More Related Content Similar to Getting on C2S: Lessons Learned Migrating Space Operational Systems to the Cloud on AWS (20) More from Amazon Web Services (20) Getting on C2S: Lessons Learned Migrating Space Operational Systems to the Cloud on AWS 1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Jason Lee
Iron Patriot Chief Architect, Lockheed Martin Space
David English, Mission Solutions Chief Engineer, Lockheed Martin Space
v1.0
Getting on C2S: Lessons Learned
Migrating Space Operational Systems
to the Cloud on AWS
2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Lockheed Martin Space
Special
ProgramsAdvanced Technology Center
Optics, RF
& Photonics
Adv. Materials
& Nano
Systems
Space Sciences
& Instruments
Military Space
Protected
Comms
Narrowband
Comms
Early
Warning
Navigation Weather Space
Protection
Strategic & Missile Defense
Missile DefenseStrategic MissilesAdv Programs
Mission Solutions
End-to-End
Mission
Systems
Geospatial
Technologies
SubsidiariesCommercial and Civil Space
Communication
Systems
Weather & Remote
Sensing
Deep Space
Exploration
Human Space
Exploration
NASA
3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
LM Space Mission Solutions Delivers
•Scalable, Secure, High-Performance Systems on
AWS
•‘End-to-End’ Mission Solutions
•Satellite C2 and Sensor Data Processing
•Predictive Analytics and Big Data Applications
•Systems and Software Engineering
•Geospatial Technologies
•Space Security / System Resiliency
Mission-critical intelligence and information across a secure global network
Systems Designed, Developed, Engineered and Operated from the Ground Up
4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
LM Perspective: The Value of the Cloud
Scalability:
• Perform missions with highly variable
processing needs using an efficient cost
structure
• Add missions on tight timelines
• Vertically or horizontally scale as missions
change
Resilience:
• Deploy highly available software systems with
failover between AWS availability zones and
regions
• Ability to build and deliver always-running
services with zero downtime
Security:
• AWS provides the tools to build to the security level required by the
mission
5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Customer Mandate: Move to the Cloud
Timeline:
• 2014: Customer begins transition to
the cloud.
• 2015/2016: Initial path-finder efforts
• 2017: First Production Systems
• 2018: Most RFPs are mandating
Cloud
Initial Roadblocks:
• Access
• Contract Scope
• Customer Understanding
6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Case: C2S Migration of a Product Quality System
Challenges
• Migration of over 50 different product quality assessment applications
• Move from desktop apps to cloud
• Various CPU architectures and operating systems
• Many tools require GPU capabilities
Solutions
• Linux and Windows AMIs with tools pre-installed
• Auto-scaled servers using ELB, serving up user desktops
• Custom CloudWatch metrics for users per server
• Held AWS well-architected review (first for customer)
• Invest in internal AWS training and expertise
7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Case: C2S Migration of a Multi-Level Security System
Challenges
• Motivated to move to C2S for elasticity, but security requirements were
above what C2S provided natively
• Needed to protected data in all phases (motion, rest, use) within the
VPC
• Contractor-provided security enhancements were needed to augment
native AWS security
Solutions
• Utilized the VPC, EC2, and EBS services for hosting and fault-
tolerance
• Avoided use of other services, such as SQS, SNS, RDS, Kinesis, and
EMR, so that security requirements could be met
8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Case: C2S Migration of a Processing System
Challenges
• Could not afford down-time for legacy mission critical
system to stop and move to cloud
• Hybrid approach introduced bandwidth as a limiting factor,
including the intricacies of networking between Government
segments
Solutions
• Hybrid approach became most effective (keep processing
on-premise, but also flip some to cloud)
• Acquire the necessary Direct Connects for the needed
bandwidth
• Fully map the Government segment network topography to
understand the bandwidth issues completely
9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Lesson Learned #1: Security Policy and Controls
Issue: Customer Security Controls
• Security controls needs to be examined for each AWS service
• Customer stance evolving; data and mission specific
Solution
• Understand underlying AWS service security stand
• Prepare standard approaches per service
• Customer lessons learned session
• Work with Amazon Solutions architects
10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Lesson Learned #2: Security Controls
Issue: Customer Security Policy
• Evolving from facility-based
• Amount of changing systems – work backlog for customer
• Re-examine security controls
• Transition from ICD 503 to risk management framework (RMF)
Solution
• Security-focused software engineers
• Learn with the customer
11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Lesson Learned #3: Bandwidth to The Cloud
Issue: Remote users or data and planning bandwidth
• Cloud moves compute away from users or data generation
• Network are evolving to meet additional bandwidth, reliability
needs
Solution
• Early engagement with customer
Networks team
• Understand timelines, latencies, and
resiliency levels
• Customers have advanced the
capability to use Direct Connect
12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Lesson Learned #4: Cost Monitoring
Issue: Understanding and planning for operational costs
• Legacy architecture may have inefficient compute usage
• Development and Test resource environments can get expensive
Solution
• Use Cost Explorer + an enforced tagging policy
• Scripts and tools that enforce tagging policy
• Use cost information to target architecture areas for improvement
13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Lesson Learned #5: Transition Approaches
Issue: Traditional ‘big bang’ upgrades to C2S
• System transitions from legacy data center to C2S
• Transition is possible, but complex:
• More extensive testing
• Interface changeovers
• Complex failback
Solution
• Incrementally move capabilities
• Use as opportunity to transform architecture
• The Cloud becomes a part of the system boundary
14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Questions?
15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you!