Operating in a hybrid architecture is a necessary component of an enterprise cloud adoption journey. Security, provisioning, change management, and monitoring are all key aspects of managing any hybrid cloud environment. This session will cover the AWS Services, open source tools, and AWS partners that can provide enterprises with a secure, well-governed, performant, reliable, and well-operated hybrid cloud environment. Infrastructure and application continuous delivery and improvement solutions, along with best practices to automate hybrid cloud provisioning and operations activities will be covered.
3. What we expect
Hybrid Cloud
Vision
What we get
Hybrid Cloud
Vision
Networking and host management
Monitoring
and logging
Unified
Security
Consistent provisioning
interfaces
Building a hybrid cloud is hard!
Journey to the hybrid cloud...
9. Identity, security and access management
• Unified identity, security and access
for all entities including services
and users
• Key management
AWS Key Management
Service
AWS Identity and Access
Management
AWS Directory Service
AWS Single Sign-On AWS CloudHSM
10. Hybrid cloud services
HybridCloud
Infrastructure
Network (Peering connections, VPN, Internet)
AWS Regions
Compute Servers
Customer infrastructure
Compute Servers
Instance
Compute
Service
Management Interfaces/APIs
Fleet Management
Interfaces/APIs
EC2 APIs
Core Services
Identity, security and
access management
Operations and
Monitoring
User
• Provide unified provisioning,
monitoring and operating interfaces
for hybrid cloud computing
• Multi-tenancy, inventory, object
configurations
Compute Service:
• Instance inventory, launch and
runtime configurations, images
AWS Outposts VMware Cloud on AWS
16. Same AWS infrastructure & services on-premises
AWS-designed, Nitro infrastructure for
the same security and performance
Automatically managed and updated
as part of AWS Regions
Single point of service and support
AWS Outposts • Same infrastructure
• Same programming interface
• Same monitoring & operations
• Use existing skillset
Available in two options:
• Native AWS
• VMware Cloud on AWS
19. Frequently Asked Questions
• Why do customers need a Hybrid Cloud?
• Do you see hybrid cloud as an temporary solution while customers
migrate to AWS?
• Do you have customers deploying Hybrid Cloud with AWS?
• What are AWS thoughts on multi-cloud?
• Does the operations and management framework apply to multi-cloud?
20. Related sessions
CMP302-R AWS Outposts: Extend the AWS experience to on-premises
environments
CMP337-R AWS Outposts: Build for low latency and local data processing
ENT306-R Build a hybrid cloud in two hours with VMware Cloud on AWS
ENT212-S Transform your business with the VMware & AWS hybrid cloud
ENT318-R Migration strategies leveraging VMware Cloud on AWS
CMP320 How Dropbox leverages Hybrid Cloud for scale and innovation
AWS CloudWatch – monitoring
With tools like AWS CloudTrail, tracking every action taken on AWS accounts and services is straightforward, providing a way to find the event that caused a given change. But not all log entries are useful.
CloudTrail Insights: Identify and Respond to Unusual API Activity
AWS Xray – end to end app monitoring
Flow logs - VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. ….think network taps
Traffic mirroring - Traffic Mirroring is an Amazon VPC feature that you can use to copy network traffic from an elastic network interface of Amazon EC2 instances.
AWS Cloudwatch for hybrid - DataDog, pagerduty…integration with cloudwatch…datadog as example mckesson
AWS cloudtrail for hybrid cloud – sumologic, splunk
AWS application monitoring – appdynamics, sciencelogic, new relic
Overall hybrid cloud management – CA, BMC
SSO – STS with SAML integration
Okta, PingIndentity - SSO
1. Examples in slides 13 and 14
AWS Outposts bring native AWS services, infrastructure, and operating models to virtually any data center, co-location space, or on-premises facility.
Use the same APIs, the same tools, the same hardware, and the same functionality across on-premises and the cloud to deliver a truly consistent hybrid experience.
Unlike other on-premises hybrid cloud solutions that use different APIs, release cadence, manual updates, and third-party hardware and support, Outposts are fully managed and supported by AWS. Customers have access to the latest hardware and software and do not have to worry about software version control, updating or patching software or calling multiple vendors for hardware and software support, just like in the AWS cloud.
Variant of AWS Outposts that runs VMware Cloud on Outposts to provide customers a common infrastructure platform to run their VMware stack across on-premises and cloud environments.
Speaker Notes:
You came to re:Invent to learn. There’s no need to stop when you go home.
Keep re:Inventing with resources from AWS Training and Certification for current and aspiring Solution Architects. Resources for you and your teams
We offer digital and classroom courses to help you design applications and systems on AWS using the Well-Architected Framework. Learn the fundamentals of building IT infrastructure on AWS and creating secure, performant, and scalable solutions. And with our Associate or Professional level certifications for Solutions Architecture, you can validate your skills and propel your career. Global Knowledge identifies the associate level certification as the #1 certification in the industry.
For more information, visit aws.amazon.com/training and look for the architect learning path.
AWS Outposts will be available in two options:
The AWS native variant of Outposts allows you to use the same APIs and control plane you use in the AWS cloud to build and run your applications, but do it on-premises. You will be able to run Amazon EC2 instances and EBS volumes on Outposts. And, at launch or soon thereafter, services such as RDS, ECS, EKS, SageMaker, and EMR will also be available locally on the AWS native variant of Outposts. Other services, such as S3, DynamoDB, and Lambda will be available as Private Link endpoints in the customer’s own VPC.
The VMware variant allows you to run VMware Cloud on AWS locally on Outposts to use the same VMware control plane and APIs you use to run your on-premises infrastructure. This variant delivers the entire VMware Software-Defined Datacenter - compute, storage, and networking infrastructure - to run on-premises using AWS Outposts and allows you to take advantage of the ease of management and integration with AWS services.
Outposts are part of an AWS Region, and customers can access *all* of the AWS services available in the region the same way they do in an Availability Zone today. For example, customers use public service end points for S3 and DynamoDB, and with PrivateLink they can also connect their VPC to these services via private endpoints.
When customers launch instances in an AZ today, they commonly use a subnet tied to an AZ. The same way, they can launch EC2 instances in the subnet tied to their Outpost.
Apart from EC2 and EBS, customers can also launch AWS resources from other services in their Outposts. For example, they can launch RDS instances, EMR nodes, EKS worker nodes locally on their Outpost.
While Lambda is a regional service, customers can run Greengrass to deploy a local Lambda runtime environment on their Outposts.
We want to learn more about which services customers want to run locally.
AWS Outposts bring native AWS services, infrastructure, and operating models to virtually any data center, co-location space, or on-premises facility.
Use the same APIs, the same tools, the same hardware, and the same functionality across on-premises and the cloud to deliver a truly consistent hybrid experience.
Unlike other on-premises hybrid cloud solutions that use different APIs, release cadence, manual updates, and third-party hardware and support, Outposts are fully managed and supported by AWS. Customers have access to the latest hardware and software and do not have to worry about software version control, updating or patching software or calling multiple vendors for hardware and software support, just like in the AWS cloud.
Variant of AWS Outposts that runs VMware Cloud on Outposts to provide customers a common infrastructure platform to run their VMware stack across on-premises and cloud environments.
AWS is VMware’s primary and preferred cloud partner, and our partnership with VMware has yielded several industry-first hybrid solutions.
VMware Cloud on AWS is a jointly engineered service by AWS and VMware, and is the only VMware hybrid cloud solution that is directly managed and supported by VMware.
VMware Cloud on AWS is available globally and we have jointly engineered 200+ features for VMware Cloud on AWS since its launch.
Another jointly engineered hybrid solution is Amazon RDS on VMware. RDS on VMware lets you deploy managed databases in on-premises VMware environments using the RDS technology enjoyed by hundreds of thousands of AWS cloud customers.