Shulou(Shulou.com)12/24 Report--

Entropy-based Technology began to cooperate with Amazon Cloud Technology in 2021 to promote the group's cloud transformation and gradually cloud each product line. The most important milestone is the construction of MinervaIoT Internet of things platform based on Amazon cloud base, promoting the integration of multimodal BioCV and Qianhang Baiye.

First, a new generation of Internet of things platform-MinervaIoT

MinervaIoT platform is a new generation of Internet of things platform independently developed by entropy-based technology. It can quickly, easily and remotely connect front-end intelligent devices and applications, support edge-end AI computing, provide platform-based SaaS cloud services, and open the API market for third-party partners to integrate and connect. MinervaIoT platform is one of the digital innovative products of entropy-based technology, which integrates big data, Internet of things, 5G and other digital technologies to provide users with full-stack intelligent solutions.

The above is the Amazon cloud infrastructure of the MinervaIoT platform, which is mainly divided into three layers:

The first layer is the core Internet of things platform layer, which handles functions such as device connectivity, data collection and analysis, video streaming and machine learning through a series of AWS services. MinervaIoT uses serverless AWS Fargate container services to automatically manage containers, AWS IoT Core services to achieve device connections and communications, AWS Kinesis Video Stream services to process video streams, AWS Lambda services to implement event-driven computing, Amazon Redshift data warehouse storage and analysis of big data, and Amazon SageMaker to provide machine learning model building and training.

The second layer is the basic authentication service layer, which provides the basic support services needed by the core platform. For example, location services, organization services, identity services, LDAP directory services, subscription services, and generic storage services are used to manage users, devices, organizations, and data storage and access.

The third layer is the storage layer, which provides different types of data storage. For example, object storage AWS S3, relational database Amazon Aurora, non-relational database Amazon DynamoDB, cache database Amazon ElastiCache, data warehouse Amazon Redshift and so on, to meet the diversified storage needs of the platform.

Through the above hierarchical division of modularization, the MinervaIoT platform can make full use of the hosting capability of AWS cloud services to achieve a high-performance, high-availability, secure and scalable Internet of things platform. Serverless architecture reduces management costs, machine learning improves platform intelligence, and big data analysis provides insights. The clear decoupling of the architecture is also conducive to agile iteration and expansion.

2. Cloud Security Base-Cloud Foundations

"the source of dredging is long, and the deep-rooted Ye Mao." If enterprises want various production applications and workloads on the cloud to be "stable and far away", a secure and robust cloud operating environment is a top priority. Entropy-based Technology and Amazon Cloud Technology cooperate to deploy the Cloud Foundations solution, guided by AWS good Architecture (Well-Architected Framework) best practices, and build a high-quality MinervaIoT cloud base around the six pillars of superior operation and maintenance, security, reliability, performance efficiency, cost optimization and sustainability.

(1) Overview of solutions

Cloud Foundations systematically defines more than 30 "functions" required by the cloud production environment, covering six pillars: infrastructure, security, business continuity, finance, operation and maintenance, governance and compliance.

The Cloud Foundations Quick launch package helps Entropy-based Technologies use cloud native technologies and automation solutions to quickly build an up-cloud-ready environment that includes landing zones, security baselines, and operation and maintenance functions within two weeks, so that they can be quickly used by production systems. The Entropy-based Technology DevOps team can continue to build and enhance the technical functions defined by Cloud Foundations on this basis.

This scheme mainly has the following advantages:

Fast delivery: the Cloud Foundations Quick launch package accelerates the time it takes for entropy-based technologies to achieve business value and reduces implementation costs, promoting the use of security best practices. Entropy-based technology can focus limited IT resources on high-value opportunities such as mass migration, building next-generation serverless applications, and reshaping business processes on the cloud

Improve security: using a set of centrally managed deployment code can improve quality and security. The Cloud Foundations Quick launch package has basic security and compliance configurations built into it. The new security requirements put forward by entropy-based technology can be easily integrated into the current code, which is conducive to the continuous improvement of security conditions.

Simplifying work: the Cloud Foundations Quick launch package simplifies the complex approach used to build a multi-account Amazon cloud technology environment for entropy-based technologies. By completing most of the engineering, code development and testing work in advance, the possibility of defects is reduced.

(2) Security risk prevention and security enhancement

Security has always been a top priority in building an environment on the cloud. We follow the following basic principles. First, static encryption is performed on resources that can use Amazon KMS customer keys, secondly, these keys are managed centrally in the security account, and third, minimum permissions are granted to various policies.

This scheme configures resources according to security best practices. Here we give some examples to illustrate how this scheme can effectively prevent security risks.

Prevent the administrator privileges of an account from being breached through workload isolation at the account level, putting all cloud resources at risk

By enforcing the password policy, the password of IAM users can be prevented from being too simple or not updated for a long time.

By formulating a backup strategy, you can use backup to restore the system to a normal state when data such as blackmail is not available.

By formulating security policies, we can prevent the creation of publicly accessible S3 buckets and prevent the accidental disclosure of security important files.

Force https access to S3 buckets to prevent unauthorized data access or data changes

Avoid unauthorized tampering and deletion of key resources in the account, and avoid malicious creation of cloud resources

Forcibly encrypt the data of S3, EBS, EFS and RDS to prevent the disclosure of sensitive data

Put an end to the opening of sensitive server ports to the Internet, put an end to insecure security group rules, and reduce the success rate of illegal network intrusion.

It can make early warning against malicious use of resources, malicious attacks from the network and improper use of user rights, and provide prepared response measures.

(3) Joint investigation and remedial measures of hidden safety hazards

This program cooperates with Amazon Guardduty, Amazon Security Hub and other services to conduct a joint survey of reported security risks across resources and accounts, create custom high-risk survey results for suspected risk points, and preset several custom operations to assist entropy-based technology to respond to security risks and take remedial measures.

Entropy-based technology deployed the Cloud Foundations solution and built the cloud base of MinervaIoT from six pillars based on AWS good architecture best practices. Cloud Foundations can not only effectively assist entropy-based technology in efficient deployment, operation and maintenance and management of cloud workloads for rapid use in business production, but also systematically improve the security baseline and continuously improve the security of the cloud environment, thus laying a safe and reliable foundation for the future business development of MinervaIoT cloud platform and entropy-based technology on AWS.

III. Introduction to digital applications

Based on the digital base of MinervaIoT platform, entropy-based technology builds end, edge, cloud and service technology ecology, and launches a series of applications such as entropy-based cloud quotient and entropy-based interconnection, reconstructs the business model with hybrid cloud + cloud subscription services for customers, and continues to reflect innovation value in human-to-scene interaction value and scene enabling value.

Entropy-based cloud merchants strive to create industrial Internet community platform tools such as product mall, solution mall, application mall, knowledge mall and service mall, covering millions of practitioners and users in the import and export industry. help partner enterprises to continuously evolve on the whole chain, such as marketing expansion, operation realization, service online, strengthen industrial coordination and interaction, and realize the optimal allocation of resources. Become an one-stop high-quality product and service provider trusted by users, and cooperate with service providers to develop from traditional operation to digital operation, providing customers with high-quality products and one-stop intelligent marketing service platform.

Entropy-based interconnection provides solutions for the Internet of things scenario, accompanies the digital transformation of small and medium-sized enterprises, deposits experience around the company's core business of "smart office, smart entrances and exits, smart identity verification", focuses on the customer base of SMB SMEs, and makes use of the long-tail market effect to give full play to the company's comprehensive three-dimensional advantages of "front-end access control + back-end offline business platform + MinervaIoT platform + SaaS application". Provide the scene solution of "business site management + business management" for the customer group of small and medium-sized enterprises, accompany the growth of small and medium-sized enterprises, and provide multi-digit intelligent "assistants" for enterprises from "rough" to "fine" management.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.