American Commercial Lines: Migrating

Oracle E-Business Suite to AWS Case Study

Michael McGrath, VP Information Technology, American Commercial Lines

Abdul Sathar Sait, Principal Cloud Solutions Architect, Amazon Web Services

Thiru Sadagopan, VP Cloud Services, Apps Associates LLC

March 05, 2015

Today’s Speakers

Abdul Sathar Sait

Principal Cloud Solutions Architect

Amazon Web Services

Thiru Sadagopan

VP Cloud Services

Apps Associates LLC

Michael McGrath

VP Information Technology

American Commercial Lines

American Commercial Lines

Prior to AWS Migration

• ERP 12.1.3 implementation completed Feb. 2013

– Core financials, purchasing, inventory, asset management

– Mission-critical application governing various aspects of ACL operations

– User base spread across multiple locations in North America

– Integrated with other business apps such as Single Sign On with AD

Drivers for Considering AWS

• Platform flexibility

– Grow or shrink footprint and environments

– Rapidly launch, archive, re-launch entire environments

• Pay as you go

– Not just a OpEx vs. CapEx argument

– Pay for what you use

• Desire to limit additional investment in on-premises data center

• Future AWS-based applications in our plans

Journey to AWS

• Chose an AWS Partner offering Oracle solutions

– Apps Associates, AWS Partner with experiences deploying Oracle

solutions to AWS

• Cloud hosted solution for Oracle E-Business Suite

• Oracle competency—recognized by AWS Partner program

• 3 month migration cycle

– 2 passes of migration and integration testing

– Prod migration over a weekend

• 4 hour downtime and smooth transition

• SSO integration hiccups ironed out within the hour

AWS Overview

Abdul Sathar Sait, Principal Cloud Solutions Architect

Amazon Web Services

Journey to AWS

“[Enterprise customers are] skipping the years of early getting-their-

feet-wet, and immediately jumping in with more significant projects,

with more ambitious goals…”

Journey to AWS

“Increasingly, organizations are asking what can’t go to the cloud,

rather than what can…”

11 regions

28 availability zones

46 edge locations

…Connected By a World-Class Network

High packets-per-

second performance Low jitter

EBS-optimized

instances

Virtual

network

interfaces

Physical placement

optimization

Slow Fast

High throughput,

low latency

AWS Private Network Capabilities

Software-defined

private network

AWS Virtual Private Cloud (VPC)

Dedicated private network

connection to AWS

AWS Direct Connect

All services

AWS Governance

Fine-grained access control over data and resources

Geographic

data locality

Control over regional

replication Policies, resource

level permissions,

temporary credentials

Fine-grained

access control

In-depth

audits

AWS

CloudTrail

Certifications and Accreditations for Workloads That

Matter

Integration with On-Premises Resources

Integrated

networking

Integrated

access control

Integrated cloud

backups

Single pane

of glass

# 192.168.1.10

# 192.168.1.11

Microsoft Active

Directory

Custom

LDAP

App 1

AWS Storage Gateway

Elastic Compute Cloud (EC2)

Basic unit of compute capacity

Range of CPU, memory & local disk options

17 Instance types available, from micro through cluster compute to SSD backed

Feature Details

Flexible Run windows or Linux distributions

Scalable Wide range of instance types from micro to cluster compute

Machine Images Configurations can be saved as machine images (AMIs) from which new instances can be created

Full control Full root or administrator rights

Secure Full firewall control via Security Groups

Monitoring Publishes metrics to Cloud Watch

Inexpensive On-demand, Reserved and Spot instance types

VM Import/Export Import and export VM images to transfer configurations in and out of EC2

Storage Options

Simple Storage Service

Highly scalable object storage

1 byte to 5TB in size

99.999999999% durability

Elastic Block Store

High performance block storage device

1GB to 1TB in size

Mount as drives to instances with

snapshot/cloning functionalities

Glacier

Long term object archive

Extremely low cost per gigabyte

99.999999999% durability

Oracle on AWS

• AWS simplifies Oracle implementation

• Makes management easy

• Could reduce implementation cost and time by half

A Few Oracle Products Our Customers Use on AWS

• Oracle Database, GoldenGate, Data Guard

• Oracle E-Business Suite, PeopleSoft, Siebel, JD Edwards

• Fusion Middleware, SOA Suite, WebCenter, Weblogic

• OBIEE, Hyperion, ATG Web Commerce

Oracle License Portability to AWS

All Oracle licenses are fully portable to Amazon Web Services

• Enterprise license agreement (ELA)

– Unlimited license agreement (ULA)

– Business process outsourcing (BPO)

– Oracle Partner Network (OPN)

• Processor and socket licensing:

– 0.25 core multiplier for standard licenses (sockets)

– 0.5 core multiplier for enterprise licenses (processor)

Solution Description

Thiru Sadagopan, VP Cloud Services

Apps Associates LLC

Operational Considerations – Oracle ERP

• Network access

• Instance types, AMI, Oracle DB and Applications tier

• Storage considerations

• Security and controls

• Housekeeping functions

– Cloning, patching specific to Oracle ERP

– Backups, monitoring configurations

• Migration approach to AWS

Network Access

• Amazon Virtual Private Cloud (VPC)

– Private subnet for DB and Apps tiers

– Public subnet if public facing modules such

as iSupplier

• Reverse proxy often leveraged

– Security groups for data firewalls

– IPSEC tunnels commonly leveraged

• AWS Direct Connect an option depending on

other workloads

Internet

Instance Types and AMI

• High memory instances

– 32 bit for Version of 11i of Oracle E-Business Suite is a challenge

• Oracle maps to AWS cores for licensing options

• Oracle or Red Hat Linux AMIs

– Apply prerequisite rpms, kernel updates

– Create custom AMI for future deployments

– PV and HVM considerations

Database and Application Tiers

• Same versions of OS is best practice

• Shared file systems common for load balanced deployments

– Single Database tier (non-RAC)

– Single or multiple Applications tier

• Cluster file systems

• NFS is an option as well

• Amazon Elastic Load Balancing

AWS Storage Options Summary

Storage Option General Database Applications Speed Durability

Instance Store Swap Temporary files Reports cache,

web server cache Very low latency Very low; volatile

EBS—PIOPS / SSD

Data files, redo

logs Low latency

Highly Durable but

always backup

EBS Boot volume Binaries, archive

logs Binaries

Moderate

latency

Highly Durable but

always backup

Amazon S3 Backups Backups Backups Longer latency Very high durability

Amazon Glacier

Long-term

backups

Long-term

backups

Long-term

backups

Restore times of

3–5 hours Very high durability

Typical Storage Configuration for Oracle Database

Storage Type Comments

Binaries EBS volume Standard volume;

EBS snapshots enabled

Data Files PIOPS—EBS /

SSD volumes

Striped across multiple volumes using ASM or any other

technology PIOPS of 1000 or above

Redo Log Files PIOPS—EBS /

SSD volumes

Use separate EBS volumes for each group

Preferable to use ASM disk groups

Archive Log Files EBS volumes Standard volumes for normal database workloads

PIOPS for highly transactional environments

Backup Files EBS volumes /

Amazon S3

Standard EBS volumes for local backups

Use OSB / other technology to push to Amazon S3

Storage Options for Oracle

Sample disk layout for Oracle Database using ASM

Amazon S3 Bucket

Amazon Glacier

Life

Cycle

Policies

+DEV_DATA

4 EBS Volumes

500 PIOPS

DEV TEST

Striping

+PROD_DATA

4 EBS Volumes

4000 PIOPS

+PROD_FRA

4 EBS Volumes

1000 PIOPS

PROD

Striping Striping

ASM instance with 16,000+ IOPS

Database Backup Best Practices

+PROD_DATA

4 EBS Volumes

4000 PIOPS

+PROD_FRA

4 EBS Volumes

1000 PIOPS

PROD

Striping Striping

ASM instance with 16,000+ IOPS

RMAN Local Backup /backupfs EBS Snapshot

OSB Cloud Module

Using RMAN

Amazon

S3 Bucket

Security

It’s a Shared Responsibility

You

and/or Your

Service Provider

IaaS Provider

(AWS)

Comprehensive Security Capabilities

Access Control Encryption Networking Other

• Identity and Access

Management (IAM)

• Multi-factor

Authentication

(MFA)

• Security Groups and

Network ACL

• Dedicated instances

• Amazon Key

Management

Service

• Amazon S3 Server-

Side Encryption

(SSE)

• Amazon RDS

Oracle Transparent

Data Encryption

(TDE)

• AWS CloudHSM

• Client-Side SDK

Data Encryption

• AWS Virtual Private

Cloud (VPC)

• SSL Certificate

Management

• AWS Direct Connect

• VPN

• Service Health

Dashboard

• Cloudtrail

• Trusted Advisor

• Security Bulletins

• Signed API Access

• Amazon S3 Access

Logs

• AWS Marketplace

Security Products

• Best Practices

• GovCloud

Security Attestations, Reports and Certifications

Housekeeping Functions

• Cloning for Oracle E-Business Suite

– AMIs and snapshots can be leveraged with AWS CloudFormation

scripts and bootstrapping to automate cloning

• Monitoring

– Easy to extend monitoring agents

– Amazon CloudWatch metrics can be useful

– Cloud based OEM 12c (optional)

• Rapid deployment

• Fully managed service

Migration Approach – EBS Suite

Understanding present Infrastructure –

Resource requirements

Design & Build EBS Architecture

Security design for EBS Suite

Infrastructure build – Servers & Storage

EBS DEV Applications build Clone form PROD

Backup Infrastructure, Monitoring & Restore

Validation

Test/UAT Migration, UAT , Stress Testing,

Regression Test Production Migration

Sample AWS Infrastructure for Oracle Apps

US East

AZ-1 Public Subnet

Private Subnet

Internet

VPN Tunnel

Production Test/Dev

NMS NA

T

Corporate WAN

US West

Public Subnet

VPC Private Subnet

Internet

Snapshot

Replication

or

Data Guard

Backup Snapshots

App Ap

p App App

CRP

Backup Snapshots

American Commercial Lines

Post-AWS Observations

• Lower infrastructure costs

• Costs easily tracked on AWS invoices

• Uptime equivalent to private third-party data center

• Reconsidered our disaster recovery needs and capabilities

• Still learning how connectivity affects performance, real and

perceived

Future Plans Relative to AWS

• EBS-driven identity management migration

– Currently on-premises

– Oracle Access Manager protects EBS and OBIEE

• Evaluation of Oracle BI migration

• Continued general migration to AWS instead of on-premises

hardware replacements

• Keeping an eye on Amazon WorkSpaces

Questions?

ACL

Michael McGrath

mike.mcgrath@aclines.com

www.aclines.com

Apps Associates

Thiru Sadagopan

thiru.sadagopan@appsassociates.com

www.appsassociates.com

AWS

Abdul Sathar Sait

asait@amazon.com

www.aws.amazon.com

Thank You