Hybrid Cloud on AWS: Foundational Layers and AWS Services
•Download as PPTX, PDF•
0 likes•440 views
This document discusses foundational layers and supporting services for hybrid cloud on AWS. It covers the core services of network, security, data integration, and operations/monitoring that enable connectivity and management across customer infrastructure and AWS regions. It provides examples of relevant AWS services for each foundational layer, such as AWS DirectConnect, AWS PrivateLink, and AWS VPN for network; AWS Certificate Manager, AWS Shield, and AWS IAM for security; AWS Storage Gateway and AWS Database Migration Service for data integration; and AWS CloudWatch, AWS Config, and AWS Systems Manager for operations/monitoring.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Hybrid Cloud on AWS: Foundational Layers and AWS Services
Similar to Hybrid Cloud on AWS: Foundational Layers and AWS Services (20)
More from Tom Laszewski
More from Tom Laszewski (20)
Recently uploaded
Recently uploaded (20)
Hybrid Cloud on AWS: Foundational Layers and AWS Services
- 1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Tom Laszewski, AWS Transformation Strategist May, 2019 Hybrid Cloud on AWS : Foundational Layers and Supporting AWS Services
- 2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Hybrid Cloud on AWS Foundational Layers
- 3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Core Services Infrastructure Customer infrastructure Compute Servers Storage Nodes Networking devices AWS Regions Compute Servers Storage Nodes Networking devices Hybrid Cloud on AWS Functional View Network Backbone Identity, security and Access Management Operations and monitoring Fleet Management Hybrid Cloud Services Network & Security Storage Services Compute Services Unified Management Databases Analytics AI/ML Developer Tools Systems Mgmt
- 4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS and Hybrid Foundational Layers - Network Network Capabilities: Reliable and stable IP connection, IP address space extension, security, high bandwidth, low latency, reliability, redundancy, flexible network segmentation, firewall rules, reliable network isolation, convenient location/interconnect, DNS, automation APIs, peering AWS Services: AWS DirectConnect, AWS PrivateLink, Amazon VPC, AWS VPN, AWS Transit Gateway, Amazon Route 53, Network Load Balancer, Application Load Balancer, Route 53 - Hybrid DNS Resolver, Global Accelerator, AWS Client VPN Operations, Management and Monitoring Data Integration
- 5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security (Network, Data, Identity & Access) Capabilities: Transport encryption, key/cert management/control/rotation, high performance, strong protocols, robust perimeter, DDoS mitigation tools, mature RBAC, Secret management, intrusion detection, RBAC, Transport encryption, encryption at rest, key/cert management/control/rotation, Secret management, directory integration, roles, permission AWS Services: AWS Certificate Manager, AWS Shield, AWS Firewall Manager, AWS WAF, AWS Certificate Manager, AWS Secrets Manager, AWS Key Management Service, AWS CloudHSM, Amazon Macie, Amazon GuardDuty, AWS Organizations, AWS IAM, Amazon Directory Service, AWS Security Hub, AWS Single Sign-on, AWS Microsoft AD Connector Operations, Management and Monitoring Data Integration AWS and Hybrid Foundational Layers - Security
- 6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Integration Capabilities: File transport, API/request routing, streaming transport, archiving, common interface support (tape, scsi, etc), reliable network transport, secure network transport, access control, encryption AWS Services: AWS Storage Gateway, AWS Snowball/AWS Snowmobile, AWS Database Migration Service, AWS Server Migration Service, AWS Backup, Amazon S3, Amazon Glacier, Amazon EFS, Amazon MQ, Amazon Kinesis, AWS Transfer for SFTP, Amazon EBS snapshots, AWS DataSync, AWS Ground Station, Amazon RDS on Vmware Operations, Management and Monitoring Data Integration AWS and Hybrid Foundational Layers – Data Integration
- 7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Operations, Monitoring and Management Capabilities: provisioning, configuration management, Instrumentation, high volume telemetry, ingest and aggregation, time series, notifications, threshold management, fleet management, configuration audit, dashboard, predictive analytics, activity audit AWS Services: AWS CloudWatch, AWS CloudTrail, AWS Config, AWS Systems Manager, CloudHSM, Amazon Macie, AWS OpsWorks, Amazon EKS, AWS CodeDeploy, AWS CloudFormation Operations, Management and Monitoring Data Integration AWS and Hybrid Foundational Layers – Operations, Monitoring and Management
- 8. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Compute Amazon EKS VMware Cloud on AWS AWS Outposts AWS Lambda Amazon FreeRTOS Amazon Machine Images Amazon EC2 Spot Fleet Amazon EC2 AWS IoT Greengrass AWS Snowball Edge
Editor's Notes
- Good morning, good afternoon, evening. Today we are discussing hybrid cloud customer use cases and also cover AWS landing zone and hybrid cloud landing zones as well as a couple of AWS services that are new and help you configure and run a hybrid cloud environment. Assumes knowledge of cloud and basics of AWS Tom Laszewski NA enterprise architecture leader. We have come a long way by listening to our customs. When I joined 6 years ago you cloud not say hybrid..then hybrid architecture…now hybrid cloud. Went from 16 services to over 130 services Let’s go… Level 300 | Solutions Best Practices Operating in a hybrid architecture is a step in the cloud adoption journey for many organizations that have on-premises technology investments. Migrating legacy IT systems takes time, and can be disruptive to current processes, organizational structure, and culture. AWS has developed a broad set of hybrid cloud capabilities across storage, networking, security, application deployment, and management tools to help you build and operate a secure, performant, reliable, and scalable hybrid cloud. Join this tech talk to learn how customers are leveraging AWS hybrid cloud capabilities for cloud bursting and integrating devices and edge systems. The webinar will start with a review of customer success stories for datacenter capacity extension, delivery of new services and applications, and ensuring business continuity and disaster recovery, as well as covering the configuration of a hybrid cloud landing zone. Missed part one? Watch it on-demand. Learning Objectives: • Hear about customer AWS Hybrid Cloud success stories • Learn the best practices of how customers are building hybrid cloud landing zones • Learn the best practices of hybrid cloud for cloud bursting, and integrated devices and edge systems Who Should Attend: Technical Decision Makers, IT Architects, Cloud Architects, Application Developers Speaker(s): Tom Laszewski, Enterprise Technologist, AWS
- On premise storage integration with AWS data storage services. Business continuity with hot standby on AWS DR as a Service with VMWare Cloud on AWS
- Networking is foundational to all hybrid cloud use cases. 1. Amazon Virtual Privat Cloud (VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources. Can contain public subenets (accessible from internet) and private subnets (accessible from within AWS or through a VPN). 2. DirectConnect, is a Private connection, Separate from the Internet that provides Port speeds of 1 Gbps, 10 Gbps or sub-1 Gbps. If you have bandwidth-heavy workloads that you wish to run in AWS, AWS Direct Connect can reduce your network costs into and out of AWS. 3. VPN - IPsec authentication and encryption through IPSec or SSL through third parties Three options :AWS Managed VPN, Software VPN (EC2) – Cisco CSR on marketplace, openswan, openvpn Amazon VPC Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. Additionally, you can create a Hardware VPN connection between your corporate data center and your VPC to leverage the AWS Cloud as an extension of your corporate datacenter. Learn more » AWS Direct Connect AWS Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your data center, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections. This dedicated connection can be partitioned into multiple virtual interfaces to maintain network separation between public and private environments. Learn more » Integrated Networking The next layer of hybrid architecture involves connecting on-premises and cloud resources through a common network to facilitate the creation of a single enterprise environment. AWS can extend your on-premises network configuration into your virtual private networks on the AWS Cloud so that AWS resources operate as if they are part of your existing corporate network. You can also extend your physical connectivity to provide dedicated, consistent, private networking between your data centers and the AWS regions of your choice.
- 4. IAM - Users for authentation using password plus MFA accessing from AWS console, or have access keys when using the AWS APIs. Groups to combine ’like’ users – developers, finance, operators etc. 5. AWS SSO - AWS Single Sign-On (SSO) is a cloud SSO service that makes it easy to centrally manage SSO access to multiple AWS accounts and business applications., you can create Security Assertion Markup Language (SAML) 2.0 integrations to third party apps. 6. AWS Microsoft AD Connector - Active . Directory Connector gives you an easy way to establish a trusted relationship between your Active Directory and AWS. You continue to run MS AD on-premises. 7. AWS Directory Service for Microsoft Active Directory, also known as AWS Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud. AWS Microsoft AD is built on actual Microsoft Active Directory and does not require you to synchronize ---------------------------------- Extra notes….. Integrated Identity and Access Establishing a single identity and access strategy often goes hand-in-hand with integrating networks. You can create and manage AWS users, groups, and permissions to allow and deny access to AWS resources at extremely fine level of detail. Additionally, AWS offers managed services that allow you to connect your AWS resources with an existing on-premises Microsoft Active Directory and manage policies with existing tools. Public Internet – public IPs assigned to compute by AWS or Elastic Ips that are generated by AWS can be moved to different VMs AWS using Customer gateway and virtual private gateway or Software managed using OpenVPN, Cisco CSR on AWS Marketplace (prepacked AWS Machine Image) Private connection through 67 locations offering speeds of up to 10Gbps, does not use internet, consistent performance. Can be a lower overall cost because of low data transfer out costs.
- Describe the services - AWS Storage Gateway – NFS, ISCSI, SMB. Hybrid Storage Integration, on premises Virtual gateway appliance that can be utilize for backup and restore, pilot light, standby DR, or active/active. AWS. VTL support as well. VM import/export to create Windows, Vmware or Citrix Xe Amazon S3 – Scalable Storage in the Cloud, as indicated used to store files, EBS snapshots which can be restore storage on AWS and attach to EC2 volumes on AWS. Amazon Glacier – Low-cost archive storage in the cloud. Used to archive on-premises data on AWS much like tapes. Amazon EBS Snapshots - Protect your data by creating point-in-time snapshots of EBS volumes, which are backed up to Amazon S3 for long-term durability. Amazon Machine Images stored in S3 that can be instantiated as EC2 instances. Snowball - Snowball is a petabyte-scale data transport solution that uses devices designed to be secure to transfer large amounts of data into and out of the AWS Cloud. Amazon RDS (relational databse service) – Run a DR Aurora, PostgreSQL, MySQL, MariaDB, Oracle, and Microsoft SQL Server. database in the cloud. Route 53 and ELB are used for hot standby (active – active) Amazon Route53 – Scalable Domain Name System for routing traffic between AWS and on premises. Elastic Load Balancer – High Scale Load Balancing Use route53 DNS failover with DNS weighting to failover to a hot standby site on AWS, the failover will occur using health checks on the load balancer and reverse proxy. --------------------------more material ------------------------------- AWS Storage Gateway The AWS Storage Gateway service seamlessly enables hybrid cloud storage between on-premises environments and the AWS Cloud. It combines a multi-protocol storage appliance with highly efficient network connectivity to deliver local performance with virtually unlimited scale. Customers use it in remote offices and datacenters for hybrid cloud workloads involving migration, bursting and storage tiering. The Storage Gateway virtual appliance connects directly to your local infrastructure as a file server, as a local disk volume, or as a virtual tape library (VTL). This seamless connection makes it simple for organizations to augment existing on-premises storage investments with the high scalability, extreme durability and low cost of AWS cloud storage.
- Integrated resources and deployment management is all about DevOps and management tools. 1. Systems Manager is a service to help manage your Amazon EC2 and on-premises instances to automatically apply patches, updates, and configuration changes across any resource group acrpss cloud and aws. 2. AWS OpsWorks is a configuration management service that helps you configure and operate applications, both on-premises and in the AWS Cloud, using AWS managed Chef or Puppet. 3. Amazon Elastic Container Service for Kubernetes (Amazon EKS) is a managed service that makes it easy for you to run Kubernetes on AWS without needing to install and operate your own Kubernetes clusters. Kuberneters is a popular open source, on-premises microservices open source orchestration system. 4. AWS CodeDeploy . AWS CodeDeploy automates code deployments to any instance, including Amazon EC2 instances and instances running on-premises. 5. Vmware cloud on AWS for management seamless integration - fully managed VMware environment on the AWS Cloud that can be accessed on an hourly, on-demand basis or by subscription. It allows you to continue to leverage your investments in VMware without continuing to buy and maintain hardware -------------------------more information------------------- SSM operational data for monitoring and troubleshooting, and take action on your groups of resources to shorten time to detect problems. automatically apply patches, updates, and configuration changes across any resource group. This ensure consistent configurations of firewall policies, anti-virus definitions, logging software across your fleet of compute Using the EC2 run command no need to SSH into servers to apply patches and reduces security blast radius by reducing need to SSH into instances. https://www.youtube.com/watch?v=zwS8lssaY_k Amazon EC2 Run Command Amazon EC2 Run Command lets you remotely and securely manage servers or virtual machines running in your data center or on a cloud platform. Amazon EC2 Run Command provides a simple way of automating common administrative tasks such as executing Shell scripts and commands on Linux, running PowerShell commands on Windows, installing software or patches across multiple instances and provides visibility into the results, making it easy to manage configuration change across large fleets of instances. Capabilities: Automation Inventory Maintenance windows Parameter store Patch management State management Run command AWS OpsWorks helps you automate operational tasks like code deployment, software configurations, package installations, and database setups on any server including existing EC2 instances or servers running in your own data center. You can use a single application management service to deploy and operate applications across your hybrid architecture. Supports any application Configuration as code Automation to run at scale Resource organization Supports any server 2. AWS OpsWorks supports a wide variety of architectures, from simple web applications to highly complex custom applications, and any software that has a scripted installation. Since AWS OpsWorks supports Chef recipes and Bash scripts, you can leverage community-built configurations such as MongoDB and Elasticsearch. You start by modeling and visualizing your application with layers that define resource and software configuration. You control every aspect of your application's configuration to match your needs, processes, and tools. You can extend and adapt the built-in layers or create your own. AWS OpsWorks AWS OpsWorks is a configuration management service that helps you configure and operate applications, both on-premises and in the AWS Cloud, of all shapes and sizes using Chef. You can define the application’s architecture and the specification of each component including package installation, software configuration, and resources such as storage. Start from templates for common technologies like application servers and databases or build your own to perform any task that can be scripted. AWS OpsWorks includes automation to scale your application based on time or load and dynamic configuration to orchestrate changes as your environment scales. 3. Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. Popular in enterprise data centers as companies move to microservices - loosely coupled services, which implement business capabilities in small pieces of code/services 2. Kubernetes gives you the orchestration and management capabilities required to deploy containers, at scale, for these workloads. 4. AWS CodeDeploy AWS CodeDeploy automates code deployments to any instance, including Amazon EC2 instances and instances running on-premises. AWS CodeDeploy makes it easier for you to rapidly release new features, helps you avoid downtime during application deployment, and handles the complexity of updating your applications. You can use AWS CodeDeploy to automate software deployments, eliminating the need for error-prone manual operations, and the service scales with your infrastructure so you can easily deploy to one instance or thousands. In order to assist with running your workloads on aws you can utilize…. 1. AWS CloudFormation to allows you to model your entire infrastructure in a text file – Infrastrucutre as Code). This template becomes the single source of truth for your infrastructure – your virtual data center in a box (well, actually a JSON or YAML) 2. Amazon CloudWatch – To monitor services for running on AWS resources 3. AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. Now that we are familiar with the use cases and are knowledgable about the AWS services related to these uses let’s dive deep into some customer success stories. I specifically used customer successes that have youtube videos, are on slide share, or public case study and white papers so you can find more information after this session.
- Starts with IoT operating system. Amazon FreeRTOS – an operating system for microcontrollers that makes small, low-power edge devices easy to program, deploy, secure, connect, and manage … can run on your raspberry pi. 2. AWS Lambda – AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume - there is no charge when your code is not running. Lambda integrates with Snowball edge and AWS Greengrass. 2. AWS Greengrass - AWS Greengrass is software that lets you run local compute, messaging & data caching for connected devices in a secure way. With AWS Greengrass, connected devices can run AWS Lambda functions, keep device data in sync, and communicate with other devices securely – even when not connected to the Internet. 3. Amazon Machine Learning - Build and train models in the cloud…because you need a lot of data and a lot of compute. Run the Inference on the device. Devices can take action quickly – even when disconnected 5. AWS Snowball Edge - AWS Snowball Edge is a 100TB Offline data collection, such as on a ship where immediate analysis needs to happen. the Snowball Edge, and Lambda examines the data stream for anomalies to aggregate metrics and sends alarms or control signals. The raw data is staged on the Snowball Edge cluster and later sent to AWS,