Date post: | 12-Feb-2017 |
Category: |
Technology |
Upload: | amazon-web-services |
View: | 283 times |
Download: | 0 times |
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Hybrid IT with Amazon Web Services
Best of Both Worlds
Mark Statham
Senior Cloud Architect
AWS Professional Services
What we’ll cover
• What is Hybrid IT
• How customers are using AWS for Hybrid IT
• Getting started with Hybrid IT
• Integration and operations with Hybrid IT
• Next steps
“Hybrid IT is the result of
combining internal and external
services, usually from a combination
of internal and public clouds, in
support of a business outcome.”
Hype in 2012…
Day to Day Reality
“Running existing, corporate IT
systems alongside cloud
and gradually transforming those
systems to the cloud over time”
Real Adoption Barriers?
• Existing capital investments
• Licensing constraints
• Non x86 systems
• Not figured out the ROI, yet
“Hybrid IT, in support of a business outcome.”
Development and Test
Accelerate app development• Leverage AWS platform services, Beanstalk or OpsWorks
• Focus on applications, environments in minutes
Test at scale• With production configuration
• Create multiple parallel copies
• Automated and on-demand
Pay for what you use• Stop or delete environments
• Archive environment configuration
Large Scale Compute Grids
Think bigger• Dynamically add capacity when you need it
• Scale to 10s of thousands of cores
• Leverage limitless storage of Amazon S3 and
high performance of Amazon DynamoDB
Stay secure• Deployed within isolated logical network
• Encryption at rest for storage
Pay for what you use• Turn off the environment when finished and
stop paying
• Leverage EC2 Spot Fleet for best pricing
New Products
AWS IoT
HealthSuite
digital platform
device cloud
Think the impossible• Don’t fear constraints
• Experiment and test hypothesizes
• Develop new products faster with the
latest technologies
Stay agile• Adapt and pivot with managed services
• Embrace new technologies
Deliver New Value• Rapidly grow new lines of business
• Deliver real business outcomes
Data Centre Consolidation
Reduce costs• Consolidate and simplify cost structures
• Leverage AWS managed services
Be dynamic• Respond to changing business needs,
• Deploy on-demand globally, no waiting time
• Automate operations to increase availability
Focus on your core business• Spend time on what differentiates your business
• Focus on delivering business outcomes
Build Hybrid Environment
Corporate
Data Center
Amazon Virtual
Private Cloud
AWS Direct
Connect
IPSEC VPN
Amazon Virtual Private Cloud - VPC
Extend your data center with Amazon VPC
• Create logically isolated section of AWS Cloud
• You define your own network address space
• Complete control over virtual networking environment
• Define the connectivity you need, private, Internet,
AWS services, even other VPCs
• You manage the security configurations using
security groups providing stateful firewall per instance
• Visibility into VPC network traffic flows
VPN
Tunnels
Customer VPN
Gateway
Directory
ServerDatabase
ServerApplication
Server
VPC Configuration• VPC Network: 10.100.0.0/16
• VPC Subnet 1: 10.100.0.0/23
• VPC Subnet 2: 10.100.2.0/23
• VPN Type: Dynamic BGP
Data Center Configuration• Corporate Network: 10.96.0.0/16
• DC Network: 10.96.24.0/21
• VPN Gateway IP: 54.169.211.86
Your First Virtual Private Cloud
Availability Zone B
Application
Server
Availability Zone A
VPN
Tunnels
Customer VPN
Gateway
Directory
ServerDatabase
ServerApplication
Server
Deploy Base Services
Availability Zone B
Application
Server
Availability Zone A
Access to AWS APIs and Internet
• Deploy Managed NAT Gateway Service
Directory Services
• Managed Microsoft Active Directory Service
Deploy as Infrastructure as Code
• AWS CloudFormation
Managed Microsoft Active Directory
• Fully managed Microsoft Active Directory, with 99.95% SLA
• Highly Available, deployed across two Availability Zones
• Supports external trusts with existing Active Directory domains
• Deploy and operate Microsoft Exchange, SharePoint, SQL Server,
and .NET applications in the AWS cloud
• Use familiar management tooling for administration
• Seamlessly join Windows instances to domain on launch
• Supports Federation and SSO to AWS Console, without ADFS
Single
Sign-On
Simplified
Deployment
Managed
Service
CloudFormation Infrastructure As Code
• An easy way to create and manage a collection of AWS resources
• Allows orderly and predictable provisioning and updating of resources
• Configuration written in simple JSON notation
• Allows you to version control your AWS infrastructure
• Deploy and update stacks using console, command line or API
Template
JSON
formatted file
Stack
Configured
AWS services
CloudFormation
Framework
CloudFormation Infrastructure As Code
"myDirectory" : {
"Type" : "AWS::DirectoryService::MicrosoftAD",
"Properties" : {
"Name" : ”ADDomain",
"Password" : { "Ref" : "ADPW" },
"ShortName" : { "Ref" : "ADShortName" },
"VpcSettings" : { "SubnetIds" : [
{ "Ref" : "subnetID1" },
{ "Ref" : "subnetID2" }],
"VpcId" : { "Ref" : "vpcID" }
}
}
}
VPN
Tunnels
Customer VPN
Gateway
Directory
ServerDatabase
ServerApplication
Server
Deploy Base Services
Availability Zone B
Application
Server
Availability Zone A
Access to AWS APIs and Internet
• Deploy Managed NAT Gateway Service
Directory Services
• Managed Microsoft Active Directory Service
Deploy as Infrastructure as Code
• AWS CloudFormation
Integrating AWS Into Your Service Catalog
On-demand environments
• Example use case:
Marketing micro site for 3 monthsWeeks
Later
WebServer
ApplicationServer
DirectoryServer
DatabaseServer
WebServer
ApplicationServer
DirectoryServer
DatabaseServer
Business
users
Web Front
End
SQL Server
Database
Active
Directory
SharePoint
Services
EC2 EC2
EC2 EC2
EC2 EC2
Integrating AWS Into Your Service Catalog
On-demand environments
• Example use case:
Marketing micro site for 3 months
• Service catalog integrated with AWS CloudFormation
• Deploy solutions within minutes, not days or weeks
• Archive and delete when no longer required
Minutes
Later
Business
users
AWS
CloudFormation
Operations On AWS
Integrating AWS into your operations
• AWS CloudWatch provides real-time
insight into your AWS services
• You can integrate your own metrics
Operations On AWS
Integrating AWS into your operations
• AWS CloudWatch provides real-time
insight into your AWS services
• You can integrate your own metrics
• Create alarms and act on alerts
• Integrate your alerting with AWS SNS
Operations On AWS
Integrating AWS into your operations
• AWS CloudWatch provides real-time
insight into your AWS services
• You can integrate your own metrics
• Create alarms and act on alerts
• Integrate your alerting with AWS SNS
• Your current tools still work
• Established processes still valid, but
now you can respond dynamically
Instance Name VPC ID Subnet ID Instance type Security Groups
i-5ef40608 SharePoint App Server vpc-ebfd0283 subnet-e1fd0289 c4.xlarge Admin, App
i-59f4060f SharePoint App Server vpc-ebfd0283 subnet-e1fd0289 c4.xlarge Admin, App
i-f6be9aa0 Web Server vpc-ebfd0283 subnet-e1fd0289 m4.xlarge Admin, Web
i-ec50e1ba Web Server vpc-ebfd0283 subnet-e1fd0289 m4.xlarge Admin, Web
i-9f50e1c9 Database Server vpc-ebfd0283 subnet-f9a51991 r3.2xlarge Admin, Database
i-77ab8f21 Database Server vpc-ebfd0283 subnet-f9a51991 r3.2xlarge Admin, Database
i-d9912f8f Directory Server vpc-ebfd0283 subnet-f9a51991 c3.medium Admin, Directory
i-407b3316 Directory Server vpc-ebfd0283 subnet-f9a51991 c3.medium Admin, Directory
Resource Tracking and Cost Allocation
Get more visibility into your infrastructure
• Describe AWS services through an API call
Resource Tracking and Cost Allocation
Get more visibility into your infrastructure
• Describe AWS services through an API call
• Resources in AWS can have tags
• Tags can be used to control permissions
Name: APAWSIN001
Purpose: Production
Application: SharePoint Farm 03
Business Unit: Marketing
Cost Centre: 2384234
Resource Tracking and Cost Allocation
Get more visibility into your infrastructure
• Describe AWS services through an API call
• Resources in AWS can have tags
• Tags can be used to control permissions, and
• Allocate costs, enabling charge back of services
Resource Tracking and Cost Allocation
Get more visibility into your infrastructure
• Describe AWS services through an API call
• Resources in AWS can have tags
• Tags can be used to control permissions, and
• Allocate costs, enabling charge back of services
• Dynamically generate a full inventory
VPN
Tunnels
Customer VPN
Gateway
Directory
ServerDatabase
ServerApplication
Server
Jumpstart A Project
Availability Zone B
Application
Server
Availability Zone A
We’ve just got started, what’s next?
• Get lean, test a hypothesis
• Deliver new business value
• Alleviate internal constraints
• Mitigate capital expenditure
• Consolidate and reduce costs
“Hybrid IT, in support of a
business outcome.”
Business
Perspective
Maturity
PerspectivePeople
Perspective
Process
Perspective
Operations
Perspective
Security
Perspective
Platform
Perspective
Need Help Getting Started?