Extending Your Data Centre WithAWSSimon ElishaPrincipal Solution ArchitectAustralia & New Zealand
PowerConstraints
SpaceConstraints
Processing (a.k.a “horsepower”) Constraints
Lots of ideas & projects you want to try
“When all you have is ahammer – everything looks      like a nail!”
Cloud means you now have more than just a hammer.
What if you could extend into the cloud easily and                    securely?
You Can! CorporateData Center
You Can!                         Amazon VPC CorporateData Center
You Can!                         Amazon VPC CorporateData Center
Review: EC2 Standard NetworkingDistinct private/internal and public/external IPs• Simple model• True 1:1 NAT (no port tran...
InternetEC2 instances dynamically assigned private IP addressesfrom the one large internal Amazon IP address range   Avail...
InternetEC2 instances dynamically assigned private IP addressesfrom the one large internal Amazon IP address range   Avail...
Internet       EC2 instances dynamically assigned private IP addresses       from the one large internal Amazon IP address...
Internet       EC2 instances dynamically assigned private IP addresses       from the one large internal Amazon IP address...
Internet          EC2 instances dynamically assigned private IP addresses          from the one large internal Amazon IP a...
Internet          EC2 instances dynamically assigned private IP addresses          from the one large internal Amazon IP a...
Internet          EC2 instances dynamically assigned private IP addresses          from the one large internal Amazon IP a...
Internet          EC2 instances dynamically assigned public IP addresses on          border network from Amazon’s public I...
23.20.151.66 23.20.146.1 23.20.103.11                 72.43.2.77 23.19.11.5          72.43.22.45                          ...
Value and Limits of Standard NetworkingSimple to use and management freeSecurity groups are Ingress onlyDifferent from sub...
Introducing AWS Virtual Private CloudUser-defined virtual IP networking for EC2Private or mixed private/public addressing ...
VPC Capabilities in a NutshellUser-defined address space up to /16• 65,534 addressesUp to 20* user-defined subnets up to /...
Internet          VPC customers can launch instances in their own isolated network                                        ...
Internet          VPC customers can launch instances in their own isolated network                                        ...
Internet          VPC customers can launch instances in their own isolated network                                        ...
InternetVPC customers can launch instances in their own isolated network    Availability Zone 1a                    Availa...
InternetVPC customers can launch instances in their own isolated network    Availability Zone 1a                    Availa...
InternetAvailability Zone 1a              Availability Zone 1b                                                VPC Customer
Internet    You can assign your own IP range to the VPC network                                             10.0.1.5      ...
Models of Data Centre ExtensionIsolated projectExpand existing systems into the cloud – no publicExpose systems to the pub...
Isolated Project Dev/Test.                                 Corporate                                            Users Proo...
Expanding Existing Systems Into The Cloud Leverage additional processing nodes.           Corporate Host entire stack in t...
Expanding Systems Into The Cloud, with PublicInternet Access  Enable access by customers/partners to      Corporate  syste...
Branch Office Access                                                               Branch Office Users   Enabling remote u...
Making the Connection…
New Enterprise ITNetwork Architecture
CorporateData Center CorporateHeadquarters New Enterprise IT Network Architecture
CorporateData Center CorporateHeadquarters New Enterprise IT Network Architecture
CorporateData Center CorporateHeadquarters New Enterprise IT      AWS Region Network Architecture
CorporateData Center                        Availability Zone 1 CorporateHeadquarters                        Availability ...
CorporateData Center                        Availability Zone 1                          Router CorporateHeadquarters     ...
CorporateData Center                                        Availability Zone 1                                          R...
CorporateData Center                                        Availability Zone 1                                           ...
CorporateData Center                                        Availability Zone 1                                           ...
CorporateData Center                                        Availability Zone 1                                           ...
CorporateData Center                                          Availability Zone 1                                         ...
CorporateData Center                                          Availability Zone 1                                         ...
CorporateData Center                                                                Availability Zone 1                   ...
Rich Capabilities in VPCElastic Load Balancer, AutoScaling, CloudWatch, AlarmsRelational Database Service (MySQL engine, f...
Dedicated InstancesOption to ensure physical hosts are notshared with other customers                   Single Tenant     ...
DirectConnect: Private X-Connect to AWSDedicated bandwidth to AWS bordernetwork in 1Gbps or 10Gbps chunks.Full access to p...
15 Daily Newspapers                        50 Web Sites     62 MM unique users per monthOver 1 Billion page views per month
NYTimes EC2 Expansion (April 2011)                 Amazon EC2                                Courtesy NYTimes
NYTimes EC2 Expansion (April 2011)     Amazon EC2                                 Courtesy NYTimes
NYTimes: EC2 Capacity vs Cost                   50%                   43%                   36%                   29%     ...
“The AWS Cloud brings business agility as Shell is able to                                                    deploy servi...
Let’s Create a VPC in Less than 4 Minutes
Lets Build a VPC in 4 Minutes…
Lets Build a VPC in 4 Minutes…
Let’s Start an Instance in our VPC…
Now lets launch an instance into our VPC
Now lets launch an instance into our VPC
Let’s Check Our Instance…
And lets see the results…
And lets see the results…
Example: SharePoint with On-Premises Active Directory
Migrating to the Cloud    Cloud                         Benefits                           Zero upfront investment        ...
Migrating to the Cloud    Cloud                         Benefits                           Zero upfront investment        ...
Migrating to the Cloud           Cloud                                Benefits                    New           Zero upfro...
Migrating to the Cloud                            Cloud                                Build a Cloud-   Benefits          ...
Migrating to the Cloud                            Cloud                                Build a Cloud-   Benefits          ...
Migrating to the Cloud                            Cloud                                Build a Cloud-   Benefits          ...
Migrating to the Cloud                             Cloud                                 Build a Cloud-   Benefits        ...
“No-brainer to move” Apps                    •   Dev/Test applications                    •   Self-contained Web Applicati...
Cloud Migration : a Phased-driven Strategy  http://aws.amazon.com/whitepapers
A Bridge to the IT Capabilities        Your Business Needs
Extending Your Data Centre WithAWSQuestions and answers
Extending Your Data Centre with AWS - Simon Elisha - AWS Summit 2012 Australia
Upcoming SlideShare
Loading in …5
×

Extending Your Data Centre with AWS - Simon Elisha - AWS Summit 2012 Australia

3,651 views

Published on

Simon Elisha's presentation AWS Australian Summit Sydney 2012 - Executive Track

Published in: Technology
1 Comment
4 Likes
Statistics
Notes
  • Very interesgin, thank you for sharing this!!
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
3,651
On SlideShare
0
From Embeds
0
Number of Embeds
34
Actions
Shares
0
Downloads
0
Comments
1
Likes
4
Embeds 0
No embeds

No notes for slide
  • \n
  • Website precis: \nThe AWS Virtual Private Cloud (VPC) is fast becoming the networking option of choice for enterprise and government customers because it provides a powerful set of virtual networking capabilities. VPC allows you to isolate, control, connect, and empower your systems at the network level. Did you know that, for example, that VPC allows you to attach a single EC2 instance to multiple private subnets? To create DMZs, control subnet routing, and enable totally private interconnects with your on-premises systems? To deploy dedicated, isolated, single tenant hardware for your virtual machines within the public cloud? Come learn about the extensive set of features specific to VPC that you should know about before your next cloud deployment.\n\n1360x768\n
  • Short on power\n
  • Short on space\n
  • Need more processing capacity\n
  • Have some new ideas you want to try\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Data egress charges are a measure of the packet flows across the public IP address at the network edge (i.e., gray lines in the slide), even if the packets return into EC2. Internal to internal traffic and internal to AWS service endpoints traffic is all free. \n\n[Will add more valid public IPs to the animation later]\nExample valid ranges:\n216.182.224.0/20 (216.182.224.0 - 216.182.239.255) 72.44.32.0/19 (72.44.32.0 - 72.44.63.255) 67.202.0.0/18 (67.202.0.0 - 67.202.63.255) 75.101.128.0/17 (75.101.128.0 - 75.101.255.255) 174.129.0.0/16 (174.129.0.0 - 174.129.255.255) 204.236.192.0/18 (204.236.192.0 - 204.236.255.255) 184.73.0.0/16 (184.73.0.0 – 184.73.255.255) NEW\n
  • Data egress charges are a measure of the packet flows across the public IP address at the network edge (i.e., gray lines in the slide), even if the packets return into EC2. Internal to internal traffic and internal to AWS service endpoints traffic is all free. \n\n[Will add more valid public IPs to the animation later]\nExample valid ranges:\n216.182.224.0/20 (216.182.224.0 - 216.182.239.255) 72.44.32.0/19 (72.44.32.0 - 72.44.63.255) 67.202.0.0/18 (67.202.0.0 - 67.202.63.255) 75.101.128.0/17 (75.101.128.0 - 75.101.255.255) 174.129.0.0/16 (174.129.0.0 - 174.129.255.255) 204.236.192.0/18 (204.236.192.0 - 204.236.255.255) 184.73.0.0/16 (184.73.0.0 – 184.73.255.255) NEW\n
  • Data egress charges are a measure of the packet flows across the public IP address at the network edge (i.e., gray lines in the slide), even if the packets return into EC2. Internal to internal traffic and internal to AWS service endpoints traffic is all free. \n\n[Will add more valid public IPs to the animation later]\nExample valid ranges:\n216.182.224.0/20 (216.182.224.0 - 216.182.239.255) 72.44.32.0/19 (72.44.32.0 - 72.44.63.255) 67.202.0.0/18 (67.202.0.0 - 67.202.63.255) 75.101.128.0/17 (75.101.128.0 - 75.101.255.255) 174.129.0.0/16 (174.129.0.0 - 174.129.255.255) 204.236.192.0/18 (204.236.192.0 - 204.236.255.255) 184.73.0.0/16 (184.73.0.0 – 184.73.255.255) NEW\n
  • Data egress charges are a measure of the packet flows across the public IP address at the network edge (i.e., gray lines in the slide), even if the packets return into EC2. Internal to internal traffic and internal to AWS service endpoints traffic is all free. \n\n[Will add more valid public IPs to the animation later]\nExample valid ranges:\n216.182.224.0/20 (216.182.224.0 - 216.182.239.255) 72.44.32.0/19 (72.44.32.0 - 72.44.63.255) 67.202.0.0/18 (67.202.0.0 - 67.202.63.255) 75.101.128.0/17 (75.101.128.0 - 75.101.255.255) 174.129.0.0/16 (174.129.0.0 - 174.129.255.255) 204.236.192.0/18 (204.236.192.0 - 204.236.255.255) 184.73.0.0/16 (184.73.0.0 – 184.73.255.255) NEW\n
  • Data egress charges are a measure of the packet flows across the public IP address at the network edge (i.e., gray lines in the slide), even if the packets return into EC2. Internal to internal traffic and internal to AWS service endpoints traffic is all free. \n\n[Will add more valid public IPs to the animation later]\nExample valid ranges:\n216.182.224.0/20 (216.182.224.0 - 216.182.239.255) 72.44.32.0/19 (72.44.32.0 - 72.44.63.255) 67.202.0.0/18 (67.202.0.0 - 67.202.63.255) 75.101.128.0/17 (75.101.128.0 - 75.101.255.255) 174.129.0.0/16 (174.129.0.0 - 174.129.255.255) 204.236.192.0/18 (204.236.192.0 - 204.236.255.255) 184.73.0.0/16 (184.73.0.0 – 184.73.255.255) NEW\n
  • Data egress charges are a measure of the packet flows across the public IP address at the network edge (i.e., gray lines in the slide), even if the packets return into EC2. Internal to internal traffic and internal to AWS service endpoints traffic is all free. \n\n[Will add more valid public IPs to the animation later]\nExample valid ranges:\n216.182.224.0/20 (216.182.224.0 - 216.182.239.255) 72.44.32.0/19 (72.44.32.0 - 72.44.63.255) 67.202.0.0/18 (67.202.0.0 - 67.202.63.255) 75.101.128.0/17 (75.101.128.0 - 75.101.255.255) 174.129.0.0/16 (174.129.0.0 - 174.129.255.255) 204.236.192.0/18 (204.236.192.0 - 204.236.255.255) 184.73.0.0/16 (184.73.0.0 – 184.73.255.255) NEW\n
  • Data egress charges are a measure of the packet flows across the public IP address at the network edge (i.e., gray lines in the slide), even if the packets return into EC2. Internal to internal traffic and internal to AWS service endpoints traffic is all free. \n\n[Will add more valid public IPs to the animation later]\nExample valid ranges:\n216.182.224.0/20 (216.182.224.0 - 216.182.239.255) 72.44.32.0/19 (72.44.32.0 - 72.44.63.255) 67.202.0.0/18 (67.202.0.0 - 67.202.63.255) 75.101.128.0/17 (75.101.128.0 - 75.101.255.255) 174.129.0.0/16 (174.129.0.0 - 174.129.255.255) 204.236.192.0/18 (204.236.192.0 - 204.236.255.255) 184.73.0.0/16 (184.73.0.0 – 184.73.255.255) NEW\n
  • Data egress charges are a measure of the packet flows across the public IP address at the network edge (i.e., gray lines in the slide), even if the packets return into EC2. Internal to internal traffic and internal to AWS service endpoints traffic is all free. \n\n[Will add more valid public IPs to the animation later]\nExample valid ranges:\n216.182.224.0/20 (216.182.224.0 - 216.182.239.255) 72.44.32.0/19 (72.44.32.0 - 72.44.63.255) 67.202.0.0/18 (67.202.0.0 - 67.202.63.255) 75.101.128.0/17 (75.101.128.0 - 75.101.255.255) 174.129.0.0/16 (174.129.0.0 - 174.129.255.255) 204.236.192.0/18 (204.236.192.0 - 204.236.255.255) 184.73.0.0/16 (184.73.0.0 – 184.73.255.255) NEW\n
  • Data egress charges are a measure of the packet flows across the public IP address at the network edge (i.e., gray lines in the slide), even if the packets return into EC2. Internal to internal traffic and internal to AWS service endpoints traffic is all free. \n\n[Will add more valid public IPs to the animation later]\nExample valid ranges:\n216.182.224.0/20 (216.182.224.0 - 216.182.239.255) 72.44.32.0/19 (72.44.32.0 - 72.44.63.255) 67.202.0.0/18 (67.202.0.0 - 67.202.63.255) 75.101.128.0/17 (75.101.128.0 - 75.101.255.255) 174.129.0.0/16 (174.129.0.0 - 174.129.255.255) 204.236.192.0/18 (204.236.192.0 - 204.236.255.255) 184.73.0.0/16 (184.73.0.0 – 184.73.255.255) NEW\n
  • Data egress charges are a measure of the packet flows across the public IP address at the network edge (i.e., gray lines in the slide), even if the packets return into EC2. Internal to internal traffic and internal to AWS service endpoints traffic is all free. \n\n[Will add more valid public IPs to the animation later]\nExample valid ranges:\n216.182.224.0/20 (216.182.224.0 - 216.182.239.255) 72.44.32.0/19 (72.44.32.0 - 72.44.63.255) 67.202.0.0/18 (67.202.0.0 - 67.202.63.255) 75.101.128.0/17 (75.101.128.0 - 75.101.255.255) 174.129.0.0/16 (174.129.0.0 - 174.129.255.255) 204.236.192.0/18 (204.236.192.0 - 204.236.255.255) 184.73.0.0/16 (184.73.0.0 – 184.73.255.255) NEW\n
  • Data egress charges are a measure of the packet flows across the public IP address at the network edge (i.e., gray lines in the slide), even if the packets return into EC2. Internal to internal traffic and internal to AWS service endpoints traffic is all free. \n\n[Will add more valid public IPs to the animation later]\nExample valid ranges:\n216.182.224.0/20 (216.182.224.0 - 216.182.239.255) 72.44.32.0/19 (72.44.32.0 - 72.44.63.255) 67.202.0.0/18 (67.202.0.0 - 67.202.63.255) 75.101.128.0/17 (75.101.128.0 - 75.101.255.255) 174.129.0.0/16 (174.129.0.0 - 174.129.255.255) 204.236.192.0/18 (204.236.192.0 - 204.236.255.255) 184.73.0.0/16 (184.73.0.0 – 184.73.255.255) NEW\n
  • Data egress charges are a measure of the packet flows across the public IP address at the network edge (i.e., gray lines in the slide), even if the packets return into EC2. Internal to internal traffic and internal to AWS service endpoints traffic is all free. \n\n[Will add more valid public IPs to the animation later]\nExample valid ranges:\n216.182.224.0/20 (216.182.224.0 - 216.182.239.255) 72.44.32.0/19 (72.44.32.0 - 72.44.63.255) 67.202.0.0/18 (67.202.0.0 - 67.202.63.255) 75.101.128.0/17 (75.101.128.0 - 75.101.255.255) 174.129.0.0/16 (174.129.0.0 - 174.129.255.255) 204.236.192.0/18 (204.236.192.0 - 204.236.255.255) 184.73.0.0/16 (184.73.0.0 – 184.73.255.255) NEW\n
  • Data egress charges are a measure of the packet flows across the public IP address at the network edge (i.e., gray lines in the slide), even if the packets return into EC2. Internal to internal traffic and internal to AWS service endpoints traffic is all free. \n\n[Will add more valid public IPs to the animation later]\nExample valid ranges:\n216.182.224.0/20 (216.182.224.0 - 216.182.239.255) 72.44.32.0/19 (72.44.32.0 - 72.44.63.255) 67.202.0.0/18 (67.202.0.0 - 67.202.63.255) 75.101.128.0/17 (75.101.128.0 - 75.101.255.255) 174.129.0.0/16 (174.129.0.0 - 174.129.255.255) 204.236.192.0/18 (204.236.192.0 - 204.236.255.255) 184.73.0.0/16 (184.73.0.0 – 184.73.255.255) NEW\n
  • Data egress charges are a measure of the packet flows across the public IP address at the network edge (i.e., gray lines in the slide), even if the packets return into EC2. Internal to internal traffic and internal to AWS service endpoints traffic is all free. \n\n[Will add more valid public IPs to the animation later]\nExample valid ranges:\n216.182.224.0/20 (216.182.224.0 - 216.182.239.255) 72.44.32.0/19 (72.44.32.0 - 72.44.63.255) 67.202.0.0/18 (67.202.0.0 - 67.202.63.255) 75.101.128.0/17 (75.101.128.0 - 75.101.255.255) 174.129.0.0/16 (174.129.0.0 - 174.129.255.255) 204.236.192.0/18 (204.236.192.0 - 204.236.255.255) 184.73.0.0/16 (184.73.0.0 – 184.73.255.255) NEW\n
  • Data egress charges are a measure of the packet flows across the public IP address at the network edge (i.e., gray lines in the slide), even if the packets return into EC2. Internal to internal traffic and internal to AWS service endpoints traffic is all free. \n\n[Will add more valid public IPs to the animation later]\nExample valid ranges:\n216.182.224.0/20 (216.182.224.0 - 216.182.239.255) 72.44.32.0/19 (72.44.32.0 - 72.44.63.255) 67.202.0.0/18 (67.202.0.0 - 67.202.63.255) 75.101.128.0/17 (75.101.128.0 - 75.101.255.255) 174.129.0.0/16 (174.129.0.0 - 174.129.255.255) 204.236.192.0/18 (204.236.192.0 - 204.236.255.255) 184.73.0.0/16 (184.73.0.0 – 184.73.255.255) NEW\n
  • Data egress charges are a measure of the packet flows across the public IP address at the network edge (i.e., gray lines in the slide), even if the packets return into EC2. Internal to internal traffic and internal to AWS service endpoints traffic is all free. \n\n[Will add more valid public IPs to the animation later]\nExample valid ranges:\n216.182.224.0/20 (216.182.224.0 - 216.182.239.255) 72.44.32.0/19 (72.44.32.0 - 72.44.63.255) 67.202.0.0/18 (67.202.0.0 - 67.202.63.255) 75.101.128.0/17 (75.101.128.0 - 75.101.255.255) 174.129.0.0/16 (174.129.0.0 - 174.129.255.255) 204.236.192.0/18 (204.236.192.0 - 204.236.255.255) 184.73.0.0/16 (184.73.0.0 – 184.73.255.255) NEW\n
  • Data egress charges are a measure of the packet flows across the public IP address at the network edge (i.e., gray lines in the slide), even if the packets return into EC2. Internal to internal traffic and internal to AWS service endpoints traffic is all free. \n\n[Will add more valid public IPs to the animation later]\nExample valid ranges:\n216.182.224.0/20 (216.182.224.0 - 216.182.239.255) 72.44.32.0/19 (72.44.32.0 - 72.44.63.255) 67.202.0.0/18 (67.202.0.0 - 67.202.63.255) 75.101.128.0/17 (75.101.128.0 - 75.101.255.255) 174.129.0.0/16 (174.129.0.0 - 174.129.255.255) 204.236.192.0/18 (204.236.192.0 - 204.236.255.255) 184.73.0.0/16 (184.73.0.0 – 184.73.255.255) NEW\n
  • Data egress charges are a measure of the packet flows across the public IP address at the network edge (i.e., gray lines in the slide), even if the packets return into EC2. Internal to internal traffic and internal to AWS service endpoints traffic is all free. \n\n[Will add more valid public IPs to the animation later]\nExample valid ranges:\n216.182.224.0/20 (216.182.224.0 - 216.182.239.255) 72.44.32.0/19 (72.44.32.0 - 72.44.63.255) 67.202.0.0/18 (67.202.0.0 - 67.202.63.255) 75.101.128.0/17 (75.101.128.0 - 75.101.255.255) 174.129.0.0/16 (174.129.0.0 - 174.129.255.255) 204.236.192.0/18 (204.236.192.0 - 204.236.255.255) 184.73.0.0/16 (184.73.0.0 – 184.73.255.255) NEW\n
  • Data egress charges are a measure of the packet flows across the public IP address at the network edge (i.e., gray lines in the slide), even if the packets return into EC2. Internal to internal traffic and internal to AWS service endpoints traffic is all free. \n\n[Will add more valid public IPs to the animation later]\nExample valid ranges:\n216.182.224.0/20 (216.182.224.0 - 216.182.239.255) 72.44.32.0/19 (72.44.32.0 - 72.44.63.255) 67.202.0.0/18 (67.202.0.0 - 67.202.63.255) 75.101.128.0/17 (75.101.128.0 - 75.101.255.255) 174.129.0.0/16 (174.129.0.0 - 174.129.255.255) 204.236.192.0/18 (204.236.192.0 - 204.236.255.255) 184.73.0.0/16 (184.73.0.0 – 184.73.255.255) NEW\n
  • Data egress charges are a measure of the packet flows across the public IP address at the network edge (i.e., gray lines in the slide), even if the packets return into EC2. Internal to internal traffic and internal to AWS service endpoints traffic is all free. \n\n[Will add more valid public IPs to the animation later]\nExample valid ranges:\n216.182.224.0/20 (216.182.224.0 - 216.182.239.255) 72.44.32.0/19 (72.44.32.0 - 72.44.63.255) 67.202.0.0/18 (67.202.0.0 - 67.202.63.255) 75.101.128.0/17 (75.101.128.0 - 75.101.255.255) 174.129.0.0/16 (174.129.0.0 - 174.129.255.255) 204.236.192.0/18 (204.236.192.0 - 204.236.255.255) 184.73.0.0/16 (184.73.0.0 – 184.73.255.255) NEW\n
  • Data egress charges are a measure of the packet flows across the public IP address at the network edge (i.e., gray lines in the slide), even if the packets return into EC2. Internal to internal traffic and internal to AWS service endpoints traffic is all free. \n\n[Will add more valid public IPs to the animation later]\nExample valid ranges:\n216.182.224.0/20 (216.182.224.0 - 216.182.239.255) 72.44.32.0/19 (72.44.32.0 - 72.44.63.255) 67.202.0.0/18 (67.202.0.0 - 67.202.63.255) 75.101.128.0/17 (75.101.128.0 - 75.101.255.255) 174.129.0.0/16 (174.129.0.0 - 174.129.255.255) 204.236.192.0/18 (204.236.192.0 - 204.236.255.255) 184.73.0.0/16 (184.73.0.0 – 184.73.255.255) NEW\n
  • Data egress charges are a measure of the packet flows across the public IP address at the network edge (i.e., gray lines in the slide), even if the packets return into EC2. Internal to internal traffic and internal to AWS service endpoints traffic is all free. \n\n[Will add more valid public IPs to the animation later]\nExample valid ranges:\n216.182.224.0/20 (216.182.224.0 - 216.182.239.255) 72.44.32.0/19 (72.44.32.0 - 72.44.63.255) 67.202.0.0/18 (67.202.0.0 - 67.202.63.255) 75.101.128.0/17 (75.101.128.0 - 75.101.255.255) 174.129.0.0/16 (174.129.0.0 - 174.129.255.255) 204.236.192.0/18 (204.236.192.0 - 204.236.255.255) 184.73.0.0/16 (184.73.0.0 – 184.73.255.255) NEW\n
  • Data egress charges are a measure of the packet flows across the public IP address at the network edge (i.e., gray lines in the slide), even if the packets return into EC2. Internal to internal traffic and internal to AWS service endpoints traffic is all free. \n\n[Will add more valid public IPs to the animation later]\nExample valid ranges:\n216.182.224.0/20 (216.182.224.0 - 216.182.239.255) 72.44.32.0/19 (72.44.32.0 - 72.44.63.255) 67.202.0.0/18 (67.202.0.0 - 67.202.63.255) 75.101.128.0/17 (75.101.128.0 - 75.101.255.255) 174.129.0.0/16 (174.129.0.0 - 174.129.255.255) 204.236.192.0/18 (204.236.192.0 - 204.236.255.255) 184.73.0.0/16 (184.73.0.0 – 184.73.255.255) NEW\n
  • Data egress charges are a measure of the packet flows across the public IP address at the network edge (i.e., gray lines in the slide), even if the packets return into EC2. Internal to internal traffic and internal to AWS service endpoints traffic is all free. \n\n[Will add more valid public IPs to the animation later]\nExample valid ranges:\n216.182.224.0/20 (216.182.224.0 - 216.182.239.255) 72.44.32.0/19 (72.44.32.0 - 72.44.63.255) 67.202.0.0/18 (67.202.0.0 - 67.202.63.255) 75.101.128.0/17 (75.101.128.0 - 75.101.255.255) 174.129.0.0/16 (174.129.0.0 - 174.129.255.255) 204.236.192.0/18 (204.236.192.0 - 204.236.255.255) 184.73.0.0/16 (184.73.0.0 – 184.73.255.255) NEW\n
  • \n
  • “User-defined” is important because it can be a private OR a public address space. If public, must be routed to/from customer gateway / VPN tunnel.\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Shell’s Cloud Journey: Operationalising the cloud strategy\n Shell started provisioning AWS services in April 2010 \n The Shell Foundation Platform – an IT framework – is AWS approved\n That means that the Center of Excellence has a pre-approved framework that allows LOBs to deploy cloud-approved applications onto AWS\n The Shell Foundation Platform is a framework used by all new projects utilizing on-demand cloud services. The SFP is certified to run on AWS. Compliant applications built on the SFP are able to be run in production on AWS. \n Development and Test Environments are considered AWS ready within a VPC and may run on AWS\n Core operational applications running in production on AWS\n The business is dived into upstream (research, extraction, production) and downstream (distribution and sales) applications\n Shell is running a number of downstream applications – enterprise applications that operate the retail business – in production in the AWS Cloud\n Shell is running several development and test environments in the AWS Cloud\nComments: \nOne of the major enterprises using AWS is Royal Dutch Shell, the global petroleum company. Shell IT has strategically decided to incorporate cloud computing as a core practices in his IT department. Shell contemplate the benefit of public cloud computing and AWS, and Shell IT management state clearly that “everything that makes sense to run in the cloud should be just running in the cloud”. Shell is using AWS (especially EC2) services since April 2010 and has a running contract with Amazon and a very close cooperation with AWS team. \nThe usage of AWS has progressively increased at Shell in the last 2 years. AWS deployment obviously did not happen overnight, and after a careful analysis of the types of applications and analyzing cloud risks Shell is expanding the usage of AWS in diverse types of applications enterprise wide. \n-----------------------------------------------------------------------\nGovernance and risk management central to Shell’s approach:\n A Cloud Governance Group with stakeholders from different business lines was created.\n Shell conducted thorough security analysis, with access to AWS certifications, to meet legal and regulatory requirements for hosting applications in the cloud.\n A Center of Excellence was established to build expertise in cloud capabilities.\nAs a large organization with strong IT standards, Shell needed to establish governance processes to ensure that the cloud computing effort was aligned with IT policies. Shell created a Cloud Computing Governance group with exec level stakeholders from every major division. On a regular basis the group evaluates the cloud computing implementation status at Shell and make sure that usage is in the right direction.\n Shell did an extensive evaluation of AWS security practices, AWS security experts engaged with Shell discussed extensively on security in order to meet Shell expectations, AWS also provided to Shell the SAS70 report of AWS audited by an external firm. \nShell created as well a Center of Excellence which is the AWS resource department within the company. The Center of Excellence provides AWS services to end users (a very divers setting of projects and applications) within Shell specific context. They provide startup services, training, consultancy and additional managed services to their customers who can benefit from AWS and still being safe in the Shell of IT context.\nShell uses AWS for a diverse set of use cases:\n The Shell Foundation Platform is a framework used by all new projects utilizing on-demand cloud services. The SFP is certified to run on AWS. Compliant applications built on the SFP are able to be run in production on AWS. \n Development and Test Environments are considered AWS ready within a VPC and may run on AWS. \n Shell has a diverse set of applications running in production and development on AWS across the entire company.\n Three production applications running in AWS; first live October 2010\n Widely used for temporary requirements and Development and Test\n Cost advantageous for smaller applications and at parity for many others\n Up to 40% of the applications portfolio passed initial viability screens for production deployment on AWS\nThe usage of Shell is in many and diverse scenarios setting ranging from development and test to applications in productions within different business units.\n At Shell standards are important; they have frameworks of software which are reused in every project at Shell. These foundation frameworks provide functionality to do effective project management and delivery within the Shell . Shell has adapted this framework to AWS EC2, and therefore upon the release of a new project the common foundation functionality is ready within minutes to the project team. \nDev and test is a very interesting use case at Shell as well. The project manager and developers can have test environments ready in seconds in a safe area within Shell using the AWS VPC service. This dramatically decrease the development cycles and increase quality of applications. \n-----------------------------------------------------------\nBenefits of Amazon Web Services for Shell: \n No minimum commitment upfront and pay per use brings significant savings.\n Fast provisioning within minutes for eligible applications.\n Elasticity – the ability to expand and contract IT infrastructure as needed.\n Cloud brings business agility as Shell is able to deploy services much more quickly.\n \nShell benefits from the flexibility of AWS pay per use model. They are able to provision the infrastructure required within seconds and the Cloud Competence Center provides AWS services to end users with Shell specifics. Shell obtains with AWS agility in his business and users can deploy services much more quickly than before bringing significant savings in the IT expending. \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Applications that are very interesting, easy to experiment with, simple sel\n
  • The Blueprint offers a step by step approach to cloud migration and has been proven successful. When customers will follow this blueprint and focus on creating a proof of concept, they will immediately see value in their proof of concept projects and see tremendous potential in the AWS cloud. After they move their first application to the cloud, they will get new ideas and will want to move them into the cloud.\n
  • \n
  • \n
  • Extending Your Data Centre with AWS - Simon Elisha - AWS Summit 2012 Australia

    1. Extending Your Data Centre WithAWSSimon ElishaPrincipal Solution ArchitectAustralia & New Zealand
    2. PowerConstraints
    3. SpaceConstraints
    4. Processing (a.k.a “horsepower”) Constraints
    5. Lots of ideas & projects you want to try
    6. “When all you have is ahammer – everything looks like a nail!”
    7. Cloud means you now have more than just a hammer.
    8. What if you could extend into the cloud easily and securely?
    9. You Can! CorporateData Center
    10. You Can! Amazon VPC CorporateData Center
    11. You Can! Amazon VPC CorporateData Center
    12. Review: EC2 Standard NetworkingDistinct private/internal and public/external IPs• Simple model• True 1:1 NAT (no port translation)• “Split-brained” DNSSecurity groups control ingressElastic IPs: fixed public IPs
    13. InternetEC2 instances dynamically assigned private IP addressesfrom the one large internal Amazon IP address range Availability Zone 1a Availability Zone 1b
    14. InternetEC2 instances dynamically assigned private IP addressesfrom the one large internal Amazon IP address range Availability Zone 1a Availability Zone 1b Customer 1
    15. Internet EC2 instances dynamically assigned private IP addresses from the one large internal Amazon IP address range10.1.2.3 10.218.5.17 10.141.9.8 10.16.22.33 Availability Zone 1a Availability Zone 1b Customer 1
    16. Internet EC2 instances dynamically assigned private IP addresses from the one large internal Amazon IP address range10.1.2.3 10.218.5.17 10.141.9.8 10.16.22.33 Availability Zone 1a Availability Zone 1b Customer 1 Customer 2
    17. Internet EC2 instances dynamically assigned private IP addresses from the one large internal Amazon IP address range 10.134.2.3 10.1.2.3 10.218.5.17 10.27.45.16 10.141.9.810.99.42.97 10.16.22.33 10.131.7.28 Availability Zone 1a Availability Zone 1b Customer 1 Customer 2
    18. Internet EC2 instances dynamically assigned private IP addresses from the one large internal Amazon IP address range 10.134.2.3 10.1.2.3 10.218.5.17 10.27.45.16 10.141.9.810.99.42.97 10.16.22.33 10.131.7.28 Availability Zone 1a Availability Zone 1b Customer 1 Customer 2 Customer 3
    19. Internet EC2 instances dynamically assigned private IP addresses from the one large internal Amazon IP address range 10.134.2.3 10.1.2.3 10.218.5.17 10.27.45.16 10.243.3.5 10.8.55.5 10.141.9.810.99.42.97 10.155.6.7 10.16.22.33 10.131.7.28 10.6.78.201 Availability Zone 1a Availability Zone 1b Customer 1 Customer 2 Customer 3
    20. Internet EC2 instances dynamically assigned public IP addresses on border network from Amazon’s public IP address blocks 10.134.2.3 10.1.2.3 10.218.5.17 10.27.45.16 10.243.3.5 10.8.55.5 10.141.9.810.99.42.97 10.155.6.7 10.16.22.33 10.131.7.28 10.6.78.201 Availability Zone 1a Availability Zone 1b Customer 1 Customer 2 Customer 3
    21. 23.20.151.66 23.20.146.1 23.20.103.11 72.43.2.77 23.19.11.5 72.43.22.45 Internet 72.43.22.5 23.20.148.59 72.44.32.9 72.44.21.7 23.19.10.51 72.43.1.7 EC2 instances dynamically assigned public IP addresses on border network from Amazon’s public IP address blocks 10.134.2.3 10.1.2.3 10.218.5.17 10.27.45.16 10.243.3.5 10.8.55.5 10.141.9.810.99.42.97 10.155.6.7 10.16.22.33 10.131.7.28 10.6.78.201 Availability Zone 1a Availability Zone 1b Customer 1 Customer 2 Customer 3
    22. Value and Limits of Standard NetworkingSimple to use and management freeSecurity groups are Ingress onlyDifferent from subnet-based controlsMental model issueNo private networking, DMZs, or NAT/PATNo consistent / “fixed” IP addresses for instances
    23. Introducing AWS Virtual Private CloudUser-defined virtual IP networking for EC2Private or mixed private/public addressing andsecured ingress/egressRe-use of proven and well-understoodnetworking concepts and technologies
    24. VPC Capabilities in a NutshellUser-defined address space up to /16• 65,534 addressesUp to 20* user-defined subnets up to /16User-defined:• Virtual routing, DHCP servers, and NAT instances• Internet gateways, ACLs, ingress/egress security groups and VPN tunnelsPrivate IPs stable once assignedElastic Network Interfaces
    25. Internet VPC customers can launch instances in their own isolated network 10.134.2.3 10.1.2.3 10.218.5.17 10.27.45.16 10.243.3.5 10.8.55.5 10.141.9.810.99.42.97 10.155.6.7 10.16.22.33 10.131.7.28 10.6.78.201 Availability Zone 1a Availability Zone 1b Customer 1 Customer 2 Customer 3
    26. Internet VPC customers can launch instances in their own isolated network 10.134.2.3 10.1.2.3 10.218.5.17 10.27.45.16 10.243.3.5 10.8.55.5 10.141.9.810.99.42.97 10.155.6.7 10.16.22.33 10.131.7.28 10.6.78.201 Availability Zone 1a Availability Zone 1b Customer 1 Customer 2 Customer 3 VPC Customer
    27. Internet VPC customers can launch instances in their own isolated network 10.134.2.3 10.1.2.3 10.218.5.17 10.27.45.16 10.243.3.5 10.8.55.5 10.141.9.810.99.42.97 10.155.6.7 10.16.22.33 10.131.7.28 10.6.78.201 Availability Zone 1a Availability Zone 1b Customer 1 Customer 2 Customer 3 VPC Customer
    28. InternetVPC customers can launch instances in their own isolated network Availability Zone 1a Availability Zone 1b VPC Customer
    29. InternetVPC customers can launch instances in their own isolated network Availability Zone 1a Availability Zone 1b VPC Customer
    30. InternetAvailability Zone 1a Availability Zone 1b VPC Customer
    31. Internet You can assign your own IP range to the VPC network 10.0.1.5 10.0.1.6 10.0.0.510.0.0.6 10.0.1.8 10.0.3.5 10.0.1.25 10.0.3.17 Availability Zone 1a Availability Zone 1b VPC Customer
    32. Models of Data Centre ExtensionIsolated projectExpand existing systems into the cloud – no publicExpose systems to the public - hosted in the cloudBranch office access
    33. Isolated Project Dev/Test. Corporate Users Proof of Concept. “Fail Fast” projects. Time bound/ephemeral. Router & Firewall No need for internal system access of resources. AWS
    34. Expanding Existing Systems Into The Cloud Leverage additional processing nodes. Corporate Host entire stack in the cloud with secure data centre Corporate Users LAN/WAN access. • E.g. Sharepoint, CMS, CRM, etc Dev/Test. Router & Firewall Disaster Recovery. Big Data analysis. VPN Connection Use existing management tools. No Internet access to systems. AWS
    35. Expanding Systems Into The Cloud, with PublicInternet Access Enable access by customers/partners to Corporate systems. data centre Corporate Users Enable internal systems to be involved and accessed by applications. Router & Firewall Secure segregation of components and network access. VPN Connection Customers/ Partners AWS
    36. Branch Office Access Branch Office Users Enabling remote users & offices Router & Firewall to have secure access to resources. VPN Connection Centralised systems with minimal infrastructure. AWS VPN Connection VPN Connection Router & Firewall Router & Firewall Branch Office Users Branch Office Users
    37. Making the Connection…
    38. New Enterprise ITNetwork Architecture
    39. CorporateData Center CorporateHeadquarters New Enterprise IT Network Architecture
    40. CorporateData Center CorporateHeadquarters New Enterprise IT Network Architecture
    41. CorporateData Center CorporateHeadquarters New Enterprise IT AWS Region Network Architecture
    42. CorporateData Center Availability Zone 1 CorporateHeadquarters Availability Zone 2 New Enterprise IT AWS Region Network Architecture
    43. CorporateData Center Availability Zone 1 Router CorporateHeadquarters Amazon VPC Availability Zone 2 New Enterprise IT AWS Region Network Architecture
    44. CorporateData Center Availability Zone 1 Router Customer VPN Gateway Gateway CorporateHeadquarters Amazon VPC Availability Zone 2 New Enterprise IT AWS Region Network Architecture
    45. CorporateData Center Availability Zone 1 Private Subnet Router Customer VPN Gateway Gateway CorporateHeadquarters Public Subnet Amazon VPC Availability Zone 2 New Enterprise IT AWS Region Network Architecture
    46. CorporateData Center Availability Zone 1 Private Subnet Router Customer VPN Gateway Gateway CorporateHeadquarters Public Subnet Amazon VPC Availability Zone 2 New Enterprise IT AWS Region Network Architecture
    47. CorporateData Center Availability Zone 1 Private Subnet Router Customer VPN Gateway Gateway CorporateHeadquarters Internet Public Subnet Gateway Amazon VPC Availability Zone 2 New Enterprise IT AWS Region Network Architecture
    48. CorporateData Center Availability Zone 1 Private Subnet Router Customer VPN Gateway Gateway CorporateHeadquarters Internet Public Subnet Gateway Amazon VPC Availability Zone 2Branch Offices New Enterprise IT AWS Region Network Architecture
    49. CorporateData Center Availability Zone 1 Private Subnet Router Customer VPN Gateway Gateway CorporateHeadquarters Internet Public Subnet Gateway Amazon VPC Availability Zone 2Branch Offices Elastic New Enterprise IT S3 SQS/SNS/SES SWF SimpleDB DynamoDB Beanstalk AWS Region Network Architecture
    50. CorporateData Center Availability Zone 1 DirectConnect Location 10G Private Subnet Router Customer VPN Gateway Gateway CorporateHeadquarters Internet Public Subnet Gateway Amazon VPC Availability Zone 2Branch Offices Elastic New Enterprise IT S3 SQS/SNS/SES SWF SimpleDB DynamoDB Beanstalk AWS Region Network Architecture
    51. Rich Capabilities in VPCElastic Load Balancer, AutoScaling, CloudWatch, AlarmsRelational Database Service (MySQL engine, for now)Elastic MapReduceCloudFormationAnd many others, with more to come…“Blackbox” services with public endpoints reachable viaInternet gateway (or VPN via your own network)
    52. Dedicated InstancesOption to ensure physical hosts are notshared with other customers Single Tenant Compute Instance$10/hr flat fee per Region + small hourlychargeCan identify specific Instances asdedicatedOptionally configure entire VPC asdedicated
    53. DirectConnect: Private X-Connect to AWSDedicated bandwidth to AWS bordernetwork in 1Gbps or 10Gbps chunks.Full access to public endpoints, EC2 Internetstandard & VPCs. • VLAN tagging maps to public side or VPCsBenefits: • Faster / more consistent throughput • Increased isolation and controlGreat companion technology to VPC.
    54. 15 Daily Newspapers 50 Web Sites 62 MM unique users per monthOver 1 Billion page views per month
    55. NYTimes EC2 Expansion (April 2011) Amazon EC2 Courtesy NYTimes
    56. NYTimes EC2 Expansion (April 2011) Amazon EC2 Courtesy NYTimes
    57. NYTimes: EC2 Capacity vs Cost 50% 43% 36% 29% 21% Percent 14% 7% Capacity 0% Cost
    58. “The AWS Cloud brings business agility as Shell is able to deploy services much more quickly” Johan Krebers Vice President of Architecture Use of AWS Business BenefitGlobal oil and gas company. No minimum commitment up front and pay per use brings significant savings.Operationalizing their cloud strategy. Fast provisioning within minutes for manyShell Foundation Platform – an IT applications.framework – is AWS approved. Elasticity – the ability to expand andCore operational applications running in contract IT infrastructure as needed.production on AWS.Development and test environmentsrunning on AWS. 33
    59. Let’s Create a VPC in Less than 4 Minutes
    60. Lets Build a VPC in 4 Minutes…
    61. Lets Build a VPC in 4 Minutes…
    62. Let’s Start an Instance in our VPC…
    63. Now lets launch an instance into our VPC
    64. Now lets launch an instance into our VPC
    65. Let’s Check Our Instance…
    66. And lets see the results…
    67. And lets see the results…
    68. Example: SharePoint with On-Premises Active Directory
    69. Migrating to the Cloud Cloud Benefits Zero upfront investment On-demand provisioning Instant scalability Auto scaling and elasticity Pay as you go Removes undifferentiated heavy lifting Developer productivity Automation
    70. Migrating to the Cloud Cloud Benefits Zero upfront investment On-demand provisioningCloud Strategy Instant scalability Auto scaling and elasticity Pay as you go Removes undifferentiated heavy lifting Developer productivity Automation
    71. Migrating to the Cloud Cloud Benefits New Zero upfront investment Applications On-demand provisioningCloud Strategy Instant scalability Auto scaling and elasticity Pay as you go Removes undifferentiated heavy lifting Developer productivity Automation
    72. Migrating to the Cloud Cloud Build a Cloud- Benefits Ready Design New Zero upfront investment Applications On-demand provisioningCloud Strategy Instant scalability Auto scaling and elasticity Pay as you go Removes undifferentiated heavy lifting Developer productivity Automation
    73. Migrating to the Cloud Cloud Build a Cloud- Benefits Ready Design New Zero upfront investment Applications On-demand provisioningCloud Strategy Instant scalability Auto scaling and elasticity Existing Pay as you go Applications Removes undifferentiated heavy lifting Developer productivity Automation
    74. Migrating to the Cloud Cloud Build a Cloud- Benefits Ready Design New Zero upfront investment Applications On-demand provisioningCloud Strategy “No brainer to Instant scalability move” Apps Auto scaling and elasticity Existing Pay as you go Applications Removes undifferentiated heavy lifting Developer productivity Automation
    75. Migrating to the Cloud Cloud Build a Cloud- Benefits Ready Design New Zero upfront investment Applications On-demand provisioningCloud Strategy “No brainer to Instant scalability move” Apps Auto scaling and elasticity Existing Pay as you go Applications Removes undifferentiated heavy lifting Planned Phased Developer productivity Migration Automation
    76. “No-brainer to move” Apps • Dev/Test applications • Self-contained Web Applications • Social Media Product Marketing Campaigns • Customer Training Sites • Video Portals (Transcoding and Hosting) • Pre-sales Demo Portal • Software Downloads • Trial Applications
    77. Cloud Migration : a Phased-driven Strategy http://aws.amazon.com/whitepapers
    78. A Bridge to the IT Capabilities Your Business Needs
    79. Extending Your Data Centre WithAWSQuestions and answers

    ×