cloudcamp chicago nov 2104 fintech - john downey's "a hypothetical public cloud do...
TRANSCRIPT
![Page 1: Cloudcamp Chicago Nov 2104 Fintech - John Downey's "A Hypothetical Public Cloud Do Over"](https://reader033.vdocuments.site/reader033/viewer/2022050922/55a4a6cc1a28abf5728b4607/html5/thumbnails/1.jpg)
"A Hypothetical Public Cloud Do Over" !
John Downey, Product Developer and Security Lead at Braintree !!Tweet: @jtdwney #cloudcamp
#cloudcamp @CloudCamp_CHI
Sponsored by
Hosted by
![Page 2: Cloudcamp Chicago Nov 2104 Fintech - John Downey's "A Hypothetical Public Cloud Do Over"](https://reader033.vdocuments.site/reader033/viewer/2022050922/55a4a6cc1a28abf5728b4607/html5/thumbnails/2.jpg)
A HypotheticalPublic Cloud Do Over
1
![Page 3: Cloudcamp Chicago Nov 2104 Fintech - John Downey's "A Hypothetical Public Cloud Do Over"](https://reader033.vdocuments.site/reader033/viewer/2022050922/55a4a6cc1a28abf5728b4607/html5/thumbnails/3.jpg)
2
![Page 4: Cloudcamp Chicago Nov 2104 Fintech - John Downey's "A Hypothetical Public Cloud Do Over"](https://reader033.vdocuments.site/reader033/viewer/2022050922/55a4a6cc1a28abf5728b4607/html5/thumbnails/4.jpg)
Gateway
3
![Page 5: Cloudcamp Chicago Nov 2104 Fintech - John Downey's "A Hypothetical Public Cloud Do Over"](https://reader033.vdocuments.site/reader033/viewer/2022050922/55a4a6cc1a28abf5728b4607/html5/thumbnails/5.jpg)
Why• Hypothetical exercise
• Fun to think about
• Most of this didn't exist when we started
4
![Page 6: Cloudcamp Chicago Nov 2104 Fintech - John Downey's "A Hypothetical Public Cloud Do Over"](https://reader033.vdocuments.site/reader033/viewer/2022050922/55a4a6cc1a28abf5728b4607/html5/thumbnails/6.jpg)
Amazon Web Services• PCI Level 1 Service Provider
• Where our experience is
• A lot of movement happening
• Newer offerings
• Virtual Private Cloud (VPC)
• CloudHSM
5
![Page 7: Cloudcamp Chicago Nov 2104 Fintech - John Downey's "A Hypothetical Public Cloud Do Over"](https://reader033.vdocuments.site/reader033/viewer/2022050922/55a4a6cc1a28abf5728b4607/html5/thumbnails/7.jpg)
Virtual Private Cloud (VPC)
6
![Page 8: Cloudcamp Chicago Nov 2104 Fintech - John Downey's "A Hypothetical Public Cloud Do Over"](https://reader033.vdocuments.site/reader033/viewer/2022050922/55a4a6cc1a28abf5728b4607/html5/thumbnails/8.jpg)
7
![Page 9: Cloudcamp Chicago Nov 2104 Fintech - John Downey's "A Hypothetical Public Cloud Do Over"](https://reader033.vdocuments.site/reader033/viewer/2022050922/55a4a6cc1a28abf5728b4607/html5/thumbnails/9.jpg)
8
![Page 10: Cloudcamp Chicago Nov 2104 Fintech - John Downey's "A Hypothetical Public Cloud Do Over"](https://reader033.vdocuments.site/reader033/viewer/2022050922/55a4a6cc1a28abf5728b4607/html5/thumbnails/10.jpg)
Bank Connectivity• VPN hardware
• MPLS link
• Can't do with regular EC2 !
9
![Page 11: Cloudcamp Chicago Nov 2104 Fintech - John Downey's "A Hypothetical Public Cloud Do Over"](https://reader033.vdocuments.site/reader033/viewer/2022050922/55a4a6cc1a28abf5728b4607/html5/thumbnails/11.jpg)
VPC• Replaces the network backing of AWS
• EC2
• RDS
• many others
• Allows greater control over IP addressing
10
![Page 12: Cloudcamp Chicago Nov 2104 Fintech - John Downey's "A Hypothetical Public Cloud Do Over"](https://reader033.vdocuments.site/reader033/viewer/2022050922/55a4a6cc1a28abf5728b4607/html5/thumbnails/12.jpg)
Bridge AWS to real hardware!
11
![Page 13: Cloudcamp Chicago Nov 2104 Fintech - John Downey's "A Hypothetical Public Cloud Do Over"](https://reader033.vdocuments.site/reader033/viewer/2022050922/55a4a6cc1a28abf5728b4607/html5/thumbnails/13.jpg)
Hardware Security Module
(HSM)
12
![Page 14: Cloudcamp Chicago Nov 2104 Fintech - John Downey's "A Hypothetical Public Cloud Do Over"](https://reader033.vdocuments.site/reader033/viewer/2022050922/55a4a6cc1a28abf5728b4607/html5/thumbnails/14.jpg)
13
![Page 15: Cloudcamp Chicago Nov 2104 Fintech - John Downey's "A Hypothetical Public Cloud Do Over"](https://reader033.vdocuments.site/reader033/viewer/2022050922/55a4a6cc1a28abf5728b4607/html5/thumbnails/15.jpg)
Security• Store keys in taper resistant way
• Acceleration for cryptographic operations
• Makes certain audits much easier
14
![Page 16: Cloudcamp Chicago Nov 2104 Fintech - John Downey's "A Hypothetical Public Cloud Do Over"](https://reader033.vdocuments.site/reader033/viewer/2022050922/55a4a6cc1a28abf5728b4607/html5/thumbnails/16.jpg)
CloudHSM• Pricey
• $5,000 upfront for one
• $1,373 average per month
• You'll probably want at least two
15
![Page 17: Cloudcamp Chicago Nov 2104 Fintech - John Downey's "A Hypothetical Public Cloud Do Over"](https://reader033.vdocuments.site/reader033/viewer/2022050922/55a4a6cc1a28abf5728b4607/html5/thumbnails/17.jpg)
Disaster Recovery
16
![Page 18: Cloudcamp Chicago Nov 2104 Fintech - John Downey's "A Hypothetical Public Cloud Do Over"](https://reader033.vdocuments.site/reader033/viewer/2022050922/55a4a6cc1a28abf5728b4607/html5/thumbnails/18.jpg)
Disaster Recovery• Capacity planning can be hard
• Physical hardware has lead times
• Run Multi-region
17
![Page 19: Cloudcamp Chicago Nov 2104 Fintech - John Downey's "A Hypothetical Public Cloud Do Over"](https://reader033.vdocuments.site/reader033/viewer/2022050922/55a4a6cc1a28abf5728b4607/html5/thumbnails/19.jpg)
Photos• https://flic.kr/p/8avArb• https://flic.kr/p/8eRC2
18