Real World Hybrid Operations and Apps on AWS

© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Karim Hopper
November 2015
AWS Enterprise Summit
Real-world hybrid on AWS

Session agenda
• Introduction
• Hybrid and AWS
• Implementing Hybrid Ops
• Common Hybrid Apps
• Closing

Cloud is an ALL or NOTHING proposition

Why are customers choosing AWS to
implement hybrid?

Scale
Service
Breadth
Service
Depth
Security

Broad accreditations and certifications

2008 2009 2010 2011 2012 2013 2014
Over 1 million monthly active accounts

Pace of innovation
24
48 61
82
159
280
516
2008 2009 2010 2011 2012 2013 2014
Features and services shipped

TECHNICAL &
BUSINESS
SUPPORT
Account
Management
Support
Professional
Services
Solutions
Architects
Training &
Certification
Security
& Pricing
Reports
Partner
Ecosystem
AWS
MARKETPLACE
Backup
Big Data
& HPC
Business
Apps
Databases
Development
Industry
Solutions
Security
MANAGEMENT
TOOLS
Queuing
Notifications
Search
Orchestration
Email
ENTERPRISE
APPS
Virtual
Desktops
Storage
Gateway
Sharing &
Collaboration
Email &
Calendaring
Directories
HYBRID CLOUD
MANAGEMENT
Backups
Deployment
Direct
Connect
Identity
Federation
Integrated
Management
SECURITY &
MANAGEMENT
Virtual Private
Networks
Identity &
Access
Encryption
Keys
Configuration Monitoring Dedicated
INFRASTRUCTURE
SERVICES
Regions
Availability
Zones
Compute
Storage
(object,
block)
Databases
SQL, NoSQL,
Caching
CDNNetworking
PLATFORM
SERVICES
APP
Mobile
& Web
Front-end
Functions
Identity
Data Store
Real-time
DEVELOPMENT
Containers
Source
Code
Build
Tools
Deployment
DevOps
MOBILE
Sync
Identity
Push
Notifications
Mobile
Analytics
Mobile
Backend
ANALYTICS
Data
Warehousing
Hadoop
Streaming
Data
Pipelines
Machine
Learning

• Secure, flexible networking between
cloud and on-premise
• Secure, federated access
management
• Management tools for hybrid
environments
• Integrated monitoring tools
HYBRID OPS - REQUIREMENTS

Secure, flexible connectivity
OPS | NETWORKING
AWS DirectConnect
• Extend your data center network to the
AWS cloud using a leased-line/circuit
• Secure, consistent performance on a
private network - avoid internet traversal
• Lower data transfer costs (vs VPN)
• 1Mbps to multiple 10Gbps
• Simpler management of multi-VPC
environments
• IPSEC VPNs can also be used for small
deployments, POCs and extra redundancy

Secure, flexible networking
OPS | NETWORKING
AWS Virtual Private Cloud
• Create a software-defined network
topology for your cloud including private
and public subnets (RFC1918), routing,
firewall policies and NAT
• Connect VPCs together using peering, or
directly to your data center and offices
Implement network isolation at any level, e.g.
• App environment, tier, business unit, team,
application / project and data classification

OPS | NETWORKING
Your Data Center
IPSEC VPN
Tunnels(x2)
AWS DirectConnect
Peering Location
Circuit(s), e.g
Metro Ethernet
AWS
Fibre cross connect
Terminated on an AWS
or customer managed gateway
(Internet)
Network Extension

(Optional) Bring your favorite security tools
Unified Threat
Management & WAF
VPN / Routing,
Application Delivery,
Key Management
AVAILABLE NOW

• Secure, flexible networking
between cloud and on-premise
management
environments
AWS Virtual Private
Cloud (VPC)
AWS DirectConnect

Federated Access Management
OPS | SECURE ACCESS MANAGEMENT
AWS Directory Service – AD Connector
• Easily federate your corporate Active
Directory environment to AWS and enable
single sign-on – no need for SAML
infrastructure
• Proxy only – does not store credentials
• Supports RADIUS-based MFA
• Connects to Domain Controllers in your
VPC or on-premise Domain Controllers
Customers can also use ADFS or partner
solutions

AWS Identity & Access Management
AWS Identity and Access Management
• Securely control access to AWS services
and resources
• Combine IAM and AD Connector to
develop role based security policies for
AWS resources using your existing AD
identities
• Fine grained control of permissions with
auditing via CloudTrail

AWS Management
Console
Your Identity Provider
E.g. Active Directory
AWS IAM
(Federated users)
Policies AWS Services &
Resources
AD Connector – (Proxy only)
AWS Directory Service
Forward Authentication
Access per IAM
policies
Authentication
Authorization
Allow / deny

AWS Management
Console
Your Identity Provider
E.g. Active Directory
AWS IAM
(Federated users)
Policies AWS Services &
Resources
AD Connector – (Proxy only)
Forward Authentication
Access per IAM
policies
Authentication
Authorization
Allow / deny
Ready in
15 minutes!

AWS Identity Federation Partners

management
environments
AWS Virtual Private
Cloud (VPC)
AWS DirectConnect
AWS Identity & Access
Management (IAM)

Step 1 –
Use a “cloud broker”
OPS | MANAGEMENT

Start by experimenting with
different tools
(and try open source)

ANSIBLE
Configuration management
HASHICORP PACKER
Build machine and container
images (cross platform)
HASHICORP TERRAFORM
Create and deploy application
templates (cross platform)
AWS CLOUDFORMATION
Application templates
(AWS Only)
Common
Examples
OPS | MANAGEMENT

HASHICORP PACKER
Build cross platform machine
and container images
VMWare
(vmx or ISO)
AWS
(Amazon Machine Image)
OpenStack etc…
Parallel Build
Source
config
OPS | MANAGEMENT

{
"variables": {
"aws_access_key": "",
"aws_secret_key": ""
},
"builders": [{
"type": "amazon-ebs",
"access_key": "{{user `aws_access_key`}}",
"secret_key": "{{user `aws_secret_key`}}",
"region": "us-east-1",
"source_ami": "ami-de0d9eb7",
"instance_type": "t1.micro",
"ssh_username": "ubuntu",
"ami_name": "packer-example {{timestamp}}"
}]
}
HASHICORP PACKER
Machine and container images
OPS | MANAGEMENT

resource "aws_elb" "frontend" {
name = "frontend-load-balancer"
listener {
instance_port = 8000
instance_protocol = "http"
lb_port = 80
lb_protocol = "http"
}
instances = ["${aws_instance.app.*.id}"]
}
resource "aws_instance" "app" {
count = 5
ami = "ami-043a5034"
instance_type = "m1.small"
}
HASHICORP TERRAFORM
Application Templates
Create 5 servers and put them behind a load balancer
OPS | MANAGEMENT

Stack Template
References
Post-
processing
Executes
API / CLI
App Stack
E.g. 3 Tier
Prod Web
Configures
Deploys
(App)
Configures
Deploys
(Infra)
AnsiblePacker
Terraform
Build automation for hybrid environments
OPS | MANAGEMENT

Importing existing VM images
AWS Management Portal for
VMWARE vCenter
AWS VM Import
Point and click
migration for VMware
Migrate VMWare, Hyper-V
and Citrix Xen images
OPS | MANAGEMENT

AWS Import / Export
Snowball
• 50 TB Amazon-owned appliance design
to help move petabytes of data per week
• 256-bit data encryption (KMS)
• Tamper resistant, durable and rugged
enclosure
• 10 GB network – takes ~13 hours to load
a 50TB Snowball
Use Snowball to move data centers, large
data sets or individual VMs
OPS | MANAGEMENT

management
environments
VPC & DirectConnect IAM, Directory Service
Packer, Terraform, Ansible and VM Import

Amazon
Cloudwatch
APPLICATION
PERFORMANCE
OPERATIONAL
ANALYTICS
AWS Platform &
Service Metrics
Splunk App for AWS
API Integration
AppDynamics
OPS | MONITORING

COST
MANAGEMENT
• Track spending with reports, dashboards
and email alerts
• Optimize spending with usage analytics
• Govern an regulate enterprise spending
OPS | MONITORING

management
environments
VPC & DirectConnect IAM, Directory Service

Cloud adoption patterns & common
use cases
Hybrid Apps

Starting out
Dev & Test
Production
Disaster
Recovery

The first, and the most important, reason we go with AWS is for the self-service flexibility. The fact
that we can be up and running with a test environment in minutes … in the classic model, I’d
probably still be negotiating data center contracts.
– Lorin Kobashigawa-Bates
Director of Technology, Expedia APAC & AirAsia Go
”
“

Dev & Test on AWS
Performant Lower costAutomated Available
Automate
environment
builds and release
processes
(CI/CD)
Deploy and test
code at full scale
and in replica
environments
Pay as you go –
but turn it off
when idle
On demand
resources in 11
regions globally –
no need to wait
for hardware

On-Demand Development Environments
Amazon Workspaces
• Secure and isolated virtual desktop
environments
• Windows 7 desktop experience
• Fully customizable image and apps
• Active Directory integration & MFA
• Pay as you go
Amazon Workspaces
On-demand
virtual desktops
Dev Environments
Great for company contractors or
companies that outsource development

AWS Device Farm
AWS CodeCommit
Managed GIT Repository
AWS CodePipeline
Continous Delivery
Real mobile device
testing
AWS CodeDeploy
Automated Deployments
Develop, test and release

Gaining confidence
Dev & Test
Production
Disaster
Recovery

..[AWS] significantly improved our business
continuity capabilities, including seamless
failovers
- Kevin Quinlivan
Chief Information Officer, Delaware North
”
“
Hybrid and Disaster Recovery
Architecture

Disaster Recovery on AWS
Performant No secondary
site expense
Highly
Secure
Geo DR
AWS data
centers are
compliant to
15+
international
security
standards
Provision DR
environments
to production
scale
Turn it on when
you need it
and run DR
tests frequently
without financial
penalties
Backup your
systems to 11
AWS regions
globally
Eliminate
Tape
Use more
durable disk
based storage
for backup,
archive and
compliance
workloads

Store backups data on AWS
Amazon S3 / Glacier Connector &
AWS Storage Gateway VTL
AWS Storage Gateway (VM)
Mirror data to AWS
Pay as you grow storage
Infinitely scalable
On-prem storage

Live on-prem to AWS VM/App replication
Network
constrained?
Use Snowball to
transfer VM’s or
data to AWS for
disaster recovery

Maturing
Dev & Test
Production
(Legacy)
Disaster
Recovery
Production
(Digital Apps)

Production on AWS
Highly
Secure
AWS data centers
are compliant to
15+ international
security standards
Digital
Ready
Extensive set of
services for big
data, predictive
analytics, IoT and
mobile apps
Global
Footprint
11 Regions and
over 50 availability
zones and POPs
Open &
Flexible
Language and
operating system
agnostic

Adobe Experience Manager (formely CQ)
The rich API set that AWS offers us allows us to
deeply integrate our automation systems into AWS
and provide an efficient operating environment for our
customers
– Mitch Nelson
Director of Managed Services Products, Adobe
”
“

Digital Applications
You code. AWS builds and deploys
Amazon Elastic Beanstalk (PaaS)
Mobile and Web
Supports: Supports Java, .NET, PHP,
Node.js, Python, Ruby, Go, and Docker
Mobile only
AWS Mobile Hub
A complete mobile platform
Features: User sign-in and data storage
(Cognito), cloud logic (Lamda), Push
notifications (SNS), analytics, content delivery
& app testing (Device Farm)

Split tier deployment
DirectConnect
DirectConnect
Web tier
Web tier
App & DB tier
App & DB tier with push notifications and search
Amazon SNS
Amazon ElasticSearch

Digital Applications
Streaming Analytics

• Secure, flexible networking between cloud and on-premise
• Secure, federated access management
• Management tools for hybrid environments
Development and Test
Backup & Disaster Recovery
Mobile & Web
Streaming / Analytics

Thank you
Connect with me on LinkedIn
https://sg.linkedin.com/in/karimhopper

Real World Hybrid Operations and Apps on AWS

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Real World Hybrid Operations and Apps on AWS

Similar to Real World Hybrid Operations and Apps on AWS (20)

Recently uploaded

Recently uploaded (20)

Real World Hybrid Operations and Apps on AWS

Editor's Notes