AWS provides many services to assist customers with their journey to the cloud. Hybrid solutions offer customers a way to continue leveraging existing investments on-premises, while expanding their footprint into the public cloud. This session covers the different technologies available to support hybrid architectures on AWS. We discuss common patterns and anti-patterns for solving enterprise workloads across a hybrid environment.
3. What to Expect from the Session
• What is a 200 level talk
• Prerequisites
• Basic understanding of Cloud Computing
• Familiarity of AWS Regions/AZs
• Overview of the AWS services used for hybrid cloud
• Customer use-cases for hybrid cloud
• How to build a hybrid environment from scratch
4. Not an all or nothing decision
“Many of you may think what we’re
promoting here is that cloud is an all or
nothing decision. You either go into the
cloud or stay home. That is not the case.
What we’ve built is a whole set of
services that allow you to run both on-
premise and in the cloud seamlessly
together.”
– Werner Vogels
8. Identity Management - IAM
• Fine grained access control for AWS
resources
• Multi-factor authentication for highly
privileged users
• Can integrate with corporate directory
Identity and Access
Management
9. IAM- Federation
• Grant external identities access
to AWS resources
• External providers such as
Microsoft AD, Amazon,
Facebook, Google, or any
OpenID provider AWS Security
Token Service
10. Identity Management - Directory Service
• 3 versions; Microsoft AD, Simple AD,
AD Connector
• Managed Service
• Join instances to an AD Domain
• Single Sign-On to AWS Console and
Applications AWS Directory
Service
14. Storage
S3 Standard S3 Standard - IA Amazon Glacier
Designed for Durability
99.999999999% 99.999999999% 99.999999999%
Designed for Availability
99.99%
99.9%
N/A
Availability SLA
99.9% 99% N/A
Minimum Object Size N/A 128KB* N/A
Minimum Storage Duration N/A 30 days 90 days
Retrieval Fee N/A per GB retrieved per GB retrieved**
First Byte Latency milliseconds milliseconds 4 hours
Storage Class
object level object level object level
Lifecycle Transitions yes yes yes
15. AWS Snowball
• Fast Data Transfer
• 256-bit Encryption
• Rugged and Portable
• End-to-End Tracking
• Secure Erasure
AWS Snowball
16. Start with backups
AWScorporate data center
File Server
Active Directory
Domain Controller
Desktop
Amazon S3
Backup Data
over the Internet
Glacier
Archive
Lifecycle Policy
17. Storage Gateway
• 3 Modes – Stored, Cached, VTL
• Securely transfers and stores data
• Durably backed by S3 and Glacier
• Uses industry standard iSCSI interface
AWS Storage
Gateway
18. Running out of SAN Space, No Problem
AWScorporate data center
File Server
Active Directory
Domain Controller
Desktop
Amazon S3
Storage Gateway
Cached Volume
20. Virtual Private Cloud (VPC)
• Logical isolation of the AWS Cloud
• Complete control of your virtual networking environment
• Set your own IP address ranges
• Create subnets
• Configure routing tables and networking gateways
• Extend your corporate network and launch AWS
resources in a virtual network that you define
21. Virtual Private Cloud (VPC)
Three ways to connect to your VPC
• Over the Internet
• Hardware Virtual Private Network (VPN) using IPSec
• Configured in minutes
• AWS Direct Connect
• Service provided by Amazon Partner Network (APN) Partners
22. AWS Direct Connect
• Dedicated network connection to AWS
• Consistent network performance
• Speeds of 50-500Mbps, 1Gbps, and 10Gbps
• Most hardware VPN solutions top at 4Gbps
• Supports Active/Active and Active/Passive Border
Gateway Protocol (BGP) Multipath
23. Connectivity to AWS
virtual private cloudcorporate data center
File Server
Active Directory
Domain Controller
Desktop
VPN or Direct Connect
25. Let’s Move File Server to the Cloud
virtual private cloudcorporate data center
File Server
Active Directory
Domain Controller
Desktop
26. Let’s Move File Server to the Cloud
virtual private cloudcorporate data center
File Server
Active Directory
Domain Controller
Desktop
27. Let’s Move File Server to the Cloud
virtual private cloudcorporate data center
File Server
Active Directory
Domain Controller
Desktop
28. Building Servers in the Cloud
virtual private cloudcorporate data center
File Server
Active Directory
Domain Controller
Active Directory
Domain Controller
Desktop
29. Configure Directory Service
virtual private cloudcorporate data center
File Server
Active Directory
Domain Controller
Active Directory
Domain Controller
AWS Directory
Service
Desktop
AD Replication
30. Add EC2 File Server
virtual private cloudcorporate data center
File Server
Active Directory
Domain Controller
File Server
Active Directory
Domain Controller
AWS Directory
Service
Desktop
AD Replication
31. Configure Replication
virtual private cloudcorporate data center
File Server
Active Directory
Domain Controller
File Server
Active Directory
Domain Controller
AWS Directory
Service
Desktop
DFS Replication
AD Replication
32. EC2 Instances in Action
Demo video of building EC2 ADDC and File Server
33. Demo Environment
virtual private cloudcorporate data center
File Server
DFSR-Fileserver
Active Directory
Domain Controller
DFSR-DC
File Server
DFSR-FS-VPC
Active Directory
Domain Controller
DFSR-DC1-VPC
AWS Directory
Service
Desktop
DFS Replication
AD Replication
VegasCorp.com
CL4-VPC
35. What If We Added Storage Gateway?
virtual private cloudcorporate data center
File Server
Active Directory
Domain Controller
File Server
Active Directory
Domain Controller
AWS Directory
Service
Desktop
DFS Replication
AD Replication
Storage Gateway
Amazon S3
Backups / Snapshots
36. Storage Gateway Cost Comparison
Service Cost
Compute $359.42
EBS Storage $2,003.00
Total $2,362.42
Service Cost
Compute $534.37
EBS Storage $43.00
Storage GW $125.00
S3 604.68
Total $1,307.05
*Estimated pricing per month on demand
• Windows File Server on EC2
• 20TB EBS Storage
• Windows File Server on EC2
• Storage Gateway on EC2
• 20TB S3 Storage
37. Workspaces
• Windows 7/10 Desktop
• Easy Provisioning
• Secure and Encrypted
• Desktop and Mobile Clients
Amazon
WorkSpaces
38. Microsoft DFS-R Hybrid Deployment
virtual private cloudcorporate data center
File Server
Active Directory
Domain Controller
File Server
Active Directory
Domain Controller
AWS Directory
Service
Amazon
WorkSpaces
Desktop
DFS Replication
AD Replication
Storage Gateway
Amazon S3
Backups / Snapshots
41. Microsoft DFS-R Hybrid Deployment
virtual private cloudcorporate data center
File Server
Active Directory
Domain Controller
File Server
Active Directory
Domain Controller
AWS Directory
Service
Amazon
WorkSpaces
Desktop
DFS Replication
AD Replication
Storage Gateway
Amazon S3
Backups / Snapshots
42. What does this cost?
Service Cost
EC2 Compute $714.45
EBS Storage $46.00
Storage Gateway $125.00
S3 for SGW $604.68
S3-IA for backups $256.00
WorkSpaces (100 users) $3,500
Directory Service $0.00
Direct Connect $219.60
Business Support $546.50
Total $6,011.55
*Estimated pricing per month on demand
** Data egress fees apply
43. Moving All In w/ HA
virtual private cloud
File Server
Active Directory
Domain Controller
AWS Directory
Service
Storage Gateway
Amazon S3
Backups / Snapshots
Availability Zone C
File Server
Active Directory
Domain Controller
AWS Directory
Service
Amazon
WorkSpaces
Storage Gateway
Availability Zone B
DFS Replication
AD Replication
44. Take a Look at these Other Services
Amazon EMR Amazon
Kinesis Elastic
Transcoder
AWS OpsWorks
Amazon
WorkDocs
new!
Amazon Redshift AWS Database
Migration Service
Amazon
CloudFront
AWS
CodeCommit
AWS
CodeDeploy
AWS
CodePipeline
AWS
CloudHSM