Updated on June 19, 2017 by UpGuard
In Part 1 of this article, we presented an overview of Amazon AWS and UpGuard, and discussed how the two marry the best in cloud computing and DevOps. We also learned how UpGuard is not just the premier solution for configuration monitoring, control and automation of AWS offerings like EC2 and S3, but can also work with any number of RESTful services. But enough waxing philosophical—time to put theory into action. And what better way than to follow a fictional organization as it sets up UpGuard monitoring for its AWS cloud infrastructure?
PrayingMantisLovers exists primarily to serve the interests of a regional group of praying mantis enthusiasts. They subsist entirely on donor support and accept payments on their public website, PrayingMantisLovers.org, which also houses a virtual storefront for peddling wares such as coffee mugs and t-shirts. Since this is the non-profit’s sole vehicle for income-generating activities, maximizing web server uptime and availability is crucial for ensuring PrayingMantisLovers’ fiscal well-being.
The IT manager is using AWS to host the site, as the non-profit is a small organization with big aspirations. They want to be known as the worldwide authority on praying mantises, so despite their diminutive web infrastructure he’s chosen Amazon’s cloud in anticipation of scaling up in the future.
PrayingMantisLovers.org’s EC2 server instances on Amazon AWS.
PrayingMantisLovers.org's web infrastructure consists of two micro EC2 Amazon Linux servers running in tandem: a production instance serving the live site, and a staging server where the web developers test and finalize pages and configurations.
The IT manager currently faces a couple challenges with their current web infrastructure:
Because IT operations are run on a shoestring budget, the IT manager has limited resources for acquiring and implementing a solution. Furthermore, he’s weary of contacting the web developers (who work in different time zones) every time server configurations fall out of sync.
A colleague and fellow systems administrator recommends UpGuard as a potential solution, so he decides to try it out for monitoring PrayingMantisLovers’ web infrastructure. Out of the gate, UpGuard’s per node pricing model is music to the IT manager's ears. It allows PrayingMantisLovers to get started with UpGuard inexpensively and scale up monitoring cost-effectively when adding additional EC2 server instances or other AWS components in the future.
Full details on how to set up UpGuard monitoring with SSH can be found here. For this discussion, we've chosen a simple use case to illustrate the ease-of-use and power of UpGuard. We'll be exploring other features in-depth in forthcoming articles.
After signing up for UpGuard, he’s taken to a screen for setting up nodes to be monitored. He selects the “Linux/Unix” option to set up monitoring for the staging/production web servers hosted on AWS EC2.
The next screen displays 3 options for connecting to the server in question: “Agent,” “SSH,” or “Manually Add Node.”
He selects the “SSH” option—this is how he and his staff typically access the servers.
Per Step 3, he connects to the server and runs the command. After it completes successfully, he clicks “continue.” UpGuard then begins scanning the system.
After finishing the scan, the IT manager clicks “View and Compare Scan” to see the results. PrayingMantisLovers.org’s production web server is now being monitored by UpGuard and will automatically be scanned periodically.
He follows the same procedure as above for the staging server. With both now set up to work with UpGuard, the IT manager now can track changes between the two systems.
By selecting a node from the Manage / Nodes pane and choosing another node to compare with, one can view configuration differences between two servers. For example, the IT manager can now compare the production and staging environments to troubleshoot any problems or issues.
UpGuard reveals crucial informaion regarding different configurations between two systems.
Another of UpGuard's handy monitoring capabilities is the ability to monitor websites. This is also of interest to the IT manager, as he would like high-level notifications regarding critical website issues such as expiring doman names, expiring SSL certificates, and the like. He returns to the screen for setting up nodes by clicking "Add Node,"and this time selects the “Website” option to set up monitoring for the website.
UpGuard’s options for setting up nodes for monitoring.
Selecting this option, he’s taken to a screen for entering additional information about the website node.
Information required for setting up a website node for monitoring.
After clicking “continue,” UpGuard immediately begins scanning the node’s system configuration.
UpGuard scans a website node for monitoring.
The scan completes and presents the options “View and Compare Scan” and “Build Policy from Scan.”
UpGuard successfully completes a scan of a website node for monitoring.
He selects “View and Compare Scan” to immediately see what UpGuard has discovered.
UpGuard’s Manage tab, where information from scanned nodes is viewed.
An item in particular catches his eye: SSL cert expiration. Last year they were caught off-guard with an expired SSL certificate, which halted their ability to collect donations online and sell items in the web store for several days. With UpGuard monitoring these details, he breathes a sigh of relief knowing that this won’t happen again.
Clicking on “wheel view” visualizes the node’s information in a interactive wheel. The web developers often complain of something working in staging, but not in production. Now he can easily identify which scripts are being loaded and compare the two environments for easy troubleshooting.
UpGuard’s wheel view renders information from scanned nodes to an easy-to-understand format.
With UpGuard in place, PrayingMantisLover's IT Manager no longer spends sleepless nights wondering if the web developers' next slew of changes will disrupt website operations. And with automatic monitoring and notifications in place, PrayingMantisLover's IT staff is the first to know when potential problems arise.
In the future we will be looking at how to implement UpGuard in more advanced, enterprise-grade scenarios-- so be sure to check back soon!
Misconfigurations are an internal problem that emanate from within the IT infrastructure of any enterprise; no hacker is necessary for massive damage to occur to digital systems and stored data. And the problem is pervasive, with Gartner estimating anywhere from 70% to 99% of data breaches result not from external, concerted attacks, but from internal misconfiguration of the affected IT systems.