SlideShare a Scribd company logo

How Vanguard and Bloomberg Use AWS PrivateLink (NET323) - AWS re:Invent 2018

Amazon Web Services
Amazon Web Services

Vanguard and Bloomberg's use of AWS PrivateLink as they moved from a small number of large accounts to a large number of small accounts reduced blast radius at the management plane but introduced significant complexity at the network layer. In this session, we introduce the type of network segmentation that is required to implement a zero-trust network for a highly regulated financial investment company like Vanguard—one that adds additional complexity.

1 of 39
Download to read offline
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How Vanguard and Bloomberg Use AWS PrivateLink N E T 3 2 3 Ilya Epshteyn Principal Solutions Architect Amazon Web Services Barry Sheward Chief Enterprise Architect Vanguard Cory Albert Global Head of Cloud Strategy Bloomberg
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda AWS PrivateLink overview Vanguard’s use of AWS PrivateLink as part of micro account strategy Bloomberg’s use of AWS PrivateLink for real-time data (B-PIPE)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC Peering The Internet On-Premises VPC VPN AWS Direct Connect Availability Zone A Availability Zone B Instance C 10.1.3.33/24 Instance A 10.1.1.11/24 Instance B 10.1.2.22/24 Instance D 10.1.4.44/24 Public Subnet Public Subnet Private Subnet Private Subnet NAT VGW IGW EIP: 54.1.13.43=10.1.1.11 NAT Gateway AWS network primer (prior to AWS PrivateLink)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC endpoint gateway type • Limited support—Amazon S3 and Amazon DynamoDB only • Gateway endpoints not accessible from on-prem network natively (requires somewhat complex proxy setup) • Available only for AWS services
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC peering • Designed for use cases with broad, bi-directional network trust • Not intended for fine-grained microservices trust model • Maximum of 125 peering connections per VPC by design • VPCs cannot have overlapping CIDR blocks
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Connection always initiated by the service user Brings services into your VPC and on-premise network via AWS private network Service owner only exposes a service concept without any network complexity AWS PrivateLink enables a secure and scalable model for sharing services
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. PrivateLink for AWS Services, Enterprises, and Partners 18 AWS Services (and growing) AWS KMS Amazon Kinesis AWS STS Amazon SNS Amazon EC2 Systems Manager Amazon EC2 APIs Amazon API Gateway Amazon CloudWatch AWS Direct Connect VPN Connection Your Shared Services in Another AWS Account and VPC AWS Partners / Marketplace corporate data center
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Natively accessible from on-prem networks AWS Partners / Marketplace 18 AWS Services (and growing) AWS KMS Amazon Kinesis AWS STS Amazon SNS Amazon EC2 Systems Manager Amazon EC2 APIs Amazon API Gateway Amazon CloudWatch Your Shared Services in Another AWS Account and VPC AWS Direct Connect VPN Connection corporate data center
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Consumer VPC Service Provider VPC Application/Service NLB PrivateLink Architecture
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC Endpoint: vpce-2222.foo.amazon.com NLB PrivateLink Architecture Consumer VPC Service Provider VPC Application/Service
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 10.0.0.0/16 Consumer VPC Private 2a 10.0.16.0/20 Private 2b 10.0.32.0/20 10.0.16.1 10.0.32.2 10.0.0.0/16 Provider VPC Public 2a 10.0.1.0/20 Destination Target 10.0.0.0/16 Local 0.0.0.0/0 IGW Destination Target 10.0.0.0/16 Local Private 2a 10.0.16.0/20 Private 2b 10.0.32.0/20 10.0.16.1 10.0.32.1
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 10.0.0.0/16 Consumer VPC Private 2a 10.0.16.0/20 Private 2b 10.0.32.0/20 10.0.16.1 10.0.32.2 10.0.0.0/16 Provider VPC Public 2a 10.0.1.0/20 Private 2a 10.0.16.0/20 Private 2b 10.0.32.0/20 10.0.16.1 10.0.32.1 corporate data center
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC 10.0.0.0/16 Public 2a 10.0.16.0/20 Private 2a 10.0.144.0/20 Amazon KMS (Provider) Destination Target 10.0.0.0/16 Local 0.0.0.0/0 IGW Destination Target 10.0.0.0/16 Local 10.0.158.56 10.0.128.238 kms.us-east-1.amazonaws.com vpce-042260d8dadad476a-0vjawe46.kms.us-east-1.vpce.amazonaws.com vpce-042260d8dadad476a-0vjawe46-us-east-1a.kms.us-east-1.vpce.amazonaws.com vpce-042260d8dadad476a-0vjawe46-us-east-1b.kms.us-east-1.vpce.amazonaws.com Endpoint-specific DNS and Default service DNS Endpoint-specific DNS and Default service DNS with “Enable Private DNS feature” (recommended)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC peering and VPC endpoints • Broad-based network trust • Connect VPCs, not services • Inter-region connectivity • Fine-grained trust between services • Service provider and consumer • Scalable to thousands of consumers VPC peering VPC endpoints with AWS PrivateLink
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Key benefits • Private IP addresses used to connect to external services • Same reliable and scalable technology used to access AWS services, Enterprise microservices, or third-party solutions • Support for overlapping addresses and reduced management points • Service owner only exposes a service concept • Connection always initiated by the service user • Accessible from VPC or from on-prem (DX or VPN – NEW) • Growing support by AWS services
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Vanguard—Background Began operations – May 1, 1975 in Valley Forge, PA One of the world's largest investment companies, offering a large selection of low-cost mutual funds, ETFs, advice, and related services Wall ST
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Vanguard’s account strategy—2016 AWS Account VPC AWS Account VPC AWS Account VPC AWS Account VPC AWS Account VPC AWS Account VPC AWS Account VPC AWS Account VPC AWS Account VPC AWS Account VPC AWS Account VPC AWS Account VPC DC1 DC2 DCx
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Issues with the 2016 approach AWS Account AWS Account Subnet Network ACL Availability Zone - A Subnet Network ACL Availability Zone - B Subnet Subnet Network ACL Network ACL CIDR: 192.168.0.1/26 Subnet Network ACL Availability Zone - A Subnet Network ACL Availability Zone - B Subnet Subnet Network ACL Network ACL CIDR: 192.168.1.0/24 CIDR: 192.168.0.0/28 CIDR: 192.168.0.48/28 CIDR: 192.168.0.32/28 CIDR: 192.168.0.16/28 CIDR: 192.168.1.0/26 CIDR: 192.168.1.64/26 CIDR: 192.168.1.128/28 CIDR: 192.168.191/28
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Key enablers for Vanguard’s micro accounts AWS CloudFormation StackSets AWS Organizations Amazon EC2 systems manager
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Vanguard’s micro account strategy AWS Organizational Unit AWS Account AWS Organizational Unit AWS Organizational Unit AWS Organizational Unit AWS Organizational Unit AWS Organizational Unit AWS Organizational Unit AWS Organizational Unit AWS Organizational Unit AWS Organizational Unit AWS Organizational Unit AWS Organizational Unit AWS Organizational Unit AWS Organizational Unit AWS Organizational Unit AWS Organizational Unit AWS Organizational Unit AWS Account AWS Organizational Unit AWS Account AWS Account AWS Organizational Unit AWS Account AWS Organizational Unit AWS Account AWS Account AWS Organizational Unit AWS Account AWS Organizational Unit AWS Account AWS Account AWS Account AWS Account AWS Account AWS Account AWS Account AWS Account AWS Account syslevel division account type
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. IAM in micro accounts—STS IdP User memberOf Description Inan RootOU IAM Admin Bob DevLOB#1OU LOB DevOps Alice ProdOU Prod Support IAM for Enterprises: How Vanguard Has Matured Their IAM Controls to Support a Micro Account Strategy
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Vanguard cloud registry service DCx AWS Account Transit Account AWS Account AWS Organizational Unit AWS Account - SvcConsumer Subnet Availability Zone - A Subnet Availability Zone - B CIDR: 172.31.0.0/16 Endpoints Endpoints Endpoint Service Endpoint VCRS Endpoint Service VCRS Endpoint VCRS Endpoint VCRS Endpoint Endpoint Service #2 Endpoint Service #1 Endpoint Service #3 AWS Account - SvcProvider Subnet Availability Zone - A Subnet Availability Zone - B CIDR: 172.31.0.0/16
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Vanguard cloud registry service—Building AWS PrivateLinks AWS Account – Svc Provider CIDR: 172.31.0.0/16 Subnet – AZ A Subnet – AZ B Subnet – AZ C Subnet – AZ D AWS Account – Svc Consumer CIDR: 172.31.0.0/16 Subnet – AZ A Subnet – AZ B Subnet – AZ C Subnet – AZ D SvcProvider SvcConsumer 2. Endpoint Creation SvcConsumer
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Access to micro accounts AWS Account rolerole AWS Account role role AWS Account Bastion Account rolerole AWS Account Subnet Availability Zone - A Subnet Availability Zone - B CIDR: 172.31.0.0/16 Account role Amazon EC2 systems manager
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Future vision Ephemeral accounts Three Rs of enterprise security1 • Rotate • Repave • Repair applied to AWS Accounts Supports ZeroAccess Fit-for-purpose accounts Handle special cases, for example, custom address ranges, VPC peering Standard build mechanism (VCRS) Both Use AWS CloudFormation post-account creation AWS Account 1 https://builttoadapt.io/the-three-r-s-of-enterprise-security-rotate-repave-and-repair-f64f6d6ba29d
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Bloomberg B-PIPE at a glance: The solution  What is B-PIPE? Consolidation, distribution, and access via a common API Bloomberg Customers 330 Exchanges 5,000 Pricing Contributors 35 Million Instruments 110 Countries 80 Billion ticks/day 15k Customer Locations 2+ Servers per Location 2+ Routers per Location Fault Tolerant Connectivity
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Bloomberg B-PIPE at a glance: Our customers • Who leverages B-PIPE data? • Capital markets professionals: Small hedge funds to international banks • Front office applications used to • Assess risk • Manage portfolios • Make informed decisions • What drives customer buying decisions? • Total cost of ownership • Trust: managed service w/highly-specialized support • Optimized: Reliability, scalability, flexibility • These same “ilities” are driving their cloud migration . . .
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Our customer’s path to optimized Pre-2017: Customers subscribed to data on-prem and published it to applications residing in the cloud Jun 2017: Zero footprint offerings provide data directly to applications. However, a reliance on the internet causes performance, reliability, and scalability concerns Nov 2018: B-PIPE in AWS is introduced as a cloud-optimized solution PublicCloud ApplicationsTickerplants API Infrastructure BLOOMBERG Parsers Customer Prem B-PIPE B-PIPE App App App App 3rd Party Content PublicCloud Applications Customer Prem Tickerplants Distribution BLOOMBERG Parsers blp api 3RD Party Content Tickerplants Distribution BLOOMBERG Parsers PublicCloud Customer VPC Customer A Office Bloomberg VPC Apps blp api BPIPE 3RD Party Content
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Requirements for an optimized solution • Must be a “no compromise” offering • Content: depth and breadth • Volumes of data consumed • Resiliency • Latency • Must continue to be a managed solution • Monitoring the health of the data path • SW upgrades • Entitlements management • API consistency (BLPAPI) whether cloud, on-prem, etc.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. B-PIPE optimized: Getting to the cloud (US East) Bloomberg Global Network Content Providers Content Providers Content Providers BloombergVPC Cust A VPC B-PIPE Cust B B-PIPE Cust A B-PIPE Cust B BLPAPI Cust A App BLPAPI Cust B App B-PIPE Cust A • Bloomberg ingests, normalizes, and distributes data globally • Distribution extends to AWS US East 1 • B-PIPE endpoints are deployed on EC2 instances in a Bloomberg managed VPC • Customer applications remain in their own VPC • Applications connect to B-PIPE using AWS PrivateLink • Result: Customers no longer need to host infrastructure to obtain reliable market data Cust B VPC
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. B-PIPE optimized: Inside the cloud (US East) Deployment for a Single Customer Location • 10 gig Direct Connects • Bloomberg AFN’s optimize BW utilization • B-PIPE service runs on EC2 instances • AZ’s provide resiliency • Bloomberg provisions B-PIPE via NLB • Provisioned customers create VPC endpoints to the NLB • Optional customer private DNS using Route 53
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why we selected AWS PrivateLink? Customer Facing Monitoring Tools Bloomberg Operations Teams Tools
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Results from the lab Scenario Results %-tiles (September 24-8)*  DIFF 50% tile = ~0 ms  DIFF 99% tile = ~0 ms * * Ranges selected solely due to AWS presentation due dates.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Up Next • Business • Continue to work with early adopters • Prepare for general US release • Expand offering to meet customer demand globally • Technology • Develop and test multi-tenant solutions • Auto Scale w/Load Balancing • Expand the use of serverless
Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Barry Sheward, Chief Enterprise Architect, barry_p_sheward@vanguard.com Cory Albert, Head of Cloud Strategy, Bloomberg Enterprise Data calbert3@bloomberg.net
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Recommended

Introducing Amazon Aurora with PostgreSQL Compatibility - AWS Online Tech Talks
Introducing Amazon Aurora with PostgreSQL Compatibility - AWS Online Tech TalksIntroducing Amazon Aurora with PostgreSQL Compatibility - AWS Online Tech Talks
Introducing Amazon Aurora with PostgreSQL Compatibility - AWS Online Tech TalksAmazon Web Services
 
Connected Vehicles and V2X with Apache Kafka
Connected Vehicles and V2X with Apache KafkaConnected Vehicles and V2X with Apache Kafka
Connected Vehicles and V2X with Apache KafkaKai Wähner
 
AWS Security
AWS SecurityAWS Security
AWS SecurityAmazon Web Services
 
Lessons from Building Large-Scale, Multi-Cloud, SaaS Software at Databricks
Lessons from Building Large-Scale, Multi-Cloud, SaaS Software at DatabricksLessons from Building Large-Scale, Multi-Cloud, SaaS Software at Databricks
Lessons from Building Large-Scale, Multi-Cloud, SaaS Software at DatabricksDatabricks
 
Fraud Detection with Amazon Machine Learning on AWS
Fraud Detection with Amazon Machine Learning on AWSFraud Detection with Amazon Machine Learning on AWS
Fraud Detection with Amazon Machine Learning on AWSAmazon Web Services
 
AWS Machine Learning Week SF: Build, Train & Deploy ML Models Using SageMaker
AWS Machine Learning Week SF: Build, Train & Deploy ML Models Using SageMakerAWS Machine Learning Week SF: Build, Train & Deploy ML Models Using SageMaker
AWS Machine Learning Week SF: Build, Train & Deploy ML Models Using SageMakerAmazon Web Services
 
以AWS Lambda與Amazon API Gateway打造無伺服器後端
以AWS Lambda與Amazon API Gateway打造無伺服器後端以AWS Lambda與Amazon API Gateway打造無伺服器後端
以AWS Lambda與Amazon API Gateway打造無伺服器後端Amazon Web Services
 
How to build a data lake with aws glue data catalog (ABD213-R) re:Invent 2017
How to build a data lake with aws glue data catalog (ABD213-R) re:Invent 2017How to build a data lake with aws glue data catalog (ABD213-R) re:Invent 2017
How to build a data lake with aws glue data catalog (ABD213-R) re:Invent 2017Amazon Web Services
 

Recommended

Introducing Amazon Aurora with PostgreSQL Compatibility - AWS Online Tech Talks
Introducing Amazon Aurora with PostgreSQL Compatibility - AWS Online Tech TalksIntroducing Amazon Aurora with PostgreSQL Compatibility - AWS Online Tech Talks
Introducing Amazon Aurora with PostgreSQL Compatibility - AWS Online Tech TalksAmazon Web Services
 
Connected Vehicles and V2X with Apache Kafka
Connected Vehicles and V2X with Apache KafkaConnected Vehicles and V2X with Apache Kafka
Connected Vehicles and V2X with Apache KafkaKai Wähner
 
AWS Security
AWS SecurityAWS Security
AWS SecurityAmazon Web Services
 
Lessons from Building Large-Scale, Multi-Cloud, SaaS Software at Databricks
Lessons from Building Large-Scale, Multi-Cloud, SaaS Software at DatabricksLessons from Building Large-Scale, Multi-Cloud, SaaS Software at Databricks
Lessons from Building Large-Scale, Multi-Cloud, SaaS Software at DatabricksDatabricks
 
Fraud Detection with Amazon Machine Learning on AWS
Fraud Detection with Amazon Machine Learning on AWSFraud Detection with Amazon Machine Learning on AWS
Fraud Detection with Amazon Machine Learning on AWSAmazon Web Services
 
AWS Machine Learning Week SF: Build, Train & Deploy ML Models Using SageMaker
AWS Machine Learning Week SF: Build, Train & Deploy ML Models Using SageMakerAWS Machine Learning Week SF: Build, Train & Deploy ML Models Using SageMaker
AWS Machine Learning Week SF: Build, Train & Deploy ML Models Using SageMakerAmazon Web Services
 
以AWS Lambda與Amazon API Gateway打造無伺服器後端
以AWS Lambda與Amazon API Gateway打造無伺服器後端以AWS Lambda與Amazon API Gateway打造無伺服器後端
以AWS Lambda與Amazon API Gateway打造無伺服器後端Amazon Web Services
 
How to build a data lake with aws glue data catalog (ABD213-R) re:Invent 2017
How to build a data lake with aws glue data catalog (ABD213-R) re:Invent 2017How to build a data lake with aws glue data catalog (ABD213-R) re:Invent 2017
How to build a data lake with aws glue data catalog (ABD213-R) re:Invent 2017Amazon Web Services
 
AWS reInvent 2023 re:Cap services Slide deck
AWS reInvent 2023 re:Cap services Slide deckAWS reInvent 2023 re:Cap services Slide deck
AWS reInvent 2023 re:Cap services Slide deckSammy Cheung
 
Amazon EMR과 SageMaker를 이용하여 데이터를 준비하고 머신러닝 모델 개발 하기
Amazon EMR과 SageMaker를 이용하여 데이터를 준비하고 머신러닝 모델 개발 하기Amazon EMR과 SageMaker를 이용하여 데이터를 준비하고 머신러닝 모델 개발 하기
Amazon EMR과 SageMaker를 이용하여 데이터를 준비하고 머신러닝 모델 개발 하기Amazon Web Services Korea
 
Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018
Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018
Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018Amazon Web Services
 
Amazon Aurora
Amazon AuroraAmazon Aurora
Amazon AuroraAmazon Web Services
 
Getting Started with AWS Database Migration Service
Getting Started with AWS Database Migration ServiceGetting Started with AWS Database Migration Service
Getting Started with AWS Database Migration ServiceAmazon Web Services
 
Building Data Lakes in the AWS Cloud
Building Data Lakes in the AWS CloudBuilding Data Lakes in the AWS Cloud
Building Data Lakes in the AWS CloudAmazon Web Services
 
Amazon EC2 Instances, Featuring Performance Optimisation Best Practices
Amazon EC2 Instances, Featuring Performance Optimisation Best PracticesAmazon EC2 Instances, Featuring Performance Optimisation Best Practices
Amazon EC2 Instances, Featuring Performance Optimisation Best PracticesAmazon Web Services
 
Getting Started with Amazon Database Migration Service
Getting Started with Amazon Database Migration ServiceGetting Started with Amazon Database Migration Service
Getting Started with Amazon Database Migration ServiceAmazon Web Services
 
Getting Started with Amazon QuickSight
Getting Started with Amazon QuickSightGetting Started with Amazon QuickSight
Getting Started with Amazon QuickSightAmazon Web Services
 
AWS Summit Seoul 2023 | SK쉴더스: AWS Native Security 서비스를 활용한 경계보안
AWS Summit Seoul 2023 | SK쉴더스: AWS Native Security 서비스를 활용한 경계보안AWS Summit Seoul 2023 | SK쉴더스: AWS Native Security 서비스를 활용한 경계보안
AWS Summit Seoul 2023 | SK쉴더스: AWS Native Security 서비스를 활용한 경계보안Amazon Web Services Korea
 
[금융사를 위한 AWS Generative AI Day 2023] 8_Wrap-up과 QnA_금융사의 AI와 관련하...
[금융사를 위한 AWS Generative AI Day 2023] 8_Wrap-up과 QnA_금융사의 AI와 관련하...[금융사를 위한 AWS Generative AI Day 2023] 8_Wrap-up과 QnA_금융사의 AI와 관련하...
[금융사를 위한 AWS Generative AI Day 2023] 8_Wrap-up과 QnA_금융사의 AI와 관련하...AWS Korea 금융산업팀
 
Intro to AWS Lambda
Intro to AWS Lambda Intro to AWS Lambda
Intro to AWS Lambda Amazon Web Services
 
Building a Modern Data Platform on AWS
Building a Modern Data Platform on AWSBuilding a Modern Data Platform on AWS
Building a Modern Data Platform on AWSAmazon Web Services
 
AWS EC2
AWS EC2AWS EC2
AWS EC2Mahesh Raj
 
Introduction to MLflow
Introduction to MLflowIntroduction to MLflow
Introduction to MLflowDatabricks
 
AWS Lake Formation Deep Dive
AWS Lake Formation Deep DiveAWS Lake Formation Deep Dive
AWS Lake Formation Deep DiveCobus Bernard
 
Serverless computing - Build and run applications without thinking about servers
Serverless computing - Build and run applications without thinking about serversServerless computing - Build and run applications without thinking about servers
Serverless computing - Build and run applications without thinking about serversAmazon Web Services
 
[보험사를 위한 AWS Data Analytics Day] 5_KB금융그룹과 계열사의 AWS 기ᄇ...
[보험사를 위한 AWS Data Analytics Day] 5_KB금융그룹과 계열사의 AWS 기ᄇ...[보험사를 위한 AWS Data Analytics Day] 5_KB금융그룹과 계열사의 AWS 기ᄇ...
[보험사를 위한 AWS Data Analytics Day] 5_KB금융그룹과 계열사의 AWS 기ᄇ...AWS Korea 금융산업팀
 
Building Data Lakes and Analytics on AWS
Building Data Lakes and Analytics on AWSBuilding Data Lakes and Analytics on AWS
Building Data Lakes and Analytics on AWSAmazon Web Services
 
Intro to AWS: EC2 & Compute Services
Intro to AWS: EC2 & Compute ServicesIntro to AWS: EC2 & Compute Services
Intro to AWS: EC2 & Compute ServicesAmazon Web Services
 
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS SummitPlan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS SummitAmazon Web Services
 
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...Amazon Web Services
 

More Related Content

What's hot

AWS reInvent 2023 re:Cap services Slide deck
AWS reInvent 2023 re:Cap services Slide deckAWS reInvent 2023 re:Cap services Slide deck
AWS reInvent 2023 re:Cap services Slide deckSammy Cheung
 
Amazon EMR과 SageMaker를 이용하여 데이터를 준비하고 머신러닝 모델 개발 하기
Amazon EMR과 SageMaker를 이용하여 데이터를 준비하고 머신러닝 모델 개발 하기Amazon EMR과 SageMaker를 이용하여 데이터를 준비하고 머신러닝 모델 개발 하기
Amazon EMR과 SageMaker를 이용하여 데이터를 준비하고 머신러닝 모델 개발 하기Amazon Web Services Korea
 
Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018
Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018
Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018Amazon Web Services
 
Getting Started with AWS Database Migration Service
Getting Started with AWS Database Migration ServiceGetting Started with AWS Database Migration Service
Getting Started with AWS Database Migration ServiceAmazon Web Services
 
Building Data Lakes in the AWS Cloud
Building Data Lakes in the AWS CloudBuilding Data Lakes in the AWS Cloud
Building Data Lakes in the AWS CloudAmazon Web Services
 
Amazon EC2 Instances, Featuring Performance Optimisation Best Practices
Amazon EC2 Instances, Featuring Performance Optimisation Best PracticesAmazon EC2 Instances, Featuring Performance Optimisation Best Practices
Amazon EC2 Instances, Featuring Performance Optimisation Best PracticesAmazon Web Services
 
Getting Started with Amazon Database Migration Service
Getting Started with Amazon Database Migration ServiceGetting Started with Amazon Database Migration Service
Getting Started with Amazon Database Migration ServiceAmazon Web Services
 
Getting Started with Amazon QuickSight
Getting Started with Amazon QuickSightGetting Started with Amazon QuickSight
Getting Started with Amazon QuickSightAmazon Web Services
 
AWS Summit Seoul 2023 | SK쉴더스: AWS Native Security 서비스를 활용한 경계보안
AWS Summit Seoul 2023 | SK쉴더스: AWS Native Security 서비스를 활용한 경계보안AWS Summit Seoul 2023 | SK쉴더스: AWS Native Security 서비스를 활용한 경계보안
AWS Summit Seoul 2023 | SK쉴더스: AWS Native Security 서비스를 활용한 경계보안Amazon Web Services Korea
 
[금융사를 위한 AWS Generative AI Day 2023] 8_Wrap-up과 QnA_금융사의 AI와 관련하...
[금융사를 위한 AWS Generative AI Day 2023] 8_Wrap-up과 QnA_금융사의 AI와 관련하...[금융사를 위한 AWS Generative AI Day 2023] 8_Wrap-up과 QnA_금융사의 AI와 관련하...
[금융사를 위한 AWS Generative AI Day 2023] 8_Wrap-up과 QnA_금융사의 AI와 관련하...AWS Korea 금융산업팀
 
Building a Modern Data Platform on AWS
Building a Modern Data Platform on AWSBuilding a Modern Data Platform on AWS
Building a Modern Data Platform on AWSAmazon Web Services
 
Introduction to MLflow
Introduction to MLflowIntroduction to MLflow
Introduction to MLflowDatabricks
 
AWS Lake Formation Deep Dive
AWS Lake Formation Deep DiveAWS Lake Formation Deep Dive
AWS Lake Formation Deep DiveCobus Bernard
 
Serverless computing - Build and run applications without thinking about servers
Serverless computing - Build and run applications without thinking about serversServerless computing - Build and run applications without thinking about servers
Serverless computing - Build and run applications without thinking about serversAmazon Web Services
 
[보험사를 위한 AWS Data Analytics Day] 5_KB금융그룹과 계열사의 AWS 기ᄇ...
[보험사를 위한 AWS Data Analytics Day] 5_KB금융그룹과 계열사의 AWS 기ᄇ...[보험사를 위한 AWS Data Analytics Day] 5_KB금융그룹과 계열사의 AWS 기ᄇ...
[보험사를 위한 AWS Data Analytics Day] 5_KB금융그룹과 계열사의 AWS 기ᄇ...AWS Korea 금융산업팀
 
Building Data Lakes and Analytics on AWS
Building Data Lakes and Analytics on AWSBuilding Data Lakes and Analytics on AWS
Building Data Lakes and Analytics on AWSAmazon Web Services
 
Intro to AWS: EC2 & Compute Services
Intro to AWS: EC2 & Compute ServicesIntro to AWS: EC2 & Compute Services
Intro to AWS: EC2 & Compute ServicesAmazon Web Services
 

What's hot (20)

AWS reInvent 2023 re:Cap services Slide deck
AWS reInvent 2023 re:Cap services Slide deckAWS reInvent 2023 re:Cap services Slide deck
AWS reInvent 2023 re:Cap services Slide deck
 
Amazon EMR과 SageMaker를 이용하여 데이터를 준비하고 머신러닝 모델 개발 하기
Amazon EMR과 SageMaker를 이용하여 데이터를 준비하고 머신러닝 모델 개발 하기Amazon EMR과 SageMaker를 이용하여 데이터를 준비하고 머신러닝 모델 개발 하기
Amazon EMR과 SageMaker를 이용하여 데이터를 준비하고 머신러닝 모델 개발 하기
 
Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018
Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018
Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018
 
Amazon Aurora
Amazon AuroraAmazon Aurora
Amazon Aurora
 
Getting Started with AWS Database Migration Service
Getting Started with AWS Database Migration ServiceGetting Started with AWS Database Migration Service
Getting Started with AWS Database Migration Service
 
Building Data Lakes in the AWS Cloud
Building Data Lakes in the AWS CloudBuilding Data Lakes in the AWS Cloud
Building Data Lakes in the AWS Cloud
 
Amazon EC2 Instances, Featuring Performance Optimisation Best Practices
Amazon EC2 Instances, Featuring Performance Optimisation Best PracticesAmazon EC2 Instances, Featuring Performance Optimisation Best Practices
Amazon EC2 Instances, Featuring Performance Optimisation Best Practices
 
Getting Started with Amazon Database Migration Service
Getting Started with Amazon Database Migration ServiceGetting Started with Amazon Database Migration Service
Getting Started with Amazon Database Migration Service
 
Getting Started with Amazon QuickSight
Getting Started with Amazon QuickSightGetting Started with Amazon QuickSight
Getting Started with Amazon QuickSight
 
AWS Summit Seoul 2023 | SK쉴더스: AWS Native Security 서비스를 활용한 경계보안
AWS Summit Seoul 2023 | SK쉴더스: AWS Native Security 서비스를 활용한 경계보안AWS Summit Seoul 2023 | SK쉴더스: AWS Native Security 서비스를 활용한 경계보안
AWS Summit Seoul 2023 | SK쉴더스: AWS Native Security 서비스를 활용한 경계보안
 
[금융사를 위한 AWS Generative AI Day 2023] 8_Wrap-up과 QnA_금융사의 AI와 관련하...
[금융사를 위한 AWS Generative AI Day 2023] 8_Wrap-up과 QnA_금융사의 AI와 관련하...[금융사를 위한 AWS Generative AI Day 2023] 8_Wrap-up과 QnA_금융사의 AI와 관련하...
[금융사를 위한 AWS Generative AI Day 2023] 8_Wrap-up과 QnA_금융사의 AI와 관련하...
 
Intro to AWS Lambda
Intro to AWS Lambda Intro to AWS Lambda
Intro to AWS Lambda
 
Building a Modern Data Platform on AWS
Building a Modern Data Platform on AWSBuilding a Modern Data Platform on AWS
Building a Modern Data Platform on AWS
 
AWS EC2
AWS EC2AWS EC2
AWS EC2
 
Introduction to MLflow
Introduction to MLflowIntroduction to MLflow
Introduction to MLflow
 
AWS Lake Formation Deep Dive
AWS Lake Formation Deep DiveAWS Lake Formation Deep Dive
AWS Lake Formation Deep Dive
 
Serverless computing - Build and run applications without thinking about servers
Serverless computing - Build and run applications without thinking about serversServerless computing - Build and run applications without thinking about servers
Serverless computing - Build and run applications without thinking about servers
 
[보험사를 위한 AWS Data Analytics Day] 5_KB금융그룹과 계열사의 AWS 기ᄇ...
[보험사를 위한 AWS Data Analytics Day] 5_KB금융그룹과 계열사의 AWS 기ᄇ...[보험사를 위한 AWS Data Analytics Day] 5_KB금융그룹과 계열사의 AWS 기ᄇ...
[보험사를 위한 AWS Data Analytics Day] 5_KB금융그룹과 계열사의 AWS 기ᄇ...
 
Building Data Lakes and Analytics on AWS
Building Data Lakes and Analytics on AWSBuilding Data Lakes and Analytics on AWS
Building Data Lakes and Analytics on AWS
 
Intro to AWS: EC2 & Compute Services
Intro to AWS: EC2 & Compute ServicesIntro to AWS: EC2 & Compute Services
Intro to AWS: EC2 & Compute Services
 

Similar to How Vanguard and Bloomberg Use AWS PrivateLink (NET323) - AWS re:Invent 2018

Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS SummitPlan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS SummitAmazon Web Services
 
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...Amazon Web Services
 
Planificación de arquitecturas de red de AWS - MXO211 - Mexico City Summit
Planificación de arquitecturas de red de AWS - MXO211 - Mexico City SummitPlanificación de arquitecturas de red de AWS - MXO211 - Mexico City Summit
Planificación de arquitecturas de red de AWS - MXO211 - Mexico City SummitAmazon Web Services
 
Deep Dive on New AWS Networking Features - AWS Online Tech Talks
Deep Dive on New AWS Networking Features - AWS Online Tech TalksDeep Dive on New AWS Networking Features - AWS Online Tech Talks
Deep Dive on New AWS Networking Features - AWS Online Tech TalksAmazon Web Services
 
AWS PrivateLink: Fundamentals - SRV211 - Atlanta AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Atlanta AWS SummitAWS PrivateLink: Fundamentals - SRV211 - Atlanta AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Atlanta AWS SummitAmazon Web Services
 
VPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCVPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCAmazon Web Services
 
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...Amazon Web Services
 
深入淺出 AWS 混合式雲端架構
深入淺出 AWS 混合式雲端架構 深入淺出 AWS 混合式雲端架構
深入淺出 AWS 混合式雲端架構 Amazon Web Services
 
Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018
Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018
Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018Amazon Web Services
 
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...Amazon Web Services
 
AWS PrivateLink: Fundamentals - SRV211 - Chicago AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Chicago AWS SummitAWS PrivateLink: Fundamentals - SRV211 - Chicago AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Chicago AWS SummitAmazon Web Services
 
AWS PrivateLink: Fundamentals - SRV211 - Anaheim AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Anaheim AWS SummitAWS PrivateLink: Fundamentals - SRV211 - Anaheim AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Anaheim AWS SummitAmazon Web Services
 
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...Amazon Web Services
 
Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018
Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018
Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018Amazon Web Services
 
AWS PrivateLink: Fundamentals - SRV211 - Toronto AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Toronto AWS SummitAWS PrivateLink: Fundamentals - SRV211 - Toronto AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Toronto AWS SummitAmazon Web Services
 
Fundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS SummitFundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS SummitAmazon Web Services
 
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAmazon Web Services
 
Introduction to Hybrid Cloud on AWS
Introduction to Hybrid Cloud on AWSIntroduction to Hybrid Cloud on AWS
Introduction to Hybrid Cloud on AWSTom Laszewski
 

Similar to How Vanguard and Bloomberg Use AWS PrivateLink (NET323) - AWS re:Invent 2018 (20)

Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS SummitPlan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
 
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
PrivateLink for Partners: Connectivity, Scale, Security (GPSTEC306) - AWS re:...
 
Planificación de arquitecturas de red de AWS - MXO211 - Mexico City Summit
Planificación de arquitecturas de red de AWS - MXO211 - Mexico City SummitPlanificación de arquitecturas de red de AWS - MXO211 - Mexico City Summit
Planificación de arquitecturas de red de AWS - MXO211 - Mexico City Summit
 
Deep Dive on New AWS Networking Features - AWS Online Tech Talks
Deep Dive on New AWS Networking Features - AWS Online Tech TalksDeep Dive on New AWS Networking Features - AWS Online Tech Talks
Deep Dive on New AWS Networking Features - AWS Online Tech Talks
 
VMWare Cloud on AWS | Floor 28
VMWare Cloud on AWS | Floor 28VMWare Cloud on AWS | Floor 28
VMWare Cloud on AWS | Floor 28
 
AWS PrivateLink: Fundamentals - SRV211 - Atlanta AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Atlanta AWS SummitAWS PrivateLink: Fundamentals - SRV211 - Atlanta AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Atlanta AWS Summit
 
VPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCVPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPC
 
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
 
深入淺出 AWS 混合式雲端架構
深入淺出 AWS 混合式雲端架構 深入淺出 AWS 混合式雲端架構
深入淺出 AWS 混合式雲端架構
 
Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018
Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018
Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018
 
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...
 
AWS PrivateLink: Fundamentals - SRV211 - Chicago AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Chicago AWS SummitAWS PrivateLink: Fundamentals - SRV211 - Chicago AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Chicago AWS Summit
 
AWS PrivateLink: Fundamentals - SRV211 - Anaheim AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Anaheim AWS SummitAWS PrivateLink: Fundamentals - SRV211 - Anaheim AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Anaheim AWS Summit
 
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
 
Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018
Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018
Using AWS Lambda as a Security Team (SEC322-R1) - AWS re:Invent 2018
 
AWS PrivateLink Fundamentals
AWS PrivateLink FundamentalsAWS PrivateLink Fundamentals
AWS PrivateLink Fundamentals
 
AWS PrivateLink: Fundamentals - SRV211 - Toronto AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Toronto AWS SummitAWS PrivateLink: Fundamentals - SRV211 - Toronto AWS Summit
AWS PrivateLink: Fundamentals - SRV211 - Toronto AWS Summit
 
Fundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS SummitFundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS Summit
 
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
 
Introduction to Hybrid Cloud on AWS
Introduction to Hybrid Cloud on AWSIntroduction to Hybrid Cloud on AWS
Introduction to Hybrid Cloud on AWS
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

How Vanguard and Bloomberg Use AWS PrivateLink (NET323) - AWS re:Invent 2018

  • 1.
  • 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How Vanguard and Bloomberg Use AWS PrivateLink N E T 3 2 3 Ilya Epshteyn Principal Solutions Architect Amazon Web Services Barry Sheward Chief Enterprise Architect Vanguard Cory Albert Global Head of Cloud Strategy Bloomberg
  • 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda AWS PrivateLink overview Vanguard’s use of AWS PrivateLink as part of micro account strategy Bloomberg’s use of AWS PrivateLink for real-time data (B-PIPE)
  • 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC Peering The Internet On-Premises VPC VPN AWS Direct Connect Availability Zone A Availability Zone B Instance C 10.1.3.33/24 Instance A 10.1.1.11/24 Instance B 10.1.2.22/24 Instance D 10.1.4.44/24 Public Subnet Public Subnet Private Subnet Private Subnet NAT VGW IGW EIP: 54.1.13.43=10.1.1.11 NAT Gateway AWS network primer (prior to AWS PrivateLink)
  • 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC endpoint gateway type • Limited support—Amazon S3 and Amazon DynamoDB only • Gateway endpoints not accessible from on-prem network natively (requires somewhat complex proxy setup) • Available only for AWS services
  • 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC peering • Designed for use cases with broad, bi-directional network trust • Not intended for fine-grained microservices trust model • Maximum of 125 peering connections per VPC by design • VPCs cannot have overlapping CIDR blocks
  • 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Connection always initiated by the service user Brings services into your VPC and on-premise network via AWS private network Service owner only exposes a service concept without any network complexity AWS PrivateLink enables a secure and scalable model for sharing services
  • 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. PrivateLink for AWS Services, Enterprises, and Partners 18 AWS Services (and growing) AWS KMS Amazon Kinesis AWS STS Amazon SNS Amazon EC2 Systems Manager Amazon EC2 APIs Amazon API Gateway Amazon CloudWatch AWS Direct Connect VPN Connection Your Shared Services in Another AWS Account and VPC AWS Partners / Marketplace corporate data center
  • 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Natively accessible from on-prem networks AWS Partners / Marketplace 18 AWS Services (and growing) AWS KMS Amazon Kinesis AWS STS Amazon SNS Amazon EC2 Systems Manager Amazon EC2 APIs Amazon API Gateway Amazon CloudWatch Your Shared Services in Another AWS Account and VPC AWS Direct Connect VPN Connection corporate data center
  • 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Consumer VPC Service Provider VPC Application/Service NLB PrivateLink Architecture
  • 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC Endpoint: vpce-2222.foo.amazon.com NLB PrivateLink Architecture Consumer VPC Service Provider VPC Application/Service
  • 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 10.0.0.0/16 Consumer VPC Private 2a 10.0.16.0/20 Private 2b 10.0.32.0/20 10.0.16.1 10.0.32.2 10.0.0.0/16 Provider VPC Public 2a 10.0.1.0/20 Destination Target 10.0.0.0/16 Local 0.0.0.0/0 IGW Destination Target 10.0.0.0/16 Local Private 2a 10.0.16.0/20 Private 2b 10.0.32.0/20 10.0.16.1 10.0.32.1
  • 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 10.0.0.0/16 Consumer VPC Private 2a 10.0.16.0/20 Private 2b 10.0.32.0/20 10.0.16.1 10.0.32.2 10.0.0.0/16 Provider VPC Public 2a 10.0.1.0/20 Private 2a 10.0.16.0/20 Private 2b 10.0.32.0/20 10.0.16.1 10.0.32.1 corporate data center
  • 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC 10.0.0.0/16 Public 2a 10.0.16.0/20 Private 2a 10.0.144.0/20 Amazon KMS (Provider) Destination Target 10.0.0.0/16 Local 0.0.0.0/0 IGW Destination Target 10.0.0.0/16 Local 10.0.158.56 10.0.128.238 kms.us-east-1.amazonaws.com vpce-042260d8dadad476a-0vjawe46.kms.us-east-1.vpce.amazonaws.com vpce-042260d8dadad476a-0vjawe46-us-east-1a.kms.us-east-1.vpce.amazonaws.com vpce-042260d8dadad476a-0vjawe46-us-east-1b.kms.us-east-1.vpce.amazonaws.com Endpoint-specific DNS and Default service DNS Endpoint-specific DNS and Default service DNS with “Enable Private DNS feature” (recommended)
  • 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC peering and VPC endpoints • Broad-based network trust • Connect VPCs, not services • Inter-region connectivity • Fine-grained trust between services • Service provider and consumer • Scalable to thousands of consumers VPC peering VPC endpoints with AWS PrivateLink
  • 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Key benefits • Private IP addresses used to connect to external services • Same reliable and scalable technology used to access AWS services, Enterprise microservices, or third-party solutions • Support for overlapping addresses and reduced management points • Service owner only exposes a service concept • Connection always initiated by the service user • Accessible from VPC or from on-prem (DX or VPN – NEW) • Growing support by AWS services
  • 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Vanguard—Background Began operations – May 1, 1975 in Valley Forge, PA One of the world's largest investment companies, offering a large selection of low-cost mutual funds, ETFs, advice, and related services Wall ST
  • 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Vanguard’s account strategy—2016 AWS Account VPC AWS Account VPC AWS Account VPC AWS Account VPC AWS Account VPC AWS Account VPC AWS Account VPC AWS Account VPC AWS Account VPC AWS Account VPC AWS Account VPC AWS Account VPC DC1 DC2 DCx
  • 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Issues with the 2016 approach AWS Account AWS Account Subnet Network ACL Availability Zone - A Subnet Network ACL Availability Zone - B Subnet Subnet Network ACL Network ACL CIDR: 192.168.0.1/26 Subnet Network ACL Availability Zone - A Subnet Network ACL Availability Zone - B Subnet Subnet Network ACL Network ACL CIDR: 192.168.1.0/24 CIDR: 192.168.0.0/28 CIDR: 192.168.0.48/28 CIDR: 192.168.0.32/28 CIDR: 192.168.0.16/28 CIDR: 192.168.1.0/26 CIDR: 192.168.1.64/26 CIDR: 192.168.1.128/28 CIDR: 192.168.191/28
  • 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Key enablers for Vanguard’s micro accounts AWS CloudFormation StackSets AWS Organizations Amazon EC2 systems manager
  • 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Vanguard’s micro account strategy AWS Organizational Unit AWS Account AWS Organizational Unit AWS Organizational Unit AWS Organizational Unit AWS Organizational Unit AWS Organizational Unit AWS Organizational Unit AWS Organizational Unit AWS Organizational Unit AWS Organizational Unit AWS Organizational Unit AWS Organizational Unit AWS Organizational Unit AWS Organizational Unit AWS Organizational Unit AWS Organizational Unit AWS Organizational Unit AWS Account AWS Organizational Unit AWS Account AWS Account AWS Organizational Unit AWS Account AWS Organizational Unit AWS Account AWS Account AWS Organizational Unit AWS Account AWS Organizational Unit AWS Account AWS Account AWS Account AWS Account AWS Account AWS Account AWS Account AWS Account AWS Account syslevel division account type
  • 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. IAM in micro accounts—STS IdP User memberOf Description Inan RootOU IAM Admin Bob DevLOB#1OU LOB DevOps Alice ProdOU Prod Support IAM for Enterprises: How Vanguard Has Matured Their IAM Controls to Support a Micro Account Strategy
  • 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Vanguard cloud registry service DCx AWS Account Transit Account AWS Account AWS Organizational Unit AWS Account - SvcConsumer Subnet Availability Zone - A Subnet Availability Zone - B CIDR: 172.31.0.0/16 Endpoints Endpoints Endpoint Service Endpoint VCRS Endpoint Service VCRS Endpoint VCRS Endpoint VCRS Endpoint Endpoint Service #2 Endpoint Service #1 Endpoint Service #3 AWS Account - SvcProvider Subnet Availability Zone - A Subnet Availability Zone - B CIDR: 172.31.0.0/16
  • 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Vanguard cloud registry service—Building AWS PrivateLinks AWS Account – Svc Provider CIDR: 172.31.0.0/16 Subnet – AZ A Subnet – AZ B Subnet – AZ C Subnet – AZ D AWS Account – Svc Consumer CIDR: 172.31.0.0/16 Subnet – AZ A Subnet – AZ B Subnet – AZ C Subnet – AZ D SvcProvider SvcConsumer 2. Endpoint Creation SvcConsumer
  • 26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Access to micro accounts AWS Account rolerole AWS Account role role AWS Account Bastion Account rolerole AWS Account Subnet Availability Zone - A Subnet Availability Zone - B CIDR: 172.31.0.0/16 Account role Amazon EC2 systems manager
  • 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Future vision Ephemeral accounts Three Rs of enterprise security1 • Rotate • Repave • Repair applied to AWS Accounts Supports ZeroAccess Fit-for-purpose accounts Handle special cases, for example, custom address ranges, VPC peering Standard build mechanism (VCRS) Both Use AWS CloudFormation post-account creation AWS Account 1 https://builttoadapt.io/the-three-r-s-of-enterprise-security-rotate-repave-and-repair-f64f6d6ba29d
  • 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Bloomberg B-PIPE at a glance: The solution  What is B-PIPE? Consolidation, distribution, and access via a common API Bloomberg Customers 330 Exchanges 5,000 Pricing Contributors 35 Million Instruments 110 Countries 80 Billion ticks/day 15k Customer Locations 2+ Servers per Location 2+ Routers per Location Fault Tolerant Connectivity
  • 30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Bloomberg B-PIPE at a glance: Our customers • Who leverages B-PIPE data? • Capital markets professionals: Small hedge funds to international banks • Front office applications used to • Assess risk • Manage portfolios • Make informed decisions • What drives customer buying decisions? • Total cost of ownership • Trust: managed service w/highly-specialized support • Optimized: Reliability, scalability, flexibility • These same “ilities” are driving their cloud migration . . .
  • 31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Our customer’s path to optimized Pre-2017: Customers subscribed to data on-prem and published it to applications residing in the cloud Jun 2017: Zero footprint offerings provide data directly to applications. However, a reliance on the internet causes performance, reliability, and scalability concerns Nov 2018: B-PIPE in AWS is introduced as a cloud-optimized solution PublicCloud ApplicationsTickerplants API Infrastructure BLOOMBERG Parsers Customer Prem B-PIPE B-PIPE App App App App 3rd Party Content PublicCloud Applications Customer Prem Tickerplants Distribution BLOOMBERG Parsers blp api 3RD Party Content Tickerplants Distribution BLOOMBERG Parsers PublicCloud Customer VPC Customer A Office Bloomberg VPC Apps blp api BPIPE 3RD Party Content
  • 32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Requirements for an optimized solution • Must be a “no compromise” offering • Content: depth and breadth • Volumes of data consumed • Resiliency • Latency • Must continue to be a managed solution • Monitoring the health of the data path • SW upgrades • Entitlements management • API consistency (BLPAPI) whether cloud, on-prem, etc.
  • 33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. B-PIPE optimized: Getting to the cloud (US East) Bloomberg Global Network Content Providers Content Providers Content Providers BloombergVPC Cust A VPC B-PIPE Cust B B-PIPE Cust A B-PIPE Cust B BLPAPI Cust A App BLPAPI Cust B App B-PIPE Cust A • Bloomberg ingests, normalizes, and distributes data globally • Distribution extends to AWS US East 1 • B-PIPE endpoints are deployed on EC2 instances in a Bloomberg managed VPC • Customer applications remain in their own VPC • Applications connect to B-PIPE using AWS PrivateLink • Result: Customers no longer need to host infrastructure to obtain reliable market data Cust B VPC
  • 34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. B-PIPE optimized: Inside the cloud (US East) Deployment for a Single Customer Location • 10 gig Direct Connects • Bloomberg AFN’s optimize BW utilization • B-PIPE service runs on EC2 instances • AZ’s provide resiliency • Bloomberg provisions B-PIPE via NLB • Provisioned customers create VPC endpoints to the NLB • Optional customer private DNS using Route 53
  • 35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why we selected AWS PrivateLink? Customer Facing Monitoring Tools Bloomberg Operations Teams Tools
  • 36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Results from the lab Scenario Results %-tiles (September 24-8)*  DIFF 50% tile = ~0 ms  DIFF 99% tile = ~0 ms * * Ranges selected solely due to AWS presentation due dates.
  • 37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Up Next • Business • Continue to work with early adopters • Prepare for general US release • Expand offering to meet customer demand globally • Technology • Develop and test multi-tenant solutions • Auto Scale w/Load Balancing • Expand the use of serverless
  • 38. Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Barry Sheward, Chief Enterprise Architect, barry_p_sheward@vanguard.com Cory Albert, Head of Cloud Strategy, Bloomberg Enterprise Data calbert3@bloomberg.net
  • 39. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.