Enterprise Applications in the Cloud

Jinesh Varia

@jinman

Technology Evangelist

4 Trends

Lots of enterprise customer stories

Enterprise Architecture

Tips

Resources

Today

Trusted by Enterprises and Government Agencies

Why are Enterprises using AWS?

The Cloud API

Standard

Global Footprint

and Expansion Operational

Excellence

Rate of

Innovation

Security and Compliance Enterprise Features

Enterprises are using AWS cloud

as a secure extension of their existing datacenters

Trend #1

DirectConnect Location Corporate

Data Center

Amazon Virtual Private

Cloud

10G

Cloud as an extension of their existing data centers

SAS 70 Type II Audit ISO 27001/2 Certification PCI DSS 2.0 Level 1-5 HIPAA/SOX Compliance FISMA A&A Moderate FEDRamp/GSA ATO

Enforce IAM policies Use MFA, VPC, Leverage S3

bucket policies, EC2 Security groups, EFS in EC2 Etc..

Encrypt data in transit Encrypt data at rest

Protect your AWS Credentials Rotate your keys

Secure your application

In the Cloud, Security is a Shared Responsibility

Application Security

Services Security

Infrastructure Security

How we secure our infrastructure

What security options and features are available to you?

How can you secure your application and what is your responsibility?

Amazon VPC

AWS Region

Public Subnet

Private Subnet

Corporate data center

Corporate Headquarters

Availability Zone 1

Availability Zone 2

Branch Offices

VPN Gateway Customer Gateway

Internet Gateway

Router

DirectConnect Location

Amazon S3 Amazon SimpleDB Amazon SES Amazon SQS New Enterprise IT Network architecture

10G

VPC is part of the Autodesk internal network

Source: Autodesk

Application Servers

On-premises Host

AWS Storage Gateway VM

Direct Attached or Storage Area Network Disks

iSCSI

SSL

AWS

Storage

Gateway

Service

Amazon

EC2

Amazon S3

Amazon

EBS

Your Data Center Amazon Web Services

New Enterprise IT Storage architecture

Enterprise Security Features

AWS Identity And Access Management

• User management

• Policy-based granular access control

• Web login to individual users

• Manage users and groups using Console

Identity Federation

• Security Token Service

• LDAP/AD Integration

Multi-Factor Authentication

• Virtual MFA

• Physical Device

Consolidated Billing

Invoicing

Android, iOS,

Windows, Blackberry Gemalto

Risk compliance. How is SOX compliance achieved if in-scope systems are deployed in the cloud provider environment?

HealthCare compliance. Is it possible to meet HIPAA/GLBA certification requirements while deployed in the cloud provider environment?

E-Discovery. Does the cloud provider meet the customer’s needs to meet electronic discovery procedures and requirements?

Data center tours or Third Party Access. Are data center tours by customers allowed by the cloud provider?

Hypervisor vulnerabilities. Has the cloud provider addressed known hypervisor vulnerabilities?

Distributed Denial Of Service (DDoS) attacks. How does the provider protect their service against DDoS attacks?

Data ownership. What are the cloud provider’s rights over customer data? Data isolation. Does the cloud provider adequately isolate customer data?

Scheduled maintenance outages. Does the provider specify when systems will be brought down for maintenance?

Data durability

Service Provider and Customer business continuity.

Backups.

Vulnerability management. Privileged Actions

AWS Security and Compliance Center (http://aws.amazon.com/security/)

Answers to many security & privacy questions • Security whitepaper • Risk and Compliance whitepaper

Security bulletins

Customer penetration testing

Security best practices

Compliance FAQ and Guidance

You own the data, not AWS.

You choose which geographic location to store the data. It doesn’t move unless you decide to move it.

You should consider the sensitivity of your data and decide if and how you will encrypt your data while it is in transit and while it is at rest.

Your IT, Risk, Compliance and Audit requirements can be met by AWS Reports (SAS 70) and external certifications (ISO27001, PCI, FISMA)

You can download or delete your data whenever you like.

You can set highly granular permissions to manage access of a user to specific service operations, data, and resources in the cloud for greater security control.

Involve your

Security

Teams early

in the

process

Tip #1

#1 Enterprises are using AWS as a secure extension of their existing datacenters (Leveraging VPC, DX, SGW, IAM)

4 Key Trends in the Enterprise….

The flexibility of the AWS Cloud enables Enterprises to deploy

enterprise-grade apps in the cloud

Trend #2

Enterprise Software in the cloud - BYOL

Microsoft Exchange Server, Microsoft SharePoint Server, Microsoft SQL Standard Server, Microsoft SQL Enterprise Server, Microsoft Lync Server, Microsoft System Center servers, and Microsoft Dynamics CRM through License Mobility Software Assurance

Oracle fully supports Oracle E-Business Suite, Oracle’s PeopleSoft Enterprise, Oracle’s Siebel CRM, Oracle Fusion Middleware, Oracle Database, and Oracle Linux on the portion of AWS EC2 which uses Oracle VM.

SAP® solutions, including SAP® Rapid Deployment solutions and SAP® BusinessObjects™ solutions , All-in-One

IBM DB2, Informix, Lotus® Forms Turbo, WebSphere® Application Server, WebSphere® sMash, WebSphere Portal Server, Lotus® Web Content Management Standard Edition , InfoSphere Information Server, Lotus Domino®, Lotus Web Content Management Standard Edition®, Tivoli Monitoring®

Amazon Corporate IT Deploys Mission-Critical Corporate Intranet running SharePoint 2010 to AWS Cloud

Benefits Infrastructure Procurement Time Reduced from over four to six weeks to minutes.

Server Image Build Process that had previously taken a half day is now automated.

Annual Infrastructure Costs Cut by 22 percent when replacing on-premise hardware with equivalent cloud resources.

Eliminating Operational Overhead of server lease returns, freeing up approximately 2 weeks of engineering overhead per year by replacing servers with equivalent cloud resources.

Mission-Critical Application on AWS

Uses

Microsoft SQL Server 2008

Microsoft Windows Server R2

Microsoft SharePoint 2010

On Amazon EC2 (in Amazon VPC) and Amazon EBS, DirectConnect

Windows BitLocker

Windows DPAPI

Problem

Known availability issues in the primary datacenter

Santa Monica datacenter ran out of capacity

Cost and complexity of building a new datacenter were prohibitive

Solution

Migrated Microsoft SharePoint production to AWS

Deployed SAP ERP dev & test environments on AWS

Ready to move SAP ERP production to AWS

Benefits

Increased time-to-market by reducing server provisioning time from 5 weeks to 2 days

Reduced operating costs for SAP Dev & Test around 50%

Lessened environmental demands with power & cooling

Freed up IT resources that are now focused on solving business problems

Recovery.gov, Treasury.gov and several others

SharePoint migration and consolidation projects with Recovery.gov, Treasury.gov, Army Corp of Engineers, ++

Microsoft License Mobility program to license server applications on AWS

Uses SharePoint 2010, SQL Server 2008, ForeFront

Old Infrastructure

AWS CloudInfrastructure

Infra Cost Comparison ~60-70% savings

SharePoint Deployment is easy and one-click away using AWS CloudFormation

http://aws.amazon.com/cloudformation/aws-cloudformation-templates/

Launches SharePoint Foundation 2010 running

on Microsoft Windows Server® 2008 R2

Public site SharePoint reference architecture on AWS

Whitepaper: http://bit.ly/aws-sharepoint

Remote

Admin

Internet

Gateway

AWS Region

Availability Zone 2

Private Subnet

Availability Zone 1

DMZ Private Subnet Private Subnet Private Subnet

Private Subnet

Private Subnet

Private Subnet Private Subnet Private Subnet

Private Subnet

DMZ

Threat Mgmt Gateway

Threat Mgmt Gateway

NAT

RDGW

RDGW

Primary DC/DNS

Active Directory

Active Directory Database Tier

Database Tier

Primary DB

Mirror DB

Witness

Application

Server Tier

Web Tier

Application

Server Tier Web Tier

Central Admin &

SharePoint Services

Central Admin &

SharePoint Services

IIS & SharePoint

Web Front End

IIS & SharePoint

Web Front End

ELB Internet

NAT

Backup DC/DNS

Tip #2: Get Licensing right

Oracle

All Oracle Software licenses are fully portable to EC2 (ELA, ULA, NUP, BPO)

Oracle Cloud Licensing Policy

Microsoft All Windows Server Applications are

available (EA, ESA, OVA, Open License and Select Plus (with SA Option) For Licensed apps, need appropriate CALs)

License Mobility with Software Assurance

Find and buy software

that runs in the AWS cloud

AWS Marketplace is for customers searching for development and business

software from well known vendors including 10gen, CA, Canonical, Check Point,

IBM, Microsoft, Perforce, Red Hat, Riverbed, SAP, and Zend.

Benefits for Buyers • Find software that runs on the

AWS Cloud

• Start applications in minutes

with 1-Click launch

• Pay by the hour for your

software and be billed on your

AWS bill

Benefits for Sellers • Reach new customers

• Easily add hourly billing to

your software

• Help customers get running

faster by giving them

software as pre-configured

server images

AWS Architecture Center (http://aws.amazon.com/architecture)

Whitepapers

Amazon.com SharePoint 2010 Deployment Case study Architecture

Running High-Availability SQL Server on AWS

SharePoint Reference Architecture http://bit.ly/aws-sharepoint

Single Sign-on using ADFS: Step-by-Step Guide

Securing Microsoft Applications on AWS (New!)

#1 Enterprises are using AWS as a secure extension of their existing datacenters (Leveraging VPC, DX, SGW, IAM)

#2 Flexibility: Enterprises are deploying enterprise-grade apps from Microsoft, Oracle, SAP, IBM.. On AWS

4 Key Trends in the Enterprise….

Agility and reduced cost remain the key adoption drivers in the enterprise today

Trend #3

350,000 Minutes (7-8 Months)

Time to provision a server in an enterprise

Time to provision a server in the cloud <5 Minutes

$1000 To rack and stack on-premise

$260 For 3 years (reserved 100% utilized)

Agility and Reduced Cost = key enterprise drivers

NASA CIO’s decree: “Replace Every Procurement Screen with a Provisioning Screen”

Bank – Credit-Risk Simulation Application

Bankinter brought average time-to-

solution down from 23 hours to 20

minutes and dramatically reduced

processing time. “With AWS, we now have the power to decide how fast we want to obtain simulation results, and, more importantly, we have the ability to run simulations not possible before due to the large amount of infrastructure required.” – Castillo, Director, Bankinter

Bankinter was founded in June 1965 as a Spanish industrial bank through a joint venture by Banco de Santander and Bank of America

• Complete elimination of tape from the

archival process

• Faster recovery speeds

• Protects 246 nodes and 40TB daily

Business Benefits

Archive Vaulting solution

Reliability of AWS cloud has enabled

Samsung to be highly available to meet

their SLA targets.

AWS’ Global Infrastructure Regions

enables Samsung to easily expand their

services and accelerate time to market

across the world.

Samsung uses AWS platform of technology

infrastructure services to build Smart Hub

application.

Smart Hub application runs on AWS cloud for

users of Smart TV and Blu-ray players to

access content of 3rd party providers.

Use of AWS Business Benefit

Samsung Powers Smart Hub Service with AWS, Reducing Costs by 85% and Saving $34 Million

“If we were to use the traditional on-premise datacenter, we would have spent

$34 million dollars more in hardware and maintenance expenses during the first

two years. With AWS cloud, we met our reliability and performance objectives at

a fraction of the cost.”

Mr. Chun Kang

Principal Engineer, Visual Display Division

• 58% savings over existing infrastructure

• Faster network speeds

• Improved load times

• Already planning future migrations

(TicketsWest, corporate production)

Business Benefits

Old Infrastructure

AWS CloudInfrastructure

Infra Cost Comparison ~58% savings!

Recommended Configuration for the Cloud

Multi-AZ

Use Provisioned IOPS

volumes (New!)

Snapshots vs. Backups

RDS vs. RDBMS

Federated Authorization

Automated Deployments

Logs -> S3

Persist Intelligently;

Ephemeral, EBS,

DynamoDB or S3

Secure your Credentials

Auto-scaling for Auto-

Recovery

Elastic Network Interfaces

Elastic Load Balancing

(SSL)

Operational Checklist Whitepaper

#1 Enterprises are using AWS as a secure extension of their existing datacenters (Leveraging VPC, DX, SGW, IAM)

#2 Flexibility: Enterprises are deploying enterprise-grade apps from Microsoft, Oracle, SAP, IBM.. On AWS

#3 Agility and reduced cost are the key adoption drivers in the

enterprise today

4 Key Trends in the Enterprise….

Migrating to the cloud

is not all or nothing; Classify your IT assets

Trend #4

Classifying your IT Assets

List all your IT assets

Identify upward and downward dependencies

Start classifying your IT assets into different categories: • Applications with Top Secret, Secret,

or Public data sets

• Applications with low, medium and high compliance requirements

• Applications that are internal-only, partner-only or customer-facing

• Applications with low, medium and high coupling

• Applications with strict, relaxed licensing

Dash board

Report

CRM

Search

DB

logs

Service LDAP

Auth Web

Engine OLAP

ERP

• Search for under-utilized IT assets

• Applications that has immediate business need to scale

• Applications that are running out of capacity

• Easiest to move today • That Builds support within

your organization and creates awareness and excitement

Stack rank your IT assets

Examples: • Web Applications • Batch Processing systems • Content Management

Systems • Digital Asset Management

Systems • Log Processing systems • Collaborative Tools • Big Data Analytics Platforms

Pick the Low-hanging Fruits First

Dash board

Report

CRM

Search

DB

logs

Service

LDAP

Auth Web

Engine OLAP

ERP

CRM

Search

DB

Dash board

Report

CRM

Search

DB

logs

Service

LDAP

Auth Web

Engine OLAP

ERP

Move application by application

Business Benefit

• F500 global energy management

company with operations in more

than 100 countries (110,000

employees)

• Started moving Internet and

Intranet workloads to AWS in early

2011

• Runs 15 production applications

on AWS

• Open and flexible platform

allows Schneider to run Java

and .NET apps on Windows

and Linux virtual servers

• Increased IT agility by rolling

out new applications faster on

AWS

Should migration to the cloud led by business teams or IT Teams?

• No minimum commitment

up front and pay per use

brings significant savings

• Fast provisioning within

minutes for many

applications

• Elasticity – the ability to

expand and contract IT

infrastructure as needed

Business Benefits

• Operationalizing their cloud

strategy

• Shell Foundation Platform – an

IT framework – is AWS approved

• Core operational applications

running in production on AWS

• Development and test

environments running on AWS

Cloud Benefits

Zero upfront investment

On-demand provisioning

Instant scalability

Auto scaling and elasticity

Pay as you go

Removes undifferentiated heavy lifting

Developer productivity

Automation

Cloud

Strategy

New applications

Build a Cloud-Ready

Design

Existing Applications

“No-brainer to move” Apps

Planned Phased

Migration

Migrating to the cloud

Large Enterprise

Cloud Migration : a Phased-driven Strategy Whitepaper

Find it at http://aws.amazon.com/whitepapers

Tip #4

Examples • Dev/Test applications

• Backup/Archive

• Self-contained Web Applications

• Social Media Product Marketing Campaigns

• Customer Training Sites

• Video Portals (Transcoding and Hosting)

• Pre-sales Demo Portal

• Software Downloads

• Trial Applications

Identify and move the Cloud-Ready Apps quickly

#1 Enterprises are using AWS as a secure extension of their existing datacenters (Leveraging VPC, DX, SGW, IAM)

#2 Flexibility: Enterprises are deploying enterprise-grade apps from Microsoft, Oracle, SAP, IBM.. On AWS

#3 Agility and reduced cost are the key adoption drivers in the

enterprise today

#4 Migrating to the cloud is not all or nothing; Classify your IT assets; Its easy and cost-effective

4 Key Trends in the Enterprise….

#1 Involve your security teams early in the process

#2 Get licensing right; leverage cloud licensing models

#3 Leverage best practices and configure for the cloud

#4 Move low-hanging fruits first and gain confidence

Tips

#1 Security & Risk and Compliance Whitepaper

#2 SharePoint, SQL Server, Microsoft Security, Oracle Whitepapers

#3 Operational Checklist Whitepaper

#4 Cloud Migration whitepaper

Resources – http://aws.amazon.com/whitepapers

jvaria@amazon.com

Twitter: @jinman

Thank you!

http://aws.amazon.com