Secure and monitor AWS Outposts and hybrid clouds

By Eric Carter - SEPTEMBER 15, 2020


Secure and Monitor AWS Outposts

Today we announced that Sysdig has demonstrated successful integration of our monitoring and security software with AWS Outposts, and achieved the AWS Outposts Ready designation. AWS Outposts provides a fully managed service that extends AWS infrastructure, services, APIs, and tools to your datacenter, co-location space, or “edge” location to support on-prem and hybrid cloud use cases.

AWS Outposts provides a hardware and software stack built on Amazon’s EC2 public cloud expertise. With AWS Outposts, you can run container-based services such as Amazon EKS and Amazon ECS without needing to install and operate your own container orchestration software.

AWS Outposts infrastructure

AWS Outposts on-prem infrastructure

In particular, you may choose AWS Outposts to run containerized applications that require low latency, local data processing, and local storage requirements. In addition, you can create a single deployment pipeline that targets your AWS Outposts and your cloud-based environments, and create hybrid architectures that span both.

Dynamic, container-based environments can be challenging to monitor and secure. Operating containers and Kubernetes on AWS Outposts is no exception. You’ll need to carefully consider how you will enable security and visibility in your existing workflows to ensure these key functions don’t slow you down. Many organizations invest significant resources and time to address visibility and security – and this is where Sysdig can help so you can focus more on developing great software and less on operations.

Our goal at Sysdig is to make it easier for you to enable and automate visibility and security, regardless of where you run your cloud-native workloads. We’ve taken a SaaS-first approach and provided simplified onboarding to help you get you started on the most critical security, compliance, and monitoring functions in just a few minutes.

Testing AWS Outposts with Sysdig monitoring and security

As we set out to test the Sysdig platform with AWS Outposts, our key premise in building our test plan was – if it works in AWS, it should work on AWS Outposts. After all, this is the promise of the AWS solution, right?

The good news is that, indeed, we found that our best practices for installation, as well as the secure DevOps capabilities of Sysdig Monitor and Sysdig Secure, function, with solutions like EC2, EKS, and ECS on AWS Outposts just as they do on AWS Cloud.

Here’s a quick overview of what we tested:

Installing the Sysdig agent on EC2, EKS, and ECS using established workflows
Collecting metadata for hosts, containers, and Kubernetes
Collecting metrics and telemetry for infrastructure and apps
Viewing performance, state, and health using dashboards
Detecting security events at container runtime
Collecting Kubernetes Audit Log events from EKS
Automating security response – e.g., kill violating containers
Auditing activity – correlating container and Kubernetes activity
CIS benchmarking for compliance – Docker-bench and Kube-bench
Executing system call captures for troubleshooting & forensics

In each of these test cases, what we’re able to do in the AWS Cloud, we’re also able to do with AWS Outposts. This means you’re able to do things like see inside containers to alert on anomalous behavior and application health issues, and resolve issues quickly by analyzing granular data from nearly any perspective.

What’s more, Sysdig is able to provide centralized visibility and security for your AWS Outposts and AWS public cloud deployments, all from the same consolidated, SaaS-based solution. (Read more about Sysdig SaaS advantages). We strongly believe that a unified solution for visibility and security will help you reduce complexity and get results faster.

image alt text

Hybrid Cloud Cluster Overview Dashboard in Sysdig Monitor

After successful completion of testing with AWS Outposts, we incorporated the solution into Sysdig documentation. Also, to give you a one-stop-shop, we built a page on GitHub with consolidated details to help you get started.

Unify monitoring and security for containers, Amazon EKS, and Amazon ECS on AWS Outposts with Sysdig Click to tweet

Working with AWS Outposts users

We look forward to working with AWS users as they adopt AWS Outposts as a part of their cloud infrastructure. If you are using the solution, we’d be happy to give you access to a free trial and have you run the Sysdig solution through the paces for your environment. Please contact us and we can help you get started.

If AWS Outposts is new to you and you’d like to learn more, check out the AWS Outposts page for details, an instructional video, and customer testimonials.

Secure DevOps for AWS Outposts

As you move from initial sandbox to production application deployments of containers using AWS Outposts and hybrid AWS deployments, you’ll face new operational challenges. Sysdig can help you stay on top of security, compliance, availability, and performance so you can ship cloud applications faster.

Check out our guide to monitoring and securing cloud applications on AWS. In it, you’ll learn what both AWS and Sysdig have to offer to help you embed security, compliance, and monitoring into your DevOps workflow.

Subscribe and get the latest updates