hybrid it approach and technologies on aws

AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015


Hybrid IT Approach and Technologies on AWS

Dario Rivera – AWS Solutions ArchitectM. Saleem NetApp Sr. Cloud Evangelist

©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved.


Hybrid IT is the most common strategy

Source: RightScale 2014 State of the Cloud Report


Objectives

• Examine integrated infrastructure

• Review integrated services

• Discuss integrated platform

• Showcase integrated solutions

• Takeaways


Our journey today

VPCVPNbackup & archive

storage expansion

integrated

stacks

AWS Direct Connect

authentication

federation

operations tools and

monitoring

start

What is hybrid

integration?

integratedinfrastruct

ure

integratedservices

integratedplatform

integratedsolution

CI/CDmanaged AWS services


“Consumption of cloud

services and on-premises

infrastructure into an

aggregated pool of

resources.”

Benefits:

• cost efficiencies

• scalability

• flexibility

• security

Defining hybrid IT integration

on-premises infrastructure

services

platform

solutions

cloud services

infrastructure



Integrated infrastructure


IPsec VPNo IPsec hardware VPN connection

Supported VPN appliances: https://aws.amazon.com/vpc/faqs/#C9

o Encryption and validation

o Private RFC 1918 addressing

o Uses Border Gateway Protocol

(BGP) for routing and failover

o VPN service provides managed

redundant endpoints

http://docs.aws.amazon.com/AmazonVPC/latest/UserGu

ide/VPC_VPN.html virtualgateway

corporate data center

users

data center router

servers

Internet

IPsec VPN

VPC subnet

Availability Zone

security group

VPC subnet

Availability Zone

security group

https://aws.amazon.com/vpc/faqs/#C9

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.html

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.html


customer router

AWS Direct Connectlocation

AWS Direct Connect routers

AWS Direct Connecto Requires Layer 2 single mode fiber

1000BASE-LX or 10GBASE-LR

o Requires 802.1Q VLANs across

connection

Tagging of IP traffic

o Routing uses BGP A/A or A/P

multipath

o Each DX is mapped to a single AWS

region

http://aws.amazon.com/directconnect/


users

data center router

servers

VPC subnet

Availability Zone

security group

VPC subnet

Availability Zone

security group

virtualgateway



customer router



AWS Direct Connect + IPsec VPN

o Dedicated network path with

assured bandwidth

o More secure than Internet-based

IPsec VPN – avoids Internet

traverse

o Reduced IPsec network transfer

costs

o Additional network security


virtualgateway


users

data center router

servers

VPC subnet

Availability Zone

security group

VPC subnet

Availability Zone

security group

IPsec VPN




Integrated services


customer router



Active Directory and LDAP

o Reduced back-reach traffic

o Reduced latency for authentication

o Additional resiliency

o Enablement of both: multi-master read/write domain

controllers read-only domain controllers (RODCs)

Requires IPSec VPN or Direct Connect connectivity

http://aws.amazon.com/microsoft/whitepapers/ad-reference-architecture/

virtualgateway


users

data center router

servers

VPC subnet

Availability Zone

security groups

VPC subnet

Availability Zone

security groups

Type Port Number

TCP 54, 88, 135, 137, 139, 389, 445, 464, 636, 3268, 3269, 5722, 49152-65535

UDP 53,67,123, 138, 389, 445, 464, 2535, 5355, 49152-65535

AD.domain

domain controller

domain controller

domain controller

Active Directory replication





customer router



AWS Directory Service

o Deploys in two modes

Directory Service Connect

Simple AD built on Samba 4 Active

Directory-compatible server

o Simplifies IAM federation

Avoids complexity and cost of hosting

SAML-based federation infrastructure

Acts as a proxy - no data is stored on

AWS infrastructure

Supports existing RADIUS-based MFA Requires IPSec VPN or Direct

Connect connectivityhttp://aws.amazon.com/directoryservice/

virtualgateway


users

data center router

servers

VPC subnet

Availability Zone

security groups

VPC subnet

Availability Zone

security groups

AD.domain

domain controller

AD Connector

AD Connector

AD Connector

http://aws.amazon.com/directoryservice/

http://aws.amazon.com/directoryservice/


AWS federation/account governance

financial users, controllers SOC/auditorsglobal AWS

admin

billing account

software development

non-prodaccount #1

production account #1

user management

account

security/auditaccount

non-prodaccount. #2

app ownersDevOps teams

Security/auditProductionDev/test/sandbox

Financial

consolidated billing, billing

alerts

read-only access for all

accounts


customer router



Operations tools and monitoring

o Security monitoring integration

points with with CloudTrail and

SIEM aggregator

o Logging with CloudTrail and SNMP

MIBs to SIEM aggregator

o Platform and app health to SIEM

aggregator via agent on EC2 guest

o Access to patching and updates for

AMI by on-premises update server

virtualgateway


users

data center router

VPC subnet

Availability Zone

security group

VPC subnet

Availability Zone

security group

updateservers

SIEMaggregat

or

CloudTrail

CloudWatch

CloudTrail S3 bucket



Integrated platform


Application deployment management


AWS Elastic Beanstalk

Automated resource management – web

apps made easy

AWS OpsWorks

DevOps framework for application lifecycle management and

automation

DIY/ on demand

DIY, on demand resources: EC2, S3, custom AMIs, etc.

Convenience Control

AWS CloudFormation

Templates to deploy and update infrastructure as

code

Deployment and management


customer router



Continuous integration and deployment

o Automates application deployments

for both on-premises and EC2

instances with use of AWS

CodeDeploy

o Reuse existing scripts and tools

Bash, PowerShell, Chef, Puppet,

anything…

o Integrate with developer tool chain

GitHub, Jenkins, CloudBees,

TravisCI, Eclipse… virtualgateway


users

data center router

VPC subnet

Availability Zone

security group

VPC subnet

Availability Zone

security group

AWS CodeDeploy

servers

AWS CloudFormation

S3 bucket

AgentAgentAgent

AgentAgentAgent


customer router



Managed AWS services

o Advantages

Flexibility and agility

Scalability

Security

Automated maintenance and upgrade

virtualgateway


Users

data center router

VPC subnet

Availability Zone

security group

VPC subnet

Availability Zone

security group

servers

S3 bucket

ApacheKafka

Amazon RedshiftAmazon EMR

Amazon RedshiftAmazon EMR



Integrated solutions


customer router



Storage expansiono Virtual volumes presented to local

network iSCSI, NFS, and CIFS

volumes

o Local disk cache to provide fast on-

premises access

o Gateway-side encryption for

security

virtualgateway


users

data center router

VPC subnet

Availability Zone

security group

VPC subnet

Availability Zone

security group

Amazon S3

AWS Storage Gateway

iSCSI

storage appliance

AWS Storage Gateway

iSCSI

servers

AWS Storage Gateway

Cloud ONTAP Secure Cloud-Integrated Backup

Panzura Global NAS

TwinStrata CloudArray

AWS Marketplace Partners


customer router



Backup and archivingo Backup gateways integrated with

Amazon S3o Leverage Amazon S3 archival to

Amazon Glaciero Take advantage of current

investments and solutions for options o Deduplicationo Compressiono WAN acceleration

virtualgateway


users

data center router

VPC subnet

Availability Zone

security group

VPC subnet

Availability Zone

security group

Amazon S3

Amazon Glacier

AWS Storage Gateway

iSCSI

backup system

AWS Storage Gateway

iSCSI

servers

AWS Storage Gateway

Symantec Net Backup

Veeam Backup &

ReplicationCloud ONTAP Secure Cloud-Integrated Backup

AWS Marketplace partners


Integration adoption roadmap example

discovery workshop

cloud business

case

define security requirements

define network environment

organizational structure

operational integration

security operations playbook

cloud environment optimization

application portfolioanalysis

cost and billing

analysis

skills and competencies

define cloud environments

define EA policies and

practices

continuous integration &

delivery


Platform PerspectiveHelps architects and technology teams understand the relationship of abstractions used to model cloud computing elements that are common across an enterprise.

Platform Perspective components describe the fundamental organization of a hybrid IT system spanning multiple environments, that is embodied in its components, their relationships to each other, and their design and evolution.

The Cloud Adoption Framework whitepaper: http://bit.ly/AWSCAF

http://bit.ly/AWSCAF


AWS Marketplace software• Launch software on

AWS with one click

• Pay hourly, monthly, or annually

• Single invoice for AWS usage and software

• Quick deployment without friction• Cost reduction by using BYOL functionality in AWS Marketplace• Used extensively by large enterprises


Takeaways• Connectivity is a key to a successful hybrid integration between

cloud and corporate data center

• Authentication and authorization is the cornerstone of enterprise

integration

• Hybrid IT infrastructure enables a variety of hybrid workload

implementations

• Application migration is just a piece of large-scale cloud adoption– The Cloud Adoption Framework whitepaper: http://bit.ly/AWSCAF

http://bit.ly/AWSCAF



NetApp - Hybrid IT Cloud Solutions

M. Saleem NetApp Sr. Cloud Evangelist


Who is NetApp?

$6.1 BFY15 Revenue

#2Open Networked Storage

Market Share

#1U.S. Government, Germany, Australia

Market Share

#1Storage OS

Market Share

DC Q4 2014 Storage Hardware Market Share March 2015: Open Networked Market Share Branded – Open Networked = combined NAS and SAN - Revenue and Capacity for 2014

Federal agencies must report all contracts valued at $3,000 or more. Based on FPDS-NG reports FY2011-2013, NetApp is the top storage provider.

IDC Names NetApp Data ONTAP as the #1 Branded Storage Operating System Source: IDC Worldwide Quarterly Disk Storage Systems Tracker 2014 Q2, September 2014

1Exabyte-QtrAverage Storage Shipped


Hybrid IT: The customer’s view

workloads workloads

customernetwork


© 2015 NetApp, Inc. All rights reserved. NetApp Confidential – Limited Use 30

Common cloud use cases for government and enterprises

Elastic workloads Backup and archive• Analytics• Biz apps• Dev test• Disaster recovery• Mobile/web apps• Remote apps• Scientific compute• Modeling and

predictions

• Tape• Competitive storage

replacements

Planning and consolidation

• Disaster planning• DC consolidation (M & A)


Hybrid IT cloud solutions to transform your organization

Compatible with AWS services (Amazon Redshift, KMS, and more)

AltaVault Was SteelStore

Cloud ONTAP NetApp Private Storage for AWS

Elastic workloads Backup & archiveanalytics, bus apps, dev-test, disaster recovery,

scientific compute, web apps

most agility most performance, scale, control

Amazon EBSAmazon EC2 Amazon S3

Amazon Glacier

AWS Direct Connect Optional for AltaVault

tape and competitive storage replace

StorageGRID Webscale


Direct Connect

StorageGRID WebscaleAltaVault

AWS and NetApp cloud enablement solutions

NetApp Cloud ONTAP

EC2

NetApp Private Storage for AWS

ArchiveBackupEnterprise workloads

EBS

colocation Equinix

Amazon Glacier

S3

Amazon Glacier

S3

on-prem or colocation on cloud or on-prem

VirtualAppliance

EC2

EC2

on cloud


© 2014 NetApp, Inc. All rights reserved. NetApp Proprietary – Limited Use Only33

RTI InternationalWho is RTI?• RTI is a global nonprofit research institution supporting private, public, and nonprofit

organizations. They have approximately 4,000 researchers focusing on global programs such as pharmaceuticals, health care, and economic development.

Business challenges• Need for elastic compute• Rapid ramp-up of new projects• Data control, security, and compliance• Government mandates• Regulatory pressures; HIPAA, FIPS, FISMA• Cost containment

Solution: AWS and NetApp® Private Storage for AWS in Equinix data centers with

Amazon EC2 and Direct Connect

Benefit• Ability to scale based on business demand• Business flexibility and agility• Data mobility, access, and control


© 2015 NetApp, Inc. All rights reserved.34

State government-U.S.• On the banks of the Susquehanna River, the data center was in a floodplain,

putting county services at risk. The data center was also nearing capacity and , as data volumes grew, tape-based data protection was becoming difficult to manage and costly.

Business challenge Improve county services and data protection without increasing IT

budgets Need effective disaster planning and business continuity

Solution: Exchange and SQL Server production and DR AWS and NetApp® Private Storage for AWS in Equinix data centers with

Amazon EC2 and Direct Connect

Benefit Saves over $1.1 million in taxpayer dollars Provides a foundation for enhanced citizen services Strengthens data security and disaster recovery Positions county for paperless and mobility initiatives Meets data compliance and sovereignty requirements

Northumberland County: Away from the river and into the cloud

“By utilizing Amazon Web Services with NetApp Private Storage, we have a much better and more secure data center than we could ever afford on our own.”

Stephen Bridy, County Commissioner, Northumberland County, Pennsylvania


Realize cloud compute benefits for elastic workloads that demand performance, scale, availability, or control:

Common applications using NAS or iSCSI SAN

…EC2 EC2AWS Direct

ConnectNetApp Storagerunning ONTAP

On Premises

AWS

Direct Connectenabled data center

Optional NetApp SnapMirror® or SnapVault® over VPN/MPLS

Cloud ManagerManage and monitor storage in the Direct Connect data center

…

Best service levels: IOPS needed for demanding apps Physical data control to meet strict requirements Only private storage option with fluid hybrid data

management

Use case: Enterprise app dev-test, disaster recovery, prod NetApp Private Storage for AWS (NPS)


NetApp Storagerunning ONTAP

on premises

AWSOptional NetApp SnapMirror® or SnapVault® over VPN/MPLS

EC2

EBS

…

Cloud ManagerManage and monitor cloud storage in the cloud

Enhance cloud storage with powerful enterprise data management for elastic workloads:

Common applications using NAS or iSCSI SAN

Best application integration for enterprise apps Reduces storage used in AWS up to 90%+ Only cloud NAS with fluid hybrid data management

Use case: Enterprise apps, dev-test, disaster recovery Cloud ONTAP for AWS

Cloud ONTAP available on AWS Marketplace


Use case: Backup and archiveAltaVault (SteelStore) on-premises to S3-Amazon Glacier

Common backup applications integrated with AltaVaultSolve backup and archive headaches with cloud-integrated storage 90% reduction in time, cost, and data volumes Shrink recovery times from days to minutes 85% of backup and software providers supported

on-premises

AWS

cloud-integrated storage appliance

NetApp AltaVault

FAS

E-Seriesnon-NetApp

storage

Seamlessly integrates into existing storage and backup

software environment

Deduplicates, compresses, and encrypts

Caches recent backups locally, vaults older copies to the cloud

Store data in the cloud of choice

NetApp SnapProtect Arcserve CommVault Simpana EMC NetWorker HP Data Protector IBM Tivoli

Storage Mgr

Symantec Backup Exec Symantec NetBackup Veeam Microsoft SQL Server Oracle RMAN

AltaVault available on AWS Marketplace to protect cloud-native workloads

S3 AmazonGlacier


Use case: Cost-effective archives with Amazon S3StorageGRID Webscale

Common uses: • Large archives, media repositories, and web data stores• Scalable, durable object storage across on-premises and AWS• Protocols: S3 and CDMI

Store large amounts of data reliably and cost-effectively across locations and decades Manage data across many storage tiers and Amazon S3 Secure data cost-effectively with geo-distributed erasure

coding Use apps written for AWS cloud, even on-premises

on-premisesNetApp StorageGRID

Webscale

AWS region 1

S3

AWS region 2

S3

AWS region 3

S3


NetApp supports 90% of Fortune 500 + many organizations

Financial Tech GovernmentEnergy

Information Telco Hosted ServicesHealthcare

Energy• #1 in upstream oil and gas• In 14 of 15 top OGJ firms

Engineering• Manage source code – designs• Used by all German auto firms

Financial• 9,000+ customers• Banks, insurance, markets

Healthcare• 3500+ customers• Fastest growing vertical

Media• Largest broadcast archive• Photo websites > 5 billion photos

@

Q


© 2015 NetApp, Inc. All rights reserved. NetApp Confidential – Limited Use 40

AWS & NetApp : Cloud solutions to transform your organization

1-hour free trialCloud ONTAP | NPS for AWS

POC.netapp.com

1-hour free trialCloud ONTAP | NPS for AWS

2-week evaluationNPS for AWS

2-week evaluationCloud ONTAP

90-day trialSteelStore Virtual Appliance


Thank You.This presentation will be loaded to SlideShare the week following the Symposium.

http://www.slideshare.net/AmazonWebServices


hybrid it approach and technologies on aws

Technology