29. INFRASTRUCTURE SERVICES
COMPUTE
STORAGE
DATABASES
NETWORKING
MONITORING
PLATFORM
SERVICES
ANALYTICS
APP SERVICES
MOBILE SERVICES
DEV & OPS
IOT
ENTERPRISE
SERVICES
MIGRATION
HYBRID
VIRTUAL
DESKTOPS
CORPORATE
EMAIL
COLLABORATION
SECURITY &
COMPLIANCE
IDENTITY
ACCESS CONTROL
KEY MANAGEMENT
CONFIG
COMPLIANCE
AUDITING
MARKETPLACE
BUSINESS APPS
BUSINESS
INTELLIGENCE
SECURITY
DEVOPS TOOLS
NETWORKING
PHYSICAL
INFRASTRUCTURE
REGIONS
AVAILABILITY
ZONES
EDGE POPS
GLOBAL NETWORK
GOVCLOUD
• GENERAL PURPOSE (M4)
• COMPUTE OPTIMIZED(C4)
• MEMORY OPTIMIZED(R3, X1)
• GPU OPTIMIZED (G2)
• STORAGE OPTIMIZED(D2)
• IO OPTIMIZED (I2)
• LOWCOST, BURST-ABLE (T2)
• DEDICATED INSTANCES
30. INFRASTRUCTURE SERVICES
COMPUTE
STORAGE
DATABASES
NETWORKING
MONITORING
PLATFORM
SERVICES
ANALYTICS
APP SERVICES
MOBILE SERVICES
DEV & OPS
IOT
ENTERPRISE
SERVICES
MIGRATION
HYBRID
VIRTUAL
DESKTOPS
CORPORATE
EMAIL
COLLABORATION
SECURITY &
COMPLIANCE
IDENTITY
ACCESS CONTROL
KEY MANAGEMENT
CONFIG
COMPLIANCE
AUDITING
MARKETPLACE
BUSINESS APPS
BUSINESS
INTELLIGENCE
SECURITY
DEVOPS TOOLS
NETWORKING
PHYSICAL
INFRASTRUCTURE
REGIONS
AVAILABILITY
ZONES
EDGE POPS
GLOBAL NETWORK
GOVCLOUD
• MULTI-AZ REPLICATION
• READ REPLICAS
• LIKE FOR LIKE MIGRATION
• CROSS-ENGINE MIGRATION
AMAZON AURORA
31. PLATFORM
SERVICES
ANALYTICS
APP SERVICES
MOBILE SERVICES
DEV & OPS
IOT
ENTERPRISE
SERVICES
MIGRATION
HYBRID
VIRTUAL
DESKTOPS
CORPORATE
EMAIL
COLLABORATION
INFRASTRUCTURE
SERVICES
COMPUTE
STORAGE
DATABASES
NETWORKING
MONITORING
MARKETPLACE
BUSINESS APPS
BUSINESS
INTELLIGENCE
SECURITY
DEVOPS TOOLS
NETWORKING
PHYSICAL
INFRASTRUCTURE
REGIONS
AVAILABILITY
ZONES
EDGE POPS
GLOBAL NETWORK
GOVCLOUD
SECURITY & COMPLIANCE
IDENTITY
ACCESS CONTROL
KEY MANAGEMENT
CONFIG
COMPLIANCE
AUDITING
• IDENTITY POLICIES
• LOCATION POLICIES
• TIME-BASED POLICIES
• INDIVIDUAL API CALLS
• KEY ROTATION
• TEMPORARY CREDENTIALS
• POLICY SIMULATOR
32. AMAZING INNOVATIONS ENABLED BY
AGILITY AND A RICH COLLECTION OF SERVICES
WORLDWIDE MANAGEMENT
OF WIFI NETWORKS
MILLIONS OF CONCURRENT
PLAYERS AT LAUNCH
PETABYTES OF REALTIME
DATA PER SEASON
REPLAY BILLIONS OF
TRADES INSTANTLY
36. Multilingual Customer support
Every Agent
using Unbabel
Unbabel + Human Translators
+
Average Ticket 100 Words
Cost:
Time:
10$ 2$
6h 20m
Industry Unbabel
37. 5
Translation
Distributed
Translation
( Editors )
Preparation
Unbabel Pipeline
Quality
Estimation
Quality
Estimation
Order
Result
Why AWS?
• Infrastructure costs 50% lower than before
• Activate Program (Credits and Support)
• Has all Features Unbabel required
• Easy Scalability
• Easier Infrastructure visualization
40. Challenges
• Different architecture requirements
• Web Application
• NLP/ML Servers
• Replicate Heroku easy of use
• Reduce cost of Infrastructure
• Prepare to scale
11
Why AWS?
• Infrastructure costs 50% lower than before
• Activate Program (Credits and Support)
• Has all Features Unbabel required
• Easy Scalability
• Easier Infrastructure visualization
41. Why AWS?
• Infrastructure costs 50% lower than before
• Activate Program (Credits and Support)
• Has all Features Unbabel required
• Easy Scalability
• Easier Infrastructure visualization
42. AWS Services being used
Amazon EC2
Elastic Load Balancing
Amazon VPC
Amazon S3
Amazon RDS
Amazon Route 53
Amazon CloudWatch
AWS CloudTrail
AWS Identity and Access Management
Amazon Elasticsearch Service
44. Future Developments
• Focus on deep learning needs (GPU instances)
• Algorithms more suited to AWS instances (less memory)
• Use AWS Lambda to perform most of background work
45.
46. SIMPLICITY
“A complex system that works is invariably found to have
evolved from a simple system that worked. A complex system
designed from scratch never works and cannot be patched up
to make it work. You have to start over with a working simple
system. ”
Gall’s law
49. Three types of Analytics
Retrospective
analysis and
reporting
50. Three types of Analytics
Retrospective
analysis and
reporting
Here-and-now
real-time processing and
dashboards
51. Three types of Analytics
Retrospective
analysis and
reporting
Here-and-now
real-time processing and
dashboards
Predictions
to enable smart
applications
60. KINESIS STREAMS
REAL TIME STREAMING DATA WITH AMAZON KINESIS
BUILD CUSTOM APPLICATIONS
TO COLLECT & ANALYZE
STREAMING DATA
61. KINESIS STREAMS KINESIS FIREHOSE
REAL TIME STREAMING DATA WITH AMAZON KINESIS
EASILY LOAD STREAMING
DATA INTO AWS
ELASTICSEARCH INTEGRATION
BUILD CUSTOM APPLICATIONS
TO COLLECT & ANALYZE
STREAMING DATA
62. KINESISANALYTICS
RUN STANDARD SQL QUERIES
OVER STREAMING DATA
KINESIS STREAMS
BUILD CUSTOM APPLICATIONS
TO COLLECT & ANALYZE
STREAMING DATA
REAL TIME STREAMING DATA WITH AMAZON KINESIS
KINESIS FIREHOSE
EASILY LOAD STREAMING
DATA INTO AWS
ELASTICSEARCH INTEGRATION
80. TWO NEW EBS VOLUME TYPES BUILT FOR THROUGHPUT
THROUGHPUT
OPTIMIZED HDD
(ST1)
UP TO 500MB/S
$0.045 PER GB/MONTH
COLD HDD
(SC1)
UP TO 250MB/S
$0.025 PER GB/MONTH
81. THE INDUSTRY’S BEST PRICE/PERFORMANCE
BLOCK STORAGE FOR BIG DATA WORKLOADS
PROCESSING
LOGS
STREAMING
DATA PROCESSING
DATA ANALYTICS
WITH MAP/REDUCE
DATA
WAREHOUSING
LESS FREQUENTLY
ACCESSED
83. A CHOICE OF MANAGED DATABASES
Amazon
DynamoDB
Document and
Key-Value Store
Amazon
RDS
SQL Database
Engines
Amazon
Redshift
Data
Warehouse
Amazon
ElasticSearch
Full Text Search
86. 1-click deployment to launch,on
multiple regions around the world
Pay-as-you-go pricing with no long
term contracts required
Advanced Analytics Business IntelligenceData Integration
AWS Marketplace
89. DEVELOPMENT AND TESTING
IS WHERE AGILITY LIVES
UNCONSTRAINED ACCESS TO RESOURCES
TESTING WITH MUCH HIGHER FIDELITY
FASTER TO MARKET
MAJOR PRODUCTIVITY IMPROVEMENTS
91. You can switch off your resources
when you go home
Cost savings up to 75%
92. Statcast Personal Finances
Healthcare
Digital
Web E-commerce
App Platform
Digital Content
Media Web SitesWeb CRM
Digital Media
Digital Services
Education Analytics
FROM EXPERIMENTS TO DIGITAL TRANSFORMATION
110. THE JOURNEY TO AWS IS A WELL TRODDEN PATH
DEVELOPMENT
& TEST
ALL TOGETHER NEW
APPLICATIONS
DIGITAL
ANALYTICS
MOBILE
DC MIGRATION
MISSION
CRITICAL APPS
ALL IN
1 2 3 4
112. HYBRID AS A STEPPING STONE
Hybrid app deployments
Data integrationIntegrated networking
Integrated networking
Integrated networking
Integrated DevOps Management
integrated resource management
Hybrid app deploymentRealtime data integration
Hybrid app deployment
Integrated networking
Integrated security
data integration
Integrated networking Integrated Networking
Integrated DevOps Management
Integrated DevOps Management
Automated and integrated back-ups
113. ON-PREMISES AWS
BROAD SERVICES FOR HYBRID APPLICATIONS
Single-Tenant
Compute
Bring Your Own
Image/License
Simultaneous, Self-Service
Provisioning of Many VMs
Integration with Existing
Management Tools
Massive Scale
Import / Export
Isolated Network
Across Regions
Fully Isolated
Network Posture
DNS-Based Global
Load Balancing
Network Forensic
Tools
Web Application
Firewall
Isolated Network
within Region
Private Connections from
Your DC to AWS
Network
Performance Tiers
Global Content
Delivery Network
Security Info & Event
Management (SIEM) Integration
Provider-Enabled
Encryption Services
Centralized Key
Management
Automated Security
Assessment
Rich, Role-Based
Access Controls
Hardware Security
Module (HSM) Support
Active Directory (AD)
Integration / AD-aaS
Track Resource
Inventory and Changes
Bulk Object Delete and
Data Lifecycle Mgmt Policies
Customer Ownership
Of Data
Many Scalable
Database Engines
Data
Archival
Simple Import of
Massive Data Amounts
Customer Control
Over Data Locale
Elastic File
System
Database Migration
and Conversion Tools
Gateway – Cached
Volumes
Create and Standardize
on Best Practices
Automate Operations
Management
Release Software
Using Continuous Delivery
Monitor Resources
And Applications
Centralize and Simplify
Software Deployments
Build, Publish
and Manage APIs
Managed Source
Control
Integration with Existing
Management Tools
Data
Warehouse
Integrated
Compute
Integrated
Networking
Integrated
Security & Access
Data Integration &
Lifecycle Mgmt
Resource and
Deployment Mgmt
114. 2014 2015 2016
E.G. INNOVATION LABS, MOBILE APP PILOTS, HACKATHONS
E.G. ONLINE BANKING, STREAM DATA PROCESSING
E.G. MOBILE BANKING APP
EXPERIMENTATION
DEVELOP & TEST
PRODUCTION
A Strategic Phased Migration
128. BROADEST SET OF ACCREDITATIONS & CERTIFICATIONS
GLACIER VAULT LOCK
& SEC RULE 17A-4(F)
27018
129. BROADEST SERVICES TO SECURE APPLICATIONS
NETWORKING
VIRTUAL
PRIVATE
CLOUD
WEB
APPLICATION
FIREWALL
130. BROADEST SERVICES TO SECURE APPLICATIONS
NETWORKING
VIRTUAL
PRIVATE
CLOUD
WEB
APPLICATION
FIREWALL
IDENTITY
IAM ACTIVE
DIRECTORY
INTEGRATION
SAML
FEDERATION
131. BROADEST SERVICES TO SECURE APPLICATIONS
NETWORKING
VIRTUAL
PRIVATE
CLOUD
WEB
APPLICATION
FIREWALL
ENCRYPTION
KEY
MANAGE-
MENT
SERVICE
CLOUDHSM SERVER-
SIDE
ENCRYPTION
ENCRYPTION
SDK
IDENTITY
IAM ACTIVE
DIRECTORY
INTEGRATION
SAML
FEDERATION
132. BROADEST SERVICES TO SECURE APPLICATIONS
COMPLIANCE
CONFIGCLOUD
TRAIL
SERVICE
CATALOG
CONFIG
RULES
INSPECTOR
NETWORKING
VIRTUAL
PRIVATE
CLOUD
WEB
APPLICATION
FIREWALL
ENCRYPTION
KEY
MANAGE-
MENT
SERVICE
CLOUDHSM SERVER-
SIDE
ENCRYPTION
ENCRYPTION
SDK
IDENTITY
IAM ACTIVE
DIRECTORY
INTEGRATION
SAML
FEDERATION
134. WHAT’S BEING
ASSESSED?
NETWORK,VMS, OS
& APPLICATION
CONFIGURATIONS
BUILT-IN
CONTENT LIBRARY
CHECK COMMON
SECURITY
STANDARDS &
VULNERABILITIES
DETECT & REMEDIATE SECURITY ISSUES EARLY & OFTEN
WITH AMAZON INSPECTOR
135. WHAT’S BEING
ASSESSED?
NETWORK,VMS, OS
& APPLICATION
CONFIGURATIONS
BUILT-IN
CONTENT LIBRARY
CHECK COMMON
SECURITY
STANDARDS &
VULNERABILITIES
DETAILED
LISTS
DETAILED
DASHBOARD
DETECT & REMEDIATE SECURITY ISSUES EARLY & OFTEN
WITH AMAZON INSPECTOR
136. WHAT’S BEING
ASSESSED?
NETWORK,VMS, OS
& APPLICATION
CONFIGURATIONS
BUILT-IN
CONTENT LIBRARY
CHECK COMMON
SECURITY
STANDARDS &
VULNERABILITIES
DETAILED
LISTS
DETAILED
DASHBOARD
FULL AUDIT
TRAILS
TRACK WHAT TESTS
WERE PERFORMED
WHEN AND THEIR
RESULTS
DETECT & REMEDIATE SECURITY ISSUES EARLY & OFTEN
WITH AMAZON INSPECTOR
141. The financial industry is under severe pressure
●Regulation
●Clients
●New Incumbents
Exponential demand on IT with a linear production model
142. New IT paradigm leveraging the cloud technology
From... To...
> 45€/client/year
(technology cost)
<5€/client (technology cost …
with x100 more data by customer)
<1% of global components >20% of global components
(three years)
>6 months to develop a simple
app with >75% waste
Weekly release cycles with
<25% waste
5-10 Exabytes of storage
capacity, real time analytics
200-250 Tb of storage capacity,
monthly processing cycles
143. We have structured the transformation in two big waves
Create a global banking
cloud platform
(3-5 years)
Enable the AI driven Bank
(5-7 years)
Transform current bank
Cognitive Computing
Extreme Automation
Create a bank from scratch
144. How would a Cloud Platform look like at BBVA?
Cloud Infrastructure Services (Hybrid)
BBVA Cloud Platform Marketplace (PaaS)
Banking Services
Data Services
BBVA Business
Applications (local or global)
Third Party
Applications
145. Services available for third party developers
❏ Open APIs for fintech world
❏ In production in US and Spain
❏ Real clients in production
❏ 60+ services available
100% on AWS and automated
146. Third party clients
Third Party
Applications
Local backends
Cloud service architecture
in AWS
Real Time payments processing
consuming debit and account services
Native digital bank consuming full
stack of banking services
www.bbvaapimarket.com
Services like: identity, accounts, cards,
transfers, etc. available in Spain and
US
147. Cloud Computing
SecDevOps
Machine Learning
Cloud Security
Platform as a Service
API economy
Cloud Storage
Cloud Networking
Data Architecture
SW Development
Tell us about you: engineeringhiring.group@bbva.com
154. S3D YN AM OD B
M OBILE AN ALYTIC S
MOBILE DEVICE MOBILE BACKEND
R D S
DATA AND
CONTENT
ANALYTICS
THE DUALITY OF DEVICES
155. S3D YN AM OD B
M OBILE AN ALYTIC S
SN S
NOTIFICATIONS
MOBILE DEVICE MOBILE BACKEND
R D S
DATA AND
CONTENT
ANALYTICS
THE DUALITY OF DEVICES
156. S3D YN AM OD B
M OBILE AN ALYTIC S
SN S
AM AZON C OGN ITO
API GATEW AY
LAM BD A
LAM BD A
LAM BD A NOTIFICATIONS
MOBILE DEVICE MOBILE BACKEND
R D S
DATA AND
CONTENT
ANALYTICS
THE DUALITY OF DEVICES
157. S T O R E & S Y N C
D A T A
G U E S T
A C C E S S
S O C I A L I D E N T I T Y
AMAZON COGNITO: SIMPLE AND SECURE IDENTITY
S A F E G U A R D
A W S C R E D E N T I A L S
158. Y O U R I D E N T I T Y
P O O L
S T O R E & S Y N C
D A T A
G U E S T
A C C E S S
S O C I A L I D E N T I T Y
AMAZON COGNITO: SIMPLE AND SECURE IDENTITY
S A F E G U A R D
A W S C R E D E N T I A L S
159. EASY USER MANAGEMENT
LAMBDADRIVEN WORKFLOWS
MULTI-FACTOR AUTHENTICATION
EMAIL AND PHONE NUMBER VERIFICATION
FULLY MANAGED IDENTITY POOLS WITH AMAZON COGNITO
160. How Can We Simplify the
Development of the Next Generation
of Mobile Apps?
161. 1. CHOOSE & CONFIGURE FUNCTIONALITY
AWS MOBILE HUB
163. 1. CHOOSE & CONFIGURE FUNCTIONALITY
2. DOWNLOAD SOURCE
3. TEST & MONITOR
AWS MOBILE HUB
164. Lots of devices can be solved by trying to test on all of them, but usually more likelyto
just use a subset; made worse by the fact that new devices are appearing on the market
all the time.
165. Automaticallytest on a large
selection of device types
View detailed reports,
logs and screenshots
Configure location, language
and application data
Integrate with existing
development workflow
AWS Device Farm
Test your app on real
smartphones and tablets
in the AWS Cloud
169. Extract value from
device data
Augment devices’
constrained onboard
resources
Augment devices’
constrained
environments
compute
storage
Big Data
Shadow
State
Apps
offline
WHY CONNECT DEVICES TO THE CLOUD?
170. Run code in the cloud,
and update it without
deploying firmware
updates
Run code in the cloud, and
take action in physical space
through one or more devices
Secure device data, even
when the device operates
in unsecured physical
space.
bidirectional
policy
WHY CONNECT DEVICES TO THE CLOUD?
171. Many SDKs &
Tools
Alternate Protocols Scalability Security &
Management
Integration with Cloud and
Mobile Applications
CONNECTING DEVICES TO CLOUD APPLICATIONS REQUIRES
UNDIFFERENTIATED HEAVY LIFTING.
172. AWS IOT
Securely connect one or one-billion devices to AWS, so they can
interact with applications and other devices
173. AWS IOT
DEVICE SDK
Set of client libraries to
connect, authenticate and
exchange messages
DEVICE GATEWAY
Communicate with devices via
MQTT and HTTP
AUTHENTICATION
AUTHORIZATION
Secure with mutual
authentication and encryption
RULES ENGINE
Transform messages
based on rules and
route to AWS Services
AWS Services
- - - - -
3P Services
DEVICE SHADOW
Persistent thing state
during intermittent
connections
APPLICATIONS
AWS IoT API
DEVICE REGISTRY
Identity and Management of
your things
180. OVER 200 MILLION USERSOVER 4 BILLION ITEMS STORED
MILLIONS OF ADS
PER MONTH
130+ MILLION NEW
USERS IN 1 YEAR
150+ MILLION
MESSAGES PER
MONTH
STATCAST USES BURST SCALABILITY
FOR MANY GAMES ON A SINGLE DAY
OVER 5 BILLION ITEMS OVER 200 MILLION MESSAGES
PROCESSED DAILY
COGNITIVE TRAINING 5+ MILLION
REGISTERED USERS
WEARABLE AND
IOT SOLUTIONS
GAMING COMPANY WITH
70 MILLION ACTIVE USERS
181. AMAZON S3
BUILDING BLOCKS FOR
INTERNET-SCALEAPPS
STORAGE
AWS LAMBDA
COMPUTE
AMAZON DYNAMODB
DATA STORE
184. AWS LAMBDA: INTERNET-SCALE COMPUTE PLATFORM
DEPLOY YOUR CODE IN SECONDS
SUB-SECOND METERING
NO SERVERS TO PROCURE, PROVISION OR MANAGE
185. MOBILE
CHAT APP
AD DATA ANALYTICS
AND ROUTING
MOBILE APP
ANALYTICS
IMAGE CONTENT
FILTERING
REAL-TIME VIDEO
AD BIDDING
NEWS CONTENT
PROCESSING
GENE SEQUENCE
SEARCH
CLOUD
TELEPHONY
DATA
PROCESSING
WEB
APPLICATIONS
WEB APPLICATIONS
THREAT INTELLIGENCE
AND ANALYTICS
NEWS CONTENT
PROCESSING
GAME METRICS ANALYTICS
SERVERLESS WEB APPLICATIONS
186. THE TOOL OF CHOICE IN AWS ENVIRONMENTS
CLOUDWATCH
EVENTS
LIFECYLCE
HOOKS
CONFIG
RULES
SCHEDULED
JOBS
ECOSYSTEM
187. APIS EMAIL MESSAGING
NOTIFICATION MONITORING ENCRYPTION
SERVICES NOT SERVERS: A BROAD SERVERLESS PLATFORM
AMAZON S3
STORAGE
AWS LAMBDA
FUNCTIONS
AMAZON DYNAMODB
DATA STORE