Weitere ähnliche Inhalte Ähnlich wie Costruire Architetture Ibride con AWS (20) Mehr von Amazon Web Services (20) Costruire Architetture Ibride con AWS1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Introduction to
Hybrid Cloud on AWS
2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Hybrid Cloud Strategy
* Data from IDC
of workloads
are virtualized
today
83%
of large enterprises
run VMs in the
public cloud
60%
of organizations
have a hybrid cloud
strategy today
65%
3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
What Do Customers Want in Hybrid?
Run workloads
on the cloud
Tight
integration
Run workloads
on-premises
Without buying
new hardware
4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Hybrid Cloud Use Cases
Integrated identity and access
Integrated network
Data integration
Integrated resources and deployment management
Integrated devices and edge systems
Data center extension
5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
The Foundation
Integrated Identity and
Access Integrated Network
6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Virtual Private Network
Extension of your data center
172.31.0.0/16
Availability Zone Availability Zone Availability Zone
VPC subnet VPC subnet VPC subnet
172.31.0.0/24 172.31.1.0/24 172.31.2.0/24
eu-west-1a eu-west-1b eu-west-1c
7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
IAM Identities
IAM group
Assign permissions to logical and functional
grouping of your organization
Bulk permissions management (scalable)
Easy to change permissions as individuals
change teams (portable)
IAM user
Entity created in AWS to represent a person or
service that uses it to interact with AWS
AWS cloudAWS Management
Console
Password
[+MFA]
Access key
[+MFA]
Users and groups
8. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
IAM Identities
Other protocol supported:
OpenID Connect
Identity Federation—example for SAML 2.0 (web console)
Portal/
Identity
provider (IdP)
AWS Management Console
LDAP
Identity
Store
IdP authenticates
user
Browser interface
Your Org (Identity Provider) AWS (Service Provider)
AWS
SSO endpoint
User
browses
to IdP
IDP returns
SAML assertion
1
2
3
Client posts
SAML assertion
to sign-in URL
Endpoint validates,
sends redirect
4
STS
5
7
6
9. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Options for AD-aware Cloud Workloads
AWS Directory Service
for Microsoft Active Directory
also known as AWS
Managed Microsoft AD
You manage
On-premises
Windows Server DC
AD
1
You manage
VPC
EC2 for Windows
Server DC
AD
2
AWS manages
VPC Endpoint
AWS
Microsoft AD
3
10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Connectivity Options
Launched in 2011
Private connection
Separate from the Internet
Consistent network experience
Connect through
67 locations
Port speeds of 1 Gbps,
10 Gbps or sub-1 Gbps
AWS Direct
Connect
IPsec authentication
and encryption
Two main options
• AWS Managed VPN
• Software VPN (EC2)
VPN
Public IPs
Elastic IPs
Internet data out pricing
Public
Internet
11. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Data Integration
12. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Cold Standby—Cloud Gateways
Amazon EBS snapshots
Amazon S3
Amazon Glacier
Application
server
AWS
Direct
Connect
Internet
Customer premises
Gateway
appliances
AWS Storage
Gateway back-end
AMI
13. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Hot Standby
Data
volume
www.example.com
Mirroring/replication
Application data source
cut over
Elastic load
balancerActive
Route 53
Corporate data center
Application
server
Subordinate
database
server
Reverse
proxy/
caching
server
Reverse
proxy/
caching
server
Application
server
Master
Database
server
Active
AWS Region
14. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
DR as a Service with Site Recovery Manager
Deliver as a Service
Build on VMware established
disaster recovery solutions
Provide application-centric
DR runbook automation
Remove need for
dedicated DR data center
Integrate deeply with the VMware
Cloud on AWS services
Overview of goalsDisaster recovery to VMware Cloud
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
vSphere
(on-premises)
VMware Cloud
on AWS
15. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Integrated Resources and
Deployment Management
16. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon EC2 Systems Manager
Manage your Amazon EC2 and on-premises instances
EC2
Instance
EC2
Instance
On-premises
Instance
Systems Manager Service
Systems
Manager Agent
Systems
Manager Agent
Systems
Manager Agent
17. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Deliver scalable, resilient applications with less work
AWS OpsWorks (Chef and Puppet)
Supports any application
Supports existing EC2 instances
Supports servers running in
on-premises datacenters
Single platform to deploy and manage
applications across hybrid architectures
18. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
DevOps—Build on AWS and deploy on-premises
Software release steps
AWS CodePipeline
Third-party ToolingAWS CodeCommit AWS CodeBuild
On-Prem
AWS CodeDeploy
EC2
Source Build Test Production
19. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Integrated Devices
and Edge Systems
20. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Snowball Edge Use Cases
IoT Local Tiering
and Compute
Offline
Staging
Local
Transformation
21. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Moving to the Edge
Devices
Sense & Act
AWS
Greengrass
Amazon
FreeRTOS
AWS IoT
Device
Defender
Cloud
Storage & Compute
AWS IoT
Core
AWS IoT Device
Management
Intelligence
Insights & Logic → Action
AWS IoT
Analytics
22. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Data Center Extension
23. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Hybrid Connectivity—Split Architecture
Web App Oracle
Database
24. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Hybrid Connectivity—Split Architecture (2)
Web/App
Web/AppNLB/ALB
25. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Rich VMware SDDC
delivered as a cloud
service on AWS
Consistency and
familiarity of VMware
technologies
Easy workload
portability and
hybrid capabilities
AWS
Direct access to the
power of native
AWS services
Existing and new
apps with
Containers
and VMs
VMware Cloud on AWS
26. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Customer can decide strategically across on-premises data center and cloud
Data Center Extension & DR
Maintain
Expand
On-demand capacity
Footprint expansion
DR and backup
Test and Dev
A
Cloud Migration
Consolidate
Migrate
Data center wide migration
Application specific migration
Infrastructure refresh
B
Next-Generation Apps
Application modernization
Next-gen app build out
C
VMware Cloud on AWS Target Use Cases
27. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
So, how does VMware Cloud on AWS work?
• VMware SDDC running on AWS bare
metal
• Sold, operated & supported by VMware
and its partners
• Support for containers and VMs
• On-demand capacity and flexible
consumption
• Full operational consistency with on-
premises SDDC
• Seamless workload portability and
hybrid operations
• Global AWS footprint, reach, availability
• Direct access to native AWS services
AWS Global Infrastructure
Customer data
Center
vSphere &
containers vSAN NSX
Operational
management
AWS services
CMP - vRealize Suite, ISV ecosystem
vCentervCenter
VMware CloudTM on
AWS
Powered by VMware Cloud Foundation
28. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
What do we mean by reuse previous investments?
vCenter Hybrid Linked
Mode allows linking
vCenters running
across different SSO
domains, different
versions, and different
topologies
29. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
But… bare metal… cloud?
Flexibly expand and contract cluster within
minutes
You can specify number of hosts to add or
remove to/from their cluster
Hosts removed from the cluster are
evacuated of VMs and data prior to their
removal
30. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Fully integrated and fully managed AWS
infrastructure on-premises
Building on the security, performance & power of
the Nitro system
Offering the same APIs and functionality as in
public AWS regions
Automatically monitored, updated and patched as
part of AWS regions
AWS - Outpost
31. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Using the same AWS APIs and tools
Manage and automate applications
using EC2 Auto Scaling Groups, AWS
CloudFormation, Elastic BeanStalk
Get the same metrics and visibility
using CloudWatch and CloudTrail
services in the local region
AVAILABLE: Second half of 2019
32. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Questions ?
https://aws.amazon.com/enterprise/hybrid/
https://aws.amazon.com/enterprise/
https://aws.amazon.com/professional-services/CAF/
https://aws.amazon.com/architecture/well-architected/
https://aws.amazon.com/migration-acceleration-program/