hybrid it approach and technologies on aws
TRANSCRIPT
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
Hybrid IT Approach and Technologies on AWS
Dario Rivera – AWS Solutions ArchitectM. Saleem NetApp Sr. Cloud Evangelist
©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
Hybrid IT is the most common strategy
Source: RightScale 2014 State of the Cloud Report
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
Objectives
• Examine integrated infrastructure
• Review integrated services
• Discuss integrated platform
• Showcase integrated solutions
• Takeaways
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
Our journey today
VPCVPNbackup & archive
storage expansion
integrated
stacks
AWS Direct Connect
authentication
federation
operations tools and
monitoring
start
What is hybrid
integration?
integratedinfrastruct
ure
integratedservices
integratedplatform
integratedsolution
CI/CDmanaged AWS services
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
“Consumption of cloud
services and on-premises
infrastructure into an
aggregated pool of
resources.”
Benefits:
• cost efficiencies
• scalability
• flexibility
• security
Defining hybrid IT integration
on-premises infrastructure
services
platform
solutions
cloud services
infrastructure
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
Integrated infrastructure
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
IPsec VPNo IPsec hardware VPN connection
Supported VPN appliances: https://aws.amazon.com/vpc/faqs/#C9
o Encryption and validation
o Private RFC 1918 addressing
o Uses Border Gateway Protocol
(BGP) for routing and failover
o VPN service provides managed
redundant endpoints
http://docs.aws.amazon.com/AmazonVPC/latest/UserGu
ide/VPC_VPN.html virtualgateway
corporate data center
users
data center router
servers
Internet
IPsec VPN
VPC subnet
Availability Zone
security group
VPC subnet
Availability Zone
security group
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
customer router
AWS Direct Connectlocation
AWS Direct Connect routers
AWS Direct Connecto Requires Layer 2 single mode fiber
1000BASE-LX or 10GBASE-LR
o Requires 802.1Q VLANs across
connection
Tagging of IP traffic
o Routing uses BGP A/A or A/P
multipath
o Each DX is mapped to a single AWS
region
http://aws.amazon.com/directconnect/
corporate data center
users
data center router
servers
VPC subnet
Availability Zone
security group
VPC subnet
Availability Zone
security group
virtualgateway
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
customer router
AWS Direct Connectlocation
AWS Direct Connect routers
AWS Direct Connect + IPsec VPN
o Dedicated network path with
assured bandwidth
o More secure than Internet-based
IPsec VPN – avoids Internet
traverse
o Reduced IPsec network transfer
costs
o Additional network security
http://aws.amazon.com/directconnect/
virtualgateway
corporate data center
users
data center router
servers
VPC subnet
Availability Zone
security group
VPC subnet
Availability Zone
security group
IPsec VPN
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
Integrated services
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
customer router
AWS Direct Connectlocation
AWS Direct Connect routers
Active Directory and LDAP
o Reduced back-reach traffic
o Reduced latency for authentication
o Additional resiliency
o Enablement of both: multi-master read/write domain
controllers read-only domain controllers (RODCs)
Requires IPSec VPN or Direct Connect connectivity
http://aws.amazon.com/microsoft/whitepapers/ad-reference-architecture/
virtualgateway
corporate data center
users
data center router
servers
VPC subnet
Availability Zone
security groups
VPC subnet
Availability Zone
security groups
Type Port Number
TCP 54, 88, 135, 137, 139, 389, 445, 464, 636, 3268, 3269, 5722, 49152-65535
UDP 53,67,123, 138, 389, 445, 464, 2535, 5355, 49152-65535
AD.domain
domain controller
domain controller
domain controller
Active Directory replication
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
customer router
AWS Direct Connectlocation
AWS Direct Connect routers
AWS Directory Service
o Deploys in two modes
Directory Service Connect
Simple AD built on Samba 4 Active
Directory-compatible server
o Simplifies IAM federation
Avoids complexity and cost of hosting
SAML-based federation infrastructure
Acts as a proxy - no data is stored on
AWS infrastructure
Supports existing RADIUS-based MFA Requires IPSec VPN or Direct
Connect connectivityhttp://aws.amazon.com/directoryservice/
virtualgateway
corporate data center
users
data center router
servers
VPC subnet
Availability Zone
security groups
VPC subnet
Availability Zone
security groups
AD.domain
domain controller
AD Connector
AD Connector
AD Connector
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
AWS federation/account governance
financial users, controllers SOC/auditorsglobal AWS
admin
billing account
software development
non-prodaccount #1
production account #1
user management
account
security/auditaccount
non-prodaccount. #2
app ownersDevOps teams
Security/auditProductionDev/test/sandbox
Financial
consolidated billing, billing
alerts
read-only access for all
accounts
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
customer router
AWS Direct Connectlocation
AWS Direct Connect routers
Operations tools and monitoring
o Security monitoring integration
points with with CloudTrail and
SIEM aggregator
o Logging with CloudTrail and SNMP
MIBs to SIEM aggregator
o Platform and app health to SIEM
aggregator via agent on EC2 guest
o Access to patching and updates for
AMI by on-premises update server
virtualgateway
corporate data center
users
data center router
VPC subnet
Availability Zone
security group
VPC subnet
Availability Zone
security group
updateservers
SIEMaggregat
or
CloudTrail
CloudWatch
CloudTrail S3 bucket
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
Integrated platform
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
Application deployment management
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
AWS Elastic Beanstalk
Automated resource management – web
apps made easy
AWS OpsWorks
DevOps framework for application lifecycle management and
automation
DIY/ on demand
DIY, on demand resources: EC2, S3, custom AMIs, etc.
Convenience Control
AWS CloudFormation
Templates to deploy and update infrastructure as
code
Deployment and management
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
customer router
AWS Direct Connectlocation
AWS Direct Connect routers
Continuous integration and deployment
o Automates application deployments
for both on-premises and EC2
instances with use of AWS
CodeDeploy
o Reuse existing scripts and tools
Bash, PowerShell, Chef, Puppet,
anything…
o Integrate with developer tool chain
GitHub, Jenkins, CloudBees,
TravisCI, Eclipse… virtualgateway
corporate data center
users
data center router
VPC subnet
Availability Zone
security group
VPC subnet
Availability Zone
security group
AWS CodeDeploy
servers
AWS CloudFormation
S3 bucket
AgentAgentAgent
AgentAgentAgent
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
customer router
AWS Direct Connectlocation
AWS Direct Connect routers
Managed AWS services
o Advantages
Flexibility and agility
Scalability
Security
Automated maintenance and upgrade
virtualgateway
corporate data center
Users
data center router
VPC subnet
Availability Zone
security group
VPC subnet
Availability Zone
security group
servers
S3 bucket
ApacheKafka
Amazon RedshiftAmazon EMR
Amazon RedshiftAmazon EMR
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
Integrated solutions
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
customer router
AWS Direct Connectlocation
AWS Direct Connect routers
Storage expansiono Virtual volumes presented to local
network iSCSI, NFS, and CIFS
volumes
o Local disk cache to provide fast on-
premises access
o Gateway-side encryption for
security
virtualgateway
corporate data center
users
data center router
VPC subnet
Availability Zone
security group
VPC subnet
Availability Zone
security group
Amazon S3
AWS Storage Gateway
iSCSI
storage appliance
AWS Storage Gateway
iSCSI
servers
AWS Storage Gateway
Cloud ONTAP Secure Cloud-Integrated Backup
Panzura Global NAS
TwinStrata CloudArray
AWS Marketplace Partners
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
customer router
AWS Direct Connectlocation
AWS Direct Connect routers
Backup and archivingo Backup gateways integrated with
Amazon S3o Leverage Amazon S3 archival to
Amazon Glaciero Take advantage of current
investments and solutions for options o Deduplicationo Compressiono WAN acceleration
virtualgateway
corporate data center
users
data center router
VPC subnet
Availability Zone
security group
VPC subnet
Availability Zone
security group
Amazon S3
Amazon Glacier
AWS Storage Gateway
iSCSI
backup system
AWS Storage Gateway
iSCSI
servers
AWS Storage Gateway
Symantec Net Backup
Veeam Backup &
ReplicationCloud ONTAP Secure Cloud-Integrated Backup
AWS Marketplace partners
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
Integration adoption roadmap example
discovery workshop
cloud business
case
define security requirements
define network environment
organizational structure
operational integration
security operations playbook
cloud environment optimization
application portfolioanalysis
cost and billing
analysis
skills and competencies
define cloud environments
define EA policies and
practices
continuous integration &
delivery
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
Platform PerspectiveHelps architects and technology teams understand the relationship of abstractions used to model cloud computing elements that are common across an enterprise.
Platform Perspective components describe the fundamental organization of a hybrid IT system spanning multiple environments, that is embodied in its components, their relationships to each other, and their design and evolution.
The Cloud Adoption Framework whitepaper: http://bit.ly/AWSCAF
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
AWS Marketplace software• Launch software on
AWS with one click
• Pay hourly, monthly, or annually
• Single invoice for AWS usage and software
• Quick deployment without friction• Cost reduction by using BYOL functionality in AWS Marketplace• Used extensively by large enterprises
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
Takeaways• Connectivity is a key to a successful hybrid integration between
cloud and corporate data center
• Authentication and authorization is the cornerstone of enterprise
integration
• Hybrid IT infrastructure enables a variety of hybrid workload
implementations
• Application migration is just a piece of large-scale cloud adoption– The Cloud Adoption Framework whitepaper: http://bit.ly/AWSCAF
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
NetApp - Hybrid IT Cloud Solutions
M. Saleem NetApp Sr. Cloud Evangelist
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
Who is NetApp?
$6.1 BFY15 Revenue
#2Open Networked Storage
Market Share
#1U.S. Government, Germany, Australia
Market Share
#1Storage OS
Market Share
DC Q4 2014 Storage Hardware Market Share March 2015: Open Networked Market Share Branded – Open Networked = combined NAS and SAN - Revenue and Capacity for 2014
Federal agencies must report all contracts valued at $3,000 or more. Based on FPDS-NG reports FY2011-2013, NetApp is the top storage provider.
IDC Names NetApp Data ONTAP as the #1 Branded Storage Operating System Source: IDC Worldwide Quarterly Disk Storage Systems Tracker 2014 Q2, September 2014
1Exabyte-QtrAverage Storage Shipped
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
Hybrid IT: The customer’s view
workloads workloads
customernetwork
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
© 2015 NetApp, Inc. All rights reserved. NetApp Confidential – Limited Use 30
Common cloud use cases for government and enterprises
Elastic workloads Backup and archive• Analytics• Biz apps• Dev test• Disaster recovery• Mobile/web apps• Remote apps• Scientific compute• Modeling and
predictions
• Tape• Competitive storage
replacements
Planning and consolidation
• Disaster planning• DC consolidation (M & A)
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
Hybrid IT cloud solutions to transform your organization
Compatible with AWS services (Amazon Redshift, KMS, and more)
AltaVault Was SteelStore
Cloud ONTAP NetApp Private Storage for AWS
Elastic workloads Backup & archiveanalytics, bus apps, dev-test, disaster recovery,
scientific compute, web apps
most agility most performance, scale, control
Amazon EBSAmazon EC2 Amazon S3
Amazon Glacier
AWS Direct Connect Optional for AltaVault
tape and competitive storage replace
StorageGRID Webscale
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
Direct Connect
StorageGRID WebscaleAltaVault
AWS and NetApp cloud enablement solutions
NetApp Cloud ONTAP
EC2
NetApp Private Storage for AWS
ArchiveBackupEnterprise workloads
EBS
colocation Equinix
Amazon Glacier
S3
Amazon Glacier
S3
on-prem or colocation on cloud or on-prem
VirtualAppliance
EC2
EC2
on cloud
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
© 2014 NetApp, Inc. All rights reserved. NetApp Proprietary – Limited Use Only33
RTI InternationalWho is RTI?• RTI is a global nonprofit research institution supporting private, public, and nonprofit
organizations. They have approximately 4,000 researchers focusing on global programs such as pharmaceuticals, health care, and economic development.
Business challenges• Need for elastic compute• Rapid ramp-up of new projects• Data control, security, and compliance• Government mandates• Regulatory pressures; HIPAA, FIPS, FISMA• Cost containment
Solution: AWS and NetApp® Private Storage for AWS in Equinix data centers with
Amazon EC2 and Direct Connect
Benefit• Ability to scale based on business demand• Business flexibility and agility• Data mobility, access, and control
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
© 2015 NetApp, Inc. All rights reserved.34
State government-U.S.• On the banks of the Susquehanna River, the data center was in a floodplain,
putting county services at risk. The data center was also nearing capacity and , as data volumes grew, tape-based data protection was becoming difficult to manage and costly.
Business challenge Improve county services and data protection without increasing IT
budgets Need effective disaster planning and business continuity
Solution: Exchange and SQL Server production and DR AWS and NetApp® Private Storage for AWS in Equinix data centers with
Amazon EC2 and Direct Connect
Benefit Saves over $1.1 million in taxpayer dollars Provides a foundation for enhanced citizen services Strengthens data security and disaster recovery Positions county for paperless and mobility initiatives Meets data compliance and sovereignty requirements
Northumberland County: Away from the river and into the cloud
“By utilizing Amazon Web Services with NetApp Private Storage, we have a much better and more secure data center than we could ever afford on our own.”
Stephen Bridy, County Commissioner, Northumberland County, Pennsylvania
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
Realize cloud compute benefits for elastic workloads that demand performance, scale, availability, or control:
Common applications using NAS or iSCSI SAN
…EC2 EC2AWS Direct
ConnectNetApp Storagerunning ONTAP
On Premises
AWS
Direct Connectenabled data center
Optional NetApp SnapMirror® or SnapVault® over VPN/MPLS
Cloud ManagerManage and monitor storage in the Direct Connect data center
…
Best service levels: IOPS needed for demanding apps Physical data control to meet strict requirements Only private storage option with fluid hybrid data
management
Use case: Enterprise app dev-test, disaster recovery, prod NetApp Private Storage for AWS (NPS)
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
NetApp Storagerunning ONTAP
on premises
AWSOptional NetApp SnapMirror® or SnapVault® over VPN/MPLS
EC2
EBS
…
Cloud ManagerManage and monitor cloud storage in the cloud
Enhance cloud storage with powerful enterprise data management for elastic workloads:
Common applications using NAS or iSCSI SAN
Best application integration for enterprise apps Reduces storage used in AWS up to 90%+ Only cloud NAS with fluid hybrid data management
Use case: Enterprise apps, dev-test, disaster recovery Cloud ONTAP for AWS
Cloud ONTAP available on AWS Marketplace
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
Use case: Backup and archiveAltaVault (SteelStore) on-premises to S3-Amazon Glacier
Common backup applications integrated with AltaVaultSolve backup and archive headaches with cloud-integrated storage 90% reduction in time, cost, and data volumes Shrink recovery times from days to minutes 85% of backup and software providers supported
on-premises
AWS
cloud-integrated storage appliance
NetApp AltaVault
FAS
E-Seriesnon-NetApp
storage
Seamlessly integrates into existing storage and backup
software environment
Deduplicates, compresses, and encrypts
Caches recent backups locally, vaults older copies to the cloud
Store data in the cloud of choice
NetApp SnapProtect Arcserve CommVault Simpana EMC NetWorker HP Data Protector IBM Tivoli
Storage Mgr
Symantec Backup Exec Symantec NetBackup Veeam Microsoft SQL Server Oracle RMAN
AltaVault available on AWS Marketplace to protect cloud-native workloads
S3 AmazonGlacier
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
Use case: Cost-effective archives with Amazon S3StorageGRID Webscale
Common uses: • Large archives, media repositories, and web data stores• Scalable, durable object storage across on-premises and AWS• Protocols: S3 and CDMI
Store large amounts of data reliably and cost-effectively across locations and decades Manage data across many storage tiers and Amazon S3 Secure data cost-effectively with geo-distributed erasure
coding Use apps written for AWS cloud, even on-premises
on-premisesNetApp StorageGRID
Webscale
AWS region 1
S3
AWS region 2
S3
AWS region 3
S3
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
NetApp supports 90% of Fortune 500 + many organizations
Financial Tech GovernmentEnergy
Information Telco Hosted ServicesHealthcare
Energy• #1 in upstream oil and gas• In 14 of 15 top OGJ firms
Engineering• Manage source code – designs• Used by all German auto firms
Financial• 9,000+ customers• Banks, insurance, markets
Healthcare• 3500+ customers• Fastest growing vertical
Media• Largest broadcast archive• Photo websites > 5 billion photos
@
Q
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
© 2015 NetApp, Inc. All rights reserved. NetApp Confidential – Limited Use 40
AWS & NetApp : Cloud solutions to transform your organization
1-hour free trialCloud ONTAP | NPS for AWS
POC.netapp.com
1-hour free trialCloud ONTAP | NPS for AWS
2-week evaluationNPS for AWS
2-week evaluationCloud ONTAP
90-day trialSteelStore Virtual Appliance
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015
Thank You.This presentation will be loaded to SlideShare the week following the Symposium.
http://www.slideshare.net/AmazonWebServices
AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015