• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Running Microsoft SharePoint On AWS - Smartronix and AWS - Webinar
 

Running Microsoft SharePoint On AWS - Smartronix and AWS - Webinar

on

  • 7,817 views

Miles Ward, Solution Architect, AWS ...

Miles Ward, Solution Architect, AWS
Robert Groat, Chief Technology Officer , Smartronix
discuss how you can run microsoft Enterprise Applications like SharePoint on AWS Cloud, Architecture. Recovery.gov

Statistics

Views

Total Views
7,817
Views on SlideShare
4,408
Embed Views
3,409

Actions

Likes
8
Downloads
0
Comments
1

6 Embeds 3,409

http://softwarestrategiesblog.com 3390
https://si0.twimg.com 8
https://twimg0-a.akamaihd.net 4
http://lcolumbus.wordpress.com 3
http://us-w1.rockmelt.com 2
http://www.mefeedia.com 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

11 of 1 previous next

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • Thank you! - http://thebestcarslist.com
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Cloud computing is a better way to run your business. The cloud helps companies of all sizesbecome moreagile. Instead of running your applications yourself you can run them on the cloud where IT infrastructure is offered as a service like a utility. With the cloud, your company saves money: there are no up-front capital expenses as you don’t have to buy hardware for your projects. The massive scale and fast pace of innovation of the cloud drive the costs down for you. In the cloud, you pay only for what you use just like electricity.The cloud can also help your company save time and improve agility – it’s faster to get started: you can build new environments in minutes as you don’t need to wait for new servers to arrive. The elastic nature of the cloud makes it easy to scale up and down as needed. At the end of the day you have more resources left for innovation which allows you to focus on projects that can really impact your businesses like building and deploying more applications. “With the high growth nature of our business, we were looking for a cloud solution to enable us to scale fast. Think twice before buying your next server. Cloud computing is the way forward.” - Sami Lababidi, CTO, Playfish
  • Amazon Web Services provides highly scalable computing infrastructure that enables organizations around the world to requisition compute power, storage, and other on-demand services in the cloud.  These services are available on demand so a customer doesn’t need to think about controlling them, maintaining them or even where they are located. Our approach has always been to be a customer focused company.  We constantly look to develop services in line with the needs of our customers to make sure they get the flexibility and usability out of the service that they need to be successful. 
  • Amazon Web Services is steadily expanding its global infrastructure to help customers achieve lower latency and higher throughput. As our customers grow their businesses, AWS will continue to provide infrastructure that meets their global requirements.
  • You can choose to deploy and run your applications in multiple physical locations within the AWS cloud. Amazon Web Services are available in geographic Regions. When you use AWS, you canspecify the Region in which your data will be stored, instances run, queues started, and databases instantiated.For most AWS infrastructure services, including Amazon EC2, there are eight regions: US East (Northern Virginia), US West (Northern California), EU (Ireland), Asia Pacific (Singapore) and Asia Pacific (Tokyo), AWS GovCloud (US), US West (Oregon), and South America (Sao Paulo).Within each Region are Availability Zones (AZs). Availability Zones are distinct locations that are engineered to be insulated from failures in other Availability Zones and provide inexpensive, low latency network connectivity to other Availability Zones in the same Region. By launching instances in separate Availability Zones, you can protect yourapplications from a failure (unlikely as it might be) that affects an entire zone. Regions consist of one or more Availability Zones, are geographically dispersed, and are in separate geographic areas or countries. The Amazon EC2 service level agreement commitment is 99.95% availability for each Amazon EC2 Region.
  • Examining AWS, you’ll see that the same security isolations are employed as would be found in a traditional datacenter. These include physical datacentre security, separation of the network, isolation of the server hardware, and isolation of storage. AWS customers have control over their data: they own the data, not us; they can encrypt their data at rest and in motion, just as they would in their own datacenter.  Amazon Web Services provides the same, familiar approaches to security that companies have been using for decades. Importantly, it does this while also allowing the flexibility and low cost of cloud computing. There is nothing inherently at odds about providing on-demand infrastructure while also providing the security isolation companies have become accustomed to in their existing, privately-owned environments.AWS is a secure, durable technology platform with industry-recognized certifications and audits: PCI DSS Level 1, ISO 27001, FISMA Moderate, HIPAA, SAS 70 Type II. Our services and data centers have multiple layers of operational and physical security designed to protect the integrity and safety of your data. Visit our Security Center to learn more http://aws.amazon.com/security/.Certifications and Accreditations: AWS has successfully completed a SAS70 Type II Audit, and will continue to obtain the appropriate security certifications and accreditations to demonstrate the security of our infrastructure and services. PCI DSS: We finalized our 2011 PCI compliance audit, publishing our extensive Report on Controls (ROC) with an expanded scope. Our new November 30, 2011 PCI Attestation of Compliance, a document from our auditor stating we are compliant with all 12 PCI security standard domains, is available now for customers considering or working on moving PCI systems to AWS. The new Attestation of Compliance document includes some key changes this year: This year we’ve added RDS, ELB, and IAM as in-scope services. The addition of these services is fantastic news for PCI customers since they can now leverage RDS to store cardholder and transaction data, use ELB to manage card transaction traffic, and rely on IAM features as validated control mechanisms that satisfy PCI security standard requirements. Consistent with last year, EC2, S3, EBS, and VPC continue to be in scope.  Physical Security: Amazon has many years of experience in designing, constructing, and operating large scale data centers. AWS infrastructure is housed in Amazon-controlled data centers throughout the world. Only those within Amazon who have a legitimate business need to have such information know the actual location of these data centers, and the data centers themselves are secured with a variety of physical barriers to prevent unauthorized access.Secure Services: Each of the services within the AWS cloud is architected to be secure and contains a number of capabilities that restrict unauthorized access or usage without sacrificing the flexibility that customers demand. Data Privacy: AWS enables users to encrypt their personal or business data within the AWS cloud and publishes backup and redundancy procedures for services so that customers can gain greater understanding of how their data flows throughout AWS.“In essence, the security system of AWS’s platform has been added to our existing security systems. We now have a security posture consistent with that of a multi-billion dollar company.” - Jim Warren, CIO, Recovery Accountability and Transparency Board (RATB)
  • Security and Operational Excellence is the Top most priority. Its Priority 0. No exceptions allowed. We understand that Security and governance are often the top issues identified when we talk to our customers. Instead of tossing this over the fence, we really advice and highly recommend our customers to invest in security review early in the process. Get your security folks talk to our security folks and understand security and compliance. Security is really not on or off. It’s a spectrum of options that you can choose from that is right for your application.
  • Amazon Web Services provides highly scalable computing infrastructure that enables organizations around the world to requisition compute power, storage, and other on-demand services in the cloud.  These services are available on demand so a customer doesn’t need to think about controlling them, maintaining them or even where they are located. Our approach has always been to be a customer focused company.  We constantly look to develop services in line with the needs of our customers to make sure they get the flexibility and usability out of the service that they need to be successful. 
  • Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud. It is designed to make web-scale computing easier for developers. Amazon EC2’s simple web service interface allows you to obtain and configure capacity with minimal friction. It provides you with control of your computing resources and lets you run on Amazon’s proven computing environment. Amazon EC2 reduces the time required to obtain and boot new server instances to minutes, allowing you to quickly scale capacity, both up and down, as your computing requirements change. Amazon EC2 changes the economics of computing by allowing you to pay only for capacity that you actually use. Amazon EC2 provides developers the tools to build failure resilient applications and isolate themselves from common failure scenarios.http://aws.amazon.com/ec2/“AWS provided a reliable hosting platform capable of supporting any degree of scalability, and a platform that allowed the development team to focus on the software solution rather than the infrastructure.” – US Department of StateAmazon Elastic Block Store (EBS) provides block level storage volumes for use with Amazon EC2 instances. Amazon EBS volumes are off-instance storage that persists independently from the life of an instance. Amazon Elastic Block Store provides highly available, highly reliable storage volumes that can be attached to a running Amazon EC2 instance and exposed as a device within the instance. Amazon EBS is particularly suited for applications that require a database, file system, or access to raw block level storage. http://aws.amazon.com/ebs/Amazon S3 is storage for the Internet. It is designed to make web-scale computing easier for developers. Amazon S3 provides a simple web services interface that can be used to store and retrieve any amount of data, at any time, from anywhere on the web. It gives any developer access to the same highly scalable, reliable, secure, fast, inexpensive infrastructure that Amazon uses to run its own global network of web sites. The service aims to maximize benefits of scale and to pass those benefits on to developers. http://aws.amazon.com/s3/. “We looked at Amazon S3’s pricing, design and ease-of-use and were blown away. Amazon designed the service so well—it’s simple and elegant, so much so that it was basically a drop-in addition to our current infrastructure. It’s an incredible improvement on everything else out there. At the end of the day, it comes down to cost and performance, and Amazon S3 is the best on both accounts.” - Don MacAskill, CEO, SmugMug
  • Our customers continue to make very heavy use of Amazon S3. We now process up to 370,000 S3 requests per second. Many of these are PUT requests, representing new data that is flowing in to S3. As of the end of the third quarter of 2011, there are 566 billion (566,000,000,000) objects in S3. We've doubled the object count in just nine months (the other data points are from Q4).
  • AWS Direct Connect makes it easy to establish a dedicated network connection from your premise to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your datacenter, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections. AWS Direct Connect lets you establish a dedicated network connection between your network and one of the AWS Direct Connect locations. Using industry standard 802.1q VLANs, this dedicated connection can be partitioned into multiple logical connections. This allows you to use the same connection to access public resources such as objects stored in Amazon S3 using public IP address space, and private resources such as Amazon EC2 instances running within an Amazon Virtual Private Cloud (VPC) using private IP space, while maintaining network separation between the public and private environments. Logical connections can be reconfigured at any time to meet your changing needs. http://aws.amazon.com/directconnect/Amazon Virtual Private Cloud (Amazon VPC) lets you provision a private, isolated section of the Amazon Web Services (AWS) Cloud where you can launch AWS resources in a virtual network that you define. With Amazon VPC, you can define a virtual network topology that closely resembles a traditional network that you might operate in your own datacenter. You have control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can easily customize the network configuration for your Amazon VPC. For example, you can create a public-facing subnet for your webservers that has access to the Internet, and place your backend systems such as databases or application servers in a private-facing subnet with no Internet access. You can leverage multiple layers of security, including security groups and network access control lists, to help control access to Amazon EC2 instances in each subnet. Additionally, you can create a Hardware Virtual Private Network (VPN) connection between your corporate datacenter and your VPC and leverage the AWS cloud as an extension of your corporate datacenter. http://aws.amazon.com/vpc/Dedicated Instances are Amazon EC2 instances launched within your Amazon VPC that run hardware dedicated to a single customer. Dedicated Instances let you take full advantage of the benefits of Amazon VPC and the AWS cloud – on-demand elastic provisioning, pay only for what you use, and a private, isolated virtual network, all while ensuring that your Amazon EC2 compute instances will be isolated at the hardware level. You can easily create a VPC that contains dedicated instances only, providing physical isolation for all Amazon EC2 compute instances launched into that VPC, or you can choose to mix both dedicated instances and non-dedicated instances within the same VPC based on application-specific requirements. http://aws.amazon.com/dedicated-instances/
  • Amazon Web Services provides highly scalable computing infrastructure that enables organizations around the world to requisition compute power, storage, and other on-demand services in the cloud.  These services are available on demand so a customer doesn’t need to think about controlling them, maintaining them or even where they are located. Our approach has always been to be a customer focused company.  We constantly look to develop services in line with the needs of our customers to make sure they get the flexibility and usability out of the service that they need to be successful. 
  • Amazon Web Services provides highly scalable computing infrastructure that enables organizations around the world to requisition compute power, storage, and other on-demand services in the cloud.  These services are available on demand so a customer doesn’t need to think about controlling them, maintaining them or even where they are located. Our approach has always been to be a customer focused company.  We constantly look to develop services in line with the needs of our customers to make sure they get the flexibility and usability out of the service that they need to be successful. 
  • AWS Management Console is a web-based interface to manage your AWS services. Access and manage Amazon’s growing suite of infrastructure web services through a simple and intuitive, web-based user interface. The AWS Management Console provides convenient management of your compute, storage, and many other cloud resources. http://aws.amazon.com/console/
  • No need for COOP
  • Application integration on AWS is very similar to on-premise

Running Microsoft SharePoint On AWS - Smartronix and AWS - Webinar Running Microsoft SharePoint On AWS - Smartronix and AWS - Webinar Presentation Transcript

  • Running SharePoint on the AWS Cloud Miles Ward, Solutions Architect, AWS Robert Groat, CTO, Smartronix
  • Webinar How To’s• How can I submit a question?• How can I get a copy of the presentation?Special Note: Webinar is being recorded
  • Today’s Agenda• AWS 201 in 10 minutes – How AWS works – Networking, Storage, and Security – Windows on EC2• SharePoint on AWS – Design and Architecture – How the US Treasury does it – Practices for manageability, performance, and scale
  • Cloud Computing Benefits No Up-Front Low Cost Pay Only for Capital Expense What You Use Self-Service Easily Scale Up Improve Agility & Infrastructure and Down Time-to-Market Deploy
  • Why Amazon Web Services? Clear Market Security and Compliance The Cloud API Leadership Standard Global Footprint Operational Rate of and Expansion Excellence Innovation
  • AWS Global Infrastructure Availability Zones AWS Global Infrastructure Edge Locations Regions
  • Global Infrastructure for Global Enterprises
  • AWS Regions and Availability Zones Customer Decides Where Applications and Data Reside
  • Security
  • Security: Shared Responsibility Model AWS Customer• Facilities • Operating System• Physical Security • Application• Physical Infrastructure • Security Groups• Network Infrastructure • OS Firewalls• Virtualization • Network Configuration Infrastructure • Account Management
  • Built for Enterprise Security Standards Certifications Physical Security HW, SW, Network SOC 1 Type 2 Datacenters in Systematic change (formerly SAS-70) nondescript facilities management ISO 27001 Physical access Phased updates strictly controlled deployment PCI DSS for EC2, S3, EBS, VPC, Must pass two-factor Safe storage RDS, ELB, IAM authentication at decommission least twice for floor FISMA Moderate Automated access Compliant Controls monitoring and self- Physical access audit HIPAA & ITAR Compliant logged and audited Advanced network Architecture protection
  • AWS Security at a Glance SAS 70 Type II Audit Encrypt data in transit ISO 27001/2 Certification Encrypt data at rest PCI DSS 2.0 Level 1-5 Protect your AWS Credentials HIPAA/SOX Compliance Rotate your keys FISMA Moderate Infrastructure Application Secure your OS and applications FEDRamp / GSA ATO Security SecurityHow we measure that our How can you secure yourinfrastructure is secure application and what is your responsibility? Services Security What security options Enforce IAM policies and features are Use MFA, VPC, Leverage S3 bucket policies, available to you? EC2 Security groups, EFS in EC2 Etc..
  • AWS Foundation Services Foundation Services Compute Storage Database Networking Availability Zones AWS Global Infrastructure Edge Locations Regions
  • Compute & Storage Services Virtual Servers in the Cloud Your Choice of Linux and WindowsAmazon EC2 Easy to Scale Up and Down Hard Drive for Virtual Servers on EC2 Designed for High-PerformanceAmazon EBS You can Mount a Drive or Boot from EBS High-Volume Storage in the Cloud Amazon S3 Designed for Durability and Scalability Number of Objects is Virtually Unlimited
  • Storage: Scale of Amazon S3 Total Number of Objects Stored in Amazon S3 Peak Requests: 762 Billion 500,000+ per second 262 Billion 102 Billion 14 Billion 40 Billion 2.9 Billion Q4 2006 Q4 2007 Q4 2008 Q4 2009 Q4 2010 Q4 2011
  • Networking & Security AWS Direct Amazon Virtual Dedicated Connect Private Cloud (VPC) Instances Single Tenant Compute Instance Internet Dedicated connection Private VPN Amazon EC2 resources between your datacenter connection to your running on private and AWS AWS resources hardware
  • AWS Application Platform Services Application Platform Services Content Parallel Libraries & Messaging Distribution Processing SDKs Foundation Services Compute Storage Database Networking Availability Zones AWS Global Infrastructure Edge Locations Regions
  • AWS Platform Your Applications Management & Administration Building Block Services Administration Identity & Deployment Monitoring Console Access Application Platform Services Content Parallel Libraries & Messaging Distribution Processing SDKs Foundation Services Compute Storage Database Networking Availability Zones AWS Global Infrastructure Edge Locations Regions
  • AWS Management Console One-stop shop to manage your AWS services
  • What We Assume You Already Know EC2 Instance + Windows Server OS = AWS provides pre-configured Windows AMI’s to start running fully supported Windows Server virtual machines in the cloud in minutes
  • Isn’t Cloud Windows… Different? Full, real, licensed Windows Server OS – 2003, 2008, 2008R2, all via our Microsoft SPLA licensing means no CAL’s required – SQL Server Web and Standard via SPLA as well VPC for static, secure, user-defined networks Security groups for easy-to-configure firewalls per VM Easily install services and software that you know – AD, ADFS, SCOM, WSUS, SQL, Exchange, SharePoint, Media Services, etc. All the benefits of a cloud infrastructure without the… weird
  • The New Enterprise IT Network Architecture
  • SharePoint
  • Getting Started Simply sign up for AWS at http://aws.amazon.com/ Start a Windows Server, RDP in, kick the tires. Try the cloudformation script for a sharepoint foundation server to give infrastructure automation a real test run! Take advantage of the Free Tier to experiment with more advanced services
  • AWS CloudFormation http://aws.amazon.com/cloudformation/aws-cloudformation-templates/
  • Thank You!Miles Ward, Solutions Architect, AWS @milesward
  • Robert GroatChief Technology Officer Smartronixcloudassured@smartronix.com @groatr
  • Smartronix• We specialize in very large network operations, cyber security, infrastructure services and enterprise application development and deployment• We design, deploy, manage and secure some of the world’s largest and most complex networks (USMC, NMCI, DoJ, 53rd Air Wing)• AWS Partner since 2009 – AWS Advanced Consulting Partner – AWS Authorized Government Partner – AWS Channel Reseller Partner• Microsoft Gold Partner
  • Smartronix and AWS• AWS Solution Provider since 2009• Over 50 trained AWS specialists• Over 20 large scale high volume web sites: Treasury.gov, Recovery.gov, FinancialStability.gov, Makin gHomeAffordable.gov, ConsumerFinance.gov etc.• First government migration to the cloud• Commercial Enterprise SharePoint , Exchange and .NET deployments – (Fortune 1000, Federal, Health IT)
  • Why SharePoint-FIS on AWS?• Enterprises want to consolidate their infrastructure for their web properties (apps, websites, extranets)• Elasticity• Performance / Agility• Availability• Security
  • Sample SharePoint Public Sites
  • Solution• Single community cloud architecture supporting multiple web properties running on AWS• Multi-zone configuration with no single point of failure• Active / Active configuration with no need for DR/COOP or ALT-SITE• For extremely high volume sites: Maximize compute infrastructure efficiency by using a CDN
  • Architecture Production Public Enclave Amazon CloudFront Elastic Load Balancer TMG TMG TMG TMG DC DC Server Server Server Server Security Group Security Group Security Group Security Group Amazon S3 Amazon Search Web Web Web Web SearchCloudWatch Server Server Server Server Server Server Alarms Security Group Security Group App App App AppAmazon SNS Server Server Server ServerNotifications Security Group Security Group Primar 2ndary OPS OPS Witnes DB DB Server Server Server Server Server IAM Security Group Security Group Availability Zone A Availability Zone B Authoring / Collab Enclave App Web App Web Server Server Server Server Security Group Security Group Corporate Data center Availability Zone A Availability Zone B
  • Solution Architecture Highlights• Multi AZ (N+1 architecture)• VPC architecture of Authoring enclave using BGP VPN• Isolated Authoring and Public enclaves• Layered security
  • High Availability• No single point of failure• Active / Active environment across AZs• Robust SQL Mirroring
  • High Scalability• Load balanced workloads• Linear scale by adding more WFEs• Flexibility to increase or decrease SQL compute, RAM and storage• Maximum scale by adding CDN such as CloudFront
  • Security• “Least Privilege” Best Practice• Hardened AMI• Multiple Secure Enclaves• Monitoring stack (Cloud Watch plus SCOM plus Zenoss etc)• Data Protection, Encryption and Backup solutions• Software based IDS/IPS
  • Case Studies
  • Recovery.gov Features • Integrated with ESRI • Integrated with SAP Business Objects • Uses Akamai CDN • Hybrid Cloud approach
  • Treasury.gov Features • Auth, Staging and Prod in cloud • 4 SharePoint sites hosted in one farm + 10 IIS sites • Over 150 content editors across departments • 100 million+ page views
  • Technologies Deployed SharePoint 2010 Akamai CDN SQL Server 2008 McAfee EPO ESRI ArcGIS Symantec Business Objects WSUS Systems Center Snort Data Protection manager Zenoss Threat Management Gateway Directory Services FAST Search MySQL
  • Summary• SharePoint can be deployed securely, rapidly and cost effectively on AWS• Design for fault tolerance• Scale as needed• Implement a layered Security model
  • Thank You!Robert Groat, CTO, Smartronixcloudassured@smartronix.com @groatr
  • Architecture Production Public Enclave Amazon CloudFront Elastic Load Balancer TMG TMG TMG TMG DC DC Server Server Server Server Security Group Security Group Security Group Security Group Amazon S3 Amazon Search Web Web Web Web SearchCloudWatch Server Server Server Server Server Server Alarms Security Group Security Group App App App AppAmazon SNS Server Server Server ServerNotifications Security Group Security Group Primar 2ndary OPS OPS Witnes DB DB Server Server Server Server Server IAM Security Group Security Group Availability Zone A Availability Zone B Authoring / Collab Enclave App Web App Web Server Server Server Server Security Group Security Group Corporate Data center Availability Zone A Availability Zone B