Skip to main content

Cornell University

Service Details

This article applies to: Cloudification

The Cloudification service provides the following:

  • Consultation on cost of cloud infrastructure for applications or services moving to the cloud
  • Standard offerings and common solutions for authentication, AD group sync, logging, monitoring, and disaster recovery practices
  • Consultation on configuration and best practices
  • Training and consultation on containerization
  • Reusable automation for deploys, builds, and other tools to simplify operations
  • Consultation on building ongoing support practices for applications in the cloud
  • Methods to ensure the IT Security Office has visibility and access to perform incident response and forensics in the event of a security incident
  • Configuration of tools and services in AWS and Azure that help monitor and alert on high usage, which should be utilized to prevent unexpected charges

Cloud Master Account Onboarding Requirements

Setup

  • Shibboleth for authentication
  • Multi-factor authentication to the Console using Duo
  • Cloudcheckr – a 3rd party usage monitor
  • AWS Config
  • CloudTrail

Security

  • Review and understand shared security model
  • Application Security is the responsibility of the account/application owner.
  • Patching Base OS is the responsibility of the account owner. For more information on how you can automate this process, see our Blog post on patching the base OS.  The cloudification team is also available to help consult on this.

Firewalls and Network Configuration

  • Cloud Services will set up initial firewalls and network within your cloud environment
  • Cloud Services Team is available for consultation and questions on network and firewall configuration
  • The Account Owner is responsible for changes made within their account.

Root Account

  • The Cloud Services Team will own the root account credentials for all AWS accounts.

Billing Agreement

  • The Department is financially responsible for all activity that occurs under its sub account. The Cloudification Team is available to answer questions and to discuss methods for lowering costs.

Comments?

To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.