This document discusses hybrid infrastructure and connectivity options between on-premise resources and cloud services. It covers VPC networking, AWS Direct Connect, Active Directory integration, account governance for security and access control, operations monitoring, and backup and archive storage solutions for hybrid workloads.

3. Our journey today
VPCVPN
Backup & archive Storage
expansion
Common workloads in
hybrid infrastructure
What is hybrid
infrastructure?
Connectivity
Integrated
AWS Direct
Connect
Authentication
Enterprise
integration
Federation
Operations
monitoring
Start

4. On-premise
resources
Data center
Cloud services
Cloud infrastructure
Workload Migration
and integration
Enterprise
management tools
Access/authentication
control integration
Connectivity

6. VPC subnet
Availability Zone
Security group
VPC subnet
Availability Zone
Security group
Virtual
Gateway
https://aws.amazon.com/vpc/faqs/#C9
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/
VPC_VPN.html
Corporate
data center
Users
Data center router
Servers
Internet
IPSec VPN

7. http://aws.amazon.com/directconnect/
Corporate
data center
Users
VPC subnet
Availability Zone
Security group
VPC subnet
Availability Zone
Security group
Data center router
Customer
router
Servers
AWS Direct Connect
location
AWS Direct Connect
routers
Virtual
Gateway

8. VPC Subnet
Availability Zone
Security group
VPC subnet
Availability Zone
Security group
http://aws.amazon.com/directconnect/
Corporate
data center
Users
Data center router
Customer
Router
Servers
IPSec VPN
AWS Direct Connect
location
AWS Direct Connect
routers
Virtual
Gateway

10. http://aws.amazon.com/microsoft/whitepapers/ad-reference-
architecture/
Active Directory
Replication
Corporate
data center
Users
AD.Domain
Servers
Domain
controller
Domain
controller
VPC subnet
Availability Zone
Security group
Virtual
Gateway
Domain
controller
VPC subnet
Availability Zone
Security group
Type Port Number
TCP
54, 88, 135, 137, 139, 389, 445,
464, 636, 3268, 3269, 5722,
49152-65535
UDP
53,67,123, 138, 389, 445, 464,
2535, 5355, 49152-65535
Replication

11. http://aws.amazon.com/directoryservice/
AWS Directory Service
Connect
Corporate
data center
Users
AD.Domain
Servers
Domain
controller
VPC subnet
Availability Zone
Security group
Virtual
Gateway
VPC subnet
Availability Zone
Security group

12. AWS federation/account governance
Financial users,
controllers SOC/AuditorsGlobal AWS admin
Billing account
Software development
Non-prod
account #1
Production
account #1
User management
account
Security / Audit
account
Non-prod
account. #2
App owners
DevOps teams
Security/auditProductionDev/test/sandboxFinancial
Consolidated Billing,
Billing Alerts
Read-only access
for all accounts

13. Operations Monitoring
VPC subnet
Availability Zone
Security group
VPC subnet
Availability Zone
Security group
Virtual
Gateway
Corporate
data center
Users
Data center router
Update
Servers
Connectivity
CloudTrail
CloudWatch
SIEM
Aggregator

15. Corporate
data center
Amazon Simple
Storage Service
Amazon Glacier
Application
server
Virtual
server
File
server
Database
server
Backup
system
AWS Storage
Gateway
iSCSI
Symantec Net Backup
Veeam Backup & Replication
Cloud ONTAP Secure Cloud-
Integrated Backup
AWS Marketplace Partners

16. Corporate
data center
Amazon Simple
Storage Service
Application
server
Virtual
server
File
server
Database
server
Storage
appliance
AWS Storage
Gateway
iSCSI
Cloud ONTAP Secure Cloud-
Integrated Backup
Panzura Global NAS
TwinStrata CloudArray
AWS Marketplace Partners