AWS Hybrid Cloud Foundation and Use Cases
•
5 gefällt mir•532 views
The document discusses hybrid cloud strategies on AWS. It begins with an overview of transformation approaches like re-hosting, re-provisioning, and re-architecting workloads. It then covers key aspects of a hybrid cloud foundation like networking, security, data integration, and operations management. Specific hybrid use cases like migrations, disaster recovery, edge systems, and data center extension are presented. Customer examples demonstrate how organizations have implemented hybrid solutions on AWS.
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Ähnlich wie AWS Hybrid Cloud Foundation and Use Cases
Ähnlich wie AWS Hybrid Cloud Foundation and Use Cases (20)
Mehr von Tom Laszewski
Mehr von Tom Laszewski (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
AWS Hybrid Cloud Foundation and Use Cases
- 1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Tom Laszewski, AWS Enterprise Architecture Leader https://www.slideshare.net/tomlaszewski AWS Community Day - Norwood, MA October, 2018 Hybrid Cloud on AWS Introduction and Art of the Possible
- 2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Learning Objectives • Transformation to cloud • Customer’s hybrid cloud strategy • The hybrid cloud foundational layers and AWS Landing Zones • Customer AWS hybrid cloud success stories for common hybrid cloud use cases
- 3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Transformation to cloud
- 4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Transform your business in the cloud RE-HOST RE-PROVISION RE-ARCHITECT “Lift and Shift” AWS Migration Hub VMware Cloud on AWS ”Pick and Choose” Fully managed services SaaS “Rewrite and decouple” Microservices Serverless QUICK WINS CLOUD BACK OFFICE MODERNIZE LEGACY RE-PLATFORM “Lift and Reshape” AWS Database Migration Service AWS Marketplace EASY OPTIMIZATIONS
- 5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Customer’s Hybrid Cloud Strategy
- 6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What customers are saying More than 80% of workloads are virtualized today (IDC ) 83% 80% organizations committed to hybrid architectures
- 7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Requirement for hybrid cloud On-premises resources Cloud resources Integration
- 8. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Customer opportunity with Hybrid Cloud Increase IT agility while reducing complexity and risk ACCELERATETIMETO MARKET EXTENDTOTHE CLOUD SCALE SEAMLESSLY OPTIMIZE COSTS MINIMIZE SECURITYVULNERABILITIES MANAGEACROSS IT FOOTPRINTS
- 9. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Hybrid Cloud success stories Start with defining the foundation
- 10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Hybrid Cloud on AWS Hybrid Cloud on AWS Foundation Layer Network Security Operations Management and Monitoring Data Integration Hybrid Cloud Use Cases Migrations Disaster Recovery Data Center Extension Edge Systems Cloud Bursting New Products VMwareCloudonAWS
- 11. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The Foundation Network Security Data Integration Operations Management and Monitoring
- 12. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 172.31.0.0/16 Availability Zone Availability Zone Availability Zone VPC subnet VPC subnet VPC subnet 172.31.0.0/24 172.31.1.0/24 172.31.2.0/24 eu-west-1a eu-west-1b eu-west-1c Network
- 13. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security Integrated Identity and Access Management On-premises Windows Server DC AD You manage 1 VPC EC2 for Windows Server DC AD You manage 2 VPC Endpoint AWS Microsoft AD AWS manages 3 AWS Directory Service for Microsoft Active Directory also known as AWS Managed Microsoft AD
- 14. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Integration AWS Storage Gateway Amazon S3 Amazon Glacier Amazon EBS snapshots Amazon RDS AWS Snowball Amazon MQ
- 15. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Gateway Appliance N E W !
- 16. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon MQ Data integration, delivering new services, data center extension N E W ! CRM MoM Amazon MQ Inventory “We’ve also found that applications are easier to optimize/re-architect once they’re already running in the cloud.” Corporate data center Ordering front end Ordering backend
- 17. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Operations Management and Monitoring Infrastructure Automation Systems Manager Service EC2 Instance Systems Manager Agent EC2 Instance On-Prem Instance Systems Manager Agent Systems Manager Agent Manage your Amazon EC2 and on-premises instances
- 18. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Operations Management and Monitoring Application Automation Source Build Test Production Third Party Tooling Software Release Steps: AWS CodeCommit AWS CodeBuild AWS CodeDeploy AWS CodePipeline EC2 On-Prem
- 19. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Hybrid Cloud Landing Zone
- 20. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The AWS Landing Zone solution An easy-to-deploy solution that automates the setup of new AWS environments Based on AWS best practices and recommendations Initial security and governance controls Baseline accounts and account vending machine Automated deployment
- 21. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Landing Zone structure Organizations account: Account Provisioning Account Access (SSO) Shared Services account: Active Directory Log Analytics Logging account: CloudTrail/Config logs Security account: Audit/Break-glass AWS Organizations AWS SSMAWS Service Catalog Core OU SharedServices account Logging account Security account AWS Organizations account Network Baseline Account Baseline Account Baseline Account Baseline Security Cross- Account Roles AWS Microsoft AD Aggregate CloudTrail and Config Logs Log Reporting Amazon S3 bucket (manifest file) AWS CodePipeline Stacksets AWS SSO
- 22. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Hybrid Cloud Landing Zone - Network Shared Services Landing Zone VPC Account 1 VPCs Account 2 VPCs Account 3 VPCs Account 4 VPCs CORP Corporate Private Network Corporate Public Network AWS Direct Connect
- 23. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Hybrid Cloud Landing Zone – IAM Shared Services Account Security Account CORP AWS Directory Service Organization Account AWS SSO AD Connector Corp SSO (SAML)
- 24. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use Cases and Customer Successes New Products Edge Systems Cloud Bursting Data Center Extension
- 25. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. New Products
- 26. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Building blocks for serverless applications AWS Lambda Amazon DynamoDB Amazon SNS Amazon API Gateway Amazon SQS Amazon Kinesis Amazon S3 Orchestration and State Management API Proxy and GraphQL Messaging and Queues Analytics Monitoring and Debugging Compute Storage Database AWS X-RayAWS Step Functions Amazon Cognito User Management and IdP AWS AppSync Amazon Athena AWS Lambda@Edge
- 27. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Customer case study: Vanguard Features: • Replicate data to the cloud • Refactor the monolithic apps so web pages make AJAX calls to microservices • Migrate batch processes to the cloud, using data in the cloud • Gold copy in cloud—Reverse replication • Treat mainframe record keeping systems as bounded contexts o Integrate with them from the cloud μservice CDC CDC μservice Replicator Dispatcher DB Writers Event Writers Big Data ExtendedHub
- 28. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Customer case study: Capital One
- 29. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Edge Systems
- 30. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Snowball Edge use cases Offline Staging Local Tiering and Compute IoT Local Transformation
- 31. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Moving to the Edge Cloud Storage & Compute Intelligence Insights & Logic → Action Devices Sense & Act AWS IoT Core AWS Greengrass AWS IoT Analytics AWS IoT Device Management Things
- 32. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Customer case study: EnerAllies Moving to the Edge
- 33. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS extension into your data center Amazon RDS on VMware • Single Pane of Glass for management of DB Fleets • Integration with vSphere Management resources: vCenter Plug-In • Cloud Monitoring through AWS Cloud Watch User Experience N E W !
- 34. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cloud Bursting
- 35. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. EC2 Spot is legit Spare capacity at scale
- 36. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Customer case study: FuseFX Why Cloud Bursting using Spot Physical Server Rental • Limited by Power / Cooling Capacity • 24 to 48 Hour Setup time • Over spec to be safe • Hard to return Cloud Bursting • Unlimited capacity • 10 min setup time • Pay for what you use • Flexible Machine Specs • Automated Termination • Leverage SPOT Instances for Inexpensive Compute usage https://youtu.be/ThS9JZDCG_8
- 37. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Customer case study: FuseFX Cloud Bursting using Spot Spot Fleet AWS Direct Connect AMI Deadline DB and Repo Local Render Farm Isilon X410 Cluster m4.16xlarge with EBS Custom Sync solution for Studio Assets
- 38. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data center extension
- 39. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Center Extension Pattern 1: Application Tier on AWS CORP Web App Oracle Database Amazon Route 53 NLB / ALB Amazon CloudFront
- 40. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Center Extension Pattern 2: Database Tier on AWS Web App Amazon Route 53 NLB / ALB Amazon CloudFront CORP Amazon Aurora
- 41. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Customer case study: Brooks Brothers SAP Customer Contact Center application landscape Availability Zone VPC Subnet Corporate Data Center SAP ERP Users Call Center Supporting Systems Stores (POS) SaaS Provider (Data Cleansing) AWS Direct Connect r3.8xlarger3.8xlarge SAP HANA Quick Start: https://aws.amazon.com/quickstart/architecture/sap-hana/ SAP HANA SAP HANA SAP CAR (AS ABAP) SAP CAR (AS ABAP) SAP SLT u-12tb1.metal 12 TiB N E W !
- 42. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Customer case study: Kellogg’s SAP HANA hybrid deployment AWS CloudFormation IAM Amazon CloudWatch Amazon S3 Backup Recovery Kellogg’s Data Center SAP ERP Users Production SAP HANA DB Encrypted VPN Connection Public reference: https://aws.amazon.com/solutions/case-studies/kellogg-company/
- 43. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank You! Hybrid Cloud on AWS - https://aws.amazon.com/enterprise/hybrid/ Enterprise Computing on AWS - https://aws.amazon.com/enterprise/ Cloud Native Architectures book released on August 31st, 2018 - https://tinyurl.com/yczo3goa
Hinweis der Redaktion
- Good morning, good afternoon, evening. Today we are discussing hybrid cloud customer use cases and also cover AWS landing zone and hybrid cloud landing zones as well as a couple of AWS services that are new and help you configure and run a hybrid cloud environment. Assumes knowledge of cloud and basics of AWS Tom Laszewski NA enterprise architecture leader. We have come a long way by listening to our customs. When I joined 6 years ago you cloud not say hybrid..then hybrid architecture…now hybrid cloud. Went from 16 services to over 130 services Let’s go… Level 300 | Solutions Best Practices Operating in a hybrid architecture is a step in the cloud adoption journey for many organizations that have on-premises technology investments. Migrating legacy IT systems takes time, and can be disruptive to current processes, organizational structure, and culture. AWS has developed a broad set of hybrid cloud capabilities across storage, networking, security, application deployment, and management tools to help you build and operate a secure, performant, reliable, and scalable hybrid cloud. Join this tech talk to learn how customers are leveraging AWS hybrid cloud capabilities for cloud bursting and integrating devices and edge systems. The webinar will start with a review of customer success stories for datacenter capacity extension, delivery of new services and applications, and ensuring business continuity and disaster recovery, as well as covering the configuration of a hybrid cloud landing zone. Missed part one? Watch it on-demand. Learning Objectives: • Hear about customer AWS Hybrid Cloud success stories • Learn the best practices of how customers are building hybrid cloud landing zones • Learn the best practices of hybrid cloud for cloud bursting, and integrated devices and edge systems Who Should Attend: Technical Decision Makers, IT Architects, Cloud Architects, Application Developers Speaker(s): Tom Laszewski, Enterprise Technologist, AWS
- With your company embarking on a transformation to cloud there is no need to discuss hybrid cloud, so we will start with an overview of the 4 common transformation patterns. Then alittle about the current state of hybrid cloud in the enterprise. Then discuss the foundational layers of your Hybrid Cloud on AWS – network, IAM and data integration - along with AWS landing zones and how they help you set up an AWS hybrid cloud landing zone. Then discuss three common use cases and associated customer case studies.
- When you think of AWS you may think of moving from CAPEX to OPEX, self service/on demand compute, cost savings, elasticity, stop guessing at capacity planning. However, mist companies cite agility and speed as the number one reason that they choose to move to the cloud. They also select AWS because of security…Rob Alexander, CIO, Capital One has this to say, “Why did we pick AWS for Capital One? We believe we can operate more securely in their cloud than in our own data centers.” … we have come a long way in six years when security was one of the top perceived inhibitors to moving to cloud. AWS has always been and continues to make security job one. And of course innovation…. At enterprise companies today, 2/3 rd of the IT budget is spent in keeping the Lights on…not innovation, and just plain ’staying alive‘ as it is perdicted that 75% of SP 500 will not exist in 2025. ----END
- Rehost -GE and capital one- AWS while reducing its datacenter footprint from 34 to four over the next three years, Capital One eight to three by 2018 -Conde Naste - In just three months, Condé Nast was able to migrate over 500 servers, one petabyte of storage, various mission critical applications (such as HR, Legal, and Sales), and over 100 database servers into the AWS Cloud Re-platform : Verizon moving to Aurora to saving over a million dollars Dunkin dounuts moving all their Oracle footprint to AWS Finra processing 75 billion market events a day on EMR/Hadoop Re-provisioin : Amazon Connect, Workday, Salesforce or Infor. Re-architect (cloud native) – Fender, cox automative, capital one…all using microservices and serverless to use the strangler pattern to gradually migrate workloads to AWS. During the capital one customer case study in this session we will go into detail.
- May think of all in with Netflix, pinterest, Airbnb, lyft, robinhood, Oscar. May not think of think of Coca Cola, Johnson and Johnson, Capital One, GE, Hilton, Hess, Comcast, Disney, Hilton, Dunkin, MassMutual For example, Johnson & Johnson publically stated its selection as AWS for its “all in’ Hybrid Cloud Strategy The company currently leverages the AWS Cloud to run 120 applications and for its big data architecture and Amazon Workspaces cloud-based desktops. https://aws.amazon.com/solutions/case-studies/johnson-and-johnson/ GE is an examples another example of hybrid cloud as they are shuttering all but 4 (hybrid cloud) of its 34 datacenters and has indicated “A.W.S. will be the trusted partner that will run our company's information technology for the next 140 years.”
- According to an IDC study 80% organizations committed to hybrid architectures According to a VMWare cloud survey 92% consider it important to have the same. architecture on and off-premises https://aws.amazon.com/blogs/aws/cloud-computing-server-utilization-the-environment/ - The 2014 Data Center Efficiency Assessment from the NRDC has cloud server utilization at 65% https://pages.awscloud.com/Introduction-to-Hybrid-Cloud-on-AWS_0315-CMP.html?&trk=el_a131L000005tj32QAA&sc_channel=el&sc_campaign=pac_Q1-2018_exlinks_DS_OTT_03DGAB&sc_outcome=Product_Adoption_Campaigns&sc_geo=NAMER&sc_country=mult
- Operational consistency
- Two Big Goals for IT Today 1. Reduce the cost of supporting current technology 2. Be the leader of innovation and transformation at their companies Hybrid cloud can do this by…. 1. Accelerating time to market - Deliver new services that differentiate your business 2. Extend to cloud – integrate infrastructure across on-premise and the cloud 3. Scale seamlessly - Seamlessly add resources across private and public clouds expand globally 4. Optimize costs - Apply your IT budget based on ROI and app requirements 5. Minimize security vulnerabilities - Unify security from the data center to the cloud and device 6. Manage across IT footprints - Manage cost, usage, capacity planning, performance, and security across your infrastructure
- Before we get into the case studies we will go into details regarding the AWS hybrd cloud foundational layers.
- Other use cases – CI/CD and geo expansion Virtual Private Cloud (VPC) with an address space. Public )accessible from internet) and private subnets (accessible from within AWS or through a VPN) VPCs Span multi-Azs (aka data centers) for compute resilency, HA, and scaling. We recommend creating one subnet in each Availability Zone; this will allow you to launch EC2 instances in any of the Availability Zones.
- Be the customer use cases Security, Networking and data integration are foundational. Without them, you can not proceed with any of the use cases and customers successes we Are discussing today.
- Virtual Private Cloud (VPC) with an address space. Public )accessible from internet) and private subnets (accessible from within AWS or through a VPN) VPCs Span multi-Azs (aka data centers) for compute resilency, HA, and scaling. We recommend creating one subnet in each Availability Zone; this will allow you to launch EC2 instances in any of the Availability Zones.
- Active Directory Connector vies you an easy way to establish a trusted relationship between your Active Directory and AWS You can stand up your own AD on AWS - https://docs.aws.amazon.com/quickstart/latest/active-directory-ds/welcome.html AWS Directory Service for Microsoft Active Directory, also known as AWS Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud. AWS Microsoft AD is built on actual Microsoft Active Directory and does not require you to synchronize or replicate data from your existing Active Directory to the cloud. https://aws.amazon.com/directoryservice/
- Describe the services - AWS Storage Gateway – Hybrid Storage Integration, on premises Virtual gateway appliance that can be utilize for backup and restore, pilot light, standby DR, or active/active. AWS. VTL support as well. Amazon S3 – Scalable Storage in the Cloud, as indicated used to store files, EBS snapshots which can be restore storage on AWS and attach to EC2 volumes on AWS. Amazon Glacier – Low-cost archive storage in the cloud. Used to archive on-premises data on AWS much like tapes. Amazon EBS Snapshots - Protect your data by creating point-in-time snapshots of EBS volumes, which are backed up to Amazon S3 for long-term durability. Amazon Machine Images stored in S3 that can be instantiated as EC2 instances. Snowball - Snowball is a petabyte-scale data transport solution that uses devices designed to be secure to transfer large amounts of data into and out of the AWS Cloud. Amazon RDS (relational databse service) – Run a DR Aurora, PostgreSQL, MySQL, MariaDB, Oracle, and Microsoft SQL Server. database in the cloud. Amazon Route53 – Scalable Domain Name System for routing traffic between AWS and on premises. 8. MQ in a few slides.
- Let’s discuss to new AWS services that can be used in a hybrid cloud environment. First one is the gateway appliance. As you can see on amazon.com. https://aws.amazon.com/blogs/aws/new-aws-storage-gateway-hardware-appliance/ - as of last week. Dell EMC PowerEdge R640XL server, pre-loaded with AWS Storage Gateway software AWS Storage Gateway on a packaged hardware appliance further simplifies procurement, deployment, and management of hybrid cloud storage for remote office and departmental IT needs. Use for hybrid cloud backup, archiving and DR, tiered storage, application file storage, and data processing workflows
- New pattern and relatively new AWS Service. Amazon MQ is a managed message broker service for Apache ActiveMQ that makes it easy to set up and operate message brokers in the cloud. Message brokers allow different software systems–often using different programming languages, and on different platforms–to communicate and exchange information. Customer has hybrid architecture and cannot eliminate on-premise JMS based messaging servers due to data residency requirements. They wants to move some applications to the cloud while still having access to the messages on their on-premise system.
- AWS Systems Manager allows you to automate operational actions to help make your teams more efficient. You can automate maintenance and deployment tasks on Amazon EC2 and on-premises instances, or automatically apply patches, updates, and configuration changes across any resource group. Using the EC2 run command no need to SSH into servers to apply patches and reduces security blast radius by reducing need to SSH into instances. Capabilities: Automation Inventory Maintenance windows Parameter store Patch management State management Run command
- 1. AWS Codepipline is a continuous integration and continuous delivery service for fast and reliable application and infrastructure updates. 2. You can store you code in AWS CodeCommit, Build using AWS CodeBuild, testing using third party like Jenkins 3. And they deploy on AWS EC2 or on premise using AWS CodeDeploy …store,build, test on AWS using low cost compute and deploy to where the application resides. AWS CodeDeploy AWS CodeDeploy automates code deployments to any instance, including Amazon EC2 instances and instances running on-premises. AWS CodeDeploy makes it easier for you to rapidly release new features, helps you avoid downtime during application deployment, and handles the complexity of updating your applications. You can use AWS CodeDeploy to automate software deployments, eliminating the need for error-prone manual operations, and the service scales with your infrastructure so you can easily deploy to one instance or thousands.
- To architect, configure, and deploy the foundational components of a hybrid cloud environment can be time consuming. To make this easier AWS has a new solution called AWS Landing Zones. The AWS Landing Zone is a solution that helps customers quickly set up a new AWS environment for multiple accounts. The AWS Landing Zone solution can save customers time by automating the set-up of your environment in line with AWS best practice recommendations.
- First we start by creating a landing zone for the AWS environment…. With the AWS Landing Zone, customers receive a baseline environment that gets them started with a multi-account architecture, identity and access management, governance, data security, network design, and logging. This solution was built to help customers set up net new AWS environments, but can scale to support production implementations for large-scale migrations.
- Account management Framework for creating and baselining a multi-account environment Initial multi-account structure that includes security, audit, and shared service requirements An account vending machine that enables automated deployment of additional accounts with a set of security baselines Identity & Access Management User account access managed through AWS SSO federation Cross-account roles enable centralized management Security and governance Multiple accounts enable separation of duties Initial account security and AWS Config rules baseline Network baseline
- First, the landing Zone AWS account peering provides Cross account VPC peering between Shared Services Landing Zone and account VPCs. Network connectivity from your on-premises data center using Direct Connect in this example. DirectConnect, is a Private connection, Separate from the Internet that provides Port speeds of 1 Gbps, 10 Gbps or sub-1 Gbps. If you have bandwidth-heavy workloads that you wish to run in AWS, AWS Direct Connect can reduce your network costs into and out of AWS. Other option with three options: . VPN - IPsec authentication and encryption through IPSec or SSL through third parties Three options :AWS Managed VPN, Software VPN (EC2) – Cisco CSR on marketplace, or an open source like openswan, openvpn on EC2 https://docs.aws.amazon.com/solutions/latest/cisco-based-transit-vpc/architecture.html
- As was mentioned earlier, three ways to achieve AWS IAM integration with your MS Active Directory. AWS Directory Service for Microsoft Active Directory, Running you own AD on AWS, or the option here which is Active Directory Connector, which gives you an easy way to establish a trusted relationship between your Active Directory and AWS. Which Extends the Corporate AD forest to AWS Directory Service using the AD connector. This extends your SAML based corporate AD/SSO to AWS Landing zone’s AWS SSO to manage SSO access and user permissions across all AWS accounts
- We will discuss some of the AWS Services associated with each of these use cases and go into detail on some customer case studies.
- Hybrid architecture isn’t just about integrating your data centers with the cloud A vast amount of data is being generated by devices as part of the Internet of Things and by systems at remote locations You need to be able to take action where the data source is and in some cases not transfer all the data to the cloud
- The customer stories we will be discussing next ulitilze AWS Serverless services to bring to market new offerings in a hybrid cloud environment. A quick recap of these AWS Serverless services. AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume - there is no charge when your code is not running. You can set up your code to automatically trigger from other AWS services or call it directly from any web or mobile app S3 is an Object storage built to store and retrieve any amount of data from anywhere Dynamodb is a Fast, Fully Managed NoSQL Database Services For Any Scale. Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. Amazon Simple Notification Service (SNS) is a flexible, fully managed pub/sub messaging and mobile notifications service for coordinating the delivery of messages to subscribing endpoints and clients.
- Re-engineering and data-driven augmentation – stangular pattern – can then also do analytics on AWS as wells as move batch processing to AWS as data is now on AWS. Vanguard – reinvent 2017 - https://www.youtube.c om/watch?v=XYwYiQBCcaM – strangulation pattern - AWS re:Invent 2017: From Mainframe to Microservices: Vanguard’s Move to the Cloud (ENT331) Microservices, data insight analytics + Re-engineering Using Attunity CDC to feed data from DB2 z/OS into RDS for PostgreSQL and DynamoDB for Microservices. Writes are put on a Kinesis stream for updates back to mainframe. Also replicating out to S3 for Analytics. https://www.youtube.com/watch?v=ZijgjGqlqVw – this is my architecture COBOL, DB2, VSAM, CICS, MQ This Is My Architecture video
- Capital One https://medium.com/capitalonetech/serverless-transactions-serve-customers-e4a279940707 Millions of customer transactions. https://www.youtube.com/watch?v=7plkSUN6DAE#t=31m18s - AWS re:Invent 2017: Optimizing Serverless Application Data Tiers with Amazon DynamoD (SRV301) A mainframe is a complex system where any change requires analysis of a deep web of dependencies. We determined that in our legacy systems, close to 80% of the traffic was related to reading transactions. This insight gave us our focus: implement a system in the Cloud that would serve the read-only traffic and be fed by the mainframe in batch and in near real-time modes. Second, establish success criteria – data modernization, mobile access/digital Here’s what our team agreed that serverless needed to deliver: Consumer accounts and financial transactions on modern cloud-based serverless infrastructure, within a system that is scalable, reliable, and extensible
- Hybrid architecture isn’t just about integrating your data centers with the cloud A vast amount of data is being generated by devices as part of the Internet of Things and by systems at remote locations You need to be able to take action where the data source is and in some cases not transfer all the data to the cloud
- AWS Snowball Edge is a 100TB data transfer device with on-board storage and compute capabilities. Upper right hand corner, was originally snowball for data migration. Offline data collection, such as on a ship where immediate analysis needs to happen. Sensor data on windmills, and alerts can be sent immediately. Hospitals for local tiering and compute of MRI images can happen. Can transform or even eliminate some of the data you send to the cloud. Local ETL.
- Panera Bread, Pizza Hut reinventing energy management reduce HVAC energy costs by up to 30 percent annually https://aws.amazon.com/partners/success/enerallies/ EnerAllies, a private technology company based in Silicon Valley, is reinventing energy management for small-format, multisite enterprises, with a focus on restaurant and retail brands such as Panera Bread, Pizza Hut, and Cycle Gear. The company provides an integrated suite of software and services that is proven to reduce HVAC energy costs by up to 30 percent annually; save on equipment repairs with predictive analytics “Initially, we re-architected the Virtual Energy Manager software application to work with AWS IoT,” explains Nitin Tyagi, vice president of enterprise solutions at Cambridge Technology. “We also worked with the thermostat manufacturers to enable the devices to work with AWS IoT.” Cambridge Technology also helped EnerAllies use AWS to build a diagnostic platform that monitors on-premise equipment so customers can be notified of impending issues. "EnerAllies’ use of advanced analytics powered by Amazon Machine Learning provides customers with an early warning of equipment failure so they can avoid catastrophic outages and reduce repair costs," says Tyagi.
- You can now run Amazon RDS on-premises using Vmware. This is the revere of extending your data center into the cloud/AWS. This is extending AWS into your data center by running Amazon RDS on-premises. You can use the same management and monitoring tool you use on on-premises today – vSphere. vSphere uses AWS cloud watch to monitor you on-premises Amazon RDS running Microsoft SQL Server, Oracle, PostgreSQL, MySQL, and MariaDB databases. There is no need to retrain developer, database, operations, administration or security people.
- Cloudbursting is an application hosting model which combines existing corporate infrastructure with new, cloud-based infrastructure to create a powerful, highly scalable application hosting environment. https://aws.amazon.com/blogs/aws/cloudbursting/
- What is AWS Spot instances are spare compute capacity in the AWS cloud available to you at steep discounts compared to On-Demand prices, up to 90%. two-minute warning, formally known as a Spot Instance Termination Notice…however, with the new Hibernate and Stop-Start features, Spot will automatically pause and resume your work around interruptions
- Is a FuseFX visual effects studio that provides visual effects services for film, television, commercials, games, and special venues. small bursts of rendering from time to time for FuseFX ---talk to points on slide. Key Points Setup Time. Need to react fast because of schedules Finite limit based on your infrastructure. Like Storage. You will fill it up
- I will explain this diagram Data synchronization is key and as well as acquire the licenses bursting which allow you to burst into the cloud. Doing all this with low bandwidth into cloud (DirectConnect). First shared with our primary internet connection Qumulo is a clustered file system for AWS for high performance file storage in the public cloud. QF2 for AWS can be configured to support use cases from active archive to cloud rendering and more. The reason we can do this is because of FuseSync and our attention to the process of being efficient with data transfer. Need to have control over your pipeline. PLAN PLAN PLAN TEST TEST TEST Do this with low bandwidth and low latency
- The last use case covered is data center extension - Extend your data center into AWS using VPC, DirectConnect or VPN. We will cover 2 customers case studies, both with well established companies that I am sure most of you see during your breakfast meal or inside of your sport jacket.
- 1. In some cases, perhaps because of integration of data integration with the Oracle database with other databases or applications that are not moving to cloud today. It is relatively easy to lift and shift the Application tier to AWS and then front end with AWS Cloud Front for web traffic caching, Route53 for DNS resolution, and use AWS ELB and auto scaling to load balance and scale the application tier.
- 1. In some cases, you want to take advantage of ‘Database Freedom’ (reducing licensing cost of on premises Oracle database by running your relational database on AWS using AWS Aurora - PostgresSQL. Migrate the Oracle Database to using Amazon Aurorau using the AWS Schema Conversion Tool (AWS SCT) and AWS Database Migration Service (AWS DMS).. You can still use AWS Cloud Front for web traffic caching, Route53 for DNS resolution, and use AWS NLB/ALB (NLB and ALB can load balance your on-premises web servers). The on-premises application server communicates to the Amazon Aurora database running in one of the 14 out of 18 AWS regions globally. Amazon Aurora is can be clustered across multi-Azs to provide HA. You can also have read replicas in other Azs or other regions to off load read traffic/analytics to the read replica. You can enable cross region replication for even greater business continuity.
- Brooks Brothers founded in 1818. They wanted to spin SAP Hana deployments in AWS quickly. They have SaaS providers doing data centers and because they have been around for so long they have existing data centers. They used AWS directconnect to deploy analytics when they needed to (could be considered a cloud bursting use cases as well). They utilized AWS quickstart . Quickstart are written by AWS Solution Architects or ISV and SI partners to quickly set up a landing zone using CloudFormation to quickly set up infrastructure on AWS. Can spin up an entire data center in 10-20 minutes. This QS was written by SAP. Download the QS at link above. The Altair 8800 computer that I built in 1977 had just 4 kilobytes of memory. Today I was able to use an EC2 instance with 12 terabytes (12 tebibytes to be exact) of memory, almost 4 billion times as much! u-12tb1.metal 12 TiB
- Founded in 1898 Much like the Brooks Brothers cases study but this customer success demonstrates that AWS DirectConnect is not required for hybrid cloud as Kellogg’s using a IPSec VPN tunnel – VPN quicker to configure /setup then DirectConnect. Like Brookes Brothers, Kellogs also around for a long time – 1898. Run CRM and analytics using Hana on AWS.. you can also see the use of some of the run services I mentioned earlier in the session - Amazon CloudWatch for monitoring of AWS services, and CloudFormation for configuring the virtual data center (what AWS calls the landing zone…recommend search for AWS landing zone for more details). Amazon S3 for backup and recovery, and IAM for authentication and authorization. Because SAP works on the AWS Cloud, the company knew it could achieve the speed, performance, and agility it required without making a significant investment in physical hardware. Kellogg decided to start immediately with test and development environments for its US operations. The company is now running the SAP Accelerated Trade Promotion Management (TPM) solution, powered by SAP HANA and leveraging multiple AWS instance types for both the SAP application and HANA database layers. These Amazon Elastic Compute Cloud (Amazon EC2) instances process 16 TB of sales data weekly from promotions in the US, modeling dozens of data simulations a day. The company also uses Amazon Virtual Private Cloud (Amazon VPC), which is connected directly to the Kellogg data centers to allow access to SAP TPM directly for employees who are on the company network. Amazon Simple Storage Service (Amazon S3) is used for data backups, including HANA, and Amazon Elastic Block Store (Amazon EBS) provisioned IOPS (P-IOPS) volumes for storage. The company logs events using AWS Identity and Access Management (AWS IAM). Kellogg uses Amazon CloudWatch for monitoring, which helps the company allocate costs to each department based on their individual infrastructure use. “CloudWatch helps our people make better decisions around the capacity they need, so that they can avoid waste,” McIlwain says. “We were never able to do that with our on-premises infrastructure. AWS breaks down usage and cost to such a granular level that we can identify which costs come from which department, like a toll model.” Costs and benefits of this IT service can now be aligned so that Kellogg can assess the true return on investment. For high availability, Kellogg leverages multiple AWS Availability Zones (AZs) without the additional cost of maintaining a separate datacenter.
- Thanks for attending, as a next step/action, in the next 48 hours take action in the following way… Hybrid cloud site which provides additional information and details regarding the information discussed today. Enterprise cloud with hybrid customer successes with Johnson and Johnson, Comcast, Hess, Pacific Life and more. The last item is a new cloud native architecture book that was just released that I co-authored with three AWS colleagues that goes into extensive details on the AWS serverless services I briefly touched on today.