AWS tech summit - Berlin 2011 - keynote


Published on

Keynote at the AWS Tech Summit in Berlin, May 2011

Published in: Technology, Business
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

AWS tech summit - Berlin 2011 - keynote

  1. 1. State of the Cloud<br />AWS Technical Summit, Berlin<br />Dr. Werner Vogels, CTO <br />
  2. 2.
  3. 3. Amazon’s Three Businesses<br />Consumer (Retail)Business<br />SellerBusiness<br />IT Infrastructure<br />Business<br />Tens of millions of active customer accounts<br />Eight countries: US, UK, Germany, Japan, France, Canada, China, Italy<br />Sell on Amazon websites<br />Use Amazon technology for your own retail website<br />Leverage Amazon’s massive fulfillment center network<br />Cloud computing infrastructure for hosting web-scale solutions<br />Hundreds of thousands of registered customers in over 190 countries<br />
  4. 4. Our Mission<br />Enable businesses and developers to use web services<br />(what people now call “the Cloud”) to build scalable,<br />sophisticated applications<br />
  5. 5. AWS Pace of Innovation is Intense<br />» Amazon Simple Notification Service<br />» RDS Multi-Availability Zone Support<br />» S3 Reduced Redundancy Storage <br />» New Locations and Features for <br /> CloudFront <br />» S3 Bucket Policies<br />» Cluster Instances for EC2<br />» EC2 Reserved Instances<br />» New SimpleDB Features<br />» IBM on EC2<br />» Windows Server 2008 on EC2<br />» Amazon RDS<br />» Amazon Virtual Private Cloud<br />» Amazon Elastic MapReduce<br />» EBS Shared Snapshots<br />» Monitoring, Auto Scaling & <br /> Elastic Load Balancing for EC2<br />» AWS Import/Export<br />» Premium Support<br />» Amazon CloudFront<br />» EC2 Elastic IP addresses <br /> & Availability Zones<br />» Windows Server, MySQL, <br /> Oracle, & JBoss on EC2<br />» Lower Data Transfer Costs<br />» Amazon EC2<br />» Amazon S3<br />» Developer Portal & <br /> Forums <br />» Amazon Linux AMI<br />» Oracle on EC2<br />» New EC2 Features<br />» SUSE Linux on EC2<br />2005<br />2010<br />2006<br />2007<br />2008<br />2009<br />» Micro Instances<br />» Lower Pricing for EC2 <br /> High Mem Instances <br />» Identity & Access Management <br />» AWS Services in N. California<br />» AWS Multi-Factor Authentication<br />» AWS Management Console <br />» AWS Economics Center<br />» AWS in Education<br />» AWS Security Center<br />» SAS70 Type II Audit<br />» More services in EU<br />» Lower EC2 Pricing<br />» Lower S3 Pricing<br />» Lower pricing for <br /> Outbound Data Transfer<br />» AWS Solution Provider Program<br />» Amazon SimpleDB <br />» Amazon Flexible Payments Service<br />» S3 in Europe<br />» EC2 new instance types<br />» AWS Start-Up Challenge<br />» AWS Services in Singapore<br />» RDS Reserved Database Instances<br />» RDS Read Replicas & Lower Pricing<br />» Lower Outbound Transfer Pricing<br />» Data Transfer Usage Tiers<br />» Consolidated Billing for AWS<br />» Amazon S3 Versioning Feature<br />» EC2 High Memory Instances<br />» Public Data Sets<br />» Elastic Block Store<br />» EC2 SLA<br />» EC2 in EU<br />» S3 Tiered Pricing<br />» Amazon SQS<br />» Amazon Mechanical Turk<br />
  6. 6. CloudFront Pace of Innovation<br />» Price Drop<br />» HTTPS Support<br />» Lower 1-Hour TTLs<br />» Access Logs for Streaming<br />» New York City Edge Location<br />» Access Logging Capability<br />» CloudFront Management Console<br />» Custom Origins<br />» Service Level Agreement<br />» Jacksonville Edge Location<br />» Route 53 Public Beta<br />» Private Content<br />» Streaming Video on Demand<br />» CloudFront Public Beta<br />Q4<br />2008<br />Q1<br />2009<br />Q2<br />2009<br />Q1<br />2011<br />Q3<br />2009<br />Q4<br />2009<br />Q1<br />2010<br />Q2<br />2010<br />Q3<br />2010<br />Q4<br />2010<br />» New Lower Pricing Tiers<br />» Paris Edge Location<br />» (IAM) Identity & Access Management <br />» Singapore Edge Location<br />» Private Streaming<br />» Enhanced CloudFront Logs<br />» Default Root Object<br />» Invalidation<br />
  7. 7. The Platform is Expanding<br />Your Application<br />Libraries & SDKs<br />.NET, Java, PHP, etc.<br />IDE Plug-Ins<br />AWS for Eclipse<br />Deployment & Automation<br />AWS Elastic Beanstalk<br />AWS CloudFormation<br />Web Interface<br />Management Console<br />Identity & BillingAWS IAM<br />Consolidated Billing<br />Monitoring<br />Amazon CloudWatch<br />Auto Scale<br />Network & Routing<br />Amazon VPCAmazon Elastic LB<br />Amazon Route 53<br />Content Delivery<br />Amazon CloudFront<br />Email<br />Amazon SES<br />Payments<br />DevPay<br />Amazon FPS<br />Parallel Processing<br />Elastic MapReduce<br />Messaging Amazon SNS<br />AmazonSQS<br />Workforce<br />Amazon Mechanical Turk<br />Compute<br />Amazon EC2 <br />Storage<br />Amazon S3<br />Amazon EBS<br />Database<br />Amazon RDS<br />Amazon SimpleDB<br />AWS Global Physical Infrastructure <br />(Geographical Regions, Availability Zones, Points of Presence)<br />
  8. 8. Customers in 190 Countries<br />
  9. 9. Growing Partner Ecosystem<br />
  10. 10. AWS Global Reach<br />AWS Regions<br />US East (Northern Virginia)<br />US West (Northern California)<br />Europe (Dublin)<br />Asia Pacific (Singapore)<br />Asia Pacific (Tokyo) New!<br />Amazon Edge Locations (CloudFront & Route 53)<br />Ashburn, VA <br />Dallas, TX Jacksonville, FL<br />Los Angeles, CA <br />Miami, FL <br />Newark, NJ <br />New York, NYPalo Alto, CA <br />Seattle, WASt. Louis, MO<br />Hong Kong<br />Tokyo<br />Singapore<br />Amsterdam<br />Dublin<br />Frankfurt London<br />Paris<br />
  11. 11. Amazon S3 Growth<br />262 Billion<br />Peak Requests:<br />200,000+per second<br />102 Billion<br />40 Billion<br />14 Billion<br />2.9 Billion<br />Total Number of Objects Stored in Amazon S3<br />
  12. 12. Each day AWS adds the equivalent server capacity to power Amazon when it was a global, $2.76B enterprise(circa 2000)<br />
  13. 13. The Key to Success?<br />Listening to Our Customers<br />
  14. 14. You Asked For…<br />Expanded Global Footprint<br />Singapore Region<br />Tokyo Region (March 2, 2011)<br />New POPs for CloudFront & Route53 (New York, Paris, Singapore, Tokyo, Jacksonville)<br />Lower Prices & New Pricing Features<br />Lower Outbound Data Transfer Prices<br />Consolidated Billing<br />Combined Data Transfer Prices<br />Lower Prices for S3 and Reduced Redundancy Storage (lower price/less durability) <br />Lower Prices on Gold & Silver Support<br />
  15. 15. You Asked For…<br />Make it Easier to Use<br />More Services Available in AWS Console<br />CloudFormation<br />New SDKs: Java, PHP, Android <br />Elastic Beanstalk <br />Improved Support Offering<br />Bronze & Platinum <br />New Instance Types<br />Extra Large High Memory<br />Cluster Compute & GPUs<br />Micro <br />
  16. 16. You Asked For…<br />Expand Platform Out & Up<br />VM Import <br />Route53<br />S3 Large Object Support & Versioning<br />CloudFront SLA, Custom Origin & HTTPS Support<br />RDS Multi-AZ Deployments, Read Replicas, & RIs<br />Simple Email Service<br />Security Features & Compliance: AWS Identity and Access Management (IAM), PCI Compliance, ISO 27001<br />Free Monitoring of EC2 Instances<br />And More…<br />
  17. 17. Some Big Priorities for 2011<br />Add more geographies<br />Make it easier to build and manage applications on AWS<br />Release new database offerings<br />Broaden support offerings<br />Add billing, user management, and identity features<br />
  18. 18. AWS Management Console<br />Developer Tools & SDKs<br />
  19. 19. AWS CloudFormation<br />AWS CloudFormation enables system administrators and developers to create repeatable AWS infrastructure deployments (Stacks) using customizable architecture templates.<br />AWS CloudFormation<br />JSON Template<br />Define a JSON template<br />Create an AWS stack<br />(Console, CLI, API)<br />CloudFormation Stack<br />
  20. 20. AWS CloudFormation: Service Highlights<br />Fully declarative system<br />Document based infrastructure specification<br />Logical naming convention<br />Atomically creates / destroys groups of AWS objects<br />Deploy multi-tier and multi-AZ stacks<br />Handles the bookkeeping and muck of provisioning multiple related resources<br />Focuses on AWS resources, while sys admins and developers focus on OS and application provisioning<br /><ul><li>Customers can use existing automation tools like Opscode Chef, Puppet Labs, Capistrano</li></ul>AWS CloudFormation doesn’t get in the way!<br />
  21. 21. AWS Services Supported<br />Amazon EC2<br />Amazon EBS<br />Elastic Load Balancer<br />Elastic IPs<br />EC2 Security Groups<br />Auto-scaling Groups<br />Triggers<br />CloudWatch Alarms<br />Amazon RDS<br />AWS Elastic Beanstalk<br />Amazon SimpleDB<br />Amazon SQS<br />Amazon SNS<br />Topics<br />Subscriptions<br />
  22. 22. Initial Usage Cases<br />The set of resources we support initially is targeted towards deploying web-based applications<br />Launched with sample templates and AMIs including the following:<br /><ul><li>WordPress (Blog), Insoshi (Social Network Platform), Tracks (Project tracking), Gollum (Wiki), Joomla! (CMS), Drupal (CMS), Redmine (Project Management)</li></ul>Supports Elastic Beanstalk based applications<br /><ul><li>Sample with RDS and CloudWatch Alarms</li></li></ul><li> Your Application Goes Here<br />
  23. 23. What is Elastic Beanstalk?<br />An even easier way for developers to quickly deploy and manage applications in the AWS cloud. <br />Upload and launch applications to AWS in minutes.<br />Retain control over the underlying infrastructure.<br />
  24. 24. Who Should Use Elastic Beanstalk?<br />Java developers with web applications<br />targeting the Apache Tomcat software stack<br />Elastic Beanstalk is designed so that it can be extended to support multiple development stacks and programming languages in the future. <br />
  25. 25. What Makes Elastic Beanstalk Different?<br />Developers retain ownership and <br />full control over their AWS resources.<br />Root access to your EC2 instances<br />Easily manage configuration changes in one place<br /><ul><li>EC2 instance type, security group, load balancer settings, auto-scaling, multi-AZ, notifications, and other settings.</li></ul>Use any database<br /><ul><li>Amazon RDS, Amazon SimpleDB, Microsoft SQL Server, or Oracle.</li></ul>Create custom AMIs<br />Run other services side-by-side in EC2<br />Easily move your application out of Elastic Beanstalk<br />
  26. 26. Why Not Use My Own Tomcat AMI?<br />Automated (de)provisioning of environments<br />Automated version deployment (including rollback)<br />Managed environment settings<br />Built-in monitoring and notifications<br /><ul><li>Application health and other important events</li></ul>Basic log file rotation to Amazon S3<br />Easy troubleshooting<br /><ul><li>Snapshot logs
  27. 27. Restart application server</li></li></ul><li>How Do I Access Elastic Beanstalk?<br />AWS Management Console<br />AWS Toolkit for Eclipse<br />Command Line Tools<br />SDKs and API<br />
  28. 28. Launch New Environment Details<br />
  29. 29. Launch New Environment Configuration<br />
  30. 30. Console for Elastic Beanstalk<br />Application<br />All Versions<br />Environment and Running Version<br />Edit Configuration<br />
  31. 31. Elastic Beanstalk Under-the-Hood<br />Elastic Beanstalk<br />Application<br /><br />Version<br />Environment<br />Elastic Load Balancer<br />Auto<br />Scaling<br />EC2 Instances<br />EC2 Instances<br />EC2 Instances<br />Version<br />Version<br />Apache<br />Elastic Beanstalk<br />Host Manager<br />Tomcat<br />Your Running Application<br />Amazon Linux AMI<br />
  32. 32. What Does Elastic Beanstalk Cost?<br />No additional charge.<br />Pay only for the AWS resources used.<br />
  33. 33. Read Replicas<br />Multi-AZ Deployments<br />Highly Available, Durable, & Scalable MySQL Deployments<br />
  34. 34. Multi-AZ Deployments for Amazon RDS<br />Enterprise-grade fault tolerance solution for production databases<br />What is a Multi-AZ deployment?<br /><ul><li>With a single API call, Amazon RDS creates and synchronously maintains a hot standby in a different Availability Zone
  35. 35. In the event of an unplanned or planned outage, Amazon RDS automatically fails over to the standby so you can resume database writes and reads as soon as possible</li></li></ul><li>Things to know about Multi-AZ<br />Synchronous Replication.<br /><ul><li>Designed for enhanced data durability relative to MySQL’s native, asynchronous replication
  36. 36. Standby cannot be accessed directly</li></ul>What events result in automatic failover?<br /><ul><li>Unplanned (instance failure, storage volume failure)
  37. 37. Planned (instance scaling, patching)</li></ul>1 minute average failover time<br />
  38. 38. Read Replicas<br />A Read Replica is a copy of a specified DB Instance that can serve read traffic<br />Intended Use Cases<br /><ul><li>Read scaling, business reporting
  39. 39. Not intended as a fault tolerance substitute for Multi-AZ </li></ul>Unlike Multi-AZ, uses native, asynchronous MySQL replication and replica can lag source<br />Read Replica can use Multi-AZ deployment as source<br />
  40. 40. Identity and Access Management (IAM)<br />Create and Manage Users<br />Improved Security<br /><ul><li>Multiple users, with individual permissions
  41. 41. Secure by default
  42. 42. Individual security credentials (access keys, password, MFA)</li></ul>Improved Control<br /><ul><li>Centralized control of user access
  43. 43. Fine-grained permissions
  44. 44. Control Users’ access to APIs and AWS Console</li></ul>Integrated<br /><ul><li>No changes to service APIs</li></li></ul><li>AWS Security Resources<br /><br /><br />Security Whitepaper<br />Latest Version 8/24/2010<br />Updated bi-annually<br />Feedback is welcome<br />
  45. 45. AWS Certifications<br />Shared Responsibility Model<br />Sarbanes-Oxley (SOX) Compliant Platform<br />SAS70 Type II Audit <br />FISMA A&A<br /><ul><li>NIST Low Approvals to Operate
  46. 46. NIST Moderate ATO expected shortly
  47. 47. FedRAMP</li></ul>ISO-27001 Certification<br />PCI Level 1 Service Provider<br />Customers have deployed various compliant applications such as HIPAA (healthcare)<br />
  48. 48. SAS70 Type II<br />Based on the Control Objectives for Information and related Technology (COBIT),which is a set of established best practices (transitioning to ISO 27001 for 2011 audits)<br />Covers Access (Security), Change Management and Operations of Amazon EC2 and Amazon S3<br />Audit conducted by an independent accounting firm (E&Y) on a recurring basis<br />
  49. 49. SAS70 Type II – Control Objectives<br />Control Objective 1: Security Organization<br />Control Objective 2: Amazon Employee Lifecycle<br />Control Objective 3: Logical Security<br />Control Objective 4: Secure Data Handling<br />Control Objective 5: Physical Security<br />Control Objective 6: Environmental Safeguards<br />Control Objective 7: Change Management<br />Control Objective 8: Data Integrity, Availability and Redundancy<br />Control Objective 9: Incident Handling<br />
  50. 50. Amazon VPC<br />Customer’s isolated AWS resources<br />Subnets<br />Router<br />VPN Gateway<br />AmazonWeb Services<br />Cloud<br />Secure VPN Connection over the Internet<br />Customer’sNetwork<br />
  51. 51. Current VPC<br />
  52. 52. NewVPC<br />
  53. 53. Amazon VPC with Internet Access<br />VPC Wizard<br /><ul><li>Create a VPC with one of four pre-defined network architectures  </li></ul>Connectivity Options<br /><ul><li>Internet Gateway</li></ul>Connect your VPC directly to the Internet<br />Access EC2, Amazon S3, and other AWS resources via this gateway<br />Use S3 bucket policies to restrict access to only VPC IPs<br /><ul><li>VPN Gateway</li></ul>Connect your VPC directly to your datacenter<br />
  54. 54. Amazon VPC with Internet Access<br />Security Groups<br /><ul><li>Support for inbound and outbound filtering
  55. 55. Support for all protocols
  56. 56. Change security group membership on running instances
  57. 57. Security group UI has been redesigned</li></ul>Feature parity with API/CLI<br />Network ACLs<br /><ul><li>Stateless filters with Allow and Deny rules
  58. 58. Inbound and outbound filtering rules are supported
  59. 59. All protocols are supported
  60. 60. Use Identity and Access Management to lockdown access to ACLs once they’re set</li></li></ul><li>Amazon VPC with Internet Access<br />Routing<br /><ul><li>Create route tables and apply them to individual subnets
  61. 61. You can route traffic to different gateways based on destination IP address ranges</li></ul>Elastic IP Addresses<br /><ul><li>You can assign Elastic IP Addresses to VPC instances</li></ul>Private Subnets with Outbound Access via NAT<br /><ul><li>Instances in a private subnet can traverse the Internet via a Network Address Translation (NAT) instance
  62. 62. Use case: instances that need to obtain software updates but don’t need to be publicly accessible from the Internet</li></li></ul><li>What Next? <br />Tell us what you want to see<br />