Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

How to Extend your Datacenter into the Cloud - 2nd Watch - Webinar

6,973 views

Published on

Published in: Technology, Business

How to Extend your Datacenter into the Cloud - 2nd Watch - Webinar

  1. 1. How to Extend Your Datacenter into the AWS Cloud Kris Bliesner, CEO, 2nd Watch Craig Carl, Solutions Architect, AWS
  2. 2. Welcome Marcelo Bellinaso Senior Marketing Manager Global SI Ecosystem Amazon Web Services
  3. 3. Webinar How To’s• How can I submit a question?• How can I get a copy of the presentation?Special Note: Webinar is being recorded
  4. 4. What We’ll Cover• AWS Platform Overview• How Can I Use AWS to Extend My Datacenter?• AWS Services For Extending Your Datacenter• How Do I Manage My AWS Datacenter?• Customer Case Study – Production Web Hosting
  5. 5. Please Welcome Kris Bliesner Craig CarlChief Executive Officer Solutions Architect 2nd Watch Amazon Web Services kris@2ndwatch.com crcarl@amazon.com
  6. 6. Craig Carl Solutions ArchitectAmazon Web Services crcarl@amazon.com
  7. 7. Cloud Computing Benefits No Up-Front Low Cost Pay Only for Capital Expense What You Use Self-Service Easily Scale Up Improve Agility & Infrastructure and Down Time-to-Market Deploy
  8. 8. AWS Pace of Innovation 82 New Service Announcements Including: S3 Multi-Object Delete & Updates AWS Sao Paulo Region 61 AWS Oregon Region http://aws.typepad.com Including: Elastic Beanstalk (Beta) Amazon SNS Amazon SES (Beta) Amazon CloudFront AWS CloudFormation 48 Amazon Route 53 Amazon RDS for Oracle S3 Bucket Policies AWS Direct Connect Including: RDS Multi-AZ Support AWS GovCloud (US) Amazon RDS RDS Reserved Databases Amazon ElastiCache Amazon VPC AWS Import/Export VPC Virtual Networking Amazon EMR AWS IAM Beta VPC Dedicated Instances 24 EC2 Auto Scaling AWS Singapore Region SMS Text Notification EC2 Reserved Instances Cluster Instances for EC2 CloudFront Live Streaming Including: EC2 Elastic Load Balance Micro Instances for EC2 AWS Tokyo Region Amazon SimpleDB 9 Amazon Cloudfront AWS Import/Export Amazon Linux AMI SAP RDS on EC2 AWS Mngmt Console Oracle Apps on EC2 SAP BO on EC2 Including: Amazon EBS Win Srv 2008 on EC2 SUSE Linux on EC2 Win Srv 2008 R2 on EC2 Amazon FPS EC2 Availability Zones IBM Apps on EC2 VM Import for EC2 Win Srv 2003 VM Import Red Hat Enterprise on EC2 EC2 Elastic IP Addresses 2007 2008 2009 2010 2011
  9. 9. Global Infrastructure for Global EnterprisesGovCloud US West US West US East South EU Asia Asia (US ITAR (Northern (Oregon) (Northern America (Ireland) Pacific Pacific Region) California) Virginia) (Sao Paulo) (Singapore) (Tokyo) AWS Regions http://aws.amazon.com/about-aws/globalinfrastructure AWS Edge Locations
  10. 10. AWS Regions and Availability Zones Customer Decides Where Applications and Data Reside
  11. 11. Compute & Storage Services Virtual Servers in the Cloud Amazon EC2 Your Choice of Linux and Windows Easy to Scale Up and Down Hard Drive for Virtual Servers on EC2 Amazon EBS Designed for High-Performance You can Mount a Drive or Boot from EBS High-Volume Storage in the Cloud Amazon S3 Designed for Durability and Scalability Number of Objects is Virtually Unlimited
  12. 12. Amazon Simple Storage Service (Amazon S3)• Storage for the Internet. Natively online, HTTP access• Store and retrieve any amount of data, any time, from anywhere on the web• Highly scalable, reliable, fast and durable (default = 99.9999999% durability)
  13. 13. Database Options Self-Managed Managed Databases Database Server on Amazon Relational Amazon Amazon EC2 Database Service (RDS) DynamoDB Your choice of Oracle or MySQL offered as NoSQL data store database running on a service SSD storage Amazon EC2 Bring Your Own Flexible Licensing: BYOL or Seamless scalability with License (BYOL) License Included zero administration
  14. 14. Built for Enterprise Security Standards Certifications Physical Security HW, SW, Network SOC 1 Type 2 Datacenters in Systematic change (formerly SAS-70) nondescript facilities management ISO 27001 Physical access Phased updates strictly controlled deployment PCI DSS for EC2, S3, EBS, VPC, RDS, Must pass two-factor Safe storage ELB, IAM authentication at decommission least twice for floor FISMA Moderate Automated access Compliant Controls monitoring and self- Physical access audit HIPAA & ITAR logged and audited Compliant Advanced network Architecture protection
  15. 15. Step 4: Security (Shared Model)SAS 70 Type II Audit Encrypt data in transitISO 27001/2 Certification Encrypt data at restPCI DSS 2.0 Level 1-5 Protect your AWS CredentialsHIPAA/SOX Compliance Rotate your keysFISMA Moderate Infrastructure Application Secure your OS and applicationsFEDRamp / GSA ATO Security Security How we secure our How can you secure your infrastructure application and what is your responsibility? Services Security What security options and features are Enforce IAM policies available to you? Use MFA, VPC, Leverage S3 bucket policies, EC2 Security groups, EFS in EC2 Etc..
  16. 16. Networking & Security On-Demand AWS Direct Amazon Virtual instances Connect Private Cloud (VPC) Internet Amazon EC2 instance Dedicated connection Private VPN running in the on- between your datacenter connection to your demand cloud. and AWS AWS resources
  17. 17. What are Customer Running on AWS? Business Oracle, SAP, Microsoft, IBM Applications Line-of-Business Applications Digital Media Distribution Web Gaming Applications Media Sharing Social Media Big Data & Analytics for Consumer Web High Performance Genome Sequencing Computing Large Scale Batch Processing Backup & Recovery Disaster Recovery Disaster Recovery & Archive Archive
  18. 18. AWS Adoption Momentum Infrastructure-as-a-Service Leader in 2011 Gartner IaaS Leader in 2011 Forrester Market Share Leader Magic Quadrant Hadoop Wave
  19. 19. Kris BliesnerChief Executive Officer 2nd Watch kris@2ndwatch.com
  20. 20. 2nd Watch Overview • Production Application • Dev/Test Environments Hosting • Disaster Recovery • Security and Compliance • TCO/ROI Analysis • 24x7 Operations 2nd Watch Service OfferingsStrategy and Cloud Cloud Build and Support Roadmaps Assessments Architecture Migrations Services
  21. 21. Why use AWS to extend my Datacenter? • Extend the capacity of my current systems • Batch processing – data analysis • Start new projects without buying new hardware • Use AWS as a backup datacenter
  22. 22. How can I use AWS to Extend my Datacenter? Use AWS VPC to connect via IPSec VPN to your existing Datacenter Availability Zone 1 EC2 Instances VPN EC2 Instances Users or Availability Zone 2Customers Customer Datacenter
  23. 23. How can I use AWS to Extend my Datacenter? Use AWS as a production hosting platform Availability Zone 1 EC2 Instances VPN EC2 Instances Users or Availability Zone 2Customers Customer Datacenter
  24. 24. Where do I start?• Step 1: Strategy• Step 2: Connectivity• Step 3: Network• Step 4: Security• Step 5: Tier 0 Infrastructure• Step 6: Application Build• Step 7: Manage my AWS Datacenter
  25. 25. Step 1: Strategy• Clear definition of needs and usage of AWS – What data will I need present? – What accounts need access to the service? – Is this a new build or an extension of an existing workflow?
  26. 26. Step 2: Connectivity Options AWS Direct Amazon Virtual Amazon Virtual Connect Private Cloud (VPC) Private Cloud (VPC) Internet AWS Customer Managed Managed Dedicated connection Private VPN Private VPNbetween your datacenter connection to your connection to your and AWS AWS resources AWS resources
  27. 27. Step 3: Network• Virtual Private Cloud (VPC) enables two important things: – Local Subnet addressing – Virtual Private Network (VPN) connections• There are 4 possible VPC scenarios: 1) Public Subnet Only 2) Public and Private Subnets 3) Public and Private Subnets with VPN 4) Private Subnet Only with VPN
  28. 28. Step 4: AWS Security Groups• Use to create an Access Control List (ACL) for EC2 Instances• Create groups to manage types of traffic – Example: • Website Tier • Database Tier• Network Security Groups can be used to secure subnet traffic – Example: • Trusted • UnTrusted
  29. 29. Step 4: Security Headlines• Always use VPC – Network layer ACLs – Security Group ACLs – Routing Rules – Private and Public Subnet Options• Multifactor Authentication – Keyfob or Google Authenticator• Unicast network will require agent based protection – IDS, Auditing, etc.
  30. 30. Step 5: Tier 0 Infrastructure• Authentication – No OS Authentication Service – bring your own – Active Directory • Use full Domain Controller or Read-Only Domain Controller in VPC• Monitoring – Use your own monitoring system • Add Cloud Watch metrics for AWS specific services (ELB, EBS, EMR, etc.) – Use Cloud Watch as your central monitoring system • Custom scripts available for both Linux and Windows • Tie into SNS for notifications• Auditing/Logging – Use SQS and SNS to notify of AWS specific events – Connect Instances to your existing system
  31. 31. Step 6: Application Build• Build your VPC, Security Groups, Instances, etc. and use Cloud Formation to build out a template once you reach Gold State• Run Cloud Formation Template to replicate environment for Dev, Test, Staging or other environments• Make your infrastructure build repeatable• Use source control to track changes
  32. 32. Step 7: Manage my AWS Datacenter (On Premises) Customer Datacenter AWS Authentication Management Reduced footprint authentication Audit/Logging AWS Service authorization Systems Management Corporate Data Center Availability Zone 1 VPN Gateway Customer Gateway Corporate Headquarters Availability Zone 2 Internet Gateway S3 SQS/SNS/SES SWF Elastic SimpleDB Dynamo Beanstalk DB Branch Offices
  33. 33. Step 7: Manage my AWS Datacenter (AWS) Customer Datacenter AWS Replicated Authentication Full Authentication AWS Service Authorization Audit/Logging Systems Management Corporate Data Center Availability Zone 1 VPN Gateway Customer Gateway Corporate Headquarters Availability Zone 2 Internet Gateway S3 SQS/SNS/SES SWF Elastic SimpleDB Dynamo Beanstalk DB Branch Offices
  34. 34. 2nd Watch Case Study • Public website infrastructure needs to be refreshed • Current infrastructure model doesn’t scale well • Expensive to deploy & operate to accommodate peak loads • AWS equivalent of current infrastructure is 43%-58% less expensive at typical traffic levels • AWS scales on-demand to peak traffic levels at very low costs • AWS provides a Content Delivery Network at very low cost, improving page load times and conversion rate.
  35. 35. Data SecurityAWS – All storage devices follow process • DoD 5220.22-M (“National Industrial Security Program Operating Manual”) • NIST 800-88 (“Guidelines for Media Sanitization”) – Upon decommission • Degaussed • Physically destroyedCustomer on AWS – S3 data encrypted at rest – No public interface to data – All Datacenter traffic is encrypted via IPSec
  36. 36. AWS Security• Secure by default• VPC to control detailed network access policy• Elastic Load Balancer is only public interface (80 and 443 only)• IPSec VPN to Red Lion Datacenter encrypts all management traffic and traffic to physical assets (Application Servers, etc.)
  37. 37. Integration with Existing Tools• Existing environment and tools – VPN for connectivity to existing datacenter – Existing management tools – Active Directory with existing domain• Email and SMS alerts for monitoring and alarms – Tracks changes to infrastructure due to Auto Scaling – Alerts based on system indicators
  38. 38. High Availability• Multiple Availability Zones (AZs)• Region wide AWS tools• Local Active Directory• Auto scale group for Web Servers• Mirror on SQL Servers
  39. 39. www.mycompany.com Elastic Load Balancer content.mycompany.com TS+ 1 EC2 Authentication Tier CloudFront LB IDS IDS LB (CDN) VPC Subnet A (Public) IDS EC2 Authentication Tier Amazon EBS Web Web Web Web CloudWatch Server Server Server Server Snapshots Alarms VPC Subnet B EC2 Authentication Tier AD DSAmazon SNS S3Notifications VPC Subnet C EC2 Database Tier EBS Snapshots Amazon SES DB Replication Email M S VPC Subnet D Availability Zone 1 Availability Zone 2 Region: Oregon VPN Tunnel Ops Tooling / Mgmt Tools Monitoring Security Group Security / A.V. Custom RDP Audit Availability Zone Data Center Region
  40. 40. “With AWS and 2nd Watch, we have found a much more cost effective way to keep the lights on for a critical part of our infrastructure while reducing the risk of IT resources getting distracted from our core business strategies.” David Barbieri, SVP and CIO http://aws.amazon.com/solutions/case-studies/red-lion/Infra Cost Comparison Business Benefits ~58% savings! • 58% savings over existing infrastructureAWS Cloud Infrastructure • Faster network speeds • Improved load times • Already planning future migrations Old Infrastructure (TicketsWest, corporate production)
  41. 41. Shared ResponsibilitiesAWS 2nd Watch or Customer CustomerFacilities Architecture Build ApplicationPhysical Security Engineering Build Application DevelopmentPhysical Infrastructure Security Groups Application Fixes / PatchesNetwork Infrastructure Firewalls Customer ContactVirtualization Network Configuration ComplianceInfrastructure Monitoring and Reporting Operating System
  42. 42. Getting Started• Clearly define your strategy and targets.• Why team with a partner? – Lessons learned – Virtualization example – cost decline with experience• Select a workload for AWS• Measure success
  43. 43. Q&A
  44. 44. Thank You!To learn more contact info@2ndwatch.comor visit on the web @ www.2ndwatch.com

×