Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
•
3 likes•955 views
Application modernization projects with AWS start with creating an AWS Landing Zone. Based on AWS best practices, AWS Landing Zones help ensure a secure, performant, highly available, and cost-efficient AWS environment. Common hybrid cloud use cases, such as cloud migration, data center extension, disaster recovery, cloud bursting, and edge computing, require data integration, operations management and monitoring, security, and networking as the foundational components of a hybrid cloud architecture. In this session, we dive deep on the networking, security, account management structure, operating management, and monitoring best practices to build your own AWS Landing Zone that can be extended into your data center. AWS partner, GreenPages, demonstrates a repeatable hybrid cloud architecture to secure, manage, and integrate your network across on-premises and multiple AWS regions using an AWS Landing Zone. AWS customer, Finch Therapeutics, then discusses how the company utilized the GreenPages hybrid cloud reference implementation to deploy, secure, and manage its hybrid cloud environment.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Similar to Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones (20)
More from Tom Laszewski
More from Tom Laszewski (20)
Recently uploaded
Recently uploaded (20)
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
- 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Building a HybridCloudArchitecture UtilizingAWS LandingZones Tom Laszewski Enterprise Technologist Amazon Web Services, Americas S e s s i o n I D Richard Hillard Client Services Director GreenPages Jeff Weitz IT Director Finch Therapeutics
- 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda Hybrid Cloud – Think Differently Hybrid Cloud on AWS Extending AWS Landing Zones into Hybrid Cloud on AWS Hybrid Cloud – Partner Reference Implementation - GreenPages Hybrid Cloud - Customer Implementation – Finch Therapeutics
- 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
- 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hybrid Cloud - Think Differently Networks are secured, authentication is required to access the network and/or resources. Decreases the impact ‘blast radius’ of network intrusion, data breach, data loss, service outages, human error or bad actors by design. Networks are secured, authentication is required to access the network and/or resources is granted in a least-permissive way within smaller network segments. ‘Zero-Trust’ Model Legacy Model
- 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hybrid Cloud - Primitives Multi-Account / Multi-Cloud Enables a ‘Zero-Trust’ model at the highest operational control. Micro-Services Deploy workloads into smaller, secure network segments. Transit Hub Allow your organization to scale and leverage cloud in new, unanticipated ways. N-Tier Architecture Application stack isolation and security, easily pinpoint application vs. infrastructure issues.
- 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hybrid Cloud - Why do I need it? Mitigate Risk Integrate security and authentication throughout the design, lower the ‘blast radius’ of impactful events. Achieve Agility Deploy and run environments programmatically, at scale in a consistent, ops- ready state. Enable Compliance Deploy infrastructure as code, automated alerting and/or remediation of non-compliant events. Cost Optimization and Reporting Provide clear line-of-sight into the costs of running workloads; accurate forecasting and automated reporting.
- 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VMware Cloud on AWS HybridCloud onAWS On-premises Data Center Networking DirectConnect, VPN, VPC Security & Identity IAM, Directory Services Data Integration Storage Gateway, S3, EBS Snapshots, RDS, Snowball, Glacier, Route 53, MQ, ELB Management, Monitoring & Operations CloudFormation, CloudWatch, CloudTrail, Config, Systems Manager Backup & DR Data Center Extension Cloud Migration Dev and Test Edge & IoT Cloud Bursting
- 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
- 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Shared Services VPC AWS Landing Zones Implementation Shared Services Account Security VPC Security Account Logging VPC Logging Account AWS cloud AWS Organizations Cross- Account IAM Roles Security Notifications CloudTrail and Config Logs AWS Microsoft Active Directory Organizations Account Organizations VPC
- 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Shared Services VPC Hybrid Cloud Implementation Shared Services Account Security VPC Security Account Logging VPC Logging Account AWS cloud corporate data center Corporate Network Active Directory Data Sources Datacenter Services Transit Hub VPC Transit Hub Acct AWS Direct Connect Dev Sandbox VPCs Developers Acct Department VPC Department Account Application VPC Application Account Organizations Account Organizations VPC
- 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Shared Services VPC Sample AWS Account / VPC Perspectives AWS Organizations Master Account Shared Services Acct Security VPC Security Acct Logging VPC Logging Acct InfoTechOU Dept 01 Dev VPC Dept 01 Non-Prod Acct Dept 01 Test VPC Dept 01 Staging VPC Dept 01 Prod Acct Dept 01 Prod VPC Dev Sandbox VPCs Developers Acct DevelopersOUDepartment1OU App 01 Dev VPC App 01 Dev Acct App 01 Test VPC App 01 Test Acct App01 Staging VPC App 01 Staging Acct Highly-RegulatedApplicationOU App01 Prod VPC App 01 Prod Acct Transit Hub VPC Transit Hub Acct AWS Direct Connect AWS cloud
- 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. HybridCloud / MultiCloudTopology Organization Shared Services Transit Hub Security DevOps App 101 Non- Prod VPN Client Access App 102 Non- Prod App 102 Prod Tenant Shared Services Transit Hub Security DevOps VPN Client Access App 201 Non- Prod App 201 Prod App 202 Non- Prod App 202 Prod Microsoft Azure GreenPages Demo Company Tenancy GreenPages Demo Company VLAN AWS GreenPages Demo Company Account Family AWS Accounts and Virtual Private Clouds (VPCs) Azure Subscriptions and Virtual Private Networks (VNETs) GreenPages Configuration Center Amazon Web Services Microsoft Azure Operations Management & Monitoring Hybrid Cloud Orchestrator CloudBolt www.cloudbolt.io Consistent environment deployments to AWS, Azure, GCP, and vmware, with real- time validation and automated remediation. https://dev.gphco.io Digital Operations OpsRamp www.opsramp.com Security, Compliance & Financial Control CloudCheckr www.cloudcheckr.com Next-Gen Global Transit Network by Aviatrix www.aviatrix.com Corporate Network Active Directory Data Sources Data Center Services App 101 Prod
- 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
- 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS HybridCloud –Operations and Management Hybrid Cloud Orchestrator CloudBolt www.cloudbolt.io Consistent environment deployments to AWS, Azure, GCP, and vmware, with real-time validation and automated remediation. Self-service IT & user empowerment. Multi-cloud & hypervisor management. Digital Operations OpsRamp www.opsramp.com Digital operations command center – bringing the right operational insights across multiple services, platforms and tools for a holistic view. Security, Compliance & Financial Control CloudCheckr www.cloudcheckr.com Comprehensive cost management with advanced, automated reporting to line-of-business resource owners. Security and compliance auditing. Unified utilization analytics.
- 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
- 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS HybridCloudCustomer – FinchTherapeutics
- 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. HybridCloud / MultiCloudTopology Organization Shared Services Transit Hub Security DevOps App 01 Dev VPN Client Access App 2 Dev App 2 QA Tenant Shared Services Transit Hub Security DevOps VPN Client Access Microsoft Azure Finch Therapeutics Tenancy AWS Finch Therapeutics Account Family AWS Accounts and Virtual Private Clouds (VPCs) Azure Subscriptions and Virtual Private Networks (VNETs) Corporate Headquarters Amazon Web Services Microsoft Azure Next-Gen Global Transit Network by Aviatrix www.aviatrix.com Corporate Network Active Directory Data Sources Data Center Services Manufacturing (planned) App 01 QA App 01 Prod App 2 Prod App 4 Dev App 4 QA App 4 Prod App 3 Dev App 3 QA App 3 Prod Branch Office Corporate Network Application Users Data Collection Branch Office Corporate Network Application Users Data Collection
- 19. Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tom Laszewski tomlasz@amazon.com Enterprise Technologist Amazon Web Services, Americas Richard Hillard richard.hillard@greenpages.co m Client Services Director GreenPages Jeff Weitz jeff@finchtherapeutics.co m IT Director Finch Therapeutics
- 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Editor's Notes
- Application modernization projects with AWS start with creating an AWS Landing Zone to ensure a secure, well-operated and managed, compliant, highly available, cost-efficient, and multi-account AWS environment based upon AWS best practices. Common hybrid cloud use cases, such as cloud migration, data center extension, disaster recovery, cloud bursting, and edge computing require data integration, operations management and monitoring, security, and networking as the foundational components of a hybrid cloud architecture. In this session, we dive deep on the networking, security, account management structure, operating management and monitoring best practices to build your own AWS Landing Zone extended into your data center . We will dive deep on the AWS Landing Zone extension into a hybrid cloud architecture for the foundational layers of network, security, and operations management and monitoring. The AWS partner, GreenPages, will demonstrate a repeatable hybrid cloud architecture to secure, manage, and integrate your network across on-premises and multiple AWS regions utilizing an AWS Landing Zone. Finch Therapeutics will then discuss how they utilized the GreenPages hybrid cloud reference implementation to deploy, secure, and manage their hybrid cloud environment.
- - Outcome – helps with transformation and migration.
- Operating in a hybrid architecture is a step in the cloud adoption journey for many organizations that have on-premises technology investments. Migrating legacy IT systems takes time, and can be disruptive to current processes, organizational structure, and culture. AWS has developed a broad set of hybrid cloud capabilities across storage, networking, security, application deployment, and management tools to help you build and operate a secure, performant, reliable, and scalable hybrid cloud. Join this tech talk to learn how customers are leveraging AWS hybrid cloud capabilities for cloud bursting and integrating devices and edge systems. The webinar will start with a review of customer success stories for datacenter capacity extension, delivery of new services and applications, and ensuring business continuity and disaster recovery, as well as covering the configuration of a hybrid cloud landing zone. Security and Networking are foundational to all hybrid cloud use cases. Data integration as data needs to be moved between on-premise and AWS 3. In order to assist with running your workloads on AWS you can utilize…. A. AWS CloudFormation to allows you to model your entire infrastructure in a text file – Infrastructure as Code). This template becomes the single source of truth for your infrastructure – your virtual data center in a box (well, actually a JSON or YAML) B. Amazon CloudWatch – To monitor services for running on AWS resources C. AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. D. AWS Config F. AWS Systems Manager Use cases: We will focus on data integration customer successes first as often times the first two efforts of a an enterprise customers cloud journey are 1) disaster recovery and backup 2) analytics on AWS. The first customer success is a hot standby scenario utilizing an AWS ISV and a MSP partner, as partners are important to AWS customer’s success with the AWS platform. Dev and Test Cloud Migration - Without a migration you don’t have hybrid cloud 4. For cloud bursting, you will most likely need a high speed, low latency network in place – DirectConnect, but really only need an Amazon Machine Image – an image that provides the information required to launch an EC2 instance, and Use Spot Fleets to bid on multiple instance types simultaneously. This provides a low cost environment as a Spot Instance is an unused EC2 instance that is available for less than the On-Demand price because Spot Instances enable you to request unused EC2 instances at steep discounts 5. Data Center Extension - When you build a new app in the Cloud, you don’t need to run 100% of the functionality in the Cloud. Whether its for compliance reasons or because you have an existing component already built, you can utilize this functionality in your new cloud apps vs. rebuilding or porting. Database on premises or in a AWS direct connect location. Mobile, web application on AWS Database on AWS and application / web or mobile on premise Applications running simultaneously on AWS and on premise -AWS OpsWorks, CodeDeploy 6. Edge and IoT - A vast amount of data is being generated by devices as part of the Internet of Things and by systems at remote locations. Process data where is is consumed is important.
- What’s the problem we’re trying to solve for our customers? Most of our customers don’t have the luxury of unlimited budgets or infinite deadlines. They’re also facing significant challenges with change management and aligning teams. So, we’ve developed some prescriptive guidance, a blueprint for success. Rapid on-ramp for cloud enablement. Hybrid-cloud / multi-cloud architecture solving some of the most complex challenges first. Ability to provide clear leadership and a proven path forward to manage the organizational change cycle needed for cloud adoption. Big three challenges we solve for right away: Extending network connectivity via Global Transit Architecture Bring Identity and Access Management (often Active Directory) to each Hybrid Cloud Landing Zone Provide reference architecture around IaaS deployments Why are people struggling with Operations? Most organizations do a great job of managing their own corporate datacenters, or their cloud environments. Where we find our customers are having some difficulty is building a true hybrid-cloud, multi-cloud management platform. There’s a lot of noise coming from all of the different stacks, tools, alerting platform, reports. We all want to get AHEAD of these challenges, stop reacting after-the-fact.
- What’s was the problem here? Granular, gated GxP controls by environment. How to connect corporate offices and remote office to cloud resources without backhauling all traffic to corporate headquarters. Ability to provide clear leadership and a proven path forward to manage the organizational change cycle needed for cloud adoption. Big three challenges we solved for right away: Extending network connectivity via Global Transit Architecture Bring Identity and Access Management (often Active Directory) to each Hybrid Cloud Landing Zone Provide reference architecture around IaaS deployments What are we still struggling with? Still working to automated builds and deployments via CloudFormation Templates. These will be used as a basis for CloudBolt Builds, most-likely powered by Terraform. Working to instrument and monitor all environments and workloads in OpsRamp. Helping to build a cross-functional Agile/SCRUM Team regarding implementing all the initiatives Finch Therapeutics’ leadership has for the company.