Weitere ähnliche Inhalte Ähnlich wie 深入淺出 AWS 混合式雲端架構 (20) Mehr von Amazon Web Services (20) 深入淺出 AWS 混合式雲端架構 1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Wilfred Wah, AWS ProServe
26th June, 2018
Introduction to Hybrid Cloud
on AWS
2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Sponsor
3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Learning Objectives
• Understand Hybrid Cloud architecture use cases
• Understand AWS portfolio of capabilities to support
Hybrid Cloud
• Understand AWS partnerships with VMWare, Microsoft
and other key enterprise players
4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Hybrid Cloud Strategy
of large
enterprises
run VMs in the
public cloud
(IDC)
60%
of organizations
have a hybrid
cloud strategy
today (IDC *)
65%
of workloads
are virtualized
today
(IDC )
83%
5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
What Do Customers Want in Hybrid?
Run workloads
on-premises
Run workloads
on the cloud
Tight
integration
Without buying
new hardware
$
6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Hybrid Cloud Use Cases
• Integrated Identity and Access
• Integrated Network
• Data Integration
• Integrated resources and deployment management
• Cloud Bursting
• Data center extension
• Cloud Adoption Framework and Migration Planning
7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Hybrid Cloud Solutions & Partners
VPC OpsWorksIAM Storage
Gateway
Direct
Connect
S3EC2 RDSSnowball Systems
Manager
8. a e
o
q
r
t
i
h
p u
l
f
First 5 years: 4 regions
2016–2018: 11 regions
Next 5 years: 7 regions
A W S
R E G I O N A L
E X P A N S I O N
d
m
c
g
b
n
s
k
v
i
9. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
The Foundation
Integrated Identity and Access
Integrated Network
10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Virtual Private Network – Extension of your data center
172.31.0.0/16
Availability Zone Availability Zone Availability Zone
VPC subnet VPC subnet VPC subnet
172.31.0.0/24 172.31.1.0/24 172.31.2.0/24
eu-west-1a eu-west-1b eu-west-1c
11. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
IAM Identities
Users and Groups
IAM user
§ Entity created in AWS to represent
a person or service that uses it to
interact with AWS
IAM group
§ Assign permissions to logical and
functional grouping of your
organization
§ Bulk permissions management
(scalable)
§ Easy to change permissions as
individuals change teams (portable)
AWS cloudAWS Management
Console
Password
[+MFA]
Access key
[+MFA]
12. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
IAM Identities
Identity Federation – Example for SAML 2.0 (Web Console)
Other protocol
supported:
OpenID Connect
13. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Options for AD-aware Cloud Workloads
On-premises
Windows Server
DC
AD
You manage
1
VPC
EC2 for Windows
Server DC
AD
You manage
2
VPC Endpoint
AWS Microsoft AD
AWS manages
3
AWS Directory Service
for Microsoft Active Directory
also known as AWS Managed Microsoft AD
14. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Connectivity Options
- Public IPs
- Elastic IPs
- Internet data out pricing
- IPsec authentication and
encryption
- Two main options
- AWS Managed VPN
- Software VPN (EC2)
- Launched in 2011
- Private connection
- Separate from the Internet
- Consistent network
experience
- Connect through 67 locations
- Port speeds of 1 Gbps, 10
Gbps or sub-1 Gbps
AWS Direct ConnectVPNPublic Internet
15. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Data Integration
16. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Cold Standby – Cloud Gateways
Amazon EBS
snapshots
Amazon S3
Amazon Glacier
Application
server
AWS
Direct
Connect
Internet
Customer premises
Gateway
appliances
AWS
Storage Gateway
back-end
AMI
17. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Hot Standby
Mirroring/replication
Application
data source
cut over
Elastic
load
balancerActive
Route 53
www.example.com
Corporate data center
Data
volume
Application
server
Subordinate
database
server
Reverse
proxy/
caching
server
AWS Region
Reverse
proxy/
caching
server
Application
server
Master
Database
server
Active
18. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
DR as a Service with Site Recovery Manager
Disaster recovery to VMware Cloud
Deliver as a service
Build on VMware established
disaster recovery solutions
Provide application-centric
DR runbook automation
Remove need for
dedicated DR data center
Integrate deeply with the
VMware Cloud on AWS services
Overview of goals
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
vSphere
(on premises)
VMware
Cloud on AWS
19. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
The Challenge
The Solution
Needed a scalable and reliable DR
solution
Business Outcomes
End-to-End DR from On-Prem to AWS
• Successful implement DR with multi-tier
applications with SQL
• Achieve end-to-end failover time within
low RTO with no IP changes
Pilot Light with Vmware Cloud on AWS
https://aws.amazon.com/partners/success/scripps-network-interactive/
20. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Integrated resources and
deployment management
21. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AMAZON EC2 SYSTEMS MANAGER
Systems Manager Service
EC2
Instance
Systems
Manager Agent
EC2
Instance
On-Prem
Instance
Systems
Manager Agent
Systems
Manager Agent
Manage your Amazon EC2 and on-premises instances
22. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Deliver scalable, resilient applications with less work
AWS OpsWorks (Chef and Puppet)
Supports any application
Supports existing EC2 instances
Supports servers running in on-premises
datacenters
Single platform to deploy and manage
applications across hybrid architectures
23. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Microservices on AWS using Kubernetes
Hybrid cloud
compatible
Highly
available
Automated
upgrades and
patches
Integrated with
AWS Services
CloudTrail,
CloudWatch,
ELB, IAM, VPC,
PrivateLink
Kubernetes is an open-source system for automating deployment, scaling,
and management of containerized applications.
24. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
DevOps – Build on AWS and deploy on premise
Source Build Test Production
Third Party
Tooling
Software Release Steps:
AWS CodeCommit AWS CodeBuild AWS CodeDeploy
AWS CodePipeline
EC2
On-Prem
25. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Cloud Bursting
26. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
EC2 Spot is legit
Spare capacity at scale
27. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Customer Success Story
Physical Server Rental
• Limited by Power / Cooling
Capacity
• 24 to 48 Hour Setup time
• Over spec to be safe
• Hard to return
Cloud Bursting
• Unlimited capacity
• 10 min setup time
• Pay for what you use
• Flexible Machine Specs
• Automated Termination
• Leverage SPOT Instances for
Inexpensive Compute usage
https://youtu.be/ThS9JZDCG_8
28. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Customer Success Story
Spot Fleet
AWS
Direct
Connect
AMI
Deadline DB and Repo
Local Render Farm
Isilon X410 Cluster
m4.16xlarge with EBS Custom Sync solution for
Studio Assets
29. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Data center extension
30. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Hybrid connectivity—split architecture
CORP
Web App Oracle
Database
31. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Hybrid connectivity—split architecture (2)
CORP
Web/App Web/App
NLB / ALB
N E W !
32. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS global infrastructure
VMware Cloud on AWS
VMware Cloud on AWS
Customer
data center
AWS services
vCentervCenter
vSAN NSXvSphere
Hybrid
linked-mode
Amazon
EC2
Amazon
S3
Amazon
RDS
AWS Direct
Connect
Amazon
Dynamo DB
Amazon
Redshift
Elastic
Network
Interface
33. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Kellogg’s—SAP HANA hybrid deployment
Corporate Data Center
Amazon Virtual Private Cloud (VPC)
Availability Zone
VPC Subnet
BW ABAP 7.31/NW JAVA 7.40
BW BI-JAVA
DEV QA
2 X 244 GB nodes 2 X 244 GB nodes
BW BI-JAVA
Internet
SAP OSS
BA
C
A = Virtual Private Gateway
B = Customer Gateway
C = VPN Connection
UAT/DR PRD
BW BI-JAVA BW BI-JAVA
Web Disp
Web Disp
HANA
5 X 0.5 TB nodes 5 X 0.5 TB nodes
SAP
HANASAP
HANA
SAP
HANASAP
HANA
https://aws.amazon.com/sap/solutions/saphana/
34. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
CAF and Migration Planning
35. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
• New Application
Patterns (MSA, CI/CD)
• Dev/Test
• Production
Application Migration
• Operational Integration
• Billing Optimization
• Early Discovery
• Learning
• POCs
• TCO/ROI Analysis
• Security & Risk Preparation
• Cloud Strategy
• Foundational Architecture
The Customer Journey “Stages of Adoption”
Stage 1
“Project”
Stage 2
“Foundation”
Stage 3
“Migration”
Stage 4
“Optimization”
Value
• Portfolio Mass Migration
• DC Shutdown
• Horizontal Solutions (VDI,
Back-up/Archive, Broad
storage)
• Advanced Operational
Patterns (CI/CD)
• Optimization
• Infrastructure
fully automated
• App/Dev owns
full solution stack
with tools and
service catalogs
Value
Time
Time
36. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Migration Planning Outcomes
ü Migration Success criteria defined
ü Applications categorized and prioritized for migration (backlog)
ü A detailed migration plan
ü Decided the migration sprint team structure
ü Design for platform establishment (Landing Zone)
ü Tools identified for migration
ü Approved Business Case
ü Now ready to execute migrations
CAF (Cloud Adoption Framework)
37. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Show and Tell, Planning, Training
2nd App Migration (Pattern 2)
Typical Migration Planning Activity Flow
Sprint 1 Sprint 2 Sprint 3 Sprint 4 Sprint 5 Sprint 6 Sprint 7 Sprint 8
Cloud
CoE
Design
PEOPLE: Skills &
Center of Excellence
OPERATIONS
Migration Workshop
& 1st App Migration 3rd App Pattern Migration
4th App Pattern Migration
BUSINESS: Migration
Business Case
Business
Case
Kickoff
Present
Busine
ss
Case,
Propos
al &
Plan
Financia
l
Analysis
PLATFORM: Application
Portfolio Discovery &
Planning
Portfolio Data Collection, Gaps & Analysis
Scoring Model
Prioritized Backlog
for 1st Qtr Migrations
& refined estimates
Initial Scoring,
Move Groups &
Estimate
GOVERNANCE: Project
Planning & Control
Migration Project
Plan, RACI,
Charter
Resource Plan,
Sprint Teams,
Cadence
Project
Managemen
t Workshop
Develop
SOWs
and
Propos
al
Security &
Complianc
e
Workshop
SECURITY: Security,
Risk and Compliance
Identity & Access Mgt.
Logging & Monitoring
Infrastructure
Data Protection
Incident Response
Deploy NIST
Landing Zone
MVP
PoC with 3rd Party
Security Solt’n
PLATFORM:
• Landing Zone
• Migration Process &
Experience
MigrationReadinessAssessment
TeamKickoff
Migration
Training
Plan
Center of excellence development
AMI/
Patchin
g
Service
Catalog
Ops
Playbook
Config Mgmt
& Automation
Asset
Mgmt
Backup
s BCP/DR
AD+IAM
TRAINING TEAM
Training 1 Training 2
Landing Zone
& Ops
Validation /
Wargame
& Workshop
Security IR
Simulation
High Risk +/-
Cost
Mgmt
PlanningandStrategy
Team
Implement&MigrateTeam
Encryption
38. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
App Migration Automation/Tools
SERVER & DB MIGRATION
ADDITIONAL 3RD PARTY
MIGRATION TOOLS
DATA TRANSFER
S3 Transfer Acceleration
AWS Storage and File Gateway
AWS Direct Connect
AWS Snowball
Amazon Kinesis Firehose
AWS Server Migration Service
AWS Database Migration Service
VMWare Cloud on AWS
PARTNERS
& Snowmobile
AWS Schema Conversion Tool
39. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Thank You!
https://aws.amazon.com/enterprise/hybrid/
https://aws.amazon.com/enterprise/
https://aws.amazon.com/professional-services/CAF/
https://aws.amazon.com/architecture/well-architected/
https://aws.amazon.com/migration-acceleration-program/
40. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Facebook Hong Kong Page
41. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Remember to complete
your evaluations!Remember to complete
your evaluations!