AWS Security Solution to make your environment Safe and meet the Compliance

We align the AWS security services to the 5 epics of the Security Cloud Adoption Framework (CAF). The order of the epics tells a story. The story has some components/modules that can support it.

  • Story 1: Identity & access management

AWS Identity & Access Management (IAM)
AWS Single Sign-On
AWS Directory Service
Amazon Cognito
AWS Organizations
AWS Secrets Manager
AWS Resource Access Manager

  • Story 2: Detective controls

AWS Security Hub
Amazon GuardDuty
AWS Config
AWS CloudTrail
Amazon CloudWatch
VPC Flow Logs

  • Story 3: Infrastructure protection

AWS Systems Manager
AWS Shield
AWS WAF – Web application firewall
AWS Firewall Manager
Amazon Inspector
Amazon Virtual Private Cloud (VPC)

  • Story 4: Data protection

AWS Key Management Service (KMS)
AWS Certificate Manager
Amazon Macie
Server-Side Encryption

  • Story 5: Incident response

AWS Config Rules
AWS Lambda

I will elaborate more about this in the next post, or next chance and add that information to this post.  Thanks.


Kind Regards,
Doddi Priyambodo

AWS Hands-on-Lab Workshops for Builders

At AWS, we consider all are builders. The innovators, the collaborators, the creators. The ones who see what doesn’t exist, and then make it exist. We believe nothing should stand in the builder’s way, and dreams never have to turn off. With AWS, it’s time to build on.. Because we are aiming to build something better for the world. In this post, for you developers who would like to make your hands dirty, you can try these hands on lab which will create a sample application based on the technology that you like. Please explore and … GO BUILD!

General resources:

Huge resources:

Private resources: (can only be accessed if you have the credential)


While talkers Talk, builders Build!


Kind Regards,
Doddi Priyambodo

What is Cloud?

Definition of Cloud?

I usually answer this question with this mechanism (from my perspective)
You can ask “What”, “Where”, When”, “How”, “Why” to answer that question.

  1. What? >> it is collection of IT resources (such as compute, storage, artificial intelligence, function, framework, applications, etc)
  2. Where? >> it can be accessed from the internet, so literally anywhere around the earth
  3. When? >> it can be access anytime you want, no time or schedule limitation
  4. How? >> you can use it per-usage based. you want it, you get it. pay as used.

Why Cloud? (I will elaborate this more later on, but it is because of…)

  1. Agility
  2. Utility based cost
  3. Elasticity
  4. Breadth of Services
  5. Go Global in minutes


Kind Regards,
Doddi Priyambodo

Berkenalan dengan layanan Artificial Intelligence dan Machine Learning dari Amazon Web Service

If you think Cloud Computing is only about “Hosting your Server” (which a lot of people do)… then, please kindly read again some public materials out there and create a free account at AWS to try it by your self  – since it is way beyond than that!

One of the service that I would like to talk about right now is about the services and platform that are available for Machine Learning purpose – to create an artificial intelligence services for your customers.

At Amazon, artificial intelligence has been investigated for over 20 years. Machine learning (ML) algorithms drive many of our internal systems. It’s also core to the capabilities our customers experience – from the path optimization in our fulfillment centers, and’s recommendations engine, to Echo powered by Alexa, our drone initiative Prime Air, and our new retail experience Amazon Go. This is just the beginning. Our mission is to share our learnings and ML capabilities as fully managed services, and put them into the hands of every developer and data scientist.

Machine Learning Application Services – ready to use functions and building blocks for your advanced applications.

  • Amazon Rekognition makes it easy to add image and video analysis to your applications. You just provide an image or video to the Rekognition API, and the service can identify the objects, people, text, scenes, and activities, as well as detect any inappropriate content. Amazon Rekognition also provides highly accurate facial analysis and facial recognition on images and video that you provide. You can detect, analyze, and compare faces for a wide variety of user verification, people counting, and public safety use cases.
  • Amazon Lex is a service for building conversational interfaces into any application using voice and text. Amazon Lex provides the advanced deep learning functionalities of automatic speech recognition (ASR) for converting speech to text, and natural language understanding (NLU) to recognize the intent of the text, to enable you to build applications with highly engaging user experiences and lifelike conversational interactions.
  • Amazon Polly is a service that turns text into lifelike speech, allowing you to create applications that talk, and build entirely new categories of speech-enabled products. Amazon Polly is a Text-to-Speech service that uses advanced deep learning technologies to synthesize speech that sounds like a human voice.
  • Amazon Comprehend is a natural language processing (NLP) service that uses machine learning to find insights and relationships in text. The service identifies the language of the text; extracts key phrases, places, people, brands, or events; understands how positive or negative the text is; analyzes text using tokenization and parts of speech; and automatically organizes a collection of text files by topic. Using these APIs, you can analyze text and apply the results in a wide range of applications including voice of customer analysis, intelligent document search, and content personalization for web applications.
  • Amazon Transcribe is an automatic speech recognition (ASR) service that makes it easy for developers to add speech-to-text capability to their applications. Using the Amazon Transcribe API, you can analyze audio files stored in Amazon S3 and have the service return a text file of the transcribed speech.
  • Amazon Translate is a neural machine translation service that delivers fast, high-quality, and affordable language translation. Neural machine translation is a form of language translation automation that uses deep learning models to deliver more accurate and more natural sounding translation than traditional statistical and rule-based translation algorithms.

Instance for Deep Learning – ready to use EC2 instance pre-installed with popular deep learning frameworks.

  • AWS Deep Learning AMIs provide machine learning practitioners and researchers with the infrastructure and tools to accelerate deep learning in the cloud, at any scale. You can quickly launch Amazon EC2 instances pre-installed with popular deep learning frameworks such as Apache MXNet and Gluon, TensorFlow, Microsoft Cognitive Toolkit, Caffe, Caffe2, Theano, Torch, PyTorch, Chainer, and Keras to train sophisticated, custom AI models, experiment with new algorithms, or to learn new skills and techniques.

Machine Learning Platform Services – ready to use platform to develop your advanced applications.

  • Amazon Machine Learning is a service that makes it easy for developers of all skill levels to use machine learning technology. Amazon Machine Learning provides visualization tools and wizards that guide you through the process of creating machine learning (ML) models without having to learn complex ML algorithms and technology. Once your models are ready, Amazon Machine Learning makes it easy to obtain predictions for your application using simple APIs, without having to implement custom prediction generation code, or manage any infrastructure.
  • Amazon SageMaker is a fully-managed platform that enables developers and data scientists to quickly and easily build, train, and deploy machine learning models at any scale. Amazon SageMaker removes all the barriers that typically slow down developers who want to use machine learning.
  • AWS DeepLens is deep learning enabled video camera (hardware) for developers. It helps put deep learning in the hands of developers, literally, with a fully programmable video camera, tutorials, code, and pre-trained models designed to expand deep learning skills.

PS: Try it your self to see how easy to start to BUILD your service on top of AWS Cloud Platform (use the FREE account! NOW!) – at amazon we like to say “Get your Hands Dirty!”


Kind Regards,
Doddi Priyambodo

Berkenalan dengan AWS DynamoDB – Platform NoSQL Database dari Amazon Web Services

Q: What is Amazon DynamoDB?

DynamoDB is a fast and flexible nonrelational database service for any scale. DynamoDB enables customers to offload the administrative burdens of operating and scaling distributed databases to AWS so that they don’t have to worry about hardware provisioning, setup and configuration, throughput capacity planning, replication, software patching, or cluster scaling.

Q: What does DynamoDB manage on my behalf?

DynamoDB takes away one of the main stumbling blocks of scaling databases: the management of database software and the provisioning of the hardware needed to run it. You can deploy a nonrelational database in a matter of minutes. DynamoDB automatically scales throughput capacity to meet workload demands, and partitions and repartitions your data as your table size grows. Also, DynamoDB synchronously replicates data across three facilities in an AWS Region, giving you high availability and data durability.

Overview of DynamoDB – the Scalability, the Security, and the Availability of the service

  • It is a non-relational #NoSQL Database, which can be used as Key-Value data or Document-Store data strategy for your serverless service  implementation.
  • It will be automatically saved in 3 (three) copies in the different facilities to create the High Availability strategy for the service, and the data is saved to high speed SSD! to create a high performance strategy. It can be configured to replicate the data to another region too to add more highly available strategy if you want to.
  • The database is designed to be scalable without limits!
  • It has complete security protection, from isolated network access, complete logs, monitor and alert system, fine grained access, and data encryption with key management system.


Ref Image:

Q: Can DynamoDB be used by applications running on any operating system?

Yes. DynamoDB is a fully managed cloud service that you access via API. Applications running on any operating system (such as Linux, Windows, iOS, Android, Solaris, AIX, and HP-UX) can use DynamoDB. We recommend using the AWS SDKs to get started with DynamoDB.

Q: How am I charged for my use of DynamoDB?

Each DynamoDB table has provisioned read-throughput and write-throughput associated with it. You are billed by the hour for that throughput capacity if you exceed the free tier. Note that you are charged by the hour for the throughput capacity, whether or not you are sending requests to your table. If you would like to change your table’s provisioned throughput capacity, you can do so using the AWS Management Console, the UpdateTable API, or the PutScalingPolicy API for auto scaling. Also, DynamoDB charges for data storage as well as the standard internet data transfer fees.

To learn more about DynamoDB pricing, see the DynamoDB pricing page.

Please notes that DynamoDB has a lot of Free Tier capabilities in it, if you are a SME business then most probably you will not exceed the Free Tier services. I will say… with all the capabilities and reliabilities… it’s CRAZY!

Free Tier Services, include:
25 GB PER MONTH of data storage (indexed)
200 MILLION REQUESTS PER MONTH through 25 write capacity units and 25 read capacity units

You pay for only the resources you provision beyond these free tier limits. The DynamoDB free tier applies to all tables in a region and does not expire at the end of your 12-month AWS Free Tier.

Q: What is the maximum throughput I can provision for a single DynamoDB table?

DynamoDB is designed to scale without limits. However, if you want to exceed throughput rates of 10,000 write capacity units or 10,000 read capacity units for an individual table, you must first contact Amazon. If you want to provision more than 20,000 write capacity units or 20,000 read capacity units from a single subscriber account, you must first contact us to request a limit increase.

Q: What is the minimum throughput I can provision for a single DynamoDB table?

The smallest provisioned throughput you can request is 1 write capacity unit and 1 read capacity unit for both auto scaling and manual throughput provisioning. Such provisioning falls within the free tier which allows for 25 units of write capacity and 25 units of read capacity. The free tier applies at the account level, not the table level. In other words, if you add up the provisioned capacity of all your tables, and if the total capacity is no more than 25 units of write capacity and 25 units of read capacity, your provisioned capacity would fall into the free tier.

It’s all about SCALABILITY, SECURITY, and AVAILABILITY for your most important service! (which is your database)


Kind Regards,
Doddi Priyambodo

These are top 16 Common/Killer Use Cases from VMware NSX for You!

Whenever I pitch about NSX to customer, I always start with the use cases. On-target questioning and in-depth listening to customer’s pain points are important, so we can collaborate together to solve their issues and going beyond that to enhance their innovations.

For me, it is not relevant right now to describe the byte per-byte features and bit per-bit capabilities for first/second meeting. We can go with those approach “later on” of course if customer would like to know in-depth, or we are in the stage of proofing the technology as long as we already understand their goal and pain points.

But, to understand customer’s expectation and give them “BEYOND” than their expectation is always been our goal when doing a professional consultation with them.

Anyway, these are some common use cases that we can use to do collaborative discussion with customers that we can put a “laser focus” later on. There are around ~16 use cases that VMware NSX (Network Virtualization) can bring new benefits or additional capabilities to customers and make their life simpler.

  1. Security Use Cases
    1. Network Segmentation
    2. Microsegmentation for Securing VDI Infraastructure
    3. Intelligent Grouping for Unsupported Operating System
    4. Automated Security in a Software Defined Data Center
    5. Advanced Security (IDS/IPS) Insertion (ex: Palo Alto Network NGFW)
    6. Collapsed DMZ
    7. Integrate Dev, Test, and Prod environment into single infrastructure
    8. Securing access to and from Jump Box servers
  2. Application Continuity Use Cases
    1. Multisite Networking and Security
    2. Data Center Consolidation/Migration (Merger & Acquisition)
    3. Hybrid/Public Cloud Integration
    4. Disaster Recovery
  3. Automation Use Cases
    1. Self Service IT
    2. Fast Application Deployment of Template
  4. Business Values deriving Use Cases
    1. Island of Unused Compute Capacity by leveraging Stretch and Bridge
    2. Reducing Capital Outlay in expensive Hardware Devices

Those are 16 new use cases or additional use cases that we can discuss with customers if we would like to talk how VMware NSX can make their life easier now. I will leverage on the use cases later on, or you can contact VMware Inc. or their partners to help you solve your issues and put a small and easy step to modernize your data center!


Kind Regards,
Doddi Priyambodo

Penjelasan Detail mengenai my INTEL-NUC based VMware Home-Lab untuk ngoprek vSphere 6.5, NSX, VIO, Kubernetes, dan PKS – #IntelNucSkull #i7

This time, saya ingin melanjutkan posting saya sebelumnya yang ada disini mengenai Home Lab. Berikut ini adalah postingan2 saya sebelumnya yang menjelaskan mengenai Home Lab yang saya miliki dan juga beberapa tutorial yg saya coba di Home Lab saya:

Anyway, saya akan menjelaskan beberapa hal mengenai instalasi INTEL-NUC yang saya miliki sebagai Home Lab aktif yang saya gunakan untuk mengoprek VMware products seperti NSX, VIO, VIC, VRNI, dan nantinya PKS.

Saya sangat ingin menggunakan mini server ini sebagai portable mini lab yang bisa dibawa2 untuk memenuhi hobby “ngoprek” saya.

Hobby ini bisa saya salurkan dan dapatkan di INTEL-NUC yang saya pegang saat ini. Beberapa alasan sudah saya jelaskan di postingan saya sebelumnya (baca link diatas, red). Selain instalasi yang telah saya lakukan diatas VMware Workstation on my laptop dan my home PC sebagai nested installation sebelumnya. Berhubung instalasi NSX membutuhkan resource yang cukup besar, jadi I think this would be better to use dedicated hardware untuk melakukan instalasi ini. Inilah salah satu alasan kenapa memilih INTEL-NUC selain melakukan instalasi di laptop saya.

Strategi yang akan kita gunakan adalah membuat INTEL-NUC ini sebagai parent host dari beberapa Nested ESXi yang akan kita gunakan. In summary:

  • Use Intel NUC as Parent Host =
  • Create beberapa administrasi VMs, seperti NTP, DNS, AD, PSC, vCenter, dll.
  • Create Nested ESXi sebagai datacenter 1 =
  • Create Nested ESXi sebagai datacenter 2 =

Berikut ini adalah capture dari Intel NUC yang akan dikonfigurasi untuk VMware SDDC:

Spesifikasi dari Intel NUC ini sudah diupgrade sampai kapasitas maksimum yg bisa dihandle oleh server ini. Berikut ini adalah screenshot DCUI-nya untuk menggambarkan spesifikasi-nya: (in summary, processor: 4 physical CPU cores with multithread capability, memory:32 GB RAM, disk:480 GB SSD).

Berikut ini adalah spesifikasi detail untuk mini server ini:

  • Processor: 6th generation Intel Core i7-6770HQ processor (2.6 to 3.5 GHz turbo, Quad Core, 6 MB Cache, 45W TDP)
  • System Memory: 32GB (Kingston DDR4 2133)
  • Storage: Intel M.2 480GB 540 series (spare M.2 slot for additional capacity)
  • Peripheral Connectivity:
    • Intel Gigabit LAN
    • One Thunderbolt 3 port with USB 3.1
    • Four Super Hi-Speed USB 3.0 ports
    • One HDMI 2.0 port and One Mini DisplayPort

Screen Shot 2017-12-07 at 14.42.26

Sebelumnya, kita perlu melakukan Design dari Data Center yang akan kita bangun. Secara garis besar design-nya akan berbentuk seperti ini:

Dengan detail sebagai berikut:

  • Management Cluster
Type Name Hostname IP Address Username Password Remarks
Host p-esxi50 p-esxi50.
corp.local root VMware1! ESXi
VM dns-ntp dns-ntp.
corp.local root VMware1!
VM vcsa vcsa-106.
corp.local root VMware1! vCenter Server
VM nsxmgr nsxmgr-106.
corp.local root VMware1! NSX Manager
VM psc psc-106.
corp.local root VMware1!


  • Compute Cluster
Type Name Hostname IP Address Username Password Remarks
Host n-esxi51 n-esxi51.
corp.local root VMware1! Nested ESXi
Host n-esxi52 n-esxi52.
corp.local root VMware1! Nested ESXi
VM nsx-esg,

root VMware1!
NSX Edge
VM nsx-dlr root VMware1!
NSX Edge
VM nsx-controller NSX Controller
VM web01 root VMware1! 3-Tier App (Web)
VM web02 root VMware1! 3-Tier App (Web)
VM app01 root VMware1! 3-Tier App (App)
VM db01 root VMware1! 3-Tier App (Db)
  • Other additional information (please ignore this, as this is only for my personal note)
    • VIC, VIO, vROps, Log Insight, VRNI

Langkah-langkah instalasi yang perlu dilakukan adalah sebagai berikut:

  1. Lakukan instalasi vSphere ESXi di Intel NUC menggunakan USB Flash Drive
    1. Baca dulu beberapa notes dari sini (, karena ada beberapa parameter yang perlu di-disable di BIOS agar instalasi di Intel NUC dapat berjalan dengan baik.
    2. Lakukan instalasi ESXi di Intel NUC, sebelumnya kita perlu buat bootable USB flash drive for ESXi installation dengan Rufus (silahkan download dari sini: – dan ikuti guidance dari sini: Lalu lakukan instalasi vSphere ESXi dengan mengikuti guidance ini: (feature walkthrough)
  1. Lakukan instalasi untuk VMware vSphere (ESXi & vCenter) + NSX (NSX Manager & NSX Controller)

Download component dari sini:

Untuk mempercepat proses instalasi dan konfigurasi, karena ini akan digunakan untuk demo & development purpose maka daripada harus satu persatu melakukan instalasi dengan GUI wizard (seperti yang saya lakukan sebelumnya untuk menyiapkan personal lab saya di laptop, please read ….), kita juga bisa menggunakan automation script yang dibuat oleh rekan saya (Wen Bin Tay, Nick Bradford, William Lam) dari VMware.

Berikut ini adalah Step by Step-nya:

  1. vSphere Installation: 
  2. NSX Installation:

Script ini dibuat menggunakan PowerCLI yang merupakan Windows PowerShell interface yang digunakan untuk me-manage VMware vSphere environment (

Secara umum, script ini akan men-deploy VMware’s virtualization platform termasuk vCenter Server Appliance (VCSA), Nested ESXi, NSX components dan contoh aplikasiThree-Tier Web Application. Tapi perlu diingat, bahwa instalasi menggunakan automated script Nested ESXi ini hanya direkomendasikan di environment Development saja. Tidak direkomendasikan untuk dipasang di environment production.

  1. Lihat hasilnya:

Virtual Machines yang ada di Parent Host:

All IP Address Overview:

vCenter Overview:

Screen Shot 2017-12-07 at 15.44.02

  1. DONE


Best Regards,
Doddi Priyambodo

Troubleshooting slow performance on application di atas VMware virtualization

Setelah kita masuk ke dunia IT operation, akan banyak hal-hal operasional yang membutuhkan troubleshooting. Biasanya disebabkan karena slow performance dari sebuah aplikasi. Jika ini terjadi di virtualization environment, maka kita perlu memastikan bahwa infrastructure yang ditangani mampu memberikan jaminan SLA yang sudah kita sepakati sebelumnya.

Berikut ini adalah beberapa key area yang perlu diperhatikan untuk melakukan troubleshooting sebuah VM, secara high level:
1. Ensure bahwa ini bukan dari sisi aplikasi by working together juga dgn tim apps – logic of apps, memory leak, efficient I/O commands, etc.
2. Coba pastikan di sisi infra dari VM dan infra di belakangnya (compute, storage, network)

Berikut ini adalah hal yang bisa kita lakukan pada saat troubleshooting:

1. Cek kesehatan dari Virtual Machines

Capacity Issues (Example) Non Capacity Issues (Example)
•CPU Demand > 90%

•CPU Run Queue > 3 per vCPU

•CPU Swap Wait high, CPU IO Wait high

•RAM Free < 250 MB

•RAM Committed > 70%

•Page-In Rate is high

•Disk Queue Length > ___

•Disk IOPS or Throughput or OIO is high

•Low disk space

•Network Usage is high

•Wrong driver (storage driver, network driver) or its settings

•Too many snapshots or large snapshots

•Tools not running

•VM vCPU Usage unbalanced

•App configured wrongly, not-indexed

•Memory Leak

•Network Latency is high or TCP retransmit

•VM too big, process ping-pong, high context switch

•NUMA effect

•Guest OS power setting

2. Cek kesehatan dari Infrastructure layer

 Infra is unable to Cope (Example) Other Issues (Example)
•ESXi CPU insufficient: Demand > 90%, VM CPU Co-Stop >1%, CPU Ready >5%, no of cores to small for VM

•ESXi RAM insufficient: VM Balloon active, VM RAM Swap-in is high, NUMA migration

•ESXi Disk IOPS or Throughput is high

•ESXi vmkernel queue or latency is high

•Datastore latency is high

•ESXi vmnic usage is high

•VM was vMotion

•ESXi vmnic dropped packets or generate errors

•ESXi wrong configuration: power management, multi-pathing, driver version, queue depth setting

•Hardware fault: disk soft error, bad sector, RAM error,

Next question adalah how to check those parameters as fast you can, and as easy as you can to do the troubleshooting and solve the issues that you are facing right now. Well, jawaban yang paling cepat adalah dengan merujuk pada alat  bantu yang saya bahas di posting saya sebelumnya, yaitu dengan menggunakan VMware vRealize Operations Manager.


Kind Regards,
Doddi Priyambodo


Launching of VMware vROps 6.6 dengan enhancement yang significant for troubleshooting and monitoring

FYI, for latest info about VMware, regarding vRealize Operations Manager tool yang baru launch last month version 6.6. Improvement-nya sangat bagus sekali, user interface berubah karena menggunakan framework Clarity HTML5 yang baru (open source by VMware).
By default, banyak sekali dashboard yang bisa digunakan untuk monitoring – yang sebelumnya perlu dibuat dengan custom dashboard. Terutama bisa digunakan oleh tim operational untuk performance troubleshooting dan capacity management.
Overview bisa dilihat disini: 
vRealize operations 6.6 getting started dashboard vrealize operations 6.6 hardening and compliance
Atau complete video untuk live action bisa dilihat disini:


Beberapa contoh fungsionalitas yg menarik adalah: (saya ambil beberapa saja dari contoh link youtube diatas)
Some screenshots:
Image result for vrops 6.6Image result for vrops 6.6
Saya sangat sarankan untuk dapat melakukan upgrade version tersebut sehingga troubleshooting dan monitoring akan jauh lebih mudah.
Kind Regards,
Doddi Priyambodo

Dokumen Terbaik untuk menjelaskan mengenai VMware NSX Design Guidelines

Berikut ini adalah dua buah dokument resmi dari VMware yang sangat detail, dapat menjelaskan mengenai hal-hal yang perlu diperhatikan untuk men-design solusi NSX:

Dapat di download resmi dari website VMware:

Jika anda ingin do NSX Hands-On, dan secara live ingin mengetahui Step by Step penggunaan-nya, maka bisa dibaca dari sini:  (search for “NSX”)

Hope it is useful.


Kind Regards,
Doddi Priyambodo