Accelerate Cloud Migration to AWS Cloud with Cognizant Cloud Steps
Your SlideShare is downloading.
×
Check these out next
![](http://img.youtube.com/vi/["GrflbPLgaEQ"]/1.jpg)
Recommended
More Related Content
Slideshows for you (20)
Viewers also liked (20)
Similar to OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy (20)
More from Schlomo Schapiro (20)
Recently uploaded (20)
OSDC 2016 - Hybrid Cloud - A Cloud Migration Strategy
- 1. www.immobilienscout24.de Berlin | 28.04.2016 | Schlomo Schapiro Systems Architect / Open Source Evangelist http://creativecommons.org/licenses/by-nd/4.0 Hybrid Cloud A Cloud Migration Strategy @schlomoschapiro go.schapiro.org/slides
- 2. Why should I care? The cloud is here - let's make the best out of it!
- 3. Our goal is to join a vibrant technical eco- system to accelerate our own innovation speed.
- 4. PROJECT Cloud Migration - Management View
- 5. Just ask about ... Timeline Budget Engineered for the CloudSecurity Resilience
- 6. Time & Money
- 7. Data Center Costs SAN Storage Server Hardware Server Hardware Core & Rack Switches SAN StorageBackup Solution Core & Rack Switchesware Backup Solution 5 years writing off BUDGET
- 8. Cloud Costs - Quick Migration BUDGET 1st year 2nd year 3rd year
- 9. Cloud Migration - Costs Journey Data Center Costs Cloud Costs Total Costs BUDGET Invest Save ROI How many years?
- 10. Engineering
- 11. Cloud = Scale Out. Automate or Die. Test Driven Development. Everything will fail.
- 12. Live Staging Play Search User ...
- 13. Internal Communication ◉ No transport encryption ◉ Trust based on IP ◉ Easy Dev/Ops access to debug and admin ports ◉ Low latency (LAN) ◉ Static service discovery works External Communication ◉ Must use HTTPS ◉ Trust based on authentication ◉ Need secure back door for debug and admin access ◉ Medium / high latency ◉ Effort for service discovery
- 14. Cloud Migration ≈ Microservices Migration
- 15. Automate Automate Automate Automate Automate Automate Automate
- 16. Data Center Hardware Network Storage Virtualization Operating System Application Configuration Load Balancer Automation
- 17. Code Cloud (AWS) Hardware Network Storage Virtualization Operating System Application Configuration Load Balancer CloudFormation EC2 VPC S3 ECS / Lambda / Bean Stalk Docker AMI ZIP / S3 ELB Route53 Cloud Front RDS / SNS / SQS / IAM / EMR Api Gateway / Dynamo DB / ...
- 18. Resilience
- 19. Cloud Formation StackRegion VPC RDS A typical web application on AWS ... Autoscaling Group EC2 EC2 EC2 ELB RDS S P O F
- 20. More resilience Cloud Formation Stack Region VPC RDS Autoscaling Group EC2 EC2 EC2 ELB RDS Cloud Formation Stack Region VPC RDS Autoscaling Group EC2 EC2 EC2 ELB RDS
- 21. Static credentials are just broken by design!
- 22. Static Credentials ◉ SSH keys - copy and crack at home ➨ SSH HostbasedAuthentication ➨ Consider IP trust & rsh for automation and clusters ➨ Use ssh-agent, personal keys should never leave the desktop ◉ AWS key & secret - you won't notice me using them ➨ Use temporary credentials (secret, key, token) ➨ Watch your Cloud Trail logs ◉ Username & password - thanks! ➨ Federated logins for people ➨ Certs for machines (although still static credentials) ➨ IP trust may be good enough ...
- 23. Private Connec- tion to DCNo Authenti- cation Perimeter Security Blind Trust Firewall = Security Federated employee login Watch logs for anomalies App is fully responsible for security Jump host for dev & admin access Local firewalls everywhere, explicit access only. AWS: Security Groups
- 24. Service⇔Service Communication over public Internet HTTPS only. Setup identity management for services (OAuth2)
- 25. Hybrid Cloud
- 26. Hybrid Cloud? My Virtual Machine / Docker Container can run on premise or in the cloud. 1 Use the best tool for the job: Some apps run better on premise and some apps benefit more from the cloud. Embrace Cloud services as part of our applications and integrate with them. 2
- 27. Hybrid Cloud Comparison Run VMs/Docker anywhere + No vendor lock in + Write once, run anywhere + Easily support multiple platforms + Unified tooling over all platforms + Unified tooling also for data center hosting + Shift workloads based on cost and demand Use best tool for the job + Benefit from external innovation + Ready-made services instead of roll-your-own + "Serverless" applications + Significantly reduce OPS + Use platform migration to refactor applications + Costs scale well with application usage + Small things are very cheap + More options to optimize costs
- 28. 80% 20% Benefit Work Work Benefit AWS Managed Services VM Hosting (EC2, ECS)
- 29. Cloud Enablement
- 30. A Cloud Migration Strategy 1. Establish Cloud platform besides data center 2. Integrate Cloud platform with data center 3. Build new applications into the cloud 4. Migrate existing services into the cloud 5. Repeat until done
- 31. 1. Establish Cloud platform besides data center 1. Solve common problems: security, compliance and cost control 2. Provide basic solution for logging, monitoring, deployment 3. Easy & secure access to Cloud platform for all employees, using temporary credentials 4. Decide upon macro architecture, e.g. many AWS accounts, communication over public Internet without VPN, OAuth2 everywhere
- 32. 2. Integrate Cloud platform with data center 1. Provide temporary Cloud credentials to every server 2. Provide secure communication framework between services running in the data center and in the cloud 3. Use Cloud managed services from the data center, e.g. SNS, SQS, EMR, Data Pipeline, Kinesis, SWF 4. Migrate persistent storage to Cloud where beneficial, e.g. S3, DynamoDB 5. Improve automation and gather operational experience
- 33. 3. Build new applications into the cloud 1. Learn working with full stack responsibility 2. Learn how to architect and develop to benefit from cloud platform 3. Learn how to optimize development and operational costs 4. Improve automation and gather operational experience
- 34. 4. Migrate existing services into the cloud 1. Keep total cost (data center + cloud) in check, e.g. prioritize service migrations by data center hardware replacement / investment plan 2. Prioritize cloud migration against feature development 3. Migrate application into Cloud together with new feature 4. Improve automation and gather operational experience
- 35. 5. Repeat until done 1. After the migration is before the next migration, e.g. to the next Cloud platform 2. "Remaining" services in data center have to pay for all the data center 3. Optimize between costs and availability requirements 4. Improve automation and gather operational experience … … … 5. Always change the running system
- 36. The ImmobilienScout24 Cloud Toolbox
- 37. The ImmobilienScout24 Cloud Toolbox ◉ Compliance: AWS resources should only run in the EU https://github.com/ImmobilienScout24/aws-monocyte ◉ Security: Provide AWS credentials to humans and machines http://immobilienscout24.github.io/afp/ ◉ Security: SSH jump host with OpenID Connect authentication https://github.com/ImmobilienScout24/c-bastion ◉ Automation: Cloud Formation cross-stack management https://github.com/ImmobilienScout24/cfn-sphere ◉ Development: Automate Python Lambda packaging https://github.com/ImmobilienScout24/pybuilder_aws_plugin go.schapiro.org/slides @schlomoschapiro www.schapiro.org/schlomo/publications
