Uploaded byTom Laszewski
MassMutual Goes Cloud-First with Hybrid Cloud on AWS
MassMutual is implementing a cloud-first strategy by adopting a hybrid cloud approach using AWS, focusing on governance, risk, and compliance through tooling and automation. The document outlines their infrastructure design, including AWS account structures, network topology, and various use cases involving SAP and HPC workloads. Challenges encountered during public cloud adoption, such as onboarding and operational structures, are also addressed, along with solutions for standardization and compliance.
TechnologyâŚ
More Related Content
Similar to MassMutual Goes Cloud-First with Hybrid Cloud on AWS
![5G Explained! A High Level Overview [Introduction]](https://cdn.slidesharecdn.com/ss_thumbnails/5gexplainedahighleveloverview-260119165306-cc137a3e-thumbnail.jpg?width=640&height=640&fit=bounds)
MassMutual Goes Cloud-First with Hybrid Cloud on AWS
- 2. Š 2018, AmazonWeb Services, Inc. or its affiliates. All rights reserved. MassMutualGoesCloud-First withHybridCloud onAWS Stanko Dimitrov Cloud Solutions Architect MassMutual/Architecture and Design https://www.linkedin.com/in/spdimitrov/ E N T 2 1 0 Wadis Flores Cloud Solutions Architect MassMutual/Architecture and Design
- 3. Š 2018, AmazonWeb Services, Inc. or its affiliates. All rights reserved.
- 4. Š 2018, AmazonWeb Services, Inc. or its affiliates. All rights reserved. Whoweare
- 5. Š 2018, AmazonWeb Services, Inc. or its affiliates. All rights reserved. MassMutualcloud-first strategy
- 6. Š 2018, AmazonWeb Services, Inc. or its affiliates. All rights reserved. MassMutualâshybrid cloud journey
- 7. Š 2018, AmazonWeb Services, Inc. or its affiliates. All rights reserved. MassMutualcloud MVP
- 8. Š 2018, AmazonWeb Services, Inc. or its affiliates. All rights reserved. Hybrid cloud solution design AWSaccountstructure Enterprise log management Enterprise showbackchargeback Logs Financial data VPC Peering DC & VPN Connections Corporate data center Active directory Identity federation Ent non-prod account Ent prod account BU/devops non-prod account BU/devops prod account Sandbox account Consolidated billing account Shared services account
- 9. Š 2018, AmazonWeb Services, Inc. or its affiliates. All rights reserved. Hybrid cloud solution design Networktopology Amazon Route 53 VGW US-EAST-1 VGW US-EAST-2 VGW US-WEST-1 VGW US-WEST-2 DC Gateway DC Gateway Cross region VPC peering Cross region VPC peering Cross region VPC peering VPNVPN VPNVPN
- 10. Š 2018, AmazonWeb Services, Inc. or its affiliates. All rights reserved. Achievingcloud governance, risk,and compliance (GRC) viatooling and automation
- 11. Š 2018, AmazonWeb Services, Inc. or its affiliates. All rights reserved. Achievingcloud governance, risk,and compliance (GRC) viatooling and automation Serverlessautomationexamples Security group Amazon CloudWatch Events Lambda Functions Amazon SNS Amazon SNS Email notification Email notification Event rule match Amazon CloudWatch Events Lambda Functions Amazon SNS Amazon SNS Email notification Email notification Event rule match Error AWS CloudTrail Turn on logging
- 12. Š 2018, AmazonWeb Services, Inc. or its affiliates. All rights reserved. Achievingcloud governance, risk,and compliance (GRC) viatooling and automation Policybasedcomplianceexample
- 13. Š 2018, AmazonWeb Services, Inc. or its affiliates. All rights reserved. Achievingcloud governance, risk,and compliance (GRC) viatooling and automation Bootstrappingexample Instance 5. Install, configure 4. Fetch packages S3 bucket Playbook store 2. Callback URL 3. Run job template Job status handler API gateway AWS Lambda User AWS CloudFormation AWS Service Catalog AutoScaling Elastic Beanstalk AMI 1. Launch EC2 with user data script
- 14. Š 2018, AmazonWeb Services, Inc. or its affiliates. All rights reserved. MassMutualâshybrid cloud usecases SAPBW/HANA AWS cloud Availability Zone A Availability Zone B US-EAST Prod Application Load Balancer BW Instances HANA DB Instances BW InstancesHANA DB InstancesSync replication Availability Zone A Availability Zone B US-EAST Prod Application Load Balancer BW Instances HANA DB Instances BW Instances Async replication SAP Stack and 3rd party Apps Corporate data center
- 15. Š 2018, AmazonWeb Services, Inc. or its affiliates. All rights reserved. Placement group MassMutualâshybrid cloud usecases MicrosoftHPConAWS Core infrastructure Workstation infrastructure QRM infrastructure HPC cluster infrastructure File S3 Amazon CloudWatch MM directory service on AWS Workspaces subnet Workspaces Workspaces Workspaces Private subnet Data subnet QRM DB & HPC ETL QRM CA Availability zone Private subnet HPC Head Auto scaling group HPC compute MM corp Data feed
- 16. Š 2018, AmazonWeb Services, Inc. or its affiliates. All rights reserved. MassMutualâshybrid cloud usecases HPCwithspotinstances AWC CloudCorporate data center User Management station Database EC2 roleHPC spot instances IAM Access Key IAM Policy S3 bucket Encrypted data
- 17. Š 2018, AmazonWeb Services, Inc. or its affiliates. All rights reserved. Challengesencountered along theway Public cloud adoption 1. Cloud socialization/onboarding ⢠Quarterly AWS training ⢠Cloud user group Challenge Mitigation Operational structure 1. Cloud workcells established: ⢠Security ⢠Foundation ⢠CICD 2. SRE team established Standardization and compliance 1. Automation 2. Reporting
- 18. Š 2018, AmazonWeb Services, Inc. or its affiliates. All rights reserved.
- 19. Š 2018, AmazonWeb Services, Inc. or its affiliates. All rights reserved.
- 20. Thank you! Š 2018,Amazon Web Services, Inc. or its affiliates. All rights reserved. Stanko Dimitrov Cloud Solutions Architect MassMutual/Architecture and Design https://www.linkedin.com/in/spdimitrov/ Wadis Flores Cloud Solutions Architect MassMutual/Architecture and Design
Editor's Notes
- #4Â Max 5 bullets Consolidate first 3 bullets in one
- #7Â Consolidate and use less text
- #8Â They loved this and wont us most of our slides to be like this one
- #9Â Status as of xx/xx/2018 Total of 23 Accounts Identity federation Splunk Integration Integration with Apptio AD extension to AWS with one-way trust Enterprise security tools
- #10Â Multi-region support Inter-region VPC peering Direct connect with VPN failover
- #11Â Check AWS service names and list them as they are marketed. Cloud custodian is a good example of customers sharing their solutions
- #13Â Compliance and governance may be enforced by writing policy rules rather than writing more scripts cloud custodian provides a powerful policy engine that uses proven filtering and action primitives that have a defined schema
- #14 Ansible Tower can be used to configure, deploy and orchestrate the automation and systems within the MM Clouds. Ansible Tower will be used to bootstrap the number of security agents and baseline configurations to machines provisioned within AWS either manually or through AWS' managed services.
- #15Â Existing SAP BW accelerator going out of support Opportunity to upgrade to BW on HANA Existing SAP BW accelerator going out of support, opportunity to upgrade to BW on HANA Onprem vs AWS and Other Cloud Service provider â AWS was least expensive option $0 upfront infrastructure and consulting cost Onprem SAP Stack - 2xERP, SAP Portal, SAP PI and 3rd party non SAP sources exchanging information with SAP HANA such as Informatica, TeraData, Cognos Significant performance increase and operational cost DB2 on AIX P Series hardware with EMC Symmetrix Storage
- #16Â Quantitative Risk Managementâs (QRM) is an Analytical Framework used by Enterprise Risk Management and Actuarial team to measure, forecast and report enterprise risk.
- #17Â Atlas is software developed by Oliver, Wyman Ltd. Atlas allows MassMutual to perform financial projections of insurance products. Because Atlas software runs calculations on potentially hundreds of CPUs, it uses HPC clusters as its infrastructure foundation.