SlideShare a Scribd company logo
1 of 47
SAN FRANCISCO
©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
Cloud Migration, Application Modernization,
and Security for Partners
Tom Laszewski, Sr. Manager, GSI Solutions Architecture
Matt Yanchyshyn, Sr. Manager, ISV Solutions Architecture
AWS Migration Methodology
People,
process,
technology
Migration
experience
Knowledge &
training
Not primary
business activity
Fear
Attempting too
much at once
Migration challenges
Discover Design Transform Transition Operate Optimize
Plan RunBuild
• Detailed
migration plan
• Estimate effort
• Security & risk
assessment
• Network
topology
• Migrate
• Deploy
• Validate
• Assessment &
profiling
• Prioritization
• Data
requirements &
classification
• Business logic
& infrastructure
dependencies
• Pilot testing
• Transition to
support
• Release
management
• Cutover &
decommission
• Staff training
• Monitoring
• Incident
management
• Provisioning
• Monitoring-
driven
optimization
• Continuous
integration and
continuous
deployment
App migration
assessment
Re-hosting
(lift and shift)
App portfolio optimization
Re-platforming
(lift and reshape)
Migration methodology
Planning your migration
Migrating to the cloud can take one of many paths
Discover,
Assess (Enterprise
Architecture and
Applications)
Lift and Shift
(Minimal
Change)
Migration and
UAT Testing Operate
Refactor
for AWS
Application
Lift and shift
Move the App
Infrastructure
Plan Migration
and Sequencing
Determine
Migration Path
Decommission
Do Not Move
Create Cloud
Strategy
Design, Build AWS
Environment
Move the
Application
Determine
Migration
Process
Manually Move
App and Data
Third-Party Tools
AWS VM Import
Refactor
for AWS
Rebuild Application
Architecture
Vendor
S/PaaS
(if available)
Third-Party Migration Tool
Manually Move App and Data
Determine
Migration Process
Replatform
(typically legacy
applications)
Recode App
Components
Rearchitect
Application
Recode
Application
Architect AWS Environment
and Deploy App, Migrate Data
Signoff
Tuning Cutover
Org/Ops
Impact
Analysis
Identify
Ops Changes
Change
Management
Plan
End-state Architecture
Architecting your AWS environment
Design and architecture of the cloud environment is important to realize
cloud benefits such as agility and cost savings
Networking
• Convergence of
on-premises and
cloud
• Cloud-oriented
protocols
• IP scheme and
addressing
• VPC and account
configuration
Security
• SSO
• Access policies
• Least privilege
• Audits
• Compliance
• Intrusion detection
& prevention
• Logging
Governance
• Billing & cost
management
• Service
catalogs
• Configuration
management
• Architecture
Standards
• SLA/SLO
• Procurement
Data management
• RPO/RTO
• Retention policies
• Replication
• Storage
optimization
• ILM
• Data quality
Monitoring
• Notifications &
alerting
• Application level
awareness
• Thresholds
• Service desk
integration
On-premises infrastructure mapped to AWS
Technology On-premises AWS
Network VPN, MPLS Amazon VPC, AWS Direct Connect
Storage DAS, SAN, NAS, SSD
Amazon Elastic Block Store, Amazon S3, Amazon EC2
instance storage, distributed & clustered FS on Amazon EC2
Compute Hardware, virtualization Amazon EC2, Amazon ECS, AWS Lambda
Content delivery Third-party CDN Amazon CloudFront
Databases
MS SQL Server, MySQL, Oracle, DB2,
PostgreSQL, MongoDB,. …
Amazon RDS, Amazon DynamoDB, Amazon Amazon
ElastiCache, DB software on Amazon EC2
Load balancing Hardware and software load balancers Elastic Load Balancing, software load balancers
Scaling & cluster
management
Hardware and software clustering
tools
Auto Scaling, software clustering solutions
DNS BIND, Windows Server, third party Amazon Route 53, third-party DNS software on EC2
Technology On-premises AWS
Analytics & data warehouse
Hadoop, Vertica, Cassandra, specialized
hardware and software
Amazon EMR, Amazon Redshift, software on Amazon EC2
Messaging and workflow RabbitMQ, ActiveMQ, Kafka, … Amazon SQS, Amazon SNS, Amazon SWF, software on EC2
Caching Redis, Memcached, … Amazon ElastiCache, Memcached, SAP Hana
Archiving Tape library, off-site data storage Amazon S3, Amazon Glacier
Email Email software Amazon SES
Identity, authoritzation, &
authentication
AD/ADFS, LDAP, SAML, third party…
AWS Identity and Access Management/AWS STS, Amazon
Cognito, AWS Directory Service, AD & LDAP on Amazon EC2
Deployment & configuration
management
Chef, Puppet, Salt, Ansible, PowerShell
DSC
AWS CloudFormation, AWS OpsWorks, AWS Elastic Beanstalk,
AWS CodeDeploy, Amazon ECS
Management and
monitoring
CA, BMC, Rightscale
Amazon CloudWatch, AWS Config, AWS CloudTrail, AWS
Trusted Advisor
On-premises infrastructure mapped to AWS
Security Comes First!
AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge
locations
AWS is responsible for the security of the cloud
AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge
Locations
Client-side data
encryption
Server-side data
encryption
Network traffic
protection
Platform, applications, identity & access management
Operating system, network, & firewall configuration
Customer applications & contentCustomers
Customers configure their security in the cloud
AWS security offerings
Auditability
• Compliance
reports
Visibility
• Amazon CloudWatch
• AWS CloudTrail
• AWS Config
• “Describe” APIs
Control
• IAM
• AWS CloudHSM
• AWS CloudFormation
• AWS KMS
Defense-in-depth
AWS compliance
program
Third-party
attestations
Physical
Security groups
VPC configuration
Network
Web application
firewalls
Bastion hosts
Encryption
in-transit
Hardened AMIs
OS and app
patch mgmt.
IAM roles for EC2
IAM credentials
Systemsecurity
Logical access
controls
User authentication
Encryption
at-rest
Datasecurity
Encryption: data at rest
EBS
Volume encryption
EBS encryption OS tools
AWS
marketplace/partner
Object encryption
S3 server side
encryption (sse)
S3 SSE w/ customer
provided keys Client-side encryption
Database encryption
Amazon Redshift
encryption
RDS
PostgreSQL
KMS
RDS
MYSQL
KMS
RDS
ORACLE
TDE/HSM
RDS MSSQL
TDE
Built-in firewall: security groups and NACLs
• VPC security groups (mandatory)
– Instance level, stateful
– Supports ALLOW rules only
– Default deny inbound, allow outbound
– Use as “whitelist” – least privilege
• VPC NACLs (optional)
– Subnet level, stateless
– Supports ALLOW and DENY
– Default allow all
– Use as “blacklist”/“guardrails”(port 135,21,23…)
• Separation of duties
• Changes audited via AWS CloudTrail
• Additional cost for SGs/NACLs: $0
Physical Interfaces
Customer 1
Hypervisor
Customer 2 Customer n…
…
Virtual Interfaces
Firewall
Customer 1
Security
Groups
Customer 2
Security
Groups
Customer n
Security
Groups
Security Groups
AWS partner solutions extend & enhance security
• Some examples:
– Cisco CSR (VPN)
– Sophos UTM (firewall, …)
– Alert Logic Web Security Manager (WAF)
– Alert Logic Threat Manager (NIDS)
– Trend Micro Deep Security (IDPS)
– Trend Micro SecureCloud (encryption)
– Dome9 SecOps (security group audit & management)
– …
Migration Approach & Best Practices
Identifying applications to move
Standalone applications are easy to move
Application with loosely coupled SOA-based
integrations are good candidates
Tightly integrated application needs more planning
‘Low hanging fruit’
• Dev/Test applications, self-contained web applications (LAMP stack), social media product
marketing campaigns, training envrionments, pre-sales demo portal, software downloads, trial
applications
Watch out for
• 32 bit, non-Linux/Windows, multi-cast (Oracle RAC), client/server applications, engineered
systems (Exadata, Netezza), massive file servers, vertically challenged software/applications
Getting a bread box estimate: minimum information
Compute : Number of servers/VMs including RAM,
CPU, OS, and boot drive size (Amazon EC2)
Storage mapping to transactional, backup, archival,
and log/file system/applications (Amazon EBS, Amazon Glacier, and Amazon S3)
Data transfer out for networking
Internet or dedicated networking including security
requirements (AWS Direct Connect and VPN)
Region where processing is happening
Getting a bread box estimate: nice to have
HA requirements for each workload (ELB, Route53)
Scalability requirements for each workload (ELB,
Route53, Auto Scaling, CloudFront)
DR requirements for each workload
Storage IOPS requirements for each workload
Compute requirements for management/monitoring
Backup requirements for each workload that can
not be supported by EBS snapshots
Getting a bread box estimate: really nice
Workload stratification file servers, security, RDBMS,
ERP, big data, security, management/monitoring etc.
HIPPA and PCI requirements for each workload
HPC requirements for each workload
Extremely high CPU, memory requirements
Top third-party vendors for packaged apps
IDS/IPS, WAF, management, monitoring, logging, etc.
Invest in proof of concept early
Proof of concept will answer tons of questions and get your
feet wet with AWS quickly
Will help identify gaps and touch points
Give you a good estimation of the migration costs
Give you a good estimation of the AWS runtime costs
Migrating data into AWS cloud
• File transfer to Amazon S3 or EC2 using S/FTP, SCP, UDP, Attunity
• NFS mount accessible from on premise and AWS
• Configure on-premises backup application (like NetBackup, CA,
CommVault, Riverbed) to use Amazon S3
• AWS Storage Gateway for asynchronous backup to Amazon S3
• AWS Import/Export service: Ship your disk to AWS
• Database backup tools like Oracle Secure Backup
• Database replication tools like GoldenGate, Dbvisit
• AWS Direct Connect 100 Mbps to 10 Gbps
Migrating data into AWS
Data size*
* relative to Internet bandwidth and latency
Datavelocityrequired
UDP transfer software
(e.g., Aspera, Tsunami, …)
Attunity CloudBeam
AWS Storage Gateway,
Riverbed, NFS
AWS Import / ExportTransfer to S3
over Internet
One-time upload with
constant delta updates
Days
Hours
TBsGBs
Security Best Practices
Enforce consistent security on your hosts
Launch
instance
EC2
AMI catalog Running instance
Your instance
Hardening
Audit and logging
Vulnerability management
Malware and HIPS
Whitelisting and integrity
User administration
Operating system
Configure
instance
Configure and harden EC2 instances based on security and compliance needs
Host-based protection software
Restrict access where possible
Connect to existing services
Separate static assets
and move servers away from the edge
Inbound HTTP
CloudFront
Amazon S3
WAFDynamic
App
App
AppPeering
Identity and Access Management
Create appropriate principles, authorization, and privileges for AWS resources
Multi-factor authentication
AWS Identify and
Access Management
Policies
User
Groups
Roles
Principle of least privilege
User User Hardware Virtual
IAM AWS administrative users
Root account
Note: Always associate the account owner ID with
an MFA device and store it in a secured place!
AWS IAM hierarchy of privileges
AWS account owner
(root)
AWS IAM
User
Temporary
security
creds
Permissions Example
Unrestricted access to all
enabled services and
resources.
Action: *
Effect: Allow
Resource: *
(implicit)
Access restricted by
group and user policies
Action:
[‘s3:*’,’sts:Get*’]
Effect: Allow
Resource: *
Access restricted by
generating identity and
further by policies used
to generate token
Action: [ ‘s3:Get*’ ]
Effect: Allow
Resource:
‘arn:aws:s3:::mybucket/*’
Enforce principle of least privilege with Identity and Access Management (IAM)
users, groups, and policies and temporary credentials
Principle of least privilege with IAM
• Login to an account with a less privileged user
– Read-only
– EC2 launch-only
• Change role for privileged action
– Administer IAM
– Terminate instance
– Delete snapshots
Protection against accidents or mistakes
(e.g., similar to DisableApiTermination=true)
Consolidate your IAM users
• Put all IAM users and groups in
one account
• All other accounts use AWS IAM
roles
Best practices:
• Tie into consolidated billing hierarchy
• Users in IAM account are only
authorized to assume roles in other
accounts
• No AWS-billable resources in this
account
Governance through IAM policies
...
"Effect": "Deny",
"Action": "ec2:RunInstances",
"Resource": [
"arn:aws:ec2:region:account:network-interface/*"
],
"Condition": {
"ArnNotEquals": {
"ec2:Subnet": "arn:aws:ec2:region:account:subnet/subnet-12345678"
}
}
},
{
"Effect": "Allow",
"Action": "ec2:RunInstances",
"Resource": [
"arn:aws:ec2:region::image/ami-12345678",
"arn:aws:ec2:region:account:subnet/subnet-12345678",
"arn:aws:ec2:region:account:security-group/sg-12345678"
]
"Condition": {
"StringEquals": {
"ec2:ResourceTag/BillingCode": “4000"
},
"StringEquals": {
"ec2:ResourceTag/Environnent": “Prod”
...
Deny RunInstances without
appropriate subnet
Require RunInstances to
have specific AMI, subnet,
security group, …
Require RunInstances to
have specific tags
Implementing “smart” AWS policies
• The 5 Ws of auditability:
– Who?
– What?
– Where?
– When?
– Why?
• What we really want is an “if and only if” statement:
– You can deploy this change in production “if and only if” it
actually worked in test
Controlled by AWS IAM
Not controlled by IAM
Federate with AWS Directory Service & IAM
Directory Users
Directory Groups
IAM_Admins
Read_Only
EC2_Admin
Group ‘n’
…
AWS Directory Services
Mgmt Acct
IAM_Admin
IAM Role Mapping
Read_Only
EC2_Admin
Role ‘n’
Case Study:
Condé Nast Data Center Migration
Condé Nast data center migration drivers
• Existing data center needed >$1 million in upgrades
• Financial pressure to close facility by July 2014
• Increase resource efficiency, both people and technology
Condé Nast data center migration scope
• 47 application groups
• 350+ servers
• 400+ TB storage
Application migration methodology
• Condé Nast provided a detailed inventory of their Delaware DC assets
• Utilization metrics were critical for Reserved Instance analysis and to
explore elasticity
• Application assessment determined migration order
• Migration scheduled in waves
• Change window: Migrations occurred over weekends
• Coordinating the change window with various teams was key
• Applications run in hybrid mode during the migration
• Once a server was migrated successfully it was decommissioned
Application migration: virtual machines
• Condé Nast was highly virtualized (VMware)
• Veeam: stage VMs to Amazon S3
– Supports change block tracking which minimizes downtime during migration
• AWS VM Import/Export: migrate staged VMs to Amazon EC2
– Eliminates VM data migration as a part of the change window
• Large databases: created directly on AWS and then data
synchronized
AWS VPC and networking
Key criteria to support waves of migration:
• AWS Direct Connect: 10 GB DX to AWS
• IP addressing: Avoid overlapping IPs
• Service names
AWS Identity and Access Management (IAM)
Key criteria:
• IAM policies
• Identify groups and permissions
• Application tagging
Phased migration
• Live migration from premises was too slow
– Large change windows meant that production systems were
frozen for a long time
• Solutions:
– Use a tool (Veeam) to backup and ongoing synchronization of
VMs to Amazon S3
– Use a staging farm to run VM Import/Export
VM Import/Export considerations
• Root partitions cannot span multiple disks
– Solution: Eliminate this on premises before migration
• Volumes > 1 TB not supported
– Solution: Spread data across volumes
• VM Import/Export requires stream-optimized VMDK
– Solution: conversion process was scripted
• Nonvirtualized servers were virtualized on premises
before migration
• Unsupported operating systems were upgraded to
supported OS before migrating
Lessons learned at Condé Nast
• Know your limitations
• Evaluate and understand your infrastructure environment
• Sign-up for enterprise support early and involve a TAM early on
• Get your operations staff trained on AWS
• Challenge yourself and make sound architecture decisions;
changing in future can be difficult
• Document every decision made, especially the anti-patterns
• Work directly with application owners; nothing beats hands-on
experience
SAN FRANCISCO

More Related Content

What's hot

Data Center Migration to the AWS Cloud
Data Center Migration to the AWS CloudData Center Migration to the AWS Cloud
Data Center Migration to the AWS CloudTom Laszewski
 
Cloud migration strategies
Cloud migration strategiesCloud migration strategies
Cloud migration strategiesSogetiLabs
 
Considerations for your Cloud Journey
Considerations for your Cloud JourneyConsiderations for your Cloud Journey
Considerations for your Cloud JourneyAmazon Web Services
 
Executing a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWSExecuting a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWSAmazon Web Services
 
Architect your app modernization journey with containers on Microsoft Azure
Architect your app modernization journey with containers on Microsoft AzureArchitect your app modernization journey with containers on Microsoft Azure
Architect your app modernization journey with containers on Microsoft AzureDavide Benvegnù
 
Azure Migrate
Azure MigrateAzure Migrate
Azure MigrateMustafa
 
Cloud Migration Cookbook: A Guide To Moving Your Apps To The Cloud
Cloud Migration Cookbook: A Guide To Moving Your Apps To The CloudCloud Migration Cookbook: A Guide To Moving Your Apps To The Cloud
Cloud Migration Cookbook: A Guide To Moving Your Apps To The CloudNew Relic
 
Cloud Migration Strategy and Best Practices
Cloud Migration Strategy and Best PracticesCloud Migration Strategy and Best Practices
Cloud Migration Strategy and Best PracticesQBurst
 
Azure cloud migration simplified
Azure cloud migration simplifiedAzure cloud migration simplified
Azure cloud migration simplifiedGirlo
 
Migrating Enterprise Applications to AWS: Best Practices & Techniques (ENT303...
Migrating Enterprise Applications to AWS: Best Practices & Techniques (ENT303...Migrating Enterprise Applications to AWS: Best Practices & Techniques (ENT303...
Migrating Enterprise Applications to AWS: Best Practices & Techniques (ENT303...Amazon Web Services
 
Cloud Migration, Application Modernization and Security for Partners
Cloud Migration, Application Modernization and Security for PartnersCloud Migration, Application Modernization and Security for Partners
Cloud Migration, Application Modernization and Security for PartnersAmazon Web Services
 
Cloud Adoption in the Enterprise
Cloud Adoption in the EnterpriseCloud Adoption in the Enterprise
Cloud Adoption in the EnterpriseAmazon Web Services
 

What's hot (20)

Data Center Migration to the AWS Cloud
Data Center Migration to the AWS CloudData Center Migration to the AWS Cloud
Data Center Migration to the AWS Cloud
 
Migration Planning
Migration PlanningMigration Planning
Migration Planning
 
Cloud migration strategies
Cloud migration strategiesCloud migration strategies
Cloud migration strategies
 
Considerations for your Cloud Journey
Considerations for your Cloud JourneyConsiderations for your Cloud Journey
Considerations for your Cloud Journey
 
Executing a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWSExecuting a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWS
 
Architect your app modernization journey with containers on Microsoft Azure
Architect your app modernization journey with containers on Microsoft AzureArchitect your app modernization journey with containers on Microsoft Azure
Architect your app modernization journey with containers on Microsoft Azure
 
Cloud Migration: A How-To Guide
Cloud Migration: A How-To GuideCloud Migration: A How-To Guide
Cloud Migration: A How-To Guide
 
Azure Migrate
Azure MigrateAzure Migrate
Azure Migrate
 
Migrating to the Cloud
Migrating to the CloudMigrating to the Cloud
Migrating to the Cloud
 
App Modernization with Microsoft Azure
App Modernization with Microsoft AzureApp Modernization with Microsoft Azure
App Modernization with Microsoft Azure
 
Cloud Migration Cookbook: A Guide To Moving Your Apps To The Cloud
Cloud Migration Cookbook: A Guide To Moving Your Apps To The CloudCloud Migration Cookbook: A Guide To Moving Your Apps To The Cloud
Cloud Migration Cookbook: A Guide To Moving Your Apps To The Cloud
 
Cloud Migration Strategy Framework
Cloud Migration Strategy FrameworkCloud Migration Strategy Framework
Cloud Migration Strategy Framework
 
Building Your Cloud Strategy
Building Your Cloud StrategyBuilding Your Cloud Strategy
Building Your Cloud Strategy
 
Cloud Migration Strategy and Best Practices
Cloud Migration Strategy and Best PracticesCloud Migration Strategy and Best Practices
Cloud Migration Strategy and Best Practices
 
Application Migrations
Application MigrationsApplication Migrations
Application Migrations
 
Azure cloud migration simplified
Azure cloud migration simplifiedAzure cloud migration simplified
Azure cloud migration simplified
 
Migrating Enterprise Applications to AWS: Best Practices & Techniques (ENT303...
Migrating Enterprise Applications to AWS: Best Practices & Techniques (ENT303...Migrating Enterprise Applications to AWS: Best Practices & Techniques (ENT303...
Migrating Enterprise Applications to AWS: Best Practices & Techniques (ENT303...
 
Cloud Migration, Application Modernization and Security for Partners
Cloud Migration, Application Modernization and Security for PartnersCloud Migration, Application Modernization and Security for Partners
Cloud Migration, Application Modernization and Security for Partners
 
Cloud Adoption in the Enterprise
Cloud Adoption in the EnterpriseCloud Adoption in the Enterprise
Cloud Adoption in the Enterprise
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing Zone
 

Viewers also liked

Security as an Enabler – Cloud Security
Security as an Enabler – Cloud SecuritySecurity as an Enabler – Cloud Security
Security as an Enabler – Cloud SecurityTom Laszewski
 
Migrating to Cloud - A Step by Step
Migrating to Cloud - A Step by Step Migrating to Cloud - A Step by Step
Migrating to Cloud - A Step by Step Imaginea
 
CSC AWS re:Invent Enterprise DevOps session
CSC AWS re:Invent Enterprise DevOps sessionCSC AWS re:Invent Enterprise DevOps session
CSC AWS re:Invent Enterprise DevOps sessionTom Laszewski
 
Capgemini Cloud Assessment - A Pathway to Enterprise Cloud Migration
Capgemini Cloud Assessment - A Pathway to Enterprise Cloud MigrationCapgemini Cloud Assessment - A Pathway to Enterprise Cloud Migration
Capgemini Cloud Assessment - A Pathway to Enterprise Cloud MigrationFloyd DCosta
 
Oracle COTS Applications on AWS
Oracle COTS Applications on AWSOracle COTS Applications on AWS
Oracle COTS Applications on AWSTom Laszewski
 
Migrating Traditional Apps from On-Premises to the Hybrid Cloud
Migrating Traditional Apps from On-Premises to the Hybrid CloudMigrating Traditional Apps from On-Premises to the Hybrid Cloud
Migrating Traditional Apps from On-Premises to the Hybrid CloudRackspace
 
Applying systems thinking to AWS enterprise application migration
Applying systems thinking to AWS enterprise application migrationApplying systems thinking to AWS enterprise application migration
Applying systems thinking to AWS enterprise application migrationKacy Clarke
 
Data SLA in the public cloud
Data SLA in the public cloudData SLA in the public cloud
Data SLA in the public cloudLiran Zelkha
 
The Path To Cloud - an Infograph on Cloud Migration
The Path To Cloud - an Infograph on Cloud MigrationThe Path To Cloud - an Infograph on Cloud Migration
The Path To Cloud - an Infograph on Cloud MigrationInApp
 
Innovation with Open Source: The New South Wales Judicial Commission experience
Innovation with Open Source: The New South Wales Judicial Commission experienceInnovation with Open Source: The New South Wales Judicial Commission experience
Innovation with Open Source: The New South Wales Judicial Commission experienceLinuxmalaysia Malaysia
 
Aims2011 slacc-presentation final-version
Aims2011 slacc-presentation final-versionAims2011 slacc-presentation final-version
Aims2011 slacc-presentation final-versionictseserv
 
reliability based design optimization for cloud migration
reliability based design optimization for cloud migrationreliability based design optimization for cloud migration
reliability based design optimization for cloud migrationNishmitha B
 
Cloud migration pattern using microservices
Cloud migration pattern using microservicesCloud migration pattern using microservices
Cloud migration pattern using microservicesSeong-Bok Lee
 
5 Cloud Migration Experiences Not to Be Repeated
5 Cloud Migration Experiences Not to Be Repeated5 Cloud Migration Experiences Not to Be Repeated
5 Cloud Migration Experiences Not to Be RepeatedHostway|HOSTING
 
Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...
Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...
Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...SLA-Ready Network
 
Migrating enterprise workloads to AWS
Migrating enterprise workloads to AWSMigrating enterprise workloads to AWS
Migrating enterprise workloads to AWSTom Laszewski
 
Tracking SLAs In Cloud
Tracking SLAs In CloudTracking SLAs In Cloud
Tracking SLAs In CloudSatish Agrawal
 
Forecast 2014 Keynote: State of Cloud Migration…What's Occurring Now, and Wha...
Forecast 2014 Keynote: State of Cloud Migration…What's Occurring Now, and Wha...Forecast 2014 Keynote: State of Cloud Migration…What's Occurring Now, and Wha...
Forecast 2014 Keynote: State of Cloud Migration…What's Occurring Now, and Wha...Open Data Center Alliance
 

Viewers also liked (20)

Security as an Enabler – Cloud Security
Security as an Enabler – Cloud SecuritySecurity as an Enabler – Cloud Security
Security as an Enabler – Cloud Security
 
Migrating to Cloud - A Step by Step
Migrating to Cloud - A Step by Step Migrating to Cloud - A Step by Step
Migrating to Cloud - A Step by Step
 
CSC AWS re:Invent Enterprise DevOps session
CSC AWS re:Invent Enterprise DevOps sessionCSC AWS re:Invent Enterprise DevOps session
CSC AWS re:Invent Enterprise DevOps session
 
Cloud Migration: Moving to the Cloud
Cloud Migration: Moving to the CloudCloud Migration: Moving to the Cloud
Cloud Migration: Moving to the Cloud
 
Capgemini Cloud Assessment - A Pathway to Enterprise Cloud Migration
Capgemini Cloud Assessment - A Pathway to Enterprise Cloud MigrationCapgemini Cloud Assessment - A Pathway to Enterprise Cloud Migration
Capgemini Cloud Assessment - A Pathway to Enterprise Cloud Migration
 
Oracle COTS Applications on AWS
Oracle COTS Applications on AWSOracle COTS Applications on AWS
Oracle COTS Applications on AWS
 
Migrating Traditional Apps from On-Premises to the Hybrid Cloud
Migrating Traditional Apps from On-Premises to the Hybrid CloudMigrating Traditional Apps from On-Premises to the Hybrid Cloud
Migrating Traditional Apps from On-Premises to the Hybrid Cloud
 
Applying systems thinking to AWS enterprise application migration
Applying systems thinking to AWS enterprise application migrationApplying systems thinking to AWS enterprise application migration
Applying systems thinking to AWS enterprise application migration
 
Data SLA in the public cloud
Data SLA in the public cloudData SLA in the public cloud
Data SLA in the public cloud
 
Metrics
MetricsMetrics
Metrics
 
The Path To Cloud - an Infograph on Cloud Migration
The Path To Cloud - an Infograph on Cloud MigrationThe Path To Cloud - an Infograph on Cloud Migration
The Path To Cloud - an Infograph on Cloud Migration
 
Innovation with Open Source: The New South Wales Judicial Commission experience
Innovation with Open Source: The New South Wales Judicial Commission experienceInnovation with Open Source: The New South Wales Judicial Commission experience
Innovation with Open Source: The New South Wales Judicial Commission experience
 
Aims2011 slacc-presentation final-version
Aims2011 slacc-presentation final-versionAims2011 slacc-presentation final-version
Aims2011 slacc-presentation final-version
 
reliability based design optimization for cloud migration
reliability based design optimization for cloud migrationreliability based design optimization for cloud migration
reliability based design optimization for cloud migration
 
Cloud migration pattern using microservices
Cloud migration pattern using microservicesCloud migration pattern using microservices
Cloud migration pattern using microservices
 
5 Cloud Migration Experiences Not to Be Repeated
5 Cloud Migration Experiences Not to Be Repeated5 Cloud Migration Experiences Not to Be Repeated
5 Cloud Migration Experiences Not to Be Repeated
 
Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...
Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...
Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...
 
Migrating enterprise workloads to AWS
Migrating enterprise workloads to AWSMigrating enterprise workloads to AWS
Migrating enterprise workloads to AWS
 
Tracking SLAs In Cloud
Tracking SLAs In CloudTracking SLAs In Cloud
Tracking SLAs In Cloud
 
Forecast 2014 Keynote: State of Cloud Migration…What's Occurring Now, and Wha...
Forecast 2014 Keynote: State of Cloud Migration…What's Occurring Now, and Wha...Forecast 2014 Keynote: State of Cloud Migration…What's Occurring Now, and Wha...
Forecast 2014 Keynote: State of Cloud Migration…What's Occurring Now, and Wha...
 

Similar to Cloud Migration, Application Modernization, and Security

AWS Summit Stockholm 2014 – B2 – Migrating enterprise applications to AWS
AWS Summit Stockholm 2014 – B2 – Migrating enterprise applications to AWSAWS Summit Stockholm 2014 – B2 – Migrating enterprise applications to AWS
AWS Summit Stockholm 2014 – B2 – Migrating enterprise applications to AWSAmazon Web Services
 
Building compelling Enterprise Solutions on AWS
Building compelling Enterprise Solutions on AWSBuilding compelling Enterprise Solutions on AWS
Building compelling Enterprise Solutions on AWSAmazon Web Services
 
Migrating Enterprise Applications to AWS
Migrating Enterprise Applications to AWSMigrating Enterprise Applications to AWS
Migrating Enterprise Applications to AWSTom Laszewski
 
Forge - DevCon 2016: Developing & Deploying Secure, Scalable Applications on ...
Forge - DevCon 2016: Developing & Deploying Secure, Scalable Applications on ...Forge - DevCon 2016: Developing & Deploying Secure, Scalable Applications on ...
Forge - DevCon 2016: Developing & Deploying Secure, Scalable Applications on ...Autodesk
 
From your First Migration to Mass migrations.
From your First Migration to Mass migrations. From your First Migration to Mass migrations.
From your First Migration to Mass migrations. Amazon Web Services
 
How to Migrate your Startup to AWS
How to Migrate your Startup to AWSHow to Migrate your Startup to AWS
How to Migrate your Startup to AWSAmazon Web Services
 
Migrating Existing Applications to AWS Cloud
Migrating Existing Applications to AWS CloudMigrating Existing Applications to AWS Cloud
Migrating Existing Applications to AWS Cloudjineshvaria
 
AWS Webcast - Migrating your Data Center to the Cloud
AWS Webcast - Migrating your Data Center to the CloudAWS Webcast - Migrating your Data Center to the Cloud
AWS Webcast - Migrating your Data Center to the CloudAmazon Web Services
 
AWS Cloud Kata 2014 | Jakarta - 2-1 AWS Intro and Scale 2014
AWS Cloud Kata 2014 | Jakarta - 2-1 AWS Intro and Scale 2014AWS Cloud Kata 2014 | Jakarta - 2-1 AWS Intro and Scale 2014
AWS Cloud Kata 2014 | Jakarta - 2-1 AWS Intro and Scale 2014Amazon Web Services
 
Increase Speed and Agility with Amazon Web Services
Increase Speed and Agility with Amazon Web ServicesIncrease Speed and Agility with Amazon Web Services
Increase Speed and Agility with Amazon Web ServicesAmazon Web Services
 
Increase Speed and Agility with Amazon Web Services
Increase Speed and Agility with Amazon Web ServicesIncrease Speed and Agility with Amazon Web Services
Increase Speed and Agility with Amazon Web ServicesAmazon Web Services
 
Migrating to the cloud - Windows on AWS
Migrating to the cloud - Windows on AWSMigrating to the cloud - Windows on AWS
Migrating to the cloud - Windows on AWSAmazon Web Services
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceAmazon Web Services
 
Effective and Efficient Computing for the Government
Effective and Efficient Computing for the GovernmentEffective and Efficient Computing for the Government
Effective and Efficient Computing for the GovernmentAmazon Web Services
 
The AWS Shared Responsibility Model: Presented by Amazon Web Services
The AWS Shared Responsibility Model: Presented by Amazon Web ServicesThe AWS Shared Responsibility Model: Presented by Amazon Web Services
The AWS Shared Responsibility Model: Presented by Amazon Web ServicesAlert Logic
 
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...Amazon Web Services
 

Similar to Cloud Migration, Application Modernization, and Security (20)

AWS Summit Stockholm 2014 – B2 – Migrating enterprise applications to AWS
AWS Summit Stockholm 2014 – B2 – Migrating enterprise applications to AWSAWS Summit Stockholm 2014 – B2 – Migrating enterprise applications to AWS
AWS Summit Stockholm 2014 – B2 – Migrating enterprise applications to AWS
 
Building compelling Enterprise Solutions on AWS
Building compelling Enterprise Solutions on AWSBuilding compelling Enterprise Solutions on AWS
Building compelling Enterprise Solutions on AWS
 
Migrating Enterprise Applications to AWS
Migrating Enterprise Applications to AWSMigrating Enterprise Applications to AWS
Migrating Enterprise Applications to AWS
 
Forge - DevCon 2016: Developing & Deploying Secure, Scalable Applications on ...
Forge - DevCon 2016: Developing & Deploying Secure, Scalable Applications on ...Forge - DevCon 2016: Developing & Deploying Secure, Scalable Applications on ...
Forge - DevCon 2016: Developing & Deploying Secure, Scalable Applications on ...
 
From your First Migration to Mass migrations.
From your First Migration to Mass migrations. From your First Migration to Mass migrations.
From your First Migration to Mass migrations.
 
Solution architecture Amazon web services
Solution architecture Amazon web servicesSolution architecture Amazon web services
Solution architecture Amazon web services
 
How to Migrate your Startup to AWS
How to Migrate your Startup to AWSHow to Migrate your Startup to AWS
How to Migrate your Startup to AWS
 
Migrating Existing Applications to AWS Cloud
Migrating Existing Applications to AWS CloudMigrating Existing Applications to AWS Cloud
Migrating Existing Applications to AWS Cloud
 
AWS Webcast - Migrating your Data Center to the Cloud
AWS Webcast - Migrating your Data Center to the CloudAWS Webcast - Migrating your Data Center to the Cloud
AWS Webcast - Migrating your Data Center to the Cloud
 
AWS Cloud Kata 2014 | Jakarta - 2-1 AWS Intro and Scale 2014
AWS Cloud Kata 2014 | Jakarta - 2-1 AWS Intro and Scale 2014AWS Cloud Kata 2014 | Jakarta - 2-1 AWS Intro and Scale 2014
AWS Cloud Kata 2014 | Jakarta - 2-1 AWS Intro and Scale 2014
 
Increase Speed and Agility with Amazon Web Services
Increase Speed and Agility with Amazon Web ServicesIncrease Speed and Agility with Amazon Web Services
Increase Speed and Agility with Amazon Web Services
 
Increase Speed and Agility with Amazon Web Services
Increase Speed and Agility with Amazon Web ServicesIncrease Speed and Agility with Amazon Web Services
Increase Speed and Agility with Amazon Web Services
 
Migrating to the cloud - Windows on AWS
Migrating to the cloud - Windows on AWSMigrating to the cloud - Windows on AWS
Migrating to the cloud - Windows on AWS
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database Service
 
Effective and Efficient Computing for the Government
Effective and Efficient Computing for the GovernmentEffective and Efficient Computing for the Government
Effective and Efficient Computing for the Government
 
AWS for Startups
AWS for StartupsAWS for Startups
AWS for Startups
 
The AWS Shared Responsibility Model: Presented by Amazon Web Services
The AWS Shared Responsibility Model: Presented by Amazon Web ServicesThe AWS Shared Responsibility Model: Presented by Amazon Web Services
The AWS Shared Responsibility Model: Presented by Amazon Web Services
 
Deep Dive: Amazon RDS
Deep Dive: Amazon RDSDeep Dive: Amazon RDS
Deep Dive: Amazon RDS
 
Solution Architecture - AWS
Solution Architecture - AWSSolution Architecture - AWS
Solution Architecture - AWS
 
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
 

More from Tom Laszewski

AWS Private Equity Transformation Advisory
AWS Private Equity Transformation AdvisoryAWS Private Equity Transformation Advisory
AWS Private Equity Transformation AdvisoryTom Laszewski
 
Organizing for faster innovation - People, process, culture, and technology
Organizing for faster innovation - People, process, culture, and technologyOrganizing for faster innovation - People, process, culture, and technology
Organizing for faster innovation - People, process, culture, and technologyTom Laszewski
 
Creating an Operating Model to enable a high frequency organization
Creating an Operating Model to enable a high frequency organizationCreating an Operating Model to enable a high frequency organization
Creating an Operating Model to enable a high frequency organizationTom Laszewski
 
Technical Due Diligence with AWS
Technical Due Diligence with AWSTechnical Due Diligence with AWS
Technical Due Diligence with AWSTom Laszewski
 
AWS Cloud Center Excellence Quick Start Prescriptive Guidance
AWS Cloud Center Excellence Quick Start Prescriptive GuidanceAWS Cloud Center Excellence Quick Start Prescriptive Guidance
AWS Cloud Center Excellence Quick Start Prescriptive GuidanceTom Laszewski
 
AWS Technical Due Diligence Workshop Session Two
AWS Technical Due Diligence Workshop Session TwoAWS Technical Due Diligence Workshop Session Two
AWS Technical Due Diligence Workshop Session TwoTom Laszewski
 
AWS Technical Due Diligence Workshop Session One
AWS Technical Due Diligence Workshop Session OneAWS Technical Due Diligence Workshop Session One
AWS Technical Due Diligence Workshop Session OneTom Laszewski
 
Post transaction cloud value creation
Post transaction cloud value creation Post transaction cloud value creation
Post transaction cloud value creation Tom Laszewski
 
Private Equity Technical Due Diligence Value Creation
Private Equity Technical Due Diligence Value CreationPrivate Equity Technical Due Diligence Value Creation
Private Equity Technical Due Diligence Value CreationTom Laszewski
 
Cloud Enablement Engine Role Definition and Mapping
Cloud Enablement Engine Role Definition and MappingCloud Enablement Engine Role Definition and Mapping
Cloud Enablement Engine Role Definition and MappingTom Laszewski
 
Private Equity Value Creation Carve Outs, Divestitures and mergers
Private Equity Value Creation Carve Outs, Divestitures and mergersPrivate Equity Value Creation Carve Outs, Divestitures and mergers
Private Equity Value Creation Carve Outs, Divestitures and mergersTom Laszewski
 
AWS Technical Due Diligence Executive Overview
AWS Technical Due Diligence Executive Overview AWS Technical Due Diligence Executive Overview
AWS Technical Due Diligence Executive Overview Tom Laszewski
 
AWS Techical Due Diligence to post transaction execution for M&A
AWS Techical Due Diligence to post transaction execution for M&A AWS Techical Due Diligence to post transaction execution for M&A
AWS Techical Due Diligence to post transaction execution for M&A Tom Laszewski
 
Hybrid Cloud on AWS: Foundational Layers and AWS Services
Hybrid Cloud on AWS: Foundational Layers and AWS ServicesHybrid Cloud on AWS: Foundational Layers and AWS Services
Hybrid Cloud on AWS: Foundational Layers and AWS ServicesTom Laszewski
 
Migrating thousands of workloads to AWS at enterprise scale
Migrating thousands of workloads to AWS at enterprise scaleMigrating thousands of workloads to AWS at enterprise scale
Migrating thousands of workloads to AWS at enterprise scaleTom Laszewski
 
Operating and Managing Hybrid Cloud on AWS
Operating and Managing Hybrid Cloud on AWSOperating and Managing Hybrid Cloud on AWS
Operating and Managing Hybrid Cloud on AWSTom Laszewski
 
Monolithic to Microservices Demystified
Monolithic to Microservices DemystifiedMonolithic to Microservices Demystified
Monolithic to Microservices DemystifiedTom Laszewski
 
AWS Cloud Adoption Framework and Workshops
AWS Cloud Adoption Framework and WorkshopsAWS Cloud Adoption Framework and Workshops
AWS Cloud Adoption Framework and WorkshopsTom Laszewski
 
DevOps, CI/CD, cost management, and security on AWS
DevOps, CI/CD, cost management, and security on AWSDevOps, CI/CD, cost management, and security on AWS
DevOps, CI/CD, cost management, and security on AWSTom Laszewski
 
Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring
Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring
Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring Tom Laszewski
 

More from Tom Laszewski (20)

AWS Private Equity Transformation Advisory
AWS Private Equity Transformation AdvisoryAWS Private Equity Transformation Advisory
AWS Private Equity Transformation Advisory
 
Organizing for faster innovation - People, process, culture, and technology
Organizing for faster innovation - People, process, culture, and technologyOrganizing for faster innovation - People, process, culture, and technology
Organizing for faster innovation - People, process, culture, and technology
 
Creating an Operating Model to enable a high frequency organization
Creating an Operating Model to enable a high frequency organizationCreating an Operating Model to enable a high frequency organization
Creating an Operating Model to enable a high frequency organization
 
Technical Due Diligence with AWS
Technical Due Diligence with AWSTechnical Due Diligence with AWS
Technical Due Diligence with AWS
 
AWS Cloud Center Excellence Quick Start Prescriptive Guidance
AWS Cloud Center Excellence Quick Start Prescriptive GuidanceAWS Cloud Center Excellence Quick Start Prescriptive Guidance
AWS Cloud Center Excellence Quick Start Prescriptive Guidance
 
AWS Technical Due Diligence Workshop Session Two
AWS Technical Due Diligence Workshop Session TwoAWS Technical Due Diligence Workshop Session Two
AWS Technical Due Diligence Workshop Session Two
 
AWS Technical Due Diligence Workshop Session One
AWS Technical Due Diligence Workshop Session OneAWS Technical Due Diligence Workshop Session One
AWS Technical Due Diligence Workshop Session One
 
Post transaction cloud value creation
Post transaction cloud value creation Post transaction cloud value creation
Post transaction cloud value creation
 
Private Equity Technical Due Diligence Value Creation
Private Equity Technical Due Diligence Value CreationPrivate Equity Technical Due Diligence Value Creation
Private Equity Technical Due Diligence Value Creation
 
Cloud Enablement Engine Role Definition and Mapping
Cloud Enablement Engine Role Definition and MappingCloud Enablement Engine Role Definition and Mapping
Cloud Enablement Engine Role Definition and Mapping
 
Private Equity Value Creation Carve Outs, Divestitures and mergers
Private Equity Value Creation Carve Outs, Divestitures and mergersPrivate Equity Value Creation Carve Outs, Divestitures and mergers
Private Equity Value Creation Carve Outs, Divestitures and mergers
 
AWS Technical Due Diligence Executive Overview
AWS Technical Due Diligence Executive Overview AWS Technical Due Diligence Executive Overview
AWS Technical Due Diligence Executive Overview
 
AWS Techical Due Diligence to post transaction execution for M&A
AWS Techical Due Diligence to post transaction execution for M&A AWS Techical Due Diligence to post transaction execution for M&A
AWS Techical Due Diligence to post transaction execution for M&A
 
Hybrid Cloud on AWS: Foundational Layers and AWS Services
Hybrid Cloud on AWS: Foundational Layers and AWS ServicesHybrid Cloud on AWS: Foundational Layers and AWS Services
Hybrid Cloud on AWS: Foundational Layers and AWS Services
 
Migrating thousands of workloads to AWS at enterprise scale
Migrating thousands of workloads to AWS at enterprise scaleMigrating thousands of workloads to AWS at enterprise scale
Migrating thousands of workloads to AWS at enterprise scale
 
Operating and Managing Hybrid Cloud on AWS
Operating and Managing Hybrid Cloud on AWSOperating and Managing Hybrid Cloud on AWS
Operating and Managing Hybrid Cloud on AWS
 
Monolithic to Microservices Demystified
Monolithic to Microservices DemystifiedMonolithic to Microservices Demystified
Monolithic to Microservices Demystified
 
AWS Cloud Adoption Framework and Workshops
AWS Cloud Adoption Framework and WorkshopsAWS Cloud Adoption Framework and Workshops
AWS Cloud Adoption Framework and Workshops
 
DevOps, CI/CD, cost management, and security on AWS
DevOps, CI/CD, cost management, and security on AWSDevOps, CI/CD, cost management, and security on AWS
DevOps, CI/CD, cost management, and security on AWS
 
Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring
Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring
Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring
 

Recently uploaded

VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 

Recently uploaded (20)

VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 

Cloud Migration, Application Modernization, and Security

  • 1. SAN FRANCISCO ©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
  • 2. ©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Cloud Migration, Application Modernization, and Security for Partners Tom Laszewski, Sr. Manager, GSI Solutions Architecture Matt Yanchyshyn, Sr. Manager, ISV Solutions Architecture
  • 4. People, process, technology Migration experience Knowledge & training Not primary business activity Fear Attempting too much at once Migration challenges
  • 5. Discover Design Transform Transition Operate Optimize Plan RunBuild • Detailed migration plan • Estimate effort • Security & risk assessment • Network topology • Migrate • Deploy • Validate • Assessment & profiling • Prioritization • Data requirements & classification • Business logic & infrastructure dependencies • Pilot testing • Transition to support • Release management • Cutover & decommission • Staff training • Monitoring • Incident management • Provisioning • Monitoring- driven optimization • Continuous integration and continuous deployment App migration assessment Re-hosting (lift and shift) App portfolio optimization Re-platforming (lift and reshape) Migration methodology
  • 6. Planning your migration Migrating to the cloud can take one of many paths Discover, Assess (Enterprise Architecture and Applications) Lift and Shift (Minimal Change) Migration and UAT Testing Operate Refactor for AWS Application Lift and shift Move the App Infrastructure Plan Migration and Sequencing Determine Migration Path Decommission Do Not Move Create Cloud Strategy Design, Build AWS Environment Move the Application Determine Migration Process Manually Move App and Data Third-Party Tools AWS VM Import Refactor for AWS Rebuild Application Architecture Vendor S/PaaS (if available) Third-Party Migration Tool Manually Move App and Data Determine Migration Process Replatform (typically legacy applications) Recode App Components Rearchitect Application Recode Application Architect AWS Environment and Deploy App, Migrate Data Signoff Tuning Cutover Org/Ops Impact Analysis Identify Ops Changes Change Management Plan
  • 8. Architecting your AWS environment Design and architecture of the cloud environment is important to realize cloud benefits such as agility and cost savings Networking • Convergence of on-premises and cloud • Cloud-oriented protocols • IP scheme and addressing • VPC and account configuration Security • SSO • Access policies • Least privilege • Audits • Compliance • Intrusion detection & prevention • Logging Governance • Billing & cost management • Service catalogs • Configuration management • Architecture Standards • SLA/SLO • Procurement Data management • RPO/RTO • Retention policies • Replication • Storage optimization • ILM • Data quality Monitoring • Notifications & alerting • Application level awareness • Thresholds • Service desk integration
  • 9. On-premises infrastructure mapped to AWS Technology On-premises AWS Network VPN, MPLS Amazon VPC, AWS Direct Connect Storage DAS, SAN, NAS, SSD Amazon Elastic Block Store, Amazon S3, Amazon EC2 instance storage, distributed & clustered FS on Amazon EC2 Compute Hardware, virtualization Amazon EC2, Amazon ECS, AWS Lambda Content delivery Third-party CDN Amazon CloudFront Databases MS SQL Server, MySQL, Oracle, DB2, PostgreSQL, MongoDB,. … Amazon RDS, Amazon DynamoDB, Amazon Amazon ElastiCache, DB software on Amazon EC2 Load balancing Hardware and software load balancers Elastic Load Balancing, software load balancers Scaling & cluster management Hardware and software clustering tools Auto Scaling, software clustering solutions DNS BIND, Windows Server, third party Amazon Route 53, third-party DNS software on EC2
  • 10. Technology On-premises AWS Analytics & data warehouse Hadoop, Vertica, Cassandra, specialized hardware and software Amazon EMR, Amazon Redshift, software on Amazon EC2 Messaging and workflow RabbitMQ, ActiveMQ, Kafka, … Amazon SQS, Amazon SNS, Amazon SWF, software on EC2 Caching Redis, Memcached, … Amazon ElastiCache, Memcached, SAP Hana Archiving Tape library, off-site data storage Amazon S3, Amazon Glacier Email Email software Amazon SES Identity, authoritzation, & authentication AD/ADFS, LDAP, SAML, third party… AWS Identity and Access Management/AWS STS, Amazon Cognito, AWS Directory Service, AD & LDAP on Amazon EC2 Deployment & configuration management Chef, Puppet, Salt, Ansible, PowerShell DSC AWS CloudFormation, AWS OpsWorks, AWS Elastic Beanstalk, AWS CodeDeploy, Amazon ECS Management and monitoring CA, BMC, Rightscale Amazon CloudWatch, AWS Config, AWS CloudTrail, AWS Trusted Advisor On-premises infrastructure mapped to AWS
  • 12. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge locations AWS is responsible for the security of the cloud
  • 13. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side data encryption Server-side data encryption Network traffic protection Platform, applications, identity & access management Operating system, network, & firewall configuration Customer applications & contentCustomers Customers configure their security in the cloud
  • 14. AWS security offerings Auditability • Compliance reports Visibility • Amazon CloudWatch • AWS CloudTrail • AWS Config • “Describe” APIs Control • IAM • AWS CloudHSM • AWS CloudFormation • AWS KMS
  • 15. Defense-in-depth AWS compliance program Third-party attestations Physical Security groups VPC configuration Network Web application firewalls Bastion hosts Encryption in-transit Hardened AMIs OS and app patch mgmt. IAM roles for EC2 IAM credentials Systemsecurity Logical access controls User authentication Encryption at-rest Datasecurity
  • 16. Encryption: data at rest EBS Volume encryption EBS encryption OS tools AWS marketplace/partner Object encryption S3 server side encryption (sse) S3 SSE w/ customer provided keys Client-side encryption Database encryption Amazon Redshift encryption RDS PostgreSQL KMS RDS MYSQL KMS RDS ORACLE TDE/HSM RDS MSSQL TDE
  • 17. Built-in firewall: security groups and NACLs • VPC security groups (mandatory) – Instance level, stateful – Supports ALLOW rules only – Default deny inbound, allow outbound – Use as “whitelist” – least privilege • VPC NACLs (optional) – Subnet level, stateless – Supports ALLOW and DENY – Default allow all – Use as “blacklist”/“guardrails”(port 135,21,23…) • Separation of duties • Changes audited via AWS CloudTrail • Additional cost for SGs/NACLs: $0 Physical Interfaces Customer 1 Hypervisor Customer 2 Customer n… … Virtual Interfaces Firewall Customer 1 Security Groups Customer 2 Security Groups Customer n Security Groups Security Groups
  • 18. AWS partner solutions extend & enhance security • Some examples: – Cisco CSR (VPN) – Sophos UTM (firewall, …) – Alert Logic Web Security Manager (WAF) – Alert Logic Threat Manager (NIDS) – Trend Micro Deep Security (IDPS) – Trend Micro SecureCloud (encryption) – Dome9 SecOps (security group audit & management) – …
  • 19. Migration Approach & Best Practices
  • 20. Identifying applications to move Standalone applications are easy to move Application with loosely coupled SOA-based integrations are good candidates Tightly integrated application needs more planning ‘Low hanging fruit’ • Dev/Test applications, self-contained web applications (LAMP stack), social media product marketing campaigns, training envrionments, pre-sales demo portal, software downloads, trial applications Watch out for • 32 bit, non-Linux/Windows, multi-cast (Oracle RAC), client/server applications, engineered systems (Exadata, Netezza), massive file servers, vertically challenged software/applications
  • 21. Getting a bread box estimate: minimum information Compute : Number of servers/VMs including RAM, CPU, OS, and boot drive size (Amazon EC2) Storage mapping to transactional, backup, archival, and log/file system/applications (Amazon EBS, Amazon Glacier, and Amazon S3) Data transfer out for networking Internet or dedicated networking including security requirements (AWS Direct Connect and VPN) Region where processing is happening
  • 22. Getting a bread box estimate: nice to have HA requirements for each workload (ELB, Route53) Scalability requirements for each workload (ELB, Route53, Auto Scaling, CloudFront) DR requirements for each workload Storage IOPS requirements for each workload Compute requirements for management/monitoring Backup requirements for each workload that can not be supported by EBS snapshots
  • 23. Getting a bread box estimate: really nice Workload stratification file servers, security, RDBMS, ERP, big data, security, management/monitoring etc. HIPPA and PCI requirements for each workload HPC requirements for each workload Extremely high CPU, memory requirements Top third-party vendors for packaged apps IDS/IPS, WAF, management, monitoring, logging, etc.
  • 24. Invest in proof of concept early Proof of concept will answer tons of questions and get your feet wet with AWS quickly Will help identify gaps and touch points Give you a good estimation of the migration costs Give you a good estimation of the AWS runtime costs
  • 25. Migrating data into AWS cloud • File transfer to Amazon S3 or EC2 using S/FTP, SCP, UDP, Attunity • NFS mount accessible from on premise and AWS • Configure on-premises backup application (like NetBackup, CA, CommVault, Riverbed) to use Amazon S3 • AWS Storage Gateway for asynchronous backup to Amazon S3 • AWS Import/Export service: Ship your disk to AWS • Database backup tools like Oracle Secure Backup • Database replication tools like GoldenGate, Dbvisit • AWS Direct Connect 100 Mbps to 10 Gbps
  • 26. Migrating data into AWS Data size* * relative to Internet bandwidth and latency Datavelocityrequired UDP transfer software (e.g., Aspera, Tsunami, …) Attunity CloudBeam AWS Storage Gateway, Riverbed, NFS AWS Import / ExportTransfer to S3 over Internet One-time upload with constant delta updates Days Hours TBsGBs
  • 28. Enforce consistent security on your hosts Launch instance EC2 AMI catalog Running instance Your instance Hardening Audit and logging Vulnerability management Malware and HIPS Whitelisting and integrity User administration Operating system Configure instance Configure and harden EC2 instances based on security and compliance needs Host-based protection software Restrict access where possible Connect to existing services
  • 29. Separate static assets and move servers away from the edge Inbound HTTP CloudFront Amazon S3 WAFDynamic App App AppPeering
  • 30. Identity and Access Management Create appropriate principles, authorization, and privileges for AWS resources Multi-factor authentication AWS Identify and Access Management Policies User Groups Roles Principle of least privilege User User Hardware Virtual IAM AWS administrative users Root account Note: Always associate the account owner ID with an MFA device and store it in a secured place!
  • 31. AWS IAM hierarchy of privileges AWS account owner (root) AWS IAM User Temporary security creds Permissions Example Unrestricted access to all enabled services and resources. Action: * Effect: Allow Resource: * (implicit) Access restricted by group and user policies Action: [‘s3:*’,’sts:Get*’] Effect: Allow Resource: * Access restricted by generating identity and further by policies used to generate token Action: [ ‘s3:Get*’ ] Effect: Allow Resource: ‘arn:aws:s3:::mybucket/*’ Enforce principle of least privilege with Identity and Access Management (IAM) users, groups, and policies and temporary credentials
  • 32. Principle of least privilege with IAM • Login to an account with a less privileged user – Read-only – EC2 launch-only • Change role for privileged action – Administer IAM – Terminate instance – Delete snapshots Protection against accidents or mistakes (e.g., similar to DisableApiTermination=true)
  • 33. Consolidate your IAM users • Put all IAM users and groups in one account • All other accounts use AWS IAM roles Best practices: • Tie into consolidated billing hierarchy • Users in IAM account are only authorized to assume roles in other accounts • No AWS-billable resources in this account
  • 34. Governance through IAM policies ... "Effect": "Deny", "Action": "ec2:RunInstances", "Resource": [ "arn:aws:ec2:region:account:network-interface/*" ], "Condition": { "ArnNotEquals": { "ec2:Subnet": "arn:aws:ec2:region:account:subnet/subnet-12345678" } } }, { "Effect": "Allow", "Action": "ec2:RunInstances", "Resource": [ "arn:aws:ec2:region::image/ami-12345678", "arn:aws:ec2:region:account:subnet/subnet-12345678", "arn:aws:ec2:region:account:security-group/sg-12345678" ] "Condition": { "StringEquals": { "ec2:ResourceTag/BillingCode": “4000" }, "StringEquals": { "ec2:ResourceTag/Environnent": “Prod” ... Deny RunInstances without appropriate subnet Require RunInstances to have specific AMI, subnet, security group, … Require RunInstances to have specific tags
  • 35. Implementing “smart” AWS policies • The 5 Ws of auditability: – Who? – What? – Where? – When? – Why? • What we really want is an “if and only if” statement: – You can deploy this change in production “if and only if” it actually worked in test Controlled by AWS IAM Not controlled by IAM
  • 36. Federate with AWS Directory Service & IAM Directory Users Directory Groups IAM_Admins Read_Only EC2_Admin Group ‘n’ … AWS Directory Services Mgmt Acct IAM_Admin IAM Role Mapping Read_Only EC2_Admin Role ‘n’
  • 37. Case Study: Condé Nast Data Center Migration
  • 38. Condé Nast data center migration drivers • Existing data center needed >$1 million in upgrades • Financial pressure to close facility by July 2014 • Increase resource efficiency, both people and technology
  • 39. Condé Nast data center migration scope • 47 application groups • 350+ servers • 400+ TB storage
  • 40. Application migration methodology • Condé Nast provided a detailed inventory of their Delaware DC assets • Utilization metrics were critical for Reserved Instance analysis and to explore elasticity • Application assessment determined migration order • Migration scheduled in waves • Change window: Migrations occurred over weekends • Coordinating the change window with various teams was key • Applications run in hybrid mode during the migration • Once a server was migrated successfully it was decommissioned
  • 41. Application migration: virtual machines • Condé Nast was highly virtualized (VMware) • Veeam: stage VMs to Amazon S3 – Supports change block tracking which minimizes downtime during migration • AWS VM Import/Export: migrate staged VMs to Amazon EC2 – Eliminates VM data migration as a part of the change window • Large databases: created directly on AWS and then data synchronized
  • 42. AWS VPC and networking Key criteria to support waves of migration: • AWS Direct Connect: 10 GB DX to AWS • IP addressing: Avoid overlapping IPs • Service names
  • 43. AWS Identity and Access Management (IAM) Key criteria: • IAM policies • Identify groups and permissions • Application tagging
  • 44. Phased migration • Live migration from premises was too slow – Large change windows meant that production systems were frozen for a long time • Solutions: – Use a tool (Veeam) to backup and ongoing synchronization of VMs to Amazon S3 – Use a staging farm to run VM Import/Export
  • 45. VM Import/Export considerations • Root partitions cannot span multiple disks – Solution: Eliminate this on premises before migration • Volumes > 1 TB not supported – Solution: Spread data across volumes • VM Import/Export requires stream-optimized VMDK – Solution: conversion process was scripted • Nonvirtualized servers were virtualized on premises before migration • Unsupported operating systems were upgraded to supported OS before migrating
  • 46. Lessons learned at Condé Nast • Know your limitations • Evaluate and understand your infrastructure environment • Sign-up for enterprise support early and involve a TAM early on • Get your operations staff trained on AWS • Challenge yourself and make sound architecture decisions; changing in future can be difficult • Document every decision made, especially the anti-patterns • Work directly with application owners; nothing beats hands-on experience

Editor's Notes

  1. Rehost Data migration High level estimate Where will you spend your time Focus on tecnnology and process. Dispel misunderstandings around rehost : more then just moving a VM and across a portofolio (rehost) Complexities of data migration and impact on production cut over (data migration) Getting a high level estimate : migration cost and run time costs (high level estimate) Where will you spend your time on a migration (more then compute migration)
  2. Migration process – continue consistency, repeatablility, streamlined workflow, and most importantly ensure standardization Testing, application analysis, pilot … where are you spending your time. See migrate. Training at end? This is not an sequentail process.
  3. Rehost and rearchitect and when do you re-architect : before or after moving.
  4. Nothing around compute and storage here I don’t’ see anything about compute on here. Many more other components other then compute and storage. VPC and acccount set up: One VPC, using subnets and security groups to control access. Accounts for each application, each organization, each developer. Security is here today Billing and cost management : Trusted advisor, CloudHealh CloudCruiser, CloudCheckr RPO and RTO Monitoring: SumoLogic, Splunk, CA, BMC DataDog, NewRelic, Boundary
  5. Without getting into the industry debate about public vs. private cloud it’s clear that most cloud benefits cannot be realized with on-premise virtualization technologies. In the on-premise virtualization model, you often have to buy expensive hardware and software which virtually eliminates the cost benefits of cloud computing. Although on-premise virtualization allows you to quickly provision new servers, your ability to scale up is limited to your physical infrastructure. You still need to buy physical servers to grow. If you want to scale down you won’t see significant cost-savings as you already paid for the hardware. These limitations of the on-premise virtualization model impact your ability to innovate fast and free up money to invest in new projects. NAS is file based, SAN is block based. Short for Multiprotocol Label Switching, an IETF initiative that integrates Layer 2 information about network links (bandwidth, latency, utilization) into Layer 3 (IP) within a particular autonomous system--or ISP--in order to simplify and improve IP-packet exchange. MPLS gives network operators a great deal of flexibility to divert and route traffic around link failures, congestion, and bottlenecks.
  6. Without getting into the industry debate about public vs. private cloud it’s clear that most cloud benefits cannot be realized with on-premise virtualization technologies. In the on-premise virtualization model, you often have to buy expensive hardware and software which virtually eliminates the cost benefits of cloud computing. Although on-premise virtualization allows you to quickly provision new servers, your ability to scale up is limited to your physical infrastructure. You still need to buy physical servers to grow. If you want to scale down you won’t see significant cost-savings as you already paid for the hardware. These limitations of the on-premise virtualization model impact your ability to innovate fast and free up money to invest in new projects.
  7. Use Security Groups as whitelists, allowing only what is needed. Use NACLs as blacklists, blocking specific ports or IPs as desired. Best Practice that helps implement separation of duties and fosters an agile DevOps environment: - NetSec team builds NACLs for top-level blacklisting – between specific subnets, blocking specific IP ranges, specific ports - NetSec team manages one set of security groups for administrative access needs (SSH, RDP, DNS, NTP, Logging, etc.) - DevOps/Apps teams manage one set of security groups for the application needs (HTTPS, SQL*NET, etc.) Whiteboard opportunity: Q: How can Security Groups provide more protection than traditional network firewalls? A: They filter traffic between hosts, whereas network firewalls only filter traffic between subnets.
  8. We’ll go over a few examples from our partners who have worked closely with our business development teams to offer solutions that work well for the enterprise. Most support auto scaling Can help you with HIPAA, PCI compliance Transitive routing Host-based IPS, IDS, boot volume encryption, overcome AWS limits Managed services (e.g. threat analysis)
  9. Get your feet wet with Amazon Web Services Learning AWS Build reference architecture Be aware of the security features Build a Prototype/Pilot Build support in your organizatio n Validate the technology Test legacy software in the cloud Perform benchmarks and set expectations We have noticed some of our SMBs and startup companies in our ecosystem skipped the classification and other stages I discussed above and dove right into a proof of concept. There is no doubt that a proof of concept will answer tons of questions very quickly. During the proof of concept it is important that you get your feet wet with Amazon Web Services, get trained from Amazon (we have AWS University and have launched a training course in Seattle). Andy started multiple projects in parallel. He regularly focused on Proof of concept.
  10. Store target file(s) on a file share. Configure policies on target S3 buckets Encrypt / Compress data sets on premise Transfer files via regular file transfer (S3, SFTP, SCP, FTP, Custom UDP etc) – Increase transfer rate using third-party solutions (Aspera, Attunity) Retrieve encrypted file from S3 using the same options Test Integrity / Security / Operations / Performance Add parallelization for performance optimization Configure on premise NetBackup (or CA, CommVault, Riverbed Whitewater etc. there are many options) to use S3 Backup and Restore directly from host agent Backup agent communicates with cloud (S3) over Internet links Use NetBackup Encryption, Compression, DeDupe, Backup Management tools Check Security / Integrity / Functionality / Performance / Operations / Speed Integrates on-prem IT environments with Cloud storage for remote office backup and DR Utilizes a virtual appliance that sits in customer datacenter Exposes compatible iSCSI interface on front end Provides low-latency on-prem performance Asynchronously uploads data to AWS where it is stored in Amazon S3 as Amazon EBS snapshots Point-in-Time snapshots accessible locally and from Amazon EBS Encryption via SSL and Amazon S3 Server Side Encryption Snapshot scheduling WAN compression Supported in all public Regions Bandwidth Throttling
  11. Talk about relative Costs but highlight that this is about getting data their fast… Rectangle not ovals. Border line in size (GB vs TB) and speed (Hours vs Days) Backup…can use storage gateway if less than 5 TB a day as this is max with storage gateway (also need a backup software to get data from disk to storage gateway), Riverbed is a great solution as they offer 2 TB an hour and no back up storage needed. CommVault is another
  12. One take-away here: web servers don’t need an IGW
  13. Manage AWS Accounts & Policies IAM Users/Groups IAM Roles