CO704: The system architecture has to be provided first. The secure cloud system design must include provision for the following services and structure:

An International Financial-service Company “FinC” is about to move its system from its premises into the cloud. The Company is providing services in three European countries (Poland, Slovenia, and Belgium). To achieve the best performance, the system is to be available in these three countries. The company is asking you to design and configure a secure, reliable, and economical cloud-based system by utilizing the AWS Amazon platform (FREE TIER), services, and facilities, and to create a technical report that fully describes and justifies a secure design for the system.

The system architecture has to be provided first. The secure cloud system design must include provision for the following services and structure:

A secured system that has the following architecture:

Part 1

  • The Company is providing services in three European countries.
  • ALL branches provide very efficient, economical, and secure mid-term and long-term storage services. The storage gives the capability to store data and objects in different categorized folders. Only the image’s folder could be accessed remotely.
  • The system provides different high-availability storage services; quick and intensive application storage service, monthly reports storage service, and long-term storage service.
  • Data has to be secured both at rest and in transit.
  • A storage snapshot is to be created on the selected region.
  • Customer data is centrally controlled and monitored from the region in a secured network.
  • The company has a web server, proxy server, and reliable storage services.
  • The security setting on the main web server is allowing only HTTP connections.
  • ALL VPCs, subnets, zones, resources, and applications are protected with associated security tools and monitoring technologies for both access to data and resources and the flow of inbound and outbound traffic.
  • Only the three employees on the security team have access to resources and are allowed to use the servers.
  • The system should be fully scalable and has the capability to smartly monitor and balance the application loads.
  • The system has the capability to identify any risk or problem that might occur. By providing the capacity to audit, monitor and control the users, groups, roles, and services/resources.
  • The system is equipped with the facilities to recommend the best different categories, configurations, and alerts for various AWS services.
  • The system provides a real-time monitoring tool, showing the following:
    a. The Percentage of average statistics of CPU utilization during the first two days of your system setting and for each 15-minute cycle.
    b. How many Bytes of data have been read during the same period?
    c. Amount of data that has been transferred via Network during the last two days ONLY.
    d. Status of failed instances during the last day. Checks are to be shown every 5 minutes.
    e. The sum of the CPU Credit Usage during two days for every hour.
    f. Healthy and Unhealthy hosts on your cloud system for a two days period.
    g. Notify the system of any event that may monitor.
  • The system allows the Admins to monitor, control, and audit the system access and the flow of both the inbound and outbound traffics.
  • Cloud-based system applications should be deployed into the company’s cloud platform. Application setup, configuration, and deployment should be discussed clearly.