The document discusses hybrid cloud strategies on AWS. It begins with an overview of transformation approaches like re-hosting, re-provisioning, and re-architecting workloads. It then covers key aspects of a hybrid cloud foundation like networking, security, data integration, and operations management. Specific hybrid use cases like migrations, disaster recovery, edge systems, and data center extension are presented. Customer examples demonstrate how organizations have implemented hybrid solutions on AWS.
Good morning, good afternoon, evening.
Today we are discussing hybrid cloud customer use cases and also cover AWS landing zone and hybrid cloud landing zones as well as a couple of AWS services that are new and help you configure and run a hybrid cloud environment.
Assumes knowledge of cloud and basics of AWS
Tom Laszewski NA enterprise architecture leader.
We have come a long way by listening to our customs. When I joined 6 years ago you cloud not say hybrid..then hybrid architecture…now hybrid cloud. Went from 16 services to over 130 services
Let’s go…
Level 300 | Solutions Best Practices
Operating in a hybrid architecture is a step in the cloud adoption journey for many organizations that have on-premises technology investments. Migrating legacy IT systems takes time, and can be disruptive to current processes, organizational structure, and culture. AWS has developed a broad set of hybrid cloud capabilities across storage, networking, security, application deployment, and management tools to help you build and operate a secure, performant, reliable, and scalable hybrid cloud. Join this tech talk to learn how customers are leveraging AWS hybrid cloud capabilities for cloud bursting and integrating devices and edge systems. The webinar will start with a review of customer success stories for datacenter capacity extension, delivery of new services and applications, and ensuring business continuity and disaster recovery, as well as covering the configuration of a hybrid cloud landing zone. Missed part one? Watch it on-demand.
Learning Objectives: • Hear about customer AWS Hybrid Cloud success stories• Learn the best practices of how customers are building hybrid cloud landing zones• Learn the best practices of hybrid cloud for cloud bursting, and integrated devices and edge systems
Who Should Attend: Technical Decision Makers, IT Architects, Cloud Architects, Application DevelopersSpeaker(s): Tom Laszewski, Enterprise Technologist, AWS
With your company embarking on a transformation to cloud there is no need to discuss hybrid cloud, so we will start with an overview of the 4 common transformation patterns. Then alittle about the current state of hybrid cloud in the enterprise. Then discuss the foundational layers of your Hybrid Cloud on AWS – network, IAM and data integration - along with AWS landing zones and how they help you set up an AWS hybrid cloud landing zone. Then discuss three common use cases and associated customer case studies.
When you think of AWS you may think of moving from CAPEX to OPEX, self service/on demand compute, cost savings, elasticity, stop guessing at capacity planning. However, mist companies cite agility and speed as the number one reason that they choose to move to the cloud. They also select AWS because of security…Rob Alexander, CIO, Capital One has this to say, “Why did we pick AWS for Capital One? We believe we can operate more securely in their cloud than in our own data centers.” … we have come a long way in six years when security was one of the top perceived inhibitors to moving to cloud. AWS has always been and continues to make security job one.
And of course innovation…. At enterprise companies today, 2/3 rd of the IT budget is spent in keeping the Lights on…not innovation, and just plain ’staying alive‘ as it is perdicted that 75% of SP 500 will not exist in 2025.
----END
Rehost
-GE and capital one- AWS while reducing its datacenter footprint from 34 to four over the next three years, Capital One eight to three by 2018
-Conde Naste - In just three months, Condé Nast was able to migrate over 500 servers, one petabyte of storage, various mission critical applications (such as HR, Legal, and Sales), and over 100 database servers into the AWS Cloud
Re-platform :
Verizon moving to Aurora to saving over a million dollars
Dunkin dounuts moving all their Oracle footprint to AWS
Finra processing 75 billion market events a day on EMR/Hadoop
Re-provisioin : Amazon Connect, Workday, Salesforce or Infor.
Re-architect (cloud native) – Fender, cox automative, capital one…all using microservices and serverless to use the strangler pattern to gradually migrate workloads to AWS. During the capital one customer case study in this session we will go into detail.
May think of all in with Netflix, pinterest, Airbnb, lyft, robinhood, Oscar. May not think of think of Coca Cola, Johnson and Johnson, Capital One, GE, Hilton, Hess, Comcast, Disney, Hilton, Dunkin, MassMutual
For example,
Johnson & Johnson publically stated its selection as AWS for its “all in’ Hybrid Cloud Strategy The company currently leverages the AWS Cloud to run 120 applications and for its big data architecture and Amazon Workspaces cloud-based desktops. https://aws.amazon.com/solutions/case-studies/johnson-and-johnson/
GE is an examples another example of hybrid cloud as they are shuttering all but 4 (hybrid cloud) of its 34 datacenters and has indicated “A.W.S. will be the trusted partner that will run our company's information technology for the next 140 years.”
According to an IDC study 80% organizations committed to hybrid architectures
According to a VMWare cloud survey 92% consider it important to have the same. architecture on and off-premises
https://aws.amazon.com/blogs/aws/cloud-computing-server-utilization-the-environment/ - The 2014 Data Center Efficiency Assessment from the NRDC has cloud server utilization at 65%
https://pages.awscloud.com/Introduction-to-Hybrid-Cloud-on-AWS_0315-CMP.html?&trk=el_a131L000005tj32QAA&sc_channel=el&sc_campaign=pac_Q1-2018_exlinks_DS_OTT_03DGAB&sc_outcome=Product_Adoption_Campaigns&sc_geo=NAMER&sc_country=mult
Operational consistency
Two Big Goals for IT Today
1. Reduce the cost of supporting current technology
2. Be the leader of innovation and transformation at their companies
Hybrid cloud can do this by….
1. Accelerating time to market - Deliver new services that differentiate your business
2. Extend to cloud – integrate infrastructure across on-premise and the cloud
3. Scale seamlessly - Seamlessly add resources across private and public clouds expand globally
4. Optimize costs - Apply your IT budget based on ROI and app requirements
5. Minimize security vulnerabilities - Unify security from the data center to the cloud and device
6. Manage across IT footprints - Manage cost, usage, capacity planning, performance, and security across your infrastructure
Before we get into the case studies we will go into details regarding the AWS hybrd cloud foundational layers.
Other use cases – CI/CD and geo expansion
Virtual Private Cloud (VPC) with an address space.
Public )accessible from internet) and private subnets (accessible from within AWS or through a VPN)
VPCs Span multi-Azs (aka data centers) for compute resilency, HA, and scaling.
We recommend creating one subnet in each Availability Zone; this will allow you to launch EC2 instances in any of the Availability Zones.
Be the customer use cases Security, Networking and data integration are foundational. Without them, you can not proceed with any of the use cases and customers successes we
Are discussing today.
Virtual Private Cloud (VPC) with an address space.
Public )accessible from internet) and private subnets (accessible from within AWS or through a VPN)
VPCs Span multi-Azs (aka data centers) for compute resilency, HA, and scaling.
We recommend creating one subnet in each Availability Zone; this will allow you to launch EC2 instances in any of the Availability Zones.
Active Directory Connector vies you an easy way to establish a trusted relationship between your Active Directory and AWS
You can stand up your own AD on AWS - https://docs.aws.amazon.com/quickstart/latest/active-directory-ds/welcome.html
AWS Directory Service for Microsoft Active Directory, also known as AWS Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud. AWS Microsoft AD is built on actual Microsoft Active Directory and does not require you to synchronize or replicate data from your existing Active Directory to the cloud. https://aws.amazon.com/directoryservice/
Describe the services -
AWS Storage Gateway – Hybrid Storage Integration, on premises Virtual gateway appliance that can be utilize for backup and restore, pilot light, standby DR, or active/active. AWS. VTL support as well.
Amazon S3 – Scalable Storage in the Cloud, as indicated used to store files, EBS snapshots which can be restore storage on AWS and attach to EC2 volumes on AWS.
Amazon Glacier – Low-cost archive storage in the cloud. Used to archive on-premises data on AWS much like tapes.
Amazon EBS Snapshots - Protect your data by creating point-in-time snapshots of EBS volumes, which are backed up to Amazon S3 for long-term durability. Amazon Machine Images stored in S3 that can be instantiated as EC2 instances.
Snowball - Snowball is a petabyte-scale data transport solution that uses devices designed to be secure to transfer large amounts of data into and out of the AWS Cloud.
Amazon RDS (relational databse service) – Run a DR Aurora, PostgreSQL, MySQL, MariaDB, Oracle, and Microsoft SQL Server. database in the cloud.
Amazon Route53 – Scalable Domain Name System for routing traffic between AWS and on premises.
8. MQ in a few slides.
Let’s discuss to new AWS services that can be used in a hybrid cloud environment. First one is the gateway appliance. As you can see on amazon.com.
https://aws.amazon.com/blogs/aws/new-aws-storage-gateway-hardware-appliance/ - as of last week.
Dell EMC PowerEdge R640XL server, pre-loaded with AWS Storage Gateway software AWS Storage Gateway on a packaged hardware appliance further simplifies procurement, deployment, and management of hybrid cloud storage for remote office and departmental IT needs. Use for hybrid cloud backup, archiving and DR, tiered storage, application file storage, and data processing workflows
New pattern and relatively new AWS Service.
Amazon MQ is a managed message broker service for Apache ActiveMQ that makes it easy to set up and operate message brokers in the cloud. Message brokers allow different software systems–often using different programming languages, and on different platforms–to communicate and exchange information.
Customer has hybrid architecture and cannot eliminate on-premise JMS based messaging servers due to data residency requirements.
They wants to move some applications to the cloud while still having access to the messages on their on-premise system.
AWS Systems Manager allows you to automate operational actions to help make your teams more efficient. You can automate maintenance and deployment tasks on Amazon EC2 and on-premises instances, or automatically apply patches, updates, and configuration changes across any resource group.
Using the EC2 run command no need to SSH into servers to apply patches and reduces security blast radius by reducing need to SSH into instances.
Capabilities:
Automation
Inventory
Maintenance windows
Parameter store
Patch management
State management
Run command
1. AWS Codepipline is a continuous integration and continuous delivery service for fast and reliable application and infrastructure updates.
2. You can store you code in AWS CodeCommit, Build using AWS CodeBuild, testing using third party like Jenkins
3. And they deploy on AWS EC2 or on premise using AWS CodeDeploy
…store,build, test on AWS using low cost compute and deploy to where the application resides.
AWS CodeDeploy
AWS CodeDeploy automates code deployments to any instance, including Amazon EC2 instances and instances running on-premises. AWS CodeDeploy makes it easier for you to rapidly release new features, helps you avoid downtime during application deployment, and handles the complexity of updating your applications. You can use AWS CodeDeploy to automate software deployments, eliminating the need for error-prone manual operations, and the service scales with your infrastructure so you can easily deploy to one instance or thousands.
To architect, configure, and deploy the foundational components of a hybrid cloud environment can be time consuming. To make this easier AWS has a new solution called AWS Landing Zones.
The AWS Landing Zone is a solution that helps customers quickly set up a new AWS environment for multiple accounts. The AWS Landing Zone solution can save customers time by automating the set-up of your environment in line with AWS best practice recommendations.
First we start by creating a landing zone for the AWS environment….
With the AWS Landing Zone, customers receive a baseline environment that gets them started with a multi-account architecture, identity and access management, governance, data security, network design, and logging. This solution was built to help customers set up net new AWS environments, but can scale to support production implementations for large-scale migrations.
Account management
Framework for creating and baselining a multi-account environment
Initial multi-account structure that includes security, audit, and shared service requirements
An account vending machine that enables automated deployment of additional accounts with a set of security baselines
Identity & Access Management
User account access managed through AWS SSO federation
Cross-account roles enable centralized management
Security and governance
Multiple accounts enable separation of duties
Initial account security and AWS Config rules baseline
Network baseline
First, the landing Zone AWS account peering provides Cross account VPC peering between Shared Services Landing Zone and account VPCs.
Network connectivity from your on-premises data center using Direct Connect in this example.
DirectConnect, is a Private connection, Separate from the Internet that provides Port speeds of 1 Gbps, 10 Gbps or sub-1 Gbps. If you have bandwidth-heavy workloads that you wish to run in AWS, AWS Direct Connect can reduce your network costs into and out of AWS.
Other option with three options:
. VPN - IPsec authentication and encryption through IPSec or SSL through third parties
Three options :AWS Managed VPN, Software VPN (EC2) – Cisco CSR on marketplace, or an open source like openswan, openvpn on EC2
https://docs.aws.amazon.com/solutions/latest/cisco-based-transit-vpc/architecture.html
As was mentioned earlier, three ways to achieve AWS IAM integration with your MS Active Directory. AWS Directory Service for Microsoft Active Directory, Running you own AD on AWS, or the option here which is Active Directory Connector, which gives you an easy way to establish a trusted relationship between your Active Directory and AWS. Which Extends the Corporate AD forest to AWS Directory Service using the AD connector. This extends your SAML based corporate AD/SSO to AWS Landing zone’s AWS SSO to manage SSO access and user permissions across all AWS accounts
We will discuss some of the AWS Services associated with each of these use cases and go into detail on some customer case studies.
Hybrid architecture isn’t just about integrating your data centers with the cloud
A vast amount of data is being generated by devices as part of the Internet of Things and by systems at remote locations
You need to be able to take action where the data source is and in some cases not transfer all the data to the cloud
The customer stories we will be discussing next ulitilze AWS Serverless services to bring to market new offerings in a hybrid cloud environment. A quick recap of these AWS Serverless services.
AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume - there is no charge when your code is not running. You can set up your code to automatically trigger from other AWS services or call it directly from any web or mobile app
S3 is an Object storage built to store and retrieve any amount of data from anywhere
Dynamodb is a Fast, Fully Managed NoSQL Database Services For Any Scale.
Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications.
Amazon Simple Notification Service (SNS) is a flexible, fully managed pub/sub messaging and mobile notifications service for coordinating the delivery of messages to subscribing endpoints and clients.
Re-engineering and data-driven augmentation – stangular pattern – can then also do analytics on AWS as wells as move batch processing to AWS as data is now on AWS.
Vanguard – reinvent 2017 - https://www.youtube.c om/watch?v=XYwYiQBCcaM – strangulation pattern - AWS re:Invent 2017: From Mainframe to Microservices: Vanguard’s Move to the Cloud (ENT331)
Microservices, data insight analytics + Re-engineering
Using Attunity CDC to feed data from DB2 z/OS into RDS for PostgreSQL and DynamoDB for Microservices. Writes are put on a Kinesis stream for updates back to mainframe. Also replicating out to S3 for Analytics.
https://www.youtube.com/watch?v=ZijgjGqlqVw – this is my architecture
COBOL, DB2, VSAM, CICS, MQ
This Is My Architecture video
Capital One
https://medium.com/capitalonetech/serverless-transactions-serve-customers-e4a279940707
Millions of customer transactions.
https://www.youtube.com/watch?v=7plkSUN6DAE#t=31m18s - AWS re:Invent 2017: Optimizing Serverless Application Data Tiers with Amazon DynamoD (SRV301)
A mainframe is a complex system where any change requires analysis of a deep web of dependencies. We determined that in our legacy systems, close to 80% of the traffic was related to reading transactions. This insight gave us our focus: implement a system in the Cloud that would serve the read-only traffic and be fed by the mainframe in batch and in near real-time modes.
Second, establish success criteria – data modernization, mobile access/digitalHere’s what our team agreed that serverless needed to deliver:
Consumer accounts and financial transactions on modern cloud-based serverless infrastructure, within a system that is scalable, reliable, and extensible
Hybrid architecture isn’t just about integrating your data centers with the cloud
A vast amount of data is being generated by devices as part of the Internet of Things and by systems at remote locations
You need to be able to take action where the data source is and in some cases not transfer all the data to the cloud
AWS Snowball Edge is a 100TB data transfer device with on-board storage and compute capabilities. Upper right hand corner, was originally snowball for data migration.
Offline data collection, such as on a ship where immediate analysis needs to happen.
Sensor data on windmills, and alerts can be sent immediately.
Hospitals for local tiering and compute of MRI images can happen.
Can transform or even eliminate some of the data you send to the cloud. Local ETL.
Panera Bread, Pizza Hut
reinventing energy management
reduce HVAC energy costs by up to 30 percent annually
https://aws.amazon.com/partners/success/enerallies/
EnerAllies, a private technology company based in Silicon Valley, is reinventing energy management for small-format, multisite enterprises, with a focus on restaurant and retail brands such as Panera Bread, Pizza Hut, and Cycle Gear. The company provides an integrated suite of software and services that is proven to reduce HVAC energy costs by up to 30 percent annually; save on equipment repairs with predictive analytics
“Initially, we re-architected the Virtual Energy Manager software application to work with AWS IoT,” explains Nitin Tyagi, vice president of enterprise solutions at Cambridge Technology. “We also worked with the thermostat manufacturers to enable the devices to work with AWS IoT.”
Cambridge Technology also helped EnerAllies use AWS to build a diagnostic platform that monitors on-premise equipment so customers can be notified of impending issues. "EnerAllies’ use of advanced analytics powered by Amazon Machine Learning provides customers with an early warning of equipment failure so they can avoid catastrophic outages and reduce repair costs," says Tyagi.
You can now run Amazon RDS on-premises using Vmware. This is the revere of extending your data center into the cloud/AWS. This is extending AWS into your data center by running Amazon RDS on-premises. You can use the same management and monitoring tool you use on on-premises today – vSphere. vSphere uses AWS cloud watch to monitor you on-premises Amazon RDS running Microsoft SQL Server, Oracle, PostgreSQL, MySQL, and MariaDB databases. There is no need to retrain developer, database, operations, administration or security people.
Cloudbursting is an application hosting model which combines existing corporate infrastructure with new, cloud-based infrastructure to create a powerful, highly scalable application hosting environment.
https://aws.amazon.com/blogs/aws/cloudbursting/
What is AWS Spot instances are spare compute capacity in the AWS cloud available to you at steep discounts compared to On-Demand prices, up to 90%.
two-minute warning, formally known as a Spot Instance Termination Notice…however, with the new Hibernate and Stop-Start features, Spot will automatically pause and resume your work around interruptions
Is a FuseFX visual effects studio that provides visual effects services for film, television, commercials, games, and special venues.
small bursts of rendering from time to time for FuseFX
---talk to points on slide.
Key Points
Setup Time. Need to react fast because of schedules
Finite limit based on your infrastructure. Like Storage. You will fill it up
I will explain this diagram
Data synchronization is key and as well as acquire the licenses bursting which allow you to burst into the cloud.
Doing all this with low bandwidth into cloud (DirectConnect). First shared with our primary internet connection
Qumulo is a clustered file system for AWS for high performance file storage in the public cloud. QF2 for AWS can be configured to support use cases from active archive to cloud rendering and more.
The reason we can do this is because of FuseSync and our attention to the process of being efficient with data transfer. Need to have control over your pipeline. PLAN PLAN PLAN TEST TEST TEST
Do this with low bandwidth and low latency
The last use case covered is data center extension - Extend your data center into AWS using VPC, DirectConnect or VPN. We will cover 2 customers case studies, both with well established companies that I am sure most of you see during your breakfast meal or inside of your sport jacket.
1. In some cases, perhaps because of integration of data integration with the Oracle database with other databases or applications that are not moving to cloud today. It is relatively easy to lift and shift the Application tier to AWS and then front end with AWS Cloud Front for web traffic caching, Route53 for DNS resolution, and use AWS ELB and auto scaling to load balance and scale the application tier.
1. In some cases, you want to take advantage of ‘Database Freedom’ (reducing licensing cost of on premises Oracle database by running your relational database on AWS using AWS Aurora - PostgresSQL. Migrate the Oracle Database to using Amazon Aurorau using the AWS Schema Conversion Tool (AWS SCT) and AWS Database Migration Service (AWS DMS).. You can still use AWS Cloud Front for web traffic caching, Route53 for DNS resolution, and use AWS NLB/ALB (NLB and ALB can load balance your on-premises web servers). The on-premises application server communicates to the Amazon Aurora database running in one of the 14 out of 18 AWS regions globally. Amazon Aurora is can be clustered across multi-Azs to provide HA. You can also have read replicas in other Azs or other regions to off load read traffic/analytics to the read replica. You can enable cross region replication for even greater business continuity.
Brooks Brothers founded in 1818. They wanted to spin SAP Hana deployments in AWS quickly. They have SaaS providers doing data centers and because they have been around for so long they have existing data centers. They used AWS directconnect to deploy analytics when they needed to (could be considered a cloud bursting use cases as well). They utilized AWS quickstart . Quickstart are written by AWS Solution Architects or ISV and SI partners to quickly set up a landing zone using CloudFormation to quickly set up infrastructure on AWS. Can spin up an entire data center in 10-20 minutes. This QS was written by SAP. Download the QS at link above.
The Altair 8800 computer that I built in 1977 had just 4 kilobytes of memory. Today I was able to use an EC2 instance with 12 terabytes (12 tebibytes to be exact) of memory, almost 4 billion times as much! u-12tb1.metal 12 TiB
Founded in 1898
Much like the Brooks Brothers cases study but this customer success demonstrates that AWS DirectConnect is not required for hybrid cloud as Kellogg’s using a IPSec VPN tunnel – VPN quicker to configure /setup then DirectConnect.
Like Brookes Brothers, Kellogs also around for a long time – 1898. Run CRM and analytics using Hana on AWS..
you can also see the use of some of the run services I mentioned earlier in the session - Amazon CloudWatch for monitoring of AWS services, and CloudFormation for configuring the virtual data center (what AWS calls the landing zone…recommend search for AWS landing zone for more details). Amazon S3 for backup and recovery, and IAM for authentication and authorization.
Because SAP works on the AWS Cloud, the company knew it could achieve the speed, performance, and agility it required without making a significant investment in physical hardware. Kellogg decided to start immediately with test and development environments for its US operations.
The company is now running the SAP Accelerated Trade Promotion Management (TPM) solution, powered by SAP HANA and leveraging multiple AWS instance types for both the SAP application and HANA database layers. These Amazon Elastic Compute Cloud (Amazon EC2) instances process 16 TB of sales data weekly from promotions in the US, modeling dozens of data simulations a day.
The company also uses Amazon Virtual Private Cloud (Amazon VPC), which is connected directly to the Kellogg data centers to allow access to SAP TPM directly for employees who are on the company network. Amazon Simple Storage Service (Amazon S3) is used for data backups, including HANA, and Amazon Elastic Block Store (Amazon EBS) provisioned IOPS (P-IOPS) volumes for storage. The company logs events using AWS Identity and Access Management (AWS IAM).
Kellogg uses Amazon CloudWatch for monitoring, which helps the company allocate costs to each department based on their individual infrastructure use. “CloudWatch helps our people make better decisions around the capacity they need, so that they can avoid waste,” McIlwain says. “We were never able to do that with our on-premises infrastructure. AWS breaks down usage and cost to such a granular level that we can identify which costs come from which department, like a toll model.” Costs and benefits of this IT service can now be aligned so that Kellogg can assess the true return on investment.
For high availability, Kellogg leverages multiple AWS Availability Zones (AZs) without the additional cost of maintaining a separate datacenter.
Thanks for attending, as a next step/action, in the next 48 hours take action in the following way…
Hybrid cloud site which provides additional information and details regarding the information discussed today.
Enterprise cloud with hybrid customer successes with Johnson and Johnson, Comcast, Hess, Pacific Life and more.
The last item is a new cloud native architecture book that was just released that I co-authored with three AWS colleagues that goes into extensive details on the AWS serverless services I briefly touched on today.