AWS Canberra WWPS Summit 2013 - Extending your Datacentre with Amazon VPC

1,105 views
894 views

Published on

As more organisations seek to leverage the power and benefits of the cloud, they also need to combine new systems with existing on-premise systems. Services such as Amazon Virtual Private Cloud (VPC) and AWS Direct Connect enable AWS customers to combine on-premise and cloud-based resources easily and effectively. This session will walk customers through the 4 main patterns of connectivity and will include a "real time" demonstration of how easy it is to setup your own VPC and start working in your own private section of the AWS Cloud.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,105
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

AWS Canberra WWPS Summit 2013 - Extending your Datacentre with Amazon VPC

  1. 1. 2013 AWS WWPS SummitCanberra, AustraliaExtending you Data Centre with VPCSimon ElishaPrincipal Solutions Architect
  2. 2. 2013 AWS WWPS Summit,Canberra – May 23Agenda• Why?• What?• How Much?• Customer Examples• “Goodies” in VPC• Let’s build one!• A customer story…
  3. 3. WHY?
  4. 4. CapacityPowerElasticityAgility
  5. 5. WHAT?
  6. 6. 2013 AWS WWPS Summit,Canberra – May 23VPC Overview• Bring your own networkYour network goes here
  7. 7. 2013 AWS WWPS Summit,Canberra – May 23VPC Overview• Bring your own network• Create your own subnetsSubnet 1 Subnet 2 Subnet ‘n’…
  8. 8. 2013 AWS WWPS Summit,Canberra – May 23VPC Overview• Control instance placementAvailability Zone ‘A’ Availability Zone ‘B’
  9. 9. 2013 AWS WWPS Summit,Canberra – May 23VPC Overview• Control instance placement and traffic– Security Groups & NACLsAvailability Zone ‘A’ Availability Zone ‘B’
  10. 10. 2013 AWS WWPS Summit,Canberra – May 23VPC Overview• Control instance placement and traffic– Security Groups & NACLs– Routing RulesAvailability Zone ‘A’ Availability Zone ‘B’
  11. 11. 2013 AWS WWPS Summit,Canberra – May 23VPC Overview• VPC Gateways– Virtual Private Gateway– Internet GatewayCustomer Network
  12. 12. 2013 AWS WWPS Summit,Canberra – May 23VPC Overview• Virtual Private Gateway– IPSEC VPNCustomer Network
  13. 13. 2013 AWS WWPS Summit,Canberra – May 23VPC Overview• Virtual Private Gateway– Dynamic Routing (Route-based VPN)– Static Routing (Policy-based VPN)Customer Network
  14. 14. 2013 AWS WWPS Summit,Canberra – May 23VPC Overview• Virtual Private Gateway– IPSEC VPN– Direct ConnectCustomer NetworkDX LocationCustomer/PartnerWAN
  15. 15. 2013 AWS WWPS Summit,Canberra – May 23VPC Overview• Virtual Private Gateway• Internet GatewayCustomer Network
  16. 16. 2013 AWS WWPS Summit,Canberra – May 23VPC Overview• Connecting to Instances– Private IP– Elastic IP (publically routable)Customer Network
  17. 17. 2013 AWS WWPS Summit,Canberra – May 23VPC Overview• Connecting to Instances– Load BalancersCustomer Network
  18. 18. 2013 AWS WWPS Summit,Canberra – May 23VPC Building Blocks SummaryVirtual Private CloudSubnetsRoute Tables, Security Groups, NACLsVirtual Private GatewayAWS Direct ConnectInternet GatewayElastic IPs and Load Balancers
  19. 19. VPC Connectivity Options
  20. 20. 2013 AWS WWPS Summit,Canberra – May 23Connectivity Option #1• Lollipop network (“DC-on-a-stick”)– Internet VPNCustomer Network
  21. 21. 2013 AWS WWPS Summit,Canberra – May 23Connectivity Option #1• Lollipop network (“DC-on-a-stick”)– Dual RedundancyCustomer Location #2Customer Location #1
  22. 22. 2013 AWS WWPS Summit,Canberra – May 23Connectivity Option #1• Lollipop network (“DC-on-a-stick”)– AWS VPN CloudHubCustomer Location #2Customer Location #1
  23. 23. 2013 AWS WWPS Summit,Canberra – May 23Connectivity Option #1• Lollipop network (“DC-on-a-stick”)– Direct ConnectCustomer NetworkDX LocationCustomer/PartnerWAN
  24. 24. 2013 AWS WWPS Summit,Canberra – May 23Connectivity Option #2• Hybrid Integration – Internal & Internet Access– Internet VPNCustomer Network
  25. 25. 2013 AWS WWPS Summit,Canberra – May 23Connectivity Option #2• Hybrid Integration – Internal & Internet Access– Internet VPN– DirectConnectCustomer NetworkDX Location
  26. 26. 2013 AWS WWPS Summit,Canberra – May 23Connectivity Option #3• Integration between VPCs– DirectConnectDX Location
  27. 27. 2013 AWS WWPS Summit,Canberra – May 23Connectivity Option #3• Integration between VPCs– DirectConnect– Software VPN to Hardware (VGW)
  28. 28. 2013 AWS WWPS Summit,Canberra – May 23Connectivity Option #3• Integration between VPCs– DirectConnect– Software VPN to Software VPN
  29. 29. 2013 AWS WWPS Summit,Canberra – May 23Connectivity Option #4• Remote Access Solution– Microsoft RAS– Checkpoint– OpenVPN– Sophos– VyattaCustomer NetworkRemote AccessServer
  30. 30. 2013 AWS WWPS Summit,Canberra – May 23Non-Standard VPN Requirements• Software VPN Appliance– Overlapping (unknown) customer network addresses– Customer MUST manage both sides of VPN
  31. 31. 2013 AWS WWPS Summit,Canberra – May 23Nonstandard VPN Requirements• ZenOSS SaaS example– Managed monitoring service– Extend AWS into ZenOSS Customer NetworksCustomer “1”Shared MgmtNetworkCustomer “2”Customer “n”…
  32. 32. Lollipop network or data-center-on-a-stickHybrid integration – Internal & Internet AccessIntegration between Amazon VPCsMobile/Remote access solutionVPC Connectivity Options Summary
  33. 33. HOW MUCH?
  34. 34. VPC $0Hardware VPN $0.05/ HourDirect Connect1 Gbps Port $0.30/ Hour10 Gbps Port $2.25/ HourInbound Data $0.00Outbound Data (SYD) $0.045 per GBInbound Data $0.00Outbound Data (SYD) $0.19 per GB (first GB free)
  35. 35. 2013 AWS WWPS Summit,Canberra – May 23VPC $0Hardware VPN $438Direct Connect1 Gbps Port $2,62810 Gbps Port $19,710*Plus Outgoing data & private connection costsFor a Year…
  36. 36. CUSTOMEREXAMPLES
  37. 37. Lionsgate uses AWS To host SharePoint & SAPAmazon VPCAvoided datacenter build outSaved $1Mover 3 years50% lower costthan hosting options
  38. 38. Nasdaq used AWS to Build a New Line of Business
  39. 39. PRE-BUILTARCHITECTURES
  40. 40. 2013 AWS WWPS Summit,Canberra – May 23SharePoint - Intranet
  41. 41. 2013 AWS WWPS Summit,Canberra – May 23SharePoint - Internet
  42. 42. “Goodies” inVPC
  43. 43. 2013 AWS WWPS Summit,Canberra – May 23Goodies• Control over Ingress & Egress of data – Security Groups• Dynamic allocation of Security Groups to Instances• Elastic Network Interfaces – up to 8 depending on instance• DNS Resolution – Default or use your own• ElastiCache in VPC (joining RDS, EMR, ElasticBeanstalk,Redshift, OpsWorks, etc)• RDS IP Addresses - option to have RDS publicallyaccessible
  44. 44. LET’S BUILDONE!
  45. 45. FlexibleAgileCost EffectiveIntegrated
  46. 46. DEEWR AWS PilotClient Systems, Architecture and Strategy TeamTechnology BranchTechnology Solutions GroupAWS WWPS SummitMay 2013
  47. 47. 2013 AWS WWPS Summit,Canberra – May 23Agenda• DEEWR Background• Business Case• AWS Technologies used in Pilot• Development AWS Diagram• Network Connectivity, Design, Security and Public Services• Benefits and Challenges
  48. 48. 2013 AWS WWPS Summit,Canberra – May 23DEEWR Background• Shared service provider for Government – PWS, FWO, DIICCSRTE, APSC,APCC and others• IT environment comprises of Development, Test, Preprod and ProductionEnvironment• 810 HP Blades, 1200 virtuals, 265 rack mounted servers• Dev environment consists 60 physical and 350 Virtual servers and runningon Hyper V• Used by internal business units to develop, upgrade, and test predominately.NET applications
  49. 49. 2013 AWS WWPS Summit,Canberra – May 23Business case for IAAS adoption• Reduced capital budget• Reduced staff numbers• Data centre consolidation• Responsiveness, agility, efficiency – we need to providebetter service to our customers
  50. 50. 2013 AWS WWPS Summit,Canberra – May 23Use cases• Extend Development Environment into AWS• Provide an on demand Lab Environment for ourdevelopers
  51. 51. • EC2 Instances• VPC• EBS and S3 Storage• Route 53 and Elastic IP• Hotlink Hybrid Express (Third Party Application)AWS Technologies used in Pilot
  52. 52. 2013 AWS WWPS Summit,Canberra – May 23Development AWS Environment
  53. 53. 2013 AWS WWPS Summit,Canberra – May 23Networking - Connectivity• IPsec VPN from DEEWR Internet Gateway to Amazon(Sydney)• Cisco ASA is our customer gateway (VPN endpoint)• Another option is “Amazon Direct Connect”: a physicalfibre link to Amazon in Equinix SY3
  54. 54. 2013 AWS WWPS Summit,Canberra – May 23Networking - Design• Allocate private network space for our VPC and route itover the VPN (e.g. 192.168.0.0/21)• Subnet within the VPC the same as existingenvironment: web/app/db/management tiers• +1 subnet for Internet-accessible services (more infolater)
  55. 55. 2013 AWS WWPS Summit,Canberra – May 23Networking - Security• Data in transit – encrypted via IPSec VPN over thepublic Internet• VPN terminates in the DEEWR Internet Gateway• Then the existing Gateway security controls apply (firewalling, monitoring,logging IDS/IPS, etc)• System contains Unclassified DLM data only
  56. 56. 2013 AWS WWPS Summit,Canberra – May 23Network – Public Services• VPC services to be exposed to the Internet go in adedicated subnet• Connectivity is restricted with ACLs• A subdomain is delegated to AWS Route53• devnet.deewr.gov.au• An elastic IP is associated to the EC2 instance and aDNS entry created for it• eg. testservice01.devnet.deewr.gov.au
  57. 57. 2013 AWS WWPS Summit,Canberra – May 23Benefits• Use existing Infrastructure (Active Directory, DNS, ADFS, MSSCCM and MS Ops Manager) and change and release processes• AWS Network and Security Architecture is very similar toDEEWR’s• Reduce upfront Capital and Ongoing Expenditure• Ease of implementation• Flexibility, agility, cost attribution
  58. 58. 2013 AWS WWPS Summit,Canberra – May 23Still to do• Integrate Microsoft MS Systems Centre Virtual Machine Manager intoAWS• Migrating existing applications to AWS• Produce the documentation – detailed evaluation of our services v’sAWS, cloud providers checklist, SRMP, SSP• Importing existing Virtual Machines• Extensibility – if it works for DEV, what about Pre-production,Production?
  59. 59. ARCHITECTURE CENTERhttp://aws.amazon.com/architectureTECHNICAL ARTICLEShttp://aws.amazon.com/articlesPODCASThttp://aws.amazon.com/podcastBLOGhttp://aws.typepad.com
  60. 60. 2013 AWS WWPS SummitCanberra, Australia

×