Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Matt Lehwess – Principal Solutions Architect
Jam...
Should I migrate everything to AWS?
No, this is more than a binary choice.
On-Premises Cloud
Should I migrate everything to AWS?
We just need to figure out the connectivity…
On-Premises Cloud?
Hybrid networking
Or more commonly referred to as… networking.
Instance A
10.1.1.11/24
Instance B
10.1.2.11/24
Managed
NAT Gateway
AWS Lambda
inside VPC
AWS networking
Lets get distract...
Connecting to AWS
IGWs, VGWs, VPNs, and AWS Direct Connect
On-Premises
VPN connectivity
Provisioning VPN connections
1. Build your AWS infrastructure
2. Create your Virtual Private ...
! Amazon Web Services
! Virtual Private Cloud
! AWS utilizes unique identifiers to manipulate the configuration of
! a VPN...
AWS Direct Connect – Provisioning
on-premises
Colocation Facility – e.g. Equinix SV1
Private VIF
Public VIF
VLAN B
VLAN A
...
Common hybrid use cases
What kind of hybrid architectures can we build?
Customer-facing applications
External apps
on AWS
Scalability and Elasticity
Auto Scaling infrastructure to required
capac...
The famous three-tiered web application
Reference: https://aws.amazon.com/architecture/
Building multi-site deployments with AWS
Pilot light architecture
• Allows the scaling of redundant sites
during a failure...
Defining communications
# Source
Application
Destination
Application
Port Bandwidth Latency
#1 Web Tier Application Tier 4...
Placing your application where it makes sense
On-premises based front end
• Allows for on-premises front end, such as
appl...
Nuts.com required the front end for their web application to reside inside their
distribution centers in the form of an ap...
On-premises based front end
• Allows for on-premises front end, such as
application based interfaces.
Customer case study:...
Customer case study: Nuts.com
“Our value is in being able to deliver quality food items
quickly...
AT&T NetBond® helps us ...
Customer case study: Brooks Brothers
Availability Zone
VPC Subnet
Corporate Data Center
SAP
ERP
Users
Call Center
Supporti...
SAP HANA hybrid deployment
Customer case study:
AWS
CloudFormation
IAM
Amazon
CloudWatch
Amazon S3
Backup
Recovery
Kellogg...
Placing your application where it makes sense
Split-tier architecture
• Allows for custom “web” layer on-
premises, such a...
Placing your application where it makes sense
Split-tier architecture
• Allows for custom “App” layer on-
premises, such a...
Placing your application where it makes sense
Split-tier architecture
• Allows for custom “DB” layer on-
premises, for exa...
Other hybrid use cases
What else can we build?
Corporate Network
App A
App B App C
Container
DevOps
TemplateVDI
Innovation & agility
Automated builds and deployment of
c...
Application
Server
Virtual
Server
File
Server
Database
Server
Amazon S3
Backup
System
Backup and archive
Amazon
Glacier
Ba...
Application
Server
Virtual
Server
File
Server
Database
Server
Amazon S3
Veeam Backup & Replication
Symantec NetBackup
Orac...
Hybrid connectivity
Complexity solved through partner solutions
Hybrid cloud requirements
Customer case study:
Robert Half IT envisioned a hybrid cloud architecture where business
units ...
Hybrid cloud challenges
Customer case study:
The network bottleneck: More than 4 weeks to provision
secure connectivity be...
Hybrid cloud challenges
Customer case study:
Other challenges when building hybrid cloud connectivity:
• Business disrupti...
Hybrid cloud challenges
Customer case study:
Perimeter
Device
Long wait time (weeks) to
provision cloud network
Requires c...
Hybrid cloud solutions
Customer case study:
IAM S3 Endpoint Security
Groups
Account
Aliases
Aviatrix CloudN
1. Users can p...
“Aviatrix makes AWS a lot more consumable
for us. We wanted a completely isolated
environment for each business applicatio...
Final thoughts
• Hybrid infrastructure is key. AWS allows for full network integration and
hybrid cloud architectures acro...
Questions
Thank you!
Remember to complete
your evaluations!
Upcoming SlideShare
Loading in …5
×

AWS re:Invent 2016: Hybrid Architecture Design: Connecting Your On-Premises Workloads to the Cloud (GPSISV4)

4,078 views

Published on

You’re trying to minimize your time to deploy applications, reduce capital expenditure, and take advantage of the economies of scale made possible by using Amazon Web Services; however, you have existing on-premises applications that are not quite ready for complete migration. Hybrid architecture design can help! In this session, we discuss the fundamentals that any architect needs to consider when building a hybrid design from the ground up. Attendees get exposure to Amazon VPC, VPNs, Amazon Direct Connect, on-premises routing and connectivity, application discovery and definition, and how to tie all of these components together into a successful hybrid architecture.

Published in: Technology

AWS re:Invent 2016: Hybrid Architecture Design: Connecting Your On-Premises Workloads to the Cloud (GPSISV4)

  1. 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Matt Lehwess – Principal Solutions Architect James Fogerson – Sr. Solution Architect, Robert Half November 29, 2016 Hybrid Architecture Design Connecting Your On-Premises Workloads to the Cloud
  2. 2. Should I migrate everything to AWS? No, this is more than a binary choice. On-Premises Cloud
  3. 3. Should I migrate everything to AWS? We just need to figure out the connectivity… On-Premises Cloud?
  4. 4. Hybrid networking Or more commonly referred to as… networking.
  5. 5. Instance A 10.1.1.11/24 Instance B 10.1.2.11/24 Managed NAT Gateway AWS Lambda inside VPC AWS networking Lets get distracted by new things: Virtual Private Endpoints for S3 Gives you the ability to connect privately to S3 AWS Lambda inside a VPC Access Lambda without having to go through a VGW NAT Gateway Use NAT gateway within a VPC for manage NAT to the Internet Availability Zone A Availability Zone B Instance C 10.1.3.33/24 Public SubnetPublic Subnet Private Subnet Private Subnet Instance D 10.1.4.44/24 VPC CIDR 10.1.0.0/16
  6. 6. Connecting to AWS IGWs, VGWs, VPNs, and AWS Direct Connect
  7. 7. On-Premises VPN connectivity Provisioning VPN connections 1. Build your AWS infrastructure 2. Create your Virtual Private Gateway (VGW) and attach to your Virtual Private Cloud (VPC) 3. Define your customer gateway (CGW) 4. Create your VPN connection between the VGW and CGW 5. Download your template configuration 6. Configure your CGW and watch your tunnels come up and enjoy encrypted connectivity! Internet Access IPsec Tunnel 1 - Primary IPsec Tunnel 2- Secondary The Internet
  8. 8. ! Amazon Web Services ! Virtual Private Cloud ! AWS utilizes unique identifiers to manipulate the configuration of ! a VPN Connection. Each VPN Connection is assigned an identifier and is ! associated with two other identifiers, namely the ! Customer Gateway Identifier and Virtual Private Gateway Identifier. ! ! Your VPN Connection ID : vpn-52cd203b ! Your Virtual Private Gateway ID : vgw-9c987bf5 ! Your Customer Gateway ID : cgw-c39d7eaa ! ! ! This configuration consists of two tunnels. Both tunnels must be ! configured on your Customer Gateway. ! ! ! ! ! ! -------------------------------------------------------------------------------- Sample VPN configuration
  9. 9. AWS Direct Connect – Provisioning on-premises Colocation Facility – e.g. Equinix SV1 Private VIF Public VIF VLAN B VLAN A AWS Direct Connect POP Customer or Partner Cage 1. Build your AWS infrastructure 2. Create your Virtual Private Gateway (VGW) and attach to your Virtual Private Cloud (VPC) 3. Order an AWS Direct Connect from the console or through a Direct Connect Partner 4. Have your cross connect provisioned from the AWS router to your device or your partners device (or use a partners NNI) 5. Build connectivity if not already available through partner back to on-premises 6. Provision your Virtual interfaces (private or public) and start using your AWS Direct Connect. Service Provider Network + More
  10. 10. Common hybrid use cases What kind of hybrid architectures can we build?
  11. 11. Customer-facing applications External apps on AWS Scalability and Elasticity Auto Scaling infrastructure to required capacity and match spending to actual utilization High Availability Application deployments that span across multiple facilities with adequate load balancing Global Reach Highly available global services on edge locations across the world Maintainability Fully managed service portfolio for most common application components DNS CDN Load B. Load B.Front App Back end Database Storage
  12. 12. The famous three-tiered web application Reference: https://aws.amazon.com/architecture/
  13. 13. Building multi-site deployments with AWS Pilot light architecture • Allows the scaling of redundant sites during a failure scenario X DNS Resoluton DNS Resoluton
  14. 14. Defining communications # Source Application Destination Application Port Bandwidth Latency #1 Web Tier Application Tier 443 10Mbps 10ms #2 Application Tier Database Tier 1 1433 50Mbps 2ms #3 Database Tier 1 Database Tier 2 1521 50Mbps 50ms The communications matrix Allows for the description of interconnectivity between applications. By defining communications you can determine where applications may be placed based on the network properties of any points of interconnection.
  15. 15. Placing your application where it makes sense On-premises based front end • Allows for on-premises front end, such as application-based interfaces.
  16. 16. Nuts.com required the front end for their web application to reside inside their distribution centers in the form of an application running on portable Motorola Simbol TC70 hardened barcode scanners. With users constantly communicating with the AWS-built application continuously, low latency seamless connectivity was a hard requirement of the project. AT&T NetBond Customer case study: Nuts.com
  17. 17. On-premises based front end • Allows for on-premises front end, such as application based interfaces. Customer case study: Nuts.com
  18. 18. Customer case study: Nuts.com “Our value is in being able to deliver quality food items quickly... AT&T NetBond® helps us streamline back-end operations by simplifying how we connect to AWS cloud services, so we focus on impressing our customers.” Ben Shakal Chief Tech Nut,
  19. 19. Customer case study: Brooks Brothers Availability Zone VPC Subnet Corporate Data Center SAP ERP Users Call Center Supporting Systems Stores (POS) SaaS Provider (Data Cleansing) AWS Direct Connect r3.8xlarger3.8xlarge SAP Customer Contact Center application landscape SAP HANA Quick Start: https://aws.amazon.com/quickstart/architecture/sap-hana/ SAP HANA SAP HANA SAP CAR (AS ABAP) SAP CAR (AS ABAP) SAP SLT
  20. 20. SAP HANA hybrid deployment Customer case study: AWS CloudFormation IAM Amazon CloudWatch Amazon S3 Backup Recovery Kellogg’s Data Center SAP ERP Users Production SAP HANA DB Encrypted VPN Connection Public reference: https://aws.amazon.com/solutions/case-studies/kellogg-company/
  21. 21. Placing your application where it makes sense Split-tier architecture • Allows for custom “web” layer on- premises, such as application-based interfaces.
  22. 22. Placing your application where it makes sense Split-tier architecture • Allows for custom “App” layer on- premises, such as application processing DNS Resoluton
  23. 23. Placing your application where it makes sense Split-tier architecture • Allows for custom “DB” layer on- premises, for example for regional or compliance reasons DNS Resoluton
  24. 24. Other hybrid use cases What else can we build?
  25. 25. Corporate Network App A App B App C Container DevOps TemplateVDI Innovation & agility Automated builds and deployment of code Consistent regression testing Numerous disposable environments that can be (re)built within a click allowing regression tests in identical setups Cost-effective Environments can be disposed or stopped when unused Scalability Conduct performance and stress tests with potentially thousands of simulation nodes Development and test
  26. 26. Application Server Virtual Server File Server Database Server Amazon S3 Backup System Backup and archive Amazon Glacier Backup to cloud storage • Eliminate tape, hardware, off-site storage • Reduce capital expense for backup infrastructure • Never worry about backup durability • Never run out of backup capacity • Data stored off-site, with high durability, in multiple locations
  27. 27. Application Server Virtual Server File Server Database Server Amazon S3 Veeam Backup & Replication Symantec NetBackup Oracle RMAN and Secure Backup Module CommVault Simpana AltaVault (SteelStore) Backup System Backup and archive Amazon Glacier
  28. 28. Hybrid connectivity Complexity solved through partner solutions
  29. 29. Hybrid cloud requirements Customer case study: Robert Half IT envisioned a hybrid cloud architecture where business units and developers use separate cloud resources with secure connectivity to their datacenter. Robert Half has staffing and consulting operations at over 400 locations worldwide. As an early adopter of AWS cloud services, the company needed to address the agility, flexibility, and secure isolation with separate Virtual Private Clouds (VPCs).
  30. 30. Hybrid cloud challenges Customer case study: The network bottleneck: More than 4 weeks to provision secure connectivity between cloud provider VPN gateways (such as the VGW) to datacenter edge router due to: • IT maintenance windows • Manual intervention by CCIE network experts • Complex CLI configurations
  31. 31. Hybrid cloud challenges Customer case study: Other challenges when building hybrid cloud connectivity: • Business disruption risk during configuration of connectivity • Granular account mapping – on-premises to AWS • No automated self-service workflow mechanism for deploying hybrid cloud sandboxes
  32. 32. Hybrid cloud challenges Customer case study: Perimeter Device Long wait time (weeks) to provision cloud network Requires change for each VPC connection VPC’s are manually created with no central management
  33. 33. Hybrid cloud solutions Customer case study: IAM S3 Endpoint Security Groups Account Aliases Aviatrix CloudN 1. Users can provision cloud networks in minutes 2. Integration with Service Now for self-service 3. All cloud network connections terminate in the Aviatrix gateway 4. No edge router changes are required for VPC connectivity 5. VPCs are automatically created and managed by Aviatrix software 6. Networks are automatically connected to the on-premises network with encryption. AGW VPC 1
  34. 34. “Aviatrix makes AWS a lot more consumable for us. We wanted a completely isolated environment for each business application. Aviatrix solution is a perfect fit with our technology strategy related to application isolation in the cloud.” James Fogerson Sr. Solution Architect, Robert Half Customer case study: Results and benefits
  35. 35. Final thoughts • Hybrid infrastructure is key. AWS allows for full network integration and hybrid cloud architectures across on-premises and AWS. • Reduce the heavy-lifting: Using cloud services can allow you to focus on your business and alleviate pain points in new deployments. • Adoption is not tech but business-driven. Increased agility provides necessary reduced time-to-market. • On-premises infrastructure is not throwaway. After you move to the cloud, it’s not a cloud or no-cloud decision. You can and probably will use both.
  36. 36. Questions
  37. 37. Thank you!
  38. 38. Remember to complete your evaluations!

×