Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
www.immobilienscout24.de Berlin | 28.04.2016 | Schlomo Schapiro Systems Architect / Open Source Evangelist http://creative...
Why should I care? The cloud is here - let's make the best out of it!
Our goal is to join a vibrant technical eco- system to accelerate our own innovation speed.
PROJECT Cloud Migration - Management View
Just ask about ... Timeline Budget Engineered for the CloudSecurity Resilience
Time & Money
Data Center Costs SAN Storage Server Hardware Server Hardware Core & Rack Switches SAN StorageBackup Solution Core & Rack ...
Cloud Costs - Quick Migration BUDGET 1st year 2nd year 3rd year
Cloud Migration - Costs Journey Data Center Costs Cloud Costs Total Costs BUDGET Invest Save ROI How many years?
Engineering
Cloud = Scale Out. Automate or Die. Test Driven Development. Everything will fail.
Live Staging Play Search User ...
Internal Communication ◉ No transport encryption ◉ Trust based on IP ◉ Easy Dev/Ops access to debug and admin ports ◉ Low ...
Cloud Migration ≈ Microservices Migration
Automate Automate Automate Automate Automate Automate Automate
Data Center Hardware Network Storage Virtualization Operating System Application Configuration Load Balancer Automation
Code Cloud (AWS) Hardware Network Storage Virtualization Operating System Application Configuration Load Balancer CloudFor...
Resilience
Cloud Formation StackRegion VPC RDS A typical web application on AWS ... Autoscaling Group EC2 EC2 EC2 ELB RDS S P O F
More resilience Cloud Formation Stack Region VPC RDS Autoscaling Group EC2 EC2 EC2 ELB RDS Cloud Formation Stack Region VP...
Static credentials are just broken by design!
Static Credentials ◉ SSH keys - copy and crack at home ➨ SSH HostbasedAuthentication ➨ Consider IP trust & rsh for automat...
Private Connec- tion to DCNo Authenti- cation Perimeter Security Blind Trust Firewall = Security Federated employee login ...
Service⇔Service Communication over public Internet HTTPS only. Setup identity management for services (OAuth2)
Hybrid Cloud
Hybrid Cloud? My Virtual Machine / Docker Container can run on premise or in the cloud. 1 Use the best tool for the job: S...
Hybrid Cloud Comparison Run VMs/Docker anywhere + No vendor lock in + Write once, run anywhere + Easily support multiple p...
80% 20% Benefit Work Work Benefit AWS Managed Services VM Hosting (EC2, ECS)
Cloud Enablement
A Cloud Migration Strategy 1. Establish Cloud platform besides data center 2. Integrate Cloud platform with data center 3....
1. Establish Cloud platform besides data center 1. Solve common problems: security, compliance and cost control 2. Provide...
2. Integrate Cloud platform with data center 1. Provide temporary Cloud credentials to every server 2. Provide secure comm...
3. Build new applications into the cloud 1. Learn working with full stack responsibility 2. Learn how to architect and dev...
4. Migrate existing services into the cloud 1. Keep total cost (data center + cloud) in check, e.g. prioritize service mig...
5. Repeat until done 1. After the migration is before the next migration, e.g. to the next Cloud platform 2. "Remaining" s...
The ImmobilienScout24 Cloud Toolbox
The ImmobilienScout24 Cloud Toolbox ◉ Compliance: AWS resources should only run in the EU https://github.com/ImmobilienSco...
OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy
OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy
OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy
OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy
Upcoming SlideShare
Loading in …5
×

of

OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 1

YouTube videos are no longer supported on SlideShare

View original on YouTube

Learn why

OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 3 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 4 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 5 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 6 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 7 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 8 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 9 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 10 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 11 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 12 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 13 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 14 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 15 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 16 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 17 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 18 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 19 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 20 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 21 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 22 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 23 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 24 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 25 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 26 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 27 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 28 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 29 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 30 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 31 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 32 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 33 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 34 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 35 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 36 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 37 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 38 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 39 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 40 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 41 OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy Slide 42
Technology
Apr. 28, 2016
5,255 views

1

Share

Download to read offline

OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy

Download to read offline

Technology
Apr. 28, 2016
5,255 views

Do you use Cloud? Why? What about the 15 year legacy of your data center? How many Enterprise vendors tried to sell you their "Hybrid Cloud" solution? What actually is a Hybrid Cloud?

Cloud computing is not just a new way of running servers or Docker containers. The interesting part of any Cloud offering are managed services that provide solutions to difficult problems. Prime examples are messaging (SNS/SQS), distributed storage (S3), managed databases (RDS) and especially turn-key solutions like managed Hadoop (EMR).

Hybrid Cloud is usually understood as a way to unify or standardize server hosting across private data centers and Public Cloud vendors. Some Hybrid Cloud solutions even go as far as providing a unified API that abstracts away all the differences between different platforms. Unfortunately that approach focuses on the lowest common denominator and effectively prevents using the advanced services that each Cloud vendor also offers. However, these services are the true value of Public Cloud vendors.

Another approach to integrating Public Cloud and private data centers is using services from both worlds depending on the problems to solve. Don't hide the cloud technologies but make it simple to use them - both from within the data center and the cloud instances. Create a bridge between the old world of the data center and the new world of the Public Cloud. A good bridge will motivate your developers to move the company to the cloud.

Based upon recent developments at ImmobilienScout24, this talk tries to suggest a sustainable Cloud migration strategy from private data centers through a Hybrid Cloud into the AWS Cloud.

Bridging the security model of the data center with the security model of AWS.
Integrating the AWS identity management (IAM) with the existing servers in the data center.
Secure communication between services running in the data center and in AWS.
Deploying data center servers and Cloud resources together.
Service discovery for services running both in the data center and AWS.
Most of the tools used are Open Source and this talk will show how they come together to support this strategy:

AWS credential provider for employees and data center servers: http://immobilienscout24.github.io/afp/
Cloud Formation automation: https://github.com/ImmobilienScout24/cfn-sphere
Compliancy with European privacy laws: https://github.com/ImmobilienScout24/aws-monocyte

License: CC Attribution-NonCommercial-NoDerivs License

Recommended

Related Books

Free with a 30 day trial from Scribd

See all
So You Want to Start a Podcast: Finding Your Voice, Telling Your Story, and Building a Community That Will Listen Kristen Meinzer
(4/5)
Free
No Filter: The Inside Story of Instagram Sarah Frier
(5/5)
Free
Bezonomics: How Amazon Is Changing Our Lives and What the World's Best Companies Are Learning from It Brian Dumaine
(4.5/5)
Free
Live Work Work Work Die: A Journey into the Savage Heart of Silicon Valley Corey Pein
(4/5)
Free
Talk to Me: How Voice Computing Will Transform the Way We Live, Work, and Think James Vlahos
(3/5)
Free
SAM: One Robot, a Dozen Engineers, and the Race to Revolutionize the Way We Build Jonathan Waldman
(5/5)
Free
From Gutenberg to Google: The History of Our Future Tom Wheeler
(2/5)
Free
The Future Is Faster Than You Think: How Converging Technologies Are Transforming Business, Industries, and Our Lives Peter H. Diamandis
(5/5)
Free
Autonomy: The Quest to Build the Driverless Car—And How It Will Reshape Our World Lawrence D. Burns
(5/5)
Free
Life After Google: The Fall of Big Data and the Rise of the Blockchain Economy George Gilder
(4/5)
Free
Future Presence: How Virtual Reality Is Changing Human Connection, Intimacy, and the Limits of Ordinary Life Peter Rubin
(4/5)
Free
Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Seth Stephens-Davidowitz
(4/5)
Free
Uncommon Carriers John McPhee
(4/5)
Free
The Victorian Internet: The Remarkable Story of the Telegraph and the Nineteenth Century's On-line Pioneers Tom Standage
(3.5/5)
Free
Understanding Media: The Extensions of Man Marshall McLuhan
(4/5)
Free
How to Drive: Real World Instruction and Advice from Hollywood's Top Driver Ben Collins
(3.5/5)
Free

Related Audiobooks

Free with a 30 day trial from Scribd

See all
If Then: How the Simulmatics Corporation Invented the Future Jill Lepore
(4.5/5)
Free
Liftoff: Elon Musk and the Desperate Early Days That Launched SpaceX Eric Berger
(5/5)
Free
The Science of Time Travel: The Secrets Behind Time Machines, Time Loops, Alternate Realities, and More! Elizabeth Howell
(2.5/5)
Free
Einstein's Fridge: How the Difference Between Hot and Cold Explains the Universe Paul Sen
(5/5)
Free
Second Nature: Scenes from a World Remade Nathaniel Rich
(5/5)
Free
Spooked: The Trump Dossier, Black Cube, and the Rise of Private Spies Barry Meier
(3/5)
Free
Driven: The Race to Create the Autonomous Car Alex Davies
(4.5/5)
Free
Test Gods: Virgin Galactic and the Making of a Modern Astronaut Nicholas Schmidle
(4.5/5)
Free
Lean Out: The Truth About Women, Power, and the Workplace Marissa Orr
(4/5)
Free
Blockchain: The Next Everything Stephen P. Williams
(4/5)
Free
Uncanny Valley: A Memoir Anna Wiener
(4/5)
Free
A World Without Work: Technology, Automation, and How We Should Respond Daniel Susskind
(4.5/5)
Free
User Friendly: How the Hidden Rules of Design Are Changing the Way We Live, Work, and Play Cliff Kuang
(4/5)
Free
Digital Renaissance: What Data and Economics Tell Us about the Future of Popular Culture Joel Waldfogel
(3.5/5)
Free
The Players Ball: A Genius, a Con Man, and the Secret History of the Internet's Rise David Kushner
(4.5/5)
Free
Bitcoin Billionaires: A True Story of Genius, Betrayal, and Redemption Ben Mezrich
(4.5/5)
Free

OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy

  1. 1. www.immobilienscout24.de Berlin | 28.04.2016 | Schlomo Schapiro Systems Architect / Open Source Evangelist http://creativecommons.org/licenses/by-nd/4.0 Hybrid Cloud A Cloud Migration Strategy @schlomoschapiro go.schapiro.org/slides
  2. 2. Why should I care? The cloud is here - let's make the best out of it!
  3. 3. Our goal is to join a vibrant technical eco- system to accelerate our own innovation speed.
  4. 4. PROJECT Cloud Migration - Management View
  5. 5. Just ask about ... Timeline Budget Engineered for the CloudSecurity Resilience
  6. 6. Time & Money
  7. 7. Data Center Costs SAN Storage Server Hardware Server Hardware Core & Rack Switches SAN StorageBackup Solution Core & Rack Switchesware Backup Solution 5 years writing off BUDGET
  8. 8. Cloud Costs - Quick Migration BUDGET 1st year 2nd year 3rd year
  9. 9. Cloud Migration - Costs Journey Data Center Costs Cloud Costs Total Costs BUDGET Invest Save ROI How many years?
  10. 10. Engineering
  11. 11. Cloud = Scale Out. Automate or Die. Test Driven Development. Everything will fail.
  12. 12. Live Staging Play Search User ...
  13. 13. Internal Communication ◉ No transport encryption ◉ Trust based on IP ◉ Easy Dev/Ops access to debug and admin ports ◉ Low latency (LAN) ◉ Static service discovery works External Communication ◉ Must use HTTPS ◉ Trust based on authentication ◉ Need secure back door for debug and admin access ◉ Medium / high latency ◉ Effort for service discovery
  14. 14. Cloud Migration ≈ Microservices Migration
  15. 15. Automate Automate Automate Automate Automate Automate Automate
  16. 16. Data Center Hardware Network Storage Virtualization Operating System Application Configuration Load Balancer Automation
  17. 17. Code Cloud (AWS) Hardware Network Storage Virtualization Operating System Application Configuration Load Balancer CloudFormation EC2 VPC S3 ECS / Lambda / Bean Stalk Docker AMI ZIP / S3 ELB Route53 Cloud Front RDS / SNS / SQS / IAM / EMR Api Gateway / Dynamo DB / ...
  18. 18. Resilience
  19. 19. Cloud Formation StackRegion VPC RDS A typical web application on AWS ... Autoscaling Group EC2 EC2 EC2 ELB RDS S P O F
  20. 20. More resilience Cloud Formation Stack Region VPC RDS Autoscaling Group EC2 EC2 EC2 ELB RDS Cloud Formation Stack Region VPC RDS Autoscaling Group EC2 EC2 EC2 ELB RDS
  21. 21. Static credentials are just broken by design!
  22. 22. Static Credentials ◉ SSH keys - copy and crack at home ➨ SSH HostbasedAuthentication ➨ Consider IP trust & rsh for automation and clusters ➨ Use ssh-agent, personal keys should never leave the desktop ◉ AWS key & secret - you won't notice me using them ➨ Use temporary credentials (secret, key, token) ➨ Watch your Cloud Trail logs ◉ Username & password - thanks! ➨ Federated logins for people ➨ Certs for machines (although still static credentials) ➨ IP trust may be good enough ...
  23. 23. Private Connec- tion to DCNo Authenti- cation Perimeter Security Blind Trust Firewall = Security Federated employee login Watch logs for anomalies App is fully responsible for security Jump host for dev & admin access Local firewalls everywhere, explicit access only. AWS: Security Groups
  24. 24. Service⇔Service Communication over public Internet HTTPS only. Setup identity management for services (OAuth2)
  25. 25. Hybrid Cloud
  26. 26. Hybrid Cloud? My Virtual Machine / Docker Container can run on premise or in the cloud. 1 Use the best tool for the job: Some apps run better on premise and some apps benefit more from the cloud. Embrace Cloud services as part of our applications and integrate with them. 2
  27. 27. Hybrid Cloud Comparison Run VMs/Docker anywhere + No vendor lock in + Write once, run anywhere + Easily support multiple platforms + Unified tooling over all platforms + Unified tooling also for data center hosting + Shift workloads based on cost and demand Use best tool for the job + Benefit from external innovation + Ready-made services instead of roll-your-own + "Serverless" applications + Significantly reduce OPS + Use platform migration to refactor applications + Costs scale well with application usage + Small things are very cheap + More options to optimize costs
  28. 28. 80% 20% Benefit Work Work Benefit AWS Managed Services VM Hosting (EC2, ECS)
  29. 29. Cloud Enablement
  30. 30. A Cloud Migration Strategy 1. Establish Cloud platform besides data center 2. Integrate Cloud platform with data center 3. Build new applications into the cloud 4. Migrate existing services into the cloud 5. Repeat until done
  31. 31. 1. Establish Cloud platform besides data center 1. Solve common problems: security, compliance and cost control 2. Provide basic solution for logging, monitoring, deployment 3. Easy & secure access to Cloud platform for all employees, using temporary credentials 4. Decide upon macro architecture, e.g. many AWS accounts, communication over public Internet without VPN, OAuth2 everywhere
  32. 32. 2. Integrate Cloud platform with data center 1. Provide temporary Cloud credentials to every server 2. Provide secure communication framework between services running in the data center and in the cloud 3. Use Cloud managed services from the data center, e.g. SNS, SQS, EMR, Data Pipeline, Kinesis, SWF 4. Migrate persistent storage to Cloud where beneficial, e.g. S3, DynamoDB 5. Improve automation and gather operational experience
  33. 33. 3. Build new applications into the cloud 1. Learn working with full stack responsibility 2. Learn how to architect and develop to benefit from cloud platform 3. Learn how to optimize development and operational costs 4. Improve automation and gather operational experience
  34. 34. 4. Migrate existing services into the cloud 1. Keep total cost (data center + cloud) in check, e.g. prioritize service migrations by data center hardware replacement / investment plan 2. Prioritize cloud migration against feature development 3. Migrate application into Cloud together with new feature 4. Improve automation and gather operational experience
  35. 35. 5. Repeat until done 1. After the migration is before the next migration, e.g. to the next Cloud platform 2. "Remaining" services in data center have to pay for all the data center 3. Optimize between costs and availability requirements 4. Improve automation and gather operational experience … … … 5. Always change the running system
  36. 36. The ImmobilienScout24 Cloud Toolbox
  37. 37. The ImmobilienScout24 Cloud Toolbox ◉ Compliance: AWS resources should only run in the EU https://github.com/ImmobilienScout24/aws-monocyte ◉ Security: Provide AWS credentials to humans and machines http://immobilienscout24.github.io/afp/ ◉ Security: SSH jump host with OpenID Connect authentication https://github.com/ImmobilienScout24/c-bastion ◉ Automation: Cloud Formation cross-stack management https://github.com/ImmobilienScout24/cfn-sphere ◉ Development: Automate Python Lambda packaging https://github.com/ImmobilienScout24/pybuilder_aws_plugin go.schapiro.org/slides @schlomoschapiro www.schapiro.org/schlomo/publications

  • ananp11

    Oct. 13, 2016

Do you use Cloud? Why? What about the 15 year legacy of your data center? How many Enterprise vendors tried to sell you their "Hybrid Cloud" solution? What actually is a Hybrid Cloud? Cloud computing is not just a new way of running servers or Docker containers. The interesting part of any Cloud offering are managed services that provide solutions to difficult problems. Prime examples are messaging (SNS/SQS), distributed storage (S3), managed databases (RDS) and especially turn-key solutions like managed Hadoop (EMR). Hybrid Cloud is usually understood as a way to unify or standardize server hosting across private data centers and Public Cloud vendors. Some Hybrid Cloud solutions even go as far as providing a unified API that abstracts away all the differences between different platforms. Unfortunately that approach focuses on the lowest common denominator and effectively prevents using the advanced services that each Cloud vendor also offers. However, these services are the true value of Public Cloud vendors. Another approach to integrating Public Cloud and private data centers is using services from both worlds depending on the problems to solve. Don't hide the cloud technologies but make it simple to use them - both from within the data center and the cloud instances. Create a bridge between the old world of the data center and the new world of the Public Cloud. A good bridge will motivate your developers to move the company to the cloud. Based upon recent developments at ImmobilienScout24, this talk tries to suggest a sustainable Cloud migration strategy from private data centers through a Hybrid Cloud into the AWS Cloud. Bridging the security model of the data center with the security model of AWS. Integrating the AWS identity management (IAM) with the existing servers in the data center. Secure communication between services running in the data center and in AWS. Deploying data center servers and Cloud resources together. Service discovery for services running both in the data center and AWS. Most of the tools used are Open Source and this talk will show how they come together to support this strategy: AWS credential provider for employees and data center servers: http://immobilienscout24.github.io/afp/ Cloud Formation automation: https://github.com/ImmobilienScout24/cfn-sphere Compliancy with European privacy laws: https://github.com/ImmobilienScout24/aws-monocyte

Views

Total views

5,255

On Slideshare

0

From embeds

0

Number of embeds

3,577

Actions

Downloads

60

Shares

0

Comments

0

Likes

1

×