MassMutual Goes Cloud-First with Hybrid Cloud on AWS
•
1 gefällt mir•592 views
In this session, we discuss how MassMutual adopts a cloud first strategy and their journey to hybrid cloud on AWS. Specifically, we will cover four aspects of MassMutual's hybrid cloud on AWS architecture. 1. Use of AWS Well Architected Framework to create MassMutual’s Cloud Minimal Viable Product (MVP) document. 2. Deep dive into MassMutual's multi-account, multi-region architecture. 3. Achieving cloud Governance, Risk, and Compliance (GRC) via tooling and automation. 4. Demonstrate how MassMutual deploys fully compliant Hybrid Cloud environments in less than 5 min. In addition, this session will showcase some of MassMutual's actual hybrid deployments and share the benefits from using AWS.
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (10)
Ähnlich wie MassMutual Goes Cloud-First with Hybrid Cloud on AWS
Ähnlich wie MassMutual Goes Cloud-First with Hybrid Cloud on AWS (20)
Mehr von Tom Laszewski
Mehr von Tom Laszewski (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
MassMutual Goes Cloud-First with Hybrid Cloud on AWS
- 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. MassMutualGoesCloud-First withHybridCloud onAWS Stanko Dimitrov Cloud Solutions Architect MassMutual/Architecture and Design https://www.linkedin.com/in/spdimitrov/ E N T 2 1 0 Wadis Flores Cloud Solutions Architect MassMutual/Architecture and Design
- 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
- 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Whoweare
- 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. MassMutualcloud-first strategy
- 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. MassMutual’shybrid cloud journey
- 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. MassMutualcloud MVP
- 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hybrid cloud solution design AWSaccountstructure Enterprise log management Enterprise showbackchargeback Logs Financial data VPC Peering DC & VPN Connections Corporate data center Active directory Identity federation Ent non-prod account Ent prod account BU/devops non-prod account BU/devops prod account Sandbox account Consolidated billing account Shared services account
- 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hybrid cloud solution design Networktopology Amazon Route 53 VGW US-EAST-1 VGW US-EAST-2 VGW US-WEST-1 VGW US-WEST-2 DC Gateway DC Gateway Cross region VPC peering Cross region VPC peering Cross region VPC peering VPNVPN VPNVPN
- 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Achievingcloud governance, risk,and compliance (GRC) viatooling and automation
- 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Achievingcloud governance, risk,and compliance (GRC) viatooling and automation Serverlessautomationexamples Security group Amazon CloudWatch Events Lambda Functions Amazon SNS Amazon SNS Email notification Email notification Event rule match Amazon CloudWatch Events Lambda Functions Amazon SNS Amazon SNS Email notification Email notification Event rule match Error AWS CloudTrail Turn on logging
- 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Achievingcloud governance, risk,and compliance (GRC) viatooling and automation Policybasedcomplianceexample
- 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Achievingcloud governance, risk,and compliance (GRC) viatooling and automation Bootstrappingexample Instance 5. Install, configure 4. Fetch packages S3 bucket Playbook store 2. Callback URL 3. Run job template Job status handler API gateway AWS Lambda User AWS CloudFormation AWS Service Catalog AutoScaling Elastic Beanstalk AMI 1. Launch EC2 with user data script
- 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. MassMutual’shybrid cloud usecases SAPBW/HANA AWS cloud Availability Zone A Availability Zone B US-EAST Prod Application Load Balancer BW Instances HANA DB Instances BW InstancesHANA DB InstancesSync replication Availability Zone A Availability Zone B US-EAST Prod Application Load Balancer BW Instances HANA DB Instances BW Instances Async replication SAP Stack and 3rd party Apps Corporate data center
- 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Placement group MassMutual’shybrid cloud usecases MicrosoftHPConAWS Core infrastructure Workstation infrastructure QRM infrastructure HPC cluster infrastructure File S3 Amazon CloudWatch MM directory service on AWS Workspaces subnet Workspaces Workspaces Workspaces Private subnet Data subnet QRM DB & HPC ETL QRM CA Availability zone Private subnet HPC Head Auto scaling group HPC compute MM corp Data feed
- 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. MassMutual’shybrid cloud usecases HPCwithspotinstances AWC CloudCorporate data center User Management station Database EC2 roleHPC spot instances IAM Access Key IAM Policy S3 bucket Encrypted data
- 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Challengesencountered along theway Public cloud adoption 1. Cloud socialization/onboarding • Quarterly AWS training • Cloud user group Challenge Mitigation Operational structure 1. Cloud workcells established: • Security • Foundation • CICD 2. SRE team established Standardization and compliance 1. Automation 2. Reporting
- 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
- 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
- 20. Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Stanko Dimitrov Cloud Solutions Architect MassMutual/Architecture and Design https://www.linkedin.com/in/spdimitrov/ Wadis Flores Cloud Solutions Architect MassMutual/Architecture and Design
Hinweis der Redaktion
- Max 5 bullets Consolidate first 3 bullets in one
- Consolidate and use less text
- They loved this and wont us most of our slides to be like this one
- Status as of xx/xx/2018 Total of 23 Accounts Identity federation Splunk Integration Integration with Apptio AD extension to AWS with one-way trust Enterprise security tools
- Multi-region support Inter-region VPC peering Direct connect with VPN failover
- Check AWS service names and list them as they are marketed. Cloud custodian is a good example of customers sharing their solutions
- Compliance and governance may be enforced by writing policy rules rather than writing more scripts cloud custodian provides a powerful policy engine that uses proven filtering and action primitives that have a defined schema
- Ansible Tower can be used to configure, deploy and orchestrate the automation and systems within the MM Clouds. Ansible Tower will be used to bootstrap the number of security agents and baseline configurations to machines provisioned within AWS either manually or through AWS' managed services.
- Existing SAP BW accelerator going out of support Opportunity to upgrade to BW on HANA Existing SAP BW accelerator going out of support, opportunity to upgrade to BW on HANA Onprem vs AWS and Other Cloud Service provider – AWS was least expensive option $0 upfront infrastructure and consulting cost Onprem SAP Stack - 2xERP, SAP Portal, SAP PI and 3rd party non SAP sources exchanging information with SAP HANA such as Informatica, TeraData, Cognos Significant performance increase and operational cost DB2 on AIX P Series hardware with EMC Symmetrix Storage
- Quantitative Risk Management’s (QRM) is an Analytical Framework used by Enterprise Risk Management and Actuarial team to measure, forecast and report enterprise risk.
- Atlas is software developed by Oliver, Wyman Ltd. Atlas allows MassMutual to perform financial projections of insurance products. Because Atlas software runs calculations on potentially hundreds of CPUs, it uses HPC clusters as its infrastructure foundation.