This document discusses the challenges of migrating an on-premise physical datacenter to AWS. It outlines considerations around economics and flexibility, server performance, security, legal requirements, and technology integration. The migration process requires planning across project management, accounting, cost optimization, and ensuring business continuity. Proper encryption, authentication, backups and disaster recovery strategies must be implemented to maintain security and compliance.

1. Migra&on
eines
physikalischen
Datacenters
zu
AWS
Heterogene
Herausforderung
für
den
Übergang
eines
firmeneigenen
physikalischen
Datacenters
in
ein
kompleA
virtualisiertes
Datacenter
bei
AWS
Marcus.Fritsche@informa.com

2. Euroforum
Deutschland
SE
und
die
Informa
plc.

3. Überführung
eines
phys.
Datacenters
zu
AWS
Eine
kleine
Revolu&on?
Zeit
Zeit
Zeit
König
Ludwig
2
1500
Public
Cloud
2012
Mein
Serverraum
1996
2006
Private
Cloud
Server
Virtual.
1900
Instustrial
Age
1980
Global
Economy

4. WirtschaQlichkeit
&
Flexibilität
Server-­‐Performance
Sicherheit
Datenschutz
Rechtliche
Anforderungen
Technologie

5. Project-­‐
management
(Planung
ist
vieles
...)
Business-­‐
Recovery
WirtschaQs-­‐Zyklen
(Flexibilität)
Accoun&ng
Cash-­‐flow
und
Abschreibungen

6. Cost
Center
Management
Kosten-­‐Transparenz
(Kostenstellen)
durch
Server
Tagging

7. Nutzen
Sie
CloudVer&cal
Reports
www.cloudver&cal.com
Daily
reported
info
Monthly
Report

8.  Encryp&on
(Server-­‐Volumes,
Storage,
Networks)
=>
Got
some
experience
and
daily
improvements
 Roll
based
Administra&on
“IAM”
(e.g.
terminate
a
server)
 Mul&factor
Authen&ca&on
(HW-­‐Token
take
Mme,
..)
Datenschutz:

9. Encryp&on
ProtectV
Master
ProtectV
Secondary
KeySec
App
Master
KeySec
App
Secondary
WAN
AWS
Informa
(DE
/
UK)

11. 089
32
16
8
Mul&factor
Authen&ca&on

12.  Datacenter
located
in
Europe
(Ireland
and
in
???)
 Audi&ng
 AuQragsdatenverarbeitung:
AWS
act
as
Data
Processor
as
defined
in
SecMon
11
(§11
BDSG)
Legal
Requirements
–
Bundesdatenschutzgesetz
&
European
Data
Protec&on
Law

13. Legal
Requirements
–
AuQragsdatenverarbeitung:

14.  Develope
number
of
AMIs,
Storage
Types,
NICs,
Load-­‐Balancer,
…
 Backup
 Rollout
of
a
dynamic
XenApp-­‐Farm
 …
Technology
:

15. System
Redundancy:
Mirroring
producMon
files
to
a
dedicated
server
in
another
Availability
Zone
(AZ)
Backup
(on
OS-­‐Level)
Daily
EBS
snapshot
in
regional
storage
area
(held
in
all
AZ)
using
the
“Volume
Shadow
Service”
from
AWS
AZ
1
(prod)
AZ
2
(BRC)
AZ
3
Subnet
1
(LAN)
Subnet
11
(LAN)
Subnet
9
(Test)
Subnet
2
(DMZ1)
Subnet
12
(DMZ1)
Subnet
3
(DMZ2)
Subnet
13
(DMZ2)
Backup:

16. The
backup
process
produces
…
Naming
Conven&on!

17. Citrix
Access
 Supported
Citrix
Access
Gateway
(available
now)
 Licensing
Web
Mobile
Client
Corp.
Client

18. Up&me
Management
Suspend
instances

19. Up&me
Management
Suspend
Citrix
instances

20. Long-­‐term
File-­‐Archive
in
AWS
S3
...
hap://corporate-­‐archive.s3-­‐website-­‐eu-­‐west-­‐1.amazonaws.com/html/
A
script
is
generaMng
a
browse-­‐able
link
structure
out
of
the
S3
flat
file
system
[Graphic
from
AWS]
To
protect
this
“publicly
available
data”;
a
policy
for
the
bucket
“corporate-­‐archive”
is
blocks
all
IPs
apart
of
the
own
Proxy-­‐IPs

21. Repor&ng:
Data
selected
directly
from
AWS!

22. Cost
and
Performance
Op&miza&on
AWS-­‐Trusted
Advisor!

23. • AWS:
EC2,
VPC,
Route
53,
RDS,
S3,
Glacier,
Direct
Connect,
IAM,
..
• Citrix:
XenApp,
NetScaler,
• Sophos:
Astaro/UTM9,
• SafeNet:
ProtectV
• CloudVerMcal
• CloudOpMmizer
Our
current
AWS
and
Partner
Services

24. What
are
our
next
steps!
• AutomaMon
of
AdministraMve
Processes
• Cost-­‐
and
Performance
Tuning
• Increase
Security
• Test
and
Verify
Business
Recovery
FuncMon

25. …
und
bei
Fragen
wenden
Sie
sich
gerne
an
fritsche@4security.de