, Microservices and DevOps.
The addition of GoCloud with Cloud Comrade to IMDA’s GoCloud initiative gives ICT SMEs in Singapore more cloud and managed service options when seeking a trusted partner to help them embark on their digital transformation journey. Together, Cloud Comrade and Google Cloud will help ICT SMEs modernise their legacy infrastructure and adopt agile microservices-based architecture, upskill in-house talent, and better respond to customer needs quickly.
Successful GoCloud with Cloud Comrade applicants will receive S$3,000 worth of Google Cloud Platform (GCP) credits to help them prototype their Cloud native applications and scale their business. They can also take advantage of free training and coaching opportunities by Cloud Comrade and Google Cloud engineers, as well as apply for Google Cloud Certification—many of which are also endorsed by CITREP+.
Howie Lau, Chief Industry Development Officer of IMDA, said, “We are glad to have Cloud Comrade on board as one of the service providers for IMDA’s GoCloud programme. Their addition to the GoCloud programme provides more options of service providers and cloud platforms for ICT SMEs, and is an important step to help our ICT SMEs raise their digital capabilities.”
Andy Waroma, Co-Managing Director of Cloud Comrade, said, “As the future of digital services and applications increasingly employ the use of the cloud, it is crucial that companies embrace cloud native technology in order to maintain their competitive edge. As a Google Cloud Premier Partner, we are confident that GoCloud with Cloud Comrade will be a key enabler in helping ICT SMEs equip themselves with the digital ability and agility to build future-ready architecture for their services—one that puts them in the perfect position to scale elastically and cost-effectively, and thrive in today’s disruptive economy.”
According to a recent Google Cloud-commissioned study by the Boston Consulting Group, public cloud deployments have the potential to contribute up to US$31 billion to Singapore’s GDP cumulatively and create 43,000 jobs from 2019 to 2023.
“SMEs are the backbone of Singapore’s economy and cloud technology has become a critical foundation for companies of all sizes to build on and to scale their business and achieve their growth ambitions. GoCloud with Cloud Comrade will not only help ICT SMEs assess their current state of digital capabilities, it will give them access to the cloud tools, expertise and hands-on coaching that they need to upskill in-house talent, digitise and modernise their operations and offering,” said Taru Dahiya, Head of SMB Sales, Google Cloud Asia Pacific.
Qualifying ICT SMEs in Singapore can apply for GoCloud with Cloud Comrade from today via www.cloudcomrade.info/gocloud. Interested applicants are invited to learn more by attending an IMDA GoCloud Industry Briefing 2020 with SGTech on Thursday, 23 January 2020 at 2 pm – 3.30 pm at Mapletree Business City Auditorium.
About Cloud Comrade
Cloud Comrade is a Singapore-based cloud computing consultancy company with a presence also in Indonesia and Malaysia. The company offers a comprehensive range of services from strategy and design, to deployment, migration and management of customers’ IT infrastructure. Cloud Comrade partners with the best solution providers in the field of cloud computing and is a managed service provider for top cloud service providers including Google Cloud. In January 2019, ST Telemedia (sttelemedia.com), an active strategic investor specialising in communications & media, data centres and infrastructure technology businesses, acquired a majority stake in the company. More information on Cloud Comrade can be found at cloudcomrade.com.
About Google Cloud
Google Cloud provides organisations with leading infrastructure, platform capabilities and industry solutions, along with expertise, to reinvent their business with data-powered innovation on modern computing infrastructure. We deliver enterprise-grade cloud solutions that leverage Google’s cutting-edge technology to help companies operate more efficiently, modernise for growth and innovate for the future. Customers in more than 150 countries turn to Google Cloud as their trusted partner to solve their most critical business problems.
CLOUD computing consultancy startup Cloud Comrade, which is backed by a Temasek Holdings subsidiary, has identified Indonesia as a key growth market, amid plans by tech giants Google and Amazon to deploy their cloud platforms in Jakarta.
As exclusively revealed by Channel Asia, the Singapore-based cloud firm – with presence also in Indonesia, Malaysia and India – will help the strategic investor capitalise on increased digital transformation adoption, specifically within the enterprise space.
AWS is the market leader in Cloud Computing. It offers high availability, reliability, efficiency, scalability, and cost-effective solutions to enterprises resulting in high productivity. Hence, we see an increase in the number of enterprises with business-critical SAP landscape systems acclimatizing private/hybrid/ public cloud solutions.
As announced, SAP will extend maintenance support for their customers until the end of 2025 for SAP Business Suite 7 core application releases including SAP ERP 6.0, SAP Customer Relationship Management 7.0, SAP Supply Chain Management 7.0, SAP Supplier Relationship Management 7.0, and SAP Business Suite powered by SAP HANA 2013.
SAP is reforming their traditional support into Next-Generation Support. SAP Next Generation Support is designed for speed incident resolution, helps prevent incidents with proactive resources before they happen.
If the business decides to stick with SAP, they can fully realize all the benefits of SAP S/4HANA and SAP HANA in the AWS Platform
Difference between SAP S/4 HANA and SAP HANA
SAP S/4 HANA stands for SAP Business Suite 4 SAP HANA. It is the next generation business suite built by SAP replacing both the ERP and BI.
In the three Tier architecture of SAP system, SAP HANA is the database layer, SAP S/4 HANA is the application layer, SAPUI5Fiori is the presentation layer.
What is SAP HANA?
SAP HANA Database is a full-fledged, in-memory, relational database which is designed to replicate and ingest structured data from SAP and non-SAP relational databases, applications, and other systems quickly.
SAP HANA is a platform for real-time analysis of big data. It stores all the data in the server memory and processes a large amount of data faster than a traditional database system.
Why opt for SAP HANA in the AWS cloud?
To install SAP HANA in AWS platform is made easy and swift with AWS SAP HANA Quick Start tool (With the Quick Start tool it take just hours compared on traditional on-premises servers installation, where it will take weeks).
AWS has the broadest range of SAP certified instances. It comes with support up to 12TB memory on a single instance and 48TB on four scale-out instances compared to any other public cloud provider.
With the AWS available services, the customers can build secure, highly available, scalable and cost-efficient SAP HANA instances.
AWS Well-Architected framework provides the customers to evaluate the architecture and build secure, high-performing, reliable, cost-effective, resilient, and efficient infrastructure for their SAP applications
The businesses are dealing with the rise of new customized technologies. The systems to be managed range from on-premise to the cloud (public and private), the data is both within the enterprise and outside of it.
The AWS Well-Architected Framework uses a structured approach including strategies to compare the SAP workload with the AWS best practices, to produce secure, stable and efficient systems.
AWS Well Architected Framework focuses on five pillars,
Most of all, choosing the right managed service partner is the key. Cloud Comrade, with its expertise in SAP landscape and HANA, can come up with a customized cloud strategy for high performance, availability, and security requirements for mission-critical systems.
It was those old days where were no complex applications, and the servers used to run in the most okay conditions. In this current world, as the technology grows along with the complexity, and the expectation from customers are growing as well. They are looking for one stop automated solution for business as usual.
After the break/fix model became impracticable for business-as-usual, we saw the rise of Managed Services Providers. The objective of the MSP is to increase the productivity of organizations with minimal operating costs.
Then, it was a huge success. All the customers were looking for MSP whom they can rely upon for their entire infrastructure solutions. As days pass by, the complexity of the applications and infrastructure are continuously changing, and the expectations from the customers as well.
Let’s have a look at Traditional MSP – Manual
Monitoring, Management, and Security
Storage, Warehouse Management
Backup and recovery
Streamlining the Systems/ Applications
Traditional MSP was a manual process, and also the primary concern for clients. The business wanted to have automated systems that can automatically scale up/down, and balance the load with business as usual. As there was an increasing number of customers looking for transparent and automated business technology services, DevOps focused AWS NextGen MSP’s offers enterprises build and deliver applications on AWS.
AWS powered DevOps offers an efficient workflow, that helps businesses automate day to day activities and provide full-lifecycle services to run, and support customers applications and infrastructure. The AWS powered advanced monitoring services which have predictive analysis plus the continuous monitoring, and anomaly detection helps the business to analyze the current facts and predict the future events that the organizations can take proactive measures to increase their productivity and efficiency. The AWS management reporting helps the business to make data-driven decisions for business performance.
AWS powered DevOps brings remote individuals and in-house teams together and ensures that they are in sync with each other. DevOps focused AWS NextGen MSP help enterprises find the ideal solutions and infrastructure that is cost-effective. It provides efficient business outcomes by continuously assessing and monitoring systems to optimize performance.
Let’s have a look at NextGen MSP – Automated
Security and daily operations
24/7X 365 days IT support
Backup and recovery
Advanced continuous monitoring and report management
As a Managed Service Provider (MSP) in the AWS environment, Cloud Comrade is committed to building a sustainable automated business powered by AWS, that will continue to support and grow with our clients on the Cloud.
Operating a business across multiple environments is challenging enough. Organizations transforming in to digitalization are often surprised by the high costs of their Traditional MSP services and struggle to manage frameworks and governance across the organization. Does any of the above situations apply to your business?
We have an answer; Cloud Comrade is passionate and driven by automated DevOps NextGen AWS Managed Services to ensure Companies productivity gained are by automating their security, infrastructure, software development, and rollout to achieve critical mass in a short turn around time.
For example, let’s talk about the Traditional MSP who does lift and shit, installation, maintenance, network security monitoring, remote and onsite support. Some of the processes are reactive, and in the long run, it’s not sustainable for business operations. Some of the organizations lack technical expertise, so they have to rely more on the traditional MSP’s which wouldn’t be a cost-effective plus proactive method of running the business.
As the complexity of systems increases, the customers are looking for more than just an MSP. The customers are looking for strategic partners who instead of using traditional tools and processes, can automate and proactively provide various solutions for higher-performance computing. With AWS powered DevOps methodologies, we can develop the AWS Security Framework to maintain security and data protection in the cloud. The framework includes security strategy, risk, compliance, governance, security assessments, incident response, and automate threat hunting.
The security analytics and reporting presented by the AWS management reporting is for proactively prioritize and take measures to handle the threat.
The new breed of AWS NextGen Managed Service Provider’s is redefining the Traditional MSP business model and the go-to-market strategies. When compared to the Traditional framework, the AWS NextGen DevOps Transformation framework assesses the organization’s current capability and provides a structured approach to a DevOps transition. With AWS Powered NextGen MSP, the organizations can install Amazon Lex – Build Conversation Bots as a communication medium through B2B/ B2C portals. This build conversation bots are adaptable and can be customized based on the requests from the customers.
Machine Learning (ML) and Artificial Intelligence(AI) are two hot catchphrases in the technology arena. ML is the subset of AI, based on the idea of providing data to machines and let them learn for themselves.
With the AWS powered ML and AI, the NextGen MSP can provide scalable infrastructure, and deploy solutions through machine learning platforms for seamless deployment and consolidated billing. The ML and AI positioned Enterprise Architecture for the businesses, provides faster analytics, decision making, more interaction between technology and business, reliability, and leverage for creative inexistence services.
We have frameworks for launching Infrastructure, Software, Network, and Applications. The Open Group Architecture Framework is all about the delivery part. Let’s look at the importance of Enterprise Architecture and the comparison between Traditional and NextGen Open Group Architecture.
Enterprise Architecture methodology is critical to align the concerns between IT and Business. Enterprise Architecture is the core behind any organizations productivity, agility, service, growth in revenue and cost efficiency.
The Traditional Enterprise Architecture rely upon one operating model and emphasis interdependency. For an enterprise, there will be a mix of multiple frameworks which is a long term commitment with continuous improvement.
The NextGen Enterprise Architecture methodology is a pluggable architecture comprising of dynamic compute resources, common storage platform, flexible programming, real-time support, and managing deployment. The NextGen Architecture model is a business focused model that combines both enterprise architecture and business architecture, business process management, and decision management.
The core features of NextGen Architecture is Instant customization of Network parser, application of complex rules to live network traffic, unlimited scalability and captures everything in the infrastructure, threat feeds and API
The NextGen Architecture is to communicate in real time, for that 90% of the running applications, software and servers have to be automated completely. It empowers the businesses to have a high level of flexibility, activity monitoring and actionable insights on the cost utilization. It integrates and automates solutions that enable users to plug and play experience.
The AWS powered billing and cost management ensures you pay for what you use. The AWS provides features to monitor the usage, along with the pricing calculator which could be utilized to create price estimates. The AWS has a very transparent pricing model which helps the businesses to allocate the respective budget for cloud computing.
Amazon SageMaker now supports version 1.10 in its pre-built TensorFlow containers. This makes it easier to run TensorFlow scripts, while taking advantage of the capabilities Amazon SageMaker offers, including a library of high-performance algorithms, managed and distributed training with automatic model tuning, one-click deployment, and managed hosting.