www.fortinet.com 1

Auto Scaling Infrastructure Security for AWS CloudSecurity has become an essential enabler of application and service delivery in cloud environments. For organizations, contemplating the migration of essential activities to the cloud, the ability to match security to workloads is a key business consideration.

For users of cloud computing services like the AWS cloud, the effective application of security requires an ability to scale up and down in concert with the workload. The most operationally advantageous way to support this dynamic need is with automation.

As organizations migrate their production infrastructure to the cloud, many leverage Amazon’s Auto Scaling web service to automatically scale their cloud compute resources according to conditions they define. This provides an excellent means of optimizing cloud costs, detecting faulty instances, identifying unhealthy applications and automating replacement. As cloud workloads are scaled-out, the concerns of secured data protection persist and require a scaling automation capability able to match changes in utilized compute resources.

Automating security in the cloud is not trivial. Fortinet has developed an Auto Scaling cloud template which adds FortiGate enterprise firewall instances automatically based on user defined criteria while using AWS integrated scripts and templates to maintain a familiar UI and initiate security elasticity for optimal network utilization.

SOLUTION BRIEF

Highlights

nn Provides timely protection as workloads scale horizontally

nn Delivers automatic scaling for the best-in-class advanced security in Amazon AWS

nn Pre-tunes “minimum” and “maximum” security optimization parameters to provide refined security policy influence

nn Minimizes Cloud instance over-subscription and OPEX spending

nn Eliminates error-prone manual intervention in security configurations

SOLUTION BRIEF: AUTO SCALING INFRASTRUCTURE SECURITY FOR AWS CLOUD

2

To ensure availability and optimization of FortiGate advanced threat protection over the entire Auto Scaling groups, Fortinet maps your AWS security postures to scale up and down with your EC2 in an AWS CloudFormation template. This template can be held in a repository, making it reproducible and easily deployable as new instances require secure elasticity.

Figure 1: Auto Scale FortiGate Appliances Utilizing AWS native tool and templates

SOLUTION BRIEF: AUTO SCALING INFRASTRUCTURE SECURITY FOR AWS CLOUD

3

Auto Scaling helps you maintain security availability and allows you to scale your Amazon EC2 capacity up or down automatically according to conditions you define.

Figure 2: Select CloudFormation Template in Auto Scaling Web Service

Figure 3: Identify FortiGate Instance Type and Define Parameter Thresholds per CPU Utilization

Security is applied dynamically whenever a pre-selected application demand criterion is met. Workload spikes and off-peak periods are nearly impossible to predict − Auto Scaling removes the guesswork while delivering true pay-as-you-go cloud consumption.

SOLUTION BRIEF: AUTO SCALING INFRASTRUCTURE SECURITY FOR AWS CLOUD

Suggested Scaling Guidelines for On-Demand Instance / FortiGate-VM-AWS / FortiWeb-VM-AWS

Template: CPU Utilization

Medium Instance FG-VM01-AWS FWB-VM01-AWS

Large Instance FG-VM02-AWS FWB-VM02-AWS

Xlarge Instance FG-VM04-AWS FWB-VM04-AWS

2Xlarge Instance FG-VM08-AWS FWB-VM08-AWS

Scale Up Threshold 80 80 80 80

Scale Down Threshold 70 70 70 70

Template: Memory Utilization

Medium Instance FG-VM01-AWS FWB-VM01-AWS

Large Instance FG-VM02-AWS FWB-VM02-AWS

Xlarge Instance FG-VM04-AWS FWB-VM04-AWS

2Xlarge Instance FG-VM08-AWS FWB-VM08-AWS

Scale Up Threshold 80 80 80 80

Scale Down Threshold 70 70 70 70

Template: Concurrent Sessions

Medium Instance FG-VM01-AWS FWB-VM01-AWS

Large Instance FG-VM02-AWS FWB-VM02-AWS

Xlarge Instance FG-VM04-AWS FWB-VM04-AWS

2Xlarge Instance FG-VM08-AWS FWB-VM08-AWS

Scale Up Threshold 1500 8000 30,000 120,000

Scale Down Threshold 1200 6000 24,000 100,000

Template: Session Set-Up Rate

Medium Instance FG-VM01-AWS FWB-VM01-AWS

Large Instance FG-VM02-AWS FWB-VM02-AWS

Xlarge Instance FG-VM04-AWS FWB-VM04-AWS

2Xlarge Instance FG-VM08-AWS FWB-VM08-AWS

Scale Up Threshold 320,000 450,000 1,000,000 3,000,000

Scale Down Threshold 270,000 400,000 8,000,000 2,400,000

Fortinet has the complete advanced security portfolio available in the Amazon AWS Marketplace where you can choose Bring-Your-Own-License (BYOL), hourly or annually on-demand consumption. For more use case information or test drive FortiGate firewall in AWS, please visit fortinet.com/aws.

Copyright © 2016 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

GLOBAL HEADQUARTERSFortinet Inc.899 Kifer RoadSunnyvale, CA 94086United StatesTel: +1.408.235.7700www.fortinet.com/sales

EMEA SALES OFFICE905 rue Albert Einstein Valbonne 06560, Alpes-Maritimes, France Tel +33 4 8987 0500

APAC SALES OFFICE300 Beach Road 20-01The ConcourseSingapore 199555Tel: +65.6513.3730

LATIN AMERICA SALES OFFICEPaseo de la Reforma 412 piso 16Col. JuarezC.P. 06600 México D.F.Tel: 011-52-(55) 5524-8428

Feb 16, 2016