During this session we will describe common methods used to create a Hybrid Cloud with Amazon Web Services. We will step through successful operational models, how to get started, and tools to simplify operations. We will explore topics such as networking, directories, DNS, and security. Importantly, we will cover ongoing operational and management practices.
Mark Statham, Senior Cloud Architect - Professional Services, Amazon Web Services, ASEAN
2. What we’ll cover
• What is Hybrid IT
• How customers are using AWS for Hybrid IT
• Getting started with Hybrid IT
• Integration and operations with Hybrid IT
• Next steps
5. “Hybrid IT is the result of
combining internal and external
services, usually from a combination
of internal and public clouds, in
support of a business outcome.”
Hype in 2012…
6. Day to Day Reality
“Running existing, corporate IT
systems alongside cloud
and gradually transforming those
systems to the cloud over time”
7. Real Adoption Barriers?
• Existing capital investments
• Licensing constraints
• Non x86 systems
• Not figured out the ROI, yet
“Hybrid IT, in support of a business outcome.”
9. Development and Test
Accelerate app development
• Leverage AWS platform services, Beanstalk or OpsWorks
• Focus on applications, environments in minutes
Test at scale
• With production configuration
• Create multiple parallel copies
• Automated and on-demand
Pay for what you use
• Stop or delete environments
• Archive environment configuration
10. Large Scale Compute Grids
Think bigger
• Dynamically add capacity when you need it
• Scale to 10s of thousands of cores
• Leverage limitless storage of Amazon S3 and
high performance of Amazon DynamoDB
Stay secure
• Deployed within isolated logical network
• Encryption at rest for storage
Pay for what you use
• Turn off the environment when finished and
stop paying
• Leverage EC2 Spot Fleet for best pricing
11. New Products
AWS IoT
HealthSuite
digital platform
device cloud
Think the impossible
• Don’t fear constraints
• Experiment and test hypothesizes
• Develop new products faster with the
latest technologies
Stay agile
• Adapt and pivot with managed services
• Embrace new technologies
Deliver New Value
• Rapidly grow new lines of business
• Deliver real business outcomes
12. Data Centre Consolidation
Reduce costs
• Consolidate and simplify cost structures
• Leverage AWS managed services
Be dynamic
• Respond to changing business needs,
• Deploy on-demand globally, no waiting time
• Automate operations to increase availability
Focus on your core business
• Spend time on what differentiates your business
• Focus on delivering business outcomes
13. How To Get Started
Build Hybrid
Environment
Jumpstart a
Project
Deploy Base
Services
15. Amazon Virtual Private Cloud - VPC
Extend your data center with Amazon VPC
• Create logically isolated section of AWS Cloud
• You define your own network address space
• Complete control over virtual networking environment
• Define the connectivity you need, private, Internet,
AWS services, even other VPCs
• You manage the security configurations using
security groups providing stateful firewall per instance
• Visibility into VPC network traffic flows
16. VPN
Tunnels
Customer VPN
Gateway
Directory
Server
Database
Server
Application
Server
VPC Configuration
• VPC Network: 10.100.0.0/16
• VPC Subnet 1: 10.100.0.0/23
• VPC Subnet 2: 10.100.2.0/23
• VPN Type: Dynamic BGP
Data Center Configuration
• Corporate Network: 10.96.0.0/16
• DC Network: 10.96.24.0/21
• VPN Gateway IP: 54.169.211.86
Your First Virtual Private Cloud
Availability Zone B
Application
Server
Availability Zone A
19. Managed Microsoft Active Directory
• Fully managed Microsoft Active Directory, with 99.95% SLA
• Highly Available, deployed across two Availability Zones
• Supports external trusts with existing Active Directory domains
• Deploy and operate Microsoft Exchange, SharePoint, SQL Server,
and .NET applications in the AWS cloud
• Use familiar management tooling for administration
• Seamlessly join Windows instances to domain on launch
• Supports Federation and SSO to AWS Console, without ADFS
Single
Sign-On
Simplified
Deployment
Managed
Service
20. CloudFormation Infrastructure As Code
• An easy way to create and manage a collection of AWS resources
• Allows orderly and predictable provisioning and updating of resources
• Configuration written in simple JSON notation
• Allows you to version control your AWS infrastructure
• Deploy and update stacks using console, command line or API
Template
JSON
formatted file
Stack
Configured
AWS services
CloudFormation
Framework
24. Integrating AWS Into Your Service Catalog
On-demand environments
• Example use case:
Marketing micro site for 3 months
Weeks
Later
Web
Server
Application
Server
Directory
Server
Database
Server
Web
Server
Application
Server
Directory
Server
Database
Server
Business
users
25. Web Front
End
SQL Server
Database
Active
Directory
SharePoint
Services
EC2 EC2
EC2 EC2
EC2 EC2
Integrating AWS Into Your Service Catalog
On-demand environments
• Example use case:
Marketing micro site for 3 months
• Service catalog integrated with AWS CloudFormation
• Deploy solutions within minutes, not days or weeks
• Archive and delete when no longer required
Minutes
Later
Business
users
AWS
CloudFormation
26. Operations On AWS
Integrating AWS into your operations
• AWS CloudWatch provides real-time
insight into your AWS services
• You can integrate your own metrics
27. Operations On AWS
Integrating AWS into your operations
• AWS CloudWatch provides real-time
insight into your AWS services
• You can integrate your own metrics
• Create alarms and act on alerts
• Integrate your alerting with AWS SNS
28. Operations On AWS
Integrating AWS into your operations
• AWS CloudWatch provides real-time
insight into your AWS services
• You can integrate your own metrics
• Create alarms and act on alerts
• Integrate your alerting with AWS SNS
• Your current tools still work
• Established processes still valid, but
now you can respond dynamically
29. Instance Name VPC ID Subnet ID Instance type Security Groups
i-5ef40608 SharePoint App Server vpc-ebfd0283 subnet-e1fd0289 c4.xlarge Admin, App
i-59f4060f SharePoint App Server vpc-ebfd0283 subnet-e1fd0289 c4.xlarge Admin, App
i-f6be9aa0 Web Server vpc-ebfd0283 subnet-e1fd0289 m4.xlarge Admin, Web
i-ec50e1ba Web Server vpc-ebfd0283 subnet-e1fd0289 m4.xlarge Admin, Web
i-9f50e1c9 Database Server vpc-ebfd0283 subnet-f9a51991 r3.2xlarge Admin, Database
i-77ab8f21 Database Server vpc-ebfd0283 subnet-f9a51991 r3.2xlarge Admin, Database
i-d9912f8f Directory Server vpc-ebfd0283 subnet-f9a51991 c3.medium Admin, Directory
i-407b3316 Directory Server vpc-ebfd0283 subnet-f9a51991 c3.medium Admin, Directory
Resource Tracking and Cost Allocation
Get more visibility into your infrastructure
• Describe AWS services through an API call
30. Resource Tracking and Cost Allocation
Get more visibility into your infrastructure
• Describe AWS services through an API call
• Resources in AWS can have tags
• Tags can be used to control permissions
Name: APAWSIN001
Purpose: Production
Application: SharePoint Farm 03
Business Unit: Marketing
Cost Centre: 2384234
31. Resource Tracking and Cost Allocation
Get more visibility into your infrastructure
• Describe AWS services through an API call
• Resources in AWS can have tags
• Tags can be used to control permissions, and
• Allocate costs, enabling charge back of services
32. Resource Tracking and Cost Allocation
Get more visibility into your infrastructure
• Describe AWS services through an API call
• Resources in AWS can have tags
• Tags can be used to control permissions, and
• Allocate costs, enabling charge back of services
• Dynamically generate a full inventory
33. VPN
Tunnels
Customer VPN
Gateway
Directory
Server
Database
Server
Application
Server
Jumpstart A Project
Availability Zone B
Application
Server
Availability Zone A
We’ve just got started, what’s next?
• Get lean, test a hypothesis
• Deliver new business value
• Alleviate internal constraints
• Mitigate capital expenditure
• Consolidate and reduce costs
“Hybrid IT, in support of a
business outcome.”