Code, Camera, Action

Stories, software and strategies to help nonprofits do web 2.0+ 
Tags


Filed under

cloud

 
August 17, 2009

Credit cards in the cloud: Does Amazon EC2 meet PCI Compliance?

It is possible for you to build a PCI level 2 compliant app in our AWS cloud using EC2 and S3, but you cannot achieve level 1 compliance. And you have to provide the appropriate encryption mechanisms and key management processes. If you have a data breach, you automatically need to become level 1 compliant which requires on-site auditing; that is something we cannot extend to our customers. This seems like a risk that could challenge your business; as a best practice, I recommend businesses always plan for level 1 compliance. So, from a compliance and risk management perspective, we recommend that you do not store sensitive credit card payment information in our EC2/S3 system because it is not inherently PCI level 1 compliant. It is quite feasible for you to run your entire app in our cloud but keep the credit card data stored on your own local servers which are available for auditing, scanning, and on-site review at any time.
via developer.amazonwebservices.com

Recommendation is to go with authorize.net CIM or ARB, which stores credit cards. EC2/S3 app would then access the ccard information with a token. Amazon's own Flexible Payments Service works this way, too.

Loading mentions Retweet
Filed under  //   cloud   code  

Comments [0]

March 6, 2009

Scaling Drupal on the Amazon Cloud - Drupalcon presentation

@febbraro and I presented our work hosting Drupal on Amazon AWS at Drupalcon last night. Thanks to everybody who could make it. Slides below for download.

We talked about scaling challenges we face doing nonprofit campaigns for the Case Foundation. These are typically limited-time campaigns, with press releases or other promotion.

Our challenge has been supporting relatively high loads for a short time — without going broke. Amazon’s EC2 servers-on-demand have been great for this. Here’s how we use AWS, and architectural issues anyone will face hosting Drupal on the Amazon cloud.

Update: Alan Doucette was kind enough to post video of the talk. Thanks, Alan!

Loading mentions Retweet
Filed under  //   cloud   code   drupal   drupalcon   lamp   nptech   scale  

Comments [0]

December 3, 2008

How I Sold Our Web Servers and Moved to the Cloud

At NTEN, the nonprofit tech conference, last year I met a developer who was really exited. One of the vendors on the floor was giving away Pentium 3 processors, and he had a box that could use an extra boost.

Me, I never touch hardware anymore. In fact, I don’t really know how many servers we’ve got — or where they are. Amazon knows. About six months ago we switched all our production servers to Amazon’s EC2 cloud infrastructure.

As for how we moved to Amazon — and why we did it — check out this set of slides:

  • Drupal in the Cloud: Scaling with Drupal and Amazon Web Services.

http://www.slideshare.net/elstudio/drupal-in-the-cloud-scaling-with-aws-presentation?src=embed

Frank of Phase2 Technology and I put these together for today’s Northern Virginia Drupal Meetup. Thanks to everybody who came out for a listen.

Loading mentions Retweet
Filed under  //   cloud   code   drupal   lamp   nptech  

Comments [0]