Amazon Web Services serves hundreds of thousands of customers in more than 190 countries from startups to Fortune 500s. Ourcusetomers include internet businesses like Netflix and Yelp; media companies like Newsweek and NY times and large enterprises like Shell, Farmer’s insurance and Hitachi.
You can extend your corporate datacenter to the cloud. Create a private slice of the public cloud and define your own network topology so that your corporate network can breathe in and breathe out. This year, we also released one dedicated
Security is not optional. We have to built it every single layer right from perimeter to the application. In the cloud, security is a shared responsibility. Infrastructure security is responsibility of the AWS. This year amazon worked really hard and now have achieved all the security certifications. Best of all you get all these security certifications for free. Even if you don’t have credit card workloads, you still get the same secure infrastructure. For Infrastructure security, you can get full SAS 70 audit report on requestFor Services Security, we provide detailed technical documentation on how to use the featuresFor Application Security, we have security bulletins (security center), provide you with security guidance, Premium Support
This is a screen shot of Amazon VPC Web management console. You can create several different VPC configurations right from point and click interface of VPC. Let’s see how all this works.
This is how most of the enterprises are leveraging VPC – What I call the new Enterprise IT network architecture – which will be powered by the cloud.
Autodesk leverages Amazon VPC as extension of their corporate datacenter. VPC is part of their internal network. They had 3 datacenters since 2009, VPC is 4th datacenter. It was so successful within Autodesk that they identified several new business opportunities and products as a result of this integration.
We understand that you might have 100s of questions around risk and compliance.
Helping to protect the confidentiality, integrity, and availability of our customers’ systems and data is of the utmost importance to AWS, as is maintaining customer trust and confidence. Control Environment, Control Objectives, Environmental safeguards, Business continuity. Also provide security best practices.
Security is often a concern expressed when moving to the cloud. Hence it is very important to understand and analyze security of the App-level for example, understand what is your threats and what is the likelihoods of those threats and how can those be avoided using the variety of security features, options and services that AWS provides. Understand that you own the data not AWS. Understand for your regulatory requirements, you choose the geo location and we will not move the data unless you tell us to do so. Understand that there different options based on your sensitivity of your data you can choose the encrypt/decrypt your datasets. You can download back or delete the data whenever you like. And you can give highly granular permissions and sophisticated control to yourThere is a separate talk on security and security best practices but the actionable conclusion or big take away from this slide is We have often found that security discussion is typically ends when the company has awareness of Security (features, services, options) and it often comes down getting people on the same page when it comes to security – Hence we advise you to involve your security teams early in the processAndy’s Security IT team was involved early on. Andy knew that there solutions exists and that his teams needs to be aware of the different options.
We understand that in order to run Enterprise applications you need enterprise grade software. Today, you can really choose a range of enterprise software to run on AWS. All this software is certified and supported by the vendors themselves and bring your own license (BYOL). This is one of the core differentiators of AWS that you can move packaged applications to the cloud or when moving to the newer versions of these applications, instead of upgrading the software on-premises, they move to the cloud and do a diagonal upgrade.
We build services not just for our customers but ourselves. We use them because we believe in them. One project I am really proud of is How Amazon moved its corporate intranet that stores highly sensitive data. In this project, we made sure Amazon is transparent…….At the end of the project, we not only …..
The beauty about this deployment project was that it used variety of 3p packaged software on VPC.
Flexibility – we support licensing models for a wide variety of software. Oracle ULR for Oracle licensing information on the cloud
TaxFinanceLegalAWS FraudAWS Data ServicesAWS Identity ServicesAWS AuthBusiness Development / ISV PartnersCS / Developer SupportEC2EBS BillingKAOSSecurityMarketingDev Resources / Portal
Bankinter uses Amazon Web Services (AWS) as an integral part of their credit-risk simulation application, developing complex algorithms to simulate diverse scenarios in order to evaluate the financial health of their clients. Bank at least 400,000 simulations to get realistic results.Through the use of AWS, Bankinter brought average time-to-solution down from 23 hours to 20 minutes and dramatically reduced processing, with the ability to reduce even further when required.
Working with AWS solutions provider 2nd Watch to create hyper-local web and mobile platforms for travelersMigrating from co-location facility with limited flexibility, inadequate performance, and high operating expensesUtilizing Amazon EC2 with Elastic Load Balancing, Amazon S3, Amazon VPC, and Amazon CloudFront.
Member of the Capgemini group, a top global strategic partner since 91, Oracle Diamond Partner, end-to-end services for Oracle on AWShttp://www.us.sogeti.com/what-we-do/alliances-oracle.html
The first step in the migration of existing applications comes to classifying your IT assets. Some customers have looked at their IT departments from 50K view and have created dependency tree of their logical constructs. Listing all your IT assets and identifying the upward and downward dependencies. Within every organization there are variety of applications of different sizes and shapes and with different set of characteristics. Thinking that if one application cannot move, does not mean all applications cannot move. Breaking down the big job, into small tasks and tackling each task individually will get the big job done. So he classified the IT Asset portfolio into different categories – Top secret, secret, public datasets, Application with high low medium compliance requirements, Applications different security and licensing requirements.
Stack ranking your assets and prioritizing the applications based on simple criteria you defined earlier. Andy noticed very quickly that there were several applications which are “No Brainer to Move” and can be moved today and will result in immediate benefits of the cloud. At the same time, He also did not just select some applications that were just easy to move but also that were complex and can be used as a internal success story within the companyYou will notice that some applications are just plain drop dead cool if they moved to the cloud like your content, tutorial websites, pre-sales demo environments.
After listing them, he started to stack rank this IT assets based on the analysis. The applications that would take time to move to the cloud are NOT off the list they are just lower down the list. And the applications that are low hanging fruits are up the list. Pick the low hanging fruits first, gain some experience and then tackle the other applications. For example web applications or content management systems etc are all easy to move and can be forklifted to the cloud.
Schneider Electric is an international energy management specialist operating in more than 100 countries. The company has over 110,000 employees For its Intranet-based applications, Schneider Electric is using Amazon Virtual Private Cloud (Amazon VPC) in combination with the Riverbed Cloud Steelhead service. Riverbed Cloud Steelhead accelerates data traffic between the company’s existing wide-area network and its Amazon VPC. Since the migrated applications are Java and .NET-based legacy systems, the Schneider Electric IT team established the applications within the Amazon VPC using the necessary Windows and Linux operating systems.
Shell started provisioning AWS services in April 2010 The Shell Foundation Platform – an IT framework – is AWS approvedThat means that the Center of Excellence has a pre-approved framework that allows LOBs to deploy cloud-approved applications onto AWSThe Shell Foundation Platform is a framework used by all new projects utilizing on-demand cloud services. The SFP is certified to run on AWS. Compliant applications built on the SFP are able to be run in production on AWS.
There are severalapproaches to building a cloud strategy. We’ve seen customers from all size companies, from all industries get started with AWS in different waysBuilding a cloud strategy really depends on the companies needs. As a CIO or a manager reporting to the CIO, we recommend that you have a 2 part strategy for your Enterprise to get started in the cloud. For new applications, build and design new architectures with the cloud in mind. We have seen several customers like New York times who were quickly able to leverage some of cloud architecture patterns of implementing elasticity from ground up, loosely coupling etc. in other words, build a cloud-ready design from scratch.Just like greenfield applications can benefit from the cloud, existing application can too benefit from the cloud. For existing applications, we recommend building a migration plan, and transitioning application by application. This enables organizations to gain experience with the cloud as they begin to transition larger chunks of their infrastructure. When building this plan, you will notice that there are number of apps that are simply no-brainer to move to the cloud and can be moved very easily today. And other apps, they take methodical phased plan approach.This strategy has worked for several of our customers. Whether you are startup or an SMB or Large enterprise or an SI helping the customer, the strategy does not really need to change. We have noticed that when customers have followed the step by step phased planned approach - (some of which I will discuss in this presentation) and have invested time and resources towards building proof of concept projects, they clearly see the tremendous potential of AWS, and are able to leverage its strengths very quickly. And want to move other apps as well.
The Blueprint offers a step by step approach to cloud migration and has been proven successful. When customers will follow this blueprint and focus on creating a proof of concept, they will immediately see value in their proof of concept projects and see tremendous potential in the AWS cloud. After they move their first application to the cloud, they will get new ideas and will want to move them into the cloud.
Applications that are very interesting, easy to experiment with, simple sel
Enterprise Applications in the Cloud Jinesh Varia @jinman Technology Evangelist
Today4 TrendsLots of enterprise customer storiesEnterprise ArchitectureTipsResources
Why are Enterprises using AWS?Enterprise Features Security and Compliance The Cloud API Standard Global Footprint Operational Rate of and Expansion Excellence Innovation
Trend #1Enterprises are using AWS cloudas asecure extensionof their existing datacenters
Cloud as an extension of their existing data centers 10G DirectConnect Amazon Corporate Location Virtual Private Data Center Cloud
In the Cloud, Security is a Shared Responsibility SAS 70 Type II Audit Encrypt data in transit ISO 27001/2 Certification Encrypt data at rest PCI DSS 2.0 Level 1-5 Protect your AWS Credentials HIPAA/SOX Compliance Rotate your keys FISMA A&A Moderate Infrastructure Application Secure your application FEDRamp/GSA ATO Security SecurityHow we secure our How can you secureinfrastructure your application and what is your Services Security responsibility? What security Enforce IAM policies options and Use MFA, VPC, Leverage S3 features are bucket policies, EC2 Security available to you? groups, EFS in EC2 Etc..
Corporatedata center Availability Zone 1 DirectConnect Location 10G Private Router Subnet Customer VPN Gateway Gateway CorporateHeadquarters Internet Public Subnet Gateway Amazon VPC Availability Zone 2Branch Offices Amazon S3 Amazon SimpleDB Amazon SES Amazon SQS New Enterprise IT AWS Region Network architecture
VPC is part of the Autodesk internal network Source: Autodesk
Your Data Center Amazon Web Services iSCSI Amazon SSL EC2 AWS Storage Gateway VMApplication On-premises AWS Servers Amazon S3 Host Storage Gateway Service Amazon EBS Direct Attached or Storage Area Network Disks New Enterprise IT Storage architecture
Enterprise Security FeaturesAWS Identity And Access Management • User management • Policy-based granular access control • Web login to individual users • Manage users and groups using ConsoleIdentity Federation • Security Token Service • LDAP/AD IntegrationMulti-Factor Authentication • Virtual MFA • Physical DeviceConsolidated BillingInvoicing Android, iOS, Gemalto Windows, Blackberry
Risk compliance. How is SOX compliance Data durability achieved if in-scope systems are deployed in the cloud provider environment? Distributed Denial Of Service (DDoS) attacks. Service Provider and Customer How does the provider protect their service business continuity. against DDoS attacks? HealthCare compliance. Is it possible to meet Backups. HIPAA/GLBA certification requirements while deployed in the cloud provider environment? Data center tours or Third Party Access. AreHypervisor vulnerabilities. Has the cloud data center tours by customers allowed by theprovider addressed known hypervisor cloud provider? Vulnerabilityvulnerabilities? E-Discovery. Does the cloud provider meet the management. customer’s needs to meet electronic discovery Privileged procedures and requirements? Actions Scheduled maintenance Data ownership. What are the cloud provider’s rights outages. Does the provider over customer data? specify when systems will Data isolation. Does the cloud provider adequately be brought down for isolate customer data? maintenance?
AWS Security and Compliance Center (http://aws.amazon.com/security/)Answers to many security &privacy questions• Security whitepaper• Risk and Compliance whitepaperSecurity bulletinsCustomer penetration testingSecurity best practicesCompliance FAQ and Guidance
You own the data, not AWS. You choose which geographic Tip #1 location to store the data. It doesn’t move unless you decide to move it. You should consider the sensitivity of your data and decide if and howInvolve your you will encrypt your data while it isSecurity in transit and while it is at rest. Your IT, Risk, Compliance and AuditTeams early requirements can be met by AWS Reports (SAS 70) and externalin the certifications (ISO27001, PCI, FISMA)process You can download or delete your data whenever you like. You can set highly granular permissions to manage access of a user to specific service operations, data, and resources in the cloud for greater security control.
4 Key Trends in the Enterprise…. #1 Enterprises are using AWS as a secure extension of their existing datacenters (Leveraging VPC, DX, SGW, IAM)
Trend #2The flexibility of the AWS Cloudenables Enterprises to deployenterprise-grade appsin the cloud
Enterprise Software in the cloud - BYOL Microsoft Exchange Server, Microsoft SharePoint Server, Microsoft SQL Standard Server, Microsoft SQL Enterprise Server, Microsoft Lync Server, Microsoft System Center servers, and Microsoft Dynamics CRM through License Mobility Software Assurance Oracle fully supports Oracle E-Business Suite, Oracle’s PeopleSoft Enterprise, Oracle’s Siebel CRM, Oracle Fusion Middleware, Oracle Database, and Oracle Linux on the portion of AWS EC2 which uses Oracle VM. IBM DB2, Informix, Lotus® Forms Turbo, WebSphere® Application Server, WebSphere® sMash, WebSphere Portal Server, Lotus® Web Content Management Standard Edition , InfoSphere Information Server, Lotus Domino®, Lotus Web Content Management Standard Edition®, Tivoli Monitoring® SAP® solutions, including SAP® Rapid Deployment solutions and SAP® BusinessObjects™ solutions , All-in-One
Benefits Infrastructure Procurement Time Reduced from over four to six weeks to minutes. Server Image Build Process that hadAmazon Corporate IT previously taken a half day is now automated.Deploys Mission- Annual Infrastructure Costs Cut byCritical Corporate 22 percent when replacing on-Intranet running premise hardware with equivalent cloud resources.SharePoint 2010 to Eliminating Operational OverheadAWS Cloud of server lease returns, freeing up approximately 2 weeks of engineering overhead per year by replacing servers with equivalent cloud resources.
Mission-Critical Application on AWS Uses Microsoft SQL Server 2008 Microsoft Windows Server R2 Microsoft SharePoint 2010 On Amazon EC2 (in Amazon VPC) and Amazon EBS, DirectConnect Windows BitLocker Windows DPAPI
Problem Solution BenefitsKnown availability issues Migrated Microsoft Increased time-to-marketin the primary SharePoint production to by reducing serverdatacenter AWS provisioning time from 5 weeks to 2 daysSanta Monica datacenter Deployed SAP ERP dev &ran out of capacity test environments on Reduced operating costs AWS for SAP Dev & Test aroundCost and complexity of 50%building a new Ready to move SAP ERP Lessened environmentaldatacenter were production to AWS demands with power &prohibitive cooling Freed up IT resources that are now focused on solving business problems
Recovery.gov, Treasury.gov and several othersSharePoint migration and consolidation projects withRecovery.gov, Treasury.gov, Army Corp of Engineers, ++Microsoft License Mobility program to license serverapplications on AWSUses SharePoint 2010, SQL Server 2008, ForeFront Infra Cost Comparison ~60-70% savings AWS Cloud Infrastructure Old Infrastructure
SharePoint Deployment is easy and one-click away using AWS CloudFormation Launches SharePoint Foundation 2010 running on Microsoft Windows Server® 2008 R2http://aws.amazon.com/cloudformation/aws-cloudformation-templates/
Public site SharePoint reference architecture on AWS DMZ Private Subnet Private Subnet Private Subnet Private Subnet NAT Web Tier Application Database Tier Active Directory Server Tier RDGW Private SubnetRemote Primary DC/DNSAdmin Primary DB IIS & SharePoint Central Admin & Web Front End SharePoint Services Threat Mgmt Gateway Availability Zone 1 ELB Threat Mgmt GatewayInternet Internet Gateway IIS & SharePoint Central Admin & Mirror DB Web Front End SharePoint Services Private Subnet Witness RDGW Backup DC/DNS Application NAT Web Tier Database Tier Active Directory Server Tier DMZ Private Subnet Private Subnet Private Subnet Private Subnet Availability Zone 2 Whitepaper: http://bit.ly/aws-sharepoint AWS Region
Tip #2: Get Licensing rightOracle All Oracle Software licenses are fully portable to EC2 (ELA, ULA, NUP, BPO) Oracle Cloud Licensing PolicyMicrosoft All Windows Server Applications areavailable (EA, ESA, OVA, Open License andSelect Plus (with SA Option) For Licensedapps, need appropriate CALs) License Mobility with Software Assurance
Find and buy softwarethat runs in the AWS cloud
AWS Marketplace is for customers searching for development and business software from well known vendors including 10gen, CA, Canonical, Check Point, IBM, Microsoft, Perforce, Red Hat, Riverbed, SAP, and Zend.Benefits for Buyers Benefits for Sellers• Find software that runs on the • Reach new customers AWS Cloud • Easily add hourly billing to• Start applications in minutes your software with 1-Click launch • Help customers get running• Pay by the hour for your faster by giving them software and be billed on your software as pre-configured AWS bill server images
AWS Architecture Center (http://aws.amazon.com/architecture)Whitepapers Amazon.com SharePoint 2010 Deployment Case study Architecture Running High-Availability SQL Server on AWS SharePoint Reference Architecture http://bit.ly/aws-sharepoint Single Sign-on using ADFS: Step-by- Step Guide Securing Microsoft Applications on AWS (New!)
4 Key Trends in the Enterprise…. #1 Enterprises are using AWS as a secure extension of their existing datacenters (Leveraging VPC, DX, SGW, IAM)#2 Flexibility: Enterprises are deploying enterprise-grade apps from Microsoft, Oracle, SAP, IBM.. On AWS
Trend #3Agility and reduced costremain the key adoption driversin the enterprise today
Agility and Reduced Cost = key enterprise driversTime to provision a server in an enterprise350,000 Minutes (7-8 Months)$1000 To rack and stack on-premiseTime to provision a server in the cloud <5 Minutes$260 For 3 years (reserved 100% utilized)
NASA CIO’s decree: “Replace EveryProcurement Screen with a ProvisioningScreen”
Bank – Credit-Risk Simulation Application Bankinter brought average time-to- solution down from 23 hours to 20Bankinter was founded minutes and dramatically reducedin June 1965 as a processing time.Spanish industrial bank “With AWS, we now have the power tothrough a joint venture decide how fast we want to obtainby Banco de Santander simulation results, and, moreand Bank of America importantly, we have the ability to run simulations not possible before due to the large amount of infrastructure required.” – Castillo, Director, Bankinter
Archive Vaulting solution Business Benefits• Complete elimination of tape from the archival process• Faster recovery speeds• Protects 246 nodes and 40TB daily
Samsung Powers Smart Hub Service withAWS, Reducing Costs by 85% and Saving $34 Million Use of AWS Business BenefitSamsung uses AWS platform of technology Reliability of AWS cloud has enabledinfrastructure services to build Smart Hub Samsung to be highly available to meetapplication. their SLA targets.Smart Hub application runs on AWS cloud for AWS’ Global Infrastructure Regionsusers of Smart TV and Blu-ray players to enables Samsung to easily expand theiraccess content of 3rd party providers. services and accelerate time to market across the world. “If we were to use the traditional on-premise datacenter, we would have spent $34 million dollars more in hardware and maintenance expenses during the first two years. With AWS cloud, we met our reliability and performance objectives at a fraction of the cost.” Mr. Chun Kang Principal Engineer, Visual Display Division
Infra Cost Comparison ~58% savings! AWS Cloud Infrastructure Old Infrastructure Business Benefits• 58% savings over existing infrastructure• Faster network speeds• Improved load times• Already planning future migrations (TicketsWest, corporate production)
Recommended Configuration for the CloudMulti-AZ Persist Intelligently;Use Provisioned IOPS Ephemeral, EBS, DynamoDvolumes (New!) B or S3Snapshots vs. Backups Secure your CredentialsRDS vs. RDBMS Auto-scaling for Auto-Federated Authorization RecoveryAutomated Deployments Elastic Network InterfacesLogs -> S3 Elastic Load Balancing (SSL)
4 Key Trends in the Enterprise…. #1 Enterprises are using AWS as a secure extension of their existing datacenters (Leveraging VPC, DX, SGW, IAM)#2 Flexibility: Enterprises are deploying enterprise-grade apps from Microsoft, Oracle, SAP, IBM.. On AWS #3 Agility and reduced cost are the key adoption drivers in the enterprise today
Trend #4Migrating to the cloudis not all or nothing;Classify your IT assets
Classifying your IT Assets List all your IT assets Dash board Identify upward and downward dependencies Web CRM Auth Start classifying your IT assets into different categories: • Applications with Top LDAP Service Secret, Secret, or Public data setsDB • Applications with low, medium and Search high compliance requirements OLAP Engine • Applications that are internal- only, partner-only or customer-facing • Applications with low, medium and high coupling ERP Report logs • Applications with strict, relaxed licensing
Stack rank your IT assets • Search for under-utilized IT assets • Applications that has immediate business need to scale • Applications that are running out of capacity • Easiest to move today • That Builds support within your organization and creates awareness and excitement
Pick the Low-hanging Fruits First Dash board Examples: • Web Applications • Batch Processing systems Web CRM Auth • Content Management Systems ServicDB LDAP e • Digital Asset Management Search Systems OLAP Engine • Log Processing systems • Collaborative Tools ERP Report logs • Big Data Analytics Platforms
Move application by application Dash board Web CRM CRM Auth Servic LDAP eDBDB Search OLAP Engine ERP Report logs
Business Benefit • Open and flexible platform• F500 global energy management allows Schneider to run Java company with operations in more and .NET apps on Windows than 100 countries (110,000 and Linux virtual servers employees)• Started moving Internet and • Increased IT agility by rolling Intranet workloads to AWS in early out new applications faster on 2011 AWS• Runs 15 production applications on AWS
Should migration to the cloud led by business teams or IT Teams?
Business Benefits • No minimum commitment up front and pay per use• Operationalizing their cloud brings significant savings strategy • Fast provisioning within• Shell Foundation Platform – an minutes for many IT framework – is AWS approved• Core operational applications applications running in production on AWS • Elasticity – the ability to• Development and test expand and contract IT environments running on AWS infrastructure as needed
Migrating to the cloud Cloud Benefits Build a New Zero upfront investment Cloud-Ready applications Design On-demand provisioning Cloud Strategy “No-brainer to Instant scalability move” Apps Existing Auto scaling and Applications elasticity Planned Phased Pay as you goLarge Enterprise Migration Removes undifferentiated heavy lifting Developer productivity Automation
Cloud Migration : a Phased-driven Strategy WhitepaperFind it at http://aws.amazon.com/whitepapers
Tip #4 Examples • Dev/Test applicationsIdentify and • Backup/Archivemove the • Self-contained Web ApplicationsCloud-Ready • Social Media Product Marketing CampaignsApps quickly • Customer Training Sites • Video Portals (Transcoding and Hosting) • Pre-sales Demo Portal • Software Downloads • Trial Applications
4 Key Trends in the Enterprise…. #1 Enterprises are using AWS as a secure extension of their existing datacenters (Leveraging VPC, DX, SGW, IAM)#2 Flexibility: Enterprises are deploying enterprise-grade apps from Microsoft, Oracle, SAP, IBM.. On AWS #3 Agility and reduced cost are the key adoption drivers in the enterprise today#4 Migrating to the cloud is not all or nothing; Classify your IT assets; Its easy and cost-effective
Tips #1 Involve your security teams early in the process #2 Get licensing right; leverage cloud licensing models #3 Leverage best practices and configure for the cloud #4 Move low-hanging fruits first and gain confidence