Uploaded byTom Laszewski
ENT304 - Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
The document discusses building a hybrid cloud architecture using AWS landing zones, detailing services such as networking, data integration, security, and management tools. It outlines key components like Direct Connect, IAM, storage solutions, and cloud migration strategies. Additionally, it presents a hybrid cloud topology involving shared services and various applications deployed across multiple environments.
More Related Content
Similar to ENT304 - Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
ENT304 - Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
- 1. © 2018, AmazonWeb Services, Inc. or its affiliates. All rights reserved. Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones Tom Laszewski Enterprise Technologist Amazon Web Services, Americas E N T 3 0 4 Rich Hillard Client Services Director GreenPages Jeff Weitz IT Director Finch Therapeutics
- 2. © 2018, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Hybrid Cloud on AWS On-premises Data Center Networking DirectConnect, VPN, VPC Security & Identity IAM, Directory Services Data Integration Storage Gateway, S3, EBS Snapshots, RDS, Snowball, Glacier, Route 53, MQ, ELB Management, Monitoring & Operations CloudFormation, CloudWatch, CloudTrail, Config, Systems Manager VMware Cloud on AWS Backup & DR Data Center Extension Cloud Migration Dev and Test Edge & IoT Cloud Bursting
- 3. © 2018, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Hybrid Cloud Topology Organization Shared Services Transit Hub Security DevOps VPN Client Access App 101 Non- Prod App 101 Prod App 102 Non- Prod App 102 Prod Tenant Shared Services Transit Hub Security DevOps VPN Client Access App 201 Non- Prod App 201 Prod App 202 Non- Prod App 202 Prod GP Demo Company Tenancy GP Demo Company VLAN AWS GP Demo Company Account Family AWS Accounts and Virtual Private Clouds (VPCs) GreenPages Config Center Amazon Web Services On-premises Management, Monitoring and Operations Hybrid Cloud Orchestrator CloudBolt www.cloudbolt.io Consistent environment deployments to AWS, Azure, GCP, and vmware, with real-time validation and automated remediation. https://dev.gphco.io Digital Operations OpsRamp www.opsramp.com Security, Compliance & Financial Control CloudCheckr www.cloudcheckr.com Next-Gen Global Transit Network by Aviatrix www.aviatrix.com Corporate Network Active Directory Data Sources Data Center Services
Editor's Notes
- #2 Application modernization projects with AWS start with creating an AWS Landing Zone to ensure a secure, well-operated and managed, compliant, highly available, cost-efficient, and multi-account AWS environment based upon AWS best practices. Common hybrid cloud use cases, such as cloud migration, data center extension, disaster recovery, cloud bursting, and edge computing require data integration, operations management and monitoring, security, and networking as the foundational components of a hybrid cloud architecture. In this session, we dive deep on the networking, security, account management structure, operating management and monitoring best practices to build your own AWS Landing Zone extended into your data center . We will dive deep on the AWS Landing Zone extension into a hybrid cloud architecture for the foundational layers of network, security, and operations management and monitoring. The AWS partner, GreenPages, will demonstrate a repeatable hybrid cloud architecture to secure, manage, and integrate your network across on-premises and multiple AWS regions utilizing an AWS Landing Zone. Finch Therapeutics will then discuss how they utilized the GreenPages hybrid cloud reference implementation to deploy, secure, and manage their hybrid cloud environment.
- #3 Operating in a hybrid architecture is a step in the cloud adoption journey for many organizations that have on-premises technology investments. Migrating legacy IT systems takes time, and can be disruptive to current processes, organizational structure, and culture. AWS has developed a broad set of hybrid cloud capabilities across storage, networking, security, application deployment, and management tools to help you build and operate a secure, performant, reliable, and scalable hybrid cloud. Join this tech talk to learn how customers are leveraging AWS hybrid cloud capabilities for cloud bursting and integrating devices and edge systems. The webinar will start with a review of customer success stories for datacenter capacity extension, delivery of new services and applications, and ensuring business continuity and disaster recovery, as well as covering the configuration of a hybrid cloud landing zone. Security and Networking are foundational to all hybrid cloud use cases. Data integration as data needs to be moved between on-premise and AWS 3. In order to assist with running your workloads on AWS you can utilize…. A. AWS CloudFormation to allows you to model your entire infrastructure in a text file – Infrastrucutre as Code). This template becomes the single source of truth for your infrastructure – your virtual data center in a box (well, actually a JSON or YAML) B. Amazon CloudWatch – To monitor services for running on AWS resources C. AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. D. AWS Config F. AWS Systems Manager Use cases: We will focus on data integration customer successes first as often times the first two efforts of a an enterprise customers cloud journey are 1) disaster recovery and backup 2) analytics on AWS. The first customer success is a hot standby scenario utilizing an AWS ISV and a MSP partner, as partners are important to AWS customer’s success with the AWS platform. Dev and Test Cloud Migration - Without a migration you don’t have hybrid cloud 4. For cloud bursting, you will most likely need a high speed, low latency network in place – DirectConnect, but really only need an Amazon Machine Image – an image that provides the information required to launch an EC2 instance, and Use Spot Fleets to bid on multiple instance types simultaneously. This provides a low cost environment as a Spot Instance is an unused EC2 instance that is available for less than the On-Demand price because Spot Instances enable you to request unused EC2 instances at steep discounts 5. Data Center Extension - When you build a new app in the Cloud, you don’t need to run 100% of the functionality in the Cloud. Whether its for compliance reasons or because you have an existing component already built, you can utilize this functionality in your new cloud apps vs. rebuilding or porting. Database on premises or in a AWS direct connect location. Mobile, web application on AWS Database on AWS and application / web or mobile on premise Applications running simultaneously on AWS and on premise -AWS OpsWorks, CodeDeploy 6. Edge and IoT - A vast amount of data is being generated by devices as part of the Internet of Things and by systems at remote locations. Process data where is is consumed is important.