© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Hybrid IT with Amazon Web Services

Best of Both Worlds

Mark Statham

Senior Cloud Architect

AWS Professional Services

What we’ll cover

• What is Hybrid IT

• How customers are using AWS for Hybrid IT

• Getting started with Hybrid IT

• Integration and operations with Hybrid IT

• Next steps

What is Hybrid IT?

Hybrid IT

Hype or Reality?

“Hybrid IT is the result of

combining internal and external

services, usually from a combination

of internal and public clouds, in

support of a business outcome.”

Hype in 2012…

Day to Day Reality

“Running existing, corporate IT

systems alongside cloud

and gradually transforming those

systems to the cloud over time”

Real Adoption Barriers?

• Existing capital investments

• Licensing constraints

• Non x86 systems

• Not figured out the ROI, yet

“Hybrid IT, in support of a business outcome.”

How are others

using AWS for

Hybrid IT?

Development and Test

Accelerate app development• Leverage AWS platform services, Beanstalk or OpsWorks

• Focus on applications, environments in minutes

Test at scale• With production configuration

• Create multiple parallel copies

• Automated and on-demand

Pay for what you use• Stop or delete environments

• Archive environment configuration

Large Scale Compute Grids

Think bigger• Dynamically add capacity when you need it

• Scale to 10s of thousands of cores

• Leverage limitless storage of Amazon S3 and

high performance of Amazon DynamoDB

Stay secure• Deployed within isolated logical network

• Encryption at rest for storage

Pay for what you use• Turn off the environment when finished and

stop paying

• Leverage EC2 Spot Fleet for best pricing

New Products

AWS IoT

HealthSuite

digital platform

device cloud

Think the impossible• Don’t fear constraints

• Experiment and test hypothesizes

• Develop new products faster with the

latest technologies

Stay agile• Adapt and pivot with managed services

• Embrace new technologies

Deliver New Value• Rapidly grow new lines of business

• Deliver real business outcomes

Data Centre Consolidation

Reduce costs• Consolidate and simplify cost structures

• Leverage AWS managed services

Be dynamic• Respond to changing business needs,

• Deploy on-demand globally, no waiting time

• Automate operations to increase availability

Focus on your core business• Spend time on what differentiates your business

• Focus on delivering business outcomes

How To Get Started

Build Hybrid

Environment

Jumpstart a

Project

Deploy Base

Services

Build Hybrid Environment

Corporate

Data Center

Amazon Virtual

Private Cloud

AWS Direct

Connect

IPSEC VPN

Amazon Virtual Private Cloud - VPC

Extend your data center with Amazon VPC

• Create logically isolated section of AWS Cloud

• You define your own network address space

• Complete control over virtual networking environment

• Define the connectivity you need, private, Internet,

AWS services, even other VPCs

• You manage the security configurations using

security groups providing stateful firewall per instance

• Visibility into VPC network traffic flows

VPN

Tunnels

Customer VPN

Gateway

Directory

ServerDatabase

ServerApplication

Server

VPC Configuration• VPC Network: 10.100.0.0/16

• VPC Subnet 1: 10.100.0.0/23

• VPC Subnet 2: 10.100.2.0/23

• VPN Type: Dynamic BGP

Data Center Configuration• Corporate Network: 10.96.0.0/16

• DC Network: 10.96.24.0/21

• VPN Gateway IP: 54.169.211.86

Your First Virtual Private Cloud

Availability Zone B

Application

Server

Availability Zone A

Demo Time

VPN

Tunnels

Customer VPN

Gateway

Directory

ServerDatabase

ServerApplication

Server

Deploy Base Services

Availability Zone B

Application

Server

Availability Zone A

Access to AWS APIs and Internet

• Deploy Managed NAT Gateway Service

Directory Services

• Managed Microsoft Active Directory Service

Deploy as Infrastructure as Code

• AWS CloudFormation

Managed Microsoft Active Directory

• Fully managed Microsoft Active Directory, with 99.95% SLA

• Highly Available, deployed across two Availability Zones

• Supports external trusts with existing Active Directory domains

• Deploy and operate Microsoft Exchange, SharePoint, SQL Server,

and .NET applications in the AWS cloud

• Use familiar management tooling for administration

• Seamlessly join Windows instances to domain on launch

• Supports Federation and SSO to AWS Console, without ADFS

Single

Sign-On

Simplified

Deployment

Managed

Service

CloudFormation Infrastructure As Code

• An easy way to create and manage a collection of AWS resources

• Allows orderly and predictable provisioning and updating of resources

• Configuration written in simple JSON notation

• Allows you to version control your AWS infrastructure

• Deploy and update stacks using console, command line or API

Template

JSON

formatted file

Stack

Configured

AWS services

CloudFormation

Framework

CloudFormation Infrastructure As Code

"myDirectory" : {

"Type" : "AWS::DirectoryService::MicrosoftAD",

"Properties" : {

"Name" : ”ADDomain",

"Password" : { "Ref" : "ADPW" },

"ShortName" : { "Ref" : "ADShortName" },

"VpcSettings" : { "SubnetIds" : [

{ "Ref" : "subnetID1" },

{ "Ref" : "subnetID2" }],

"VpcId" : { "Ref" : "vpcID" }

}

}

}

Demo Time

VPN

Tunnels

Customer VPN

Gateway

Directory

ServerDatabase

ServerApplication

Server

Deploy Base Services

Availability Zone B

Application

Server

Availability Zone A

Access to AWS APIs and Internet

• Deploy Managed NAT Gateway Service

Directory Services

• Managed Microsoft Active Directory Service

Deploy as Infrastructure as Code

• AWS CloudFormation

Integrating AWS Into Your Service Catalog

On-demand environments

• Example use case:

Marketing micro site for 3 monthsWeeks

Later

WebServer

ApplicationServer

DirectoryServer

DatabaseServer

WebServer

ApplicationServer

DirectoryServer

DatabaseServer

Business

users

Web Front

End

SQL Server

Database

Active

Directory

SharePoint

Services

EC2 EC2

EC2 EC2

EC2 EC2

Integrating AWS Into Your Service Catalog

On-demand environments

• Example use case:

Marketing micro site for 3 months

• Service catalog integrated with AWS CloudFormation

• Deploy solutions within minutes, not days or weeks

• Archive and delete when no longer required

Minutes

Later

Business

users

AWS

CloudFormation

Operations On AWS

Integrating AWS into your operations

• AWS CloudWatch provides real-time

insight into your AWS services

• You can integrate your own metrics

Operations On AWS

Integrating AWS into your operations

• AWS CloudWatch provides real-time

insight into your AWS services

• You can integrate your own metrics

• Create alarms and act on alerts

• Integrate your alerting with AWS SNS

Operations On AWS

Integrating AWS into your operations

• AWS CloudWatch provides real-time

insight into your AWS services

• You can integrate your own metrics

• Create alarms and act on alerts

• Integrate your alerting with AWS SNS

• Your current tools still work

• Established processes still valid, but

now you can respond dynamically

Instance Name VPC ID Subnet ID Instance type Security Groups

i-5ef40608 SharePoint App Server vpc-ebfd0283 subnet-e1fd0289 c4.xlarge Admin, App

i-59f4060f SharePoint App Server vpc-ebfd0283 subnet-e1fd0289 c4.xlarge Admin, App

i-f6be9aa0 Web Server vpc-ebfd0283 subnet-e1fd0289 m4.xlarge Admin, Web

i-ec50e1ba Web Server vpc-ebfd0283 subnet-e1fd0289 m4.xlarge Admin, Web

i-9f50e1c9 Database Server vpc-ebfd0283 subnet-f9a51991 r3.2xlarge Admin, Database

i-77ab8f21 Database Server vpc-ebfd0283 subnet-f9a51991 r3.2xlarge Admin, Database

i-d9912f8f Directory Server vpc-ebfd0283 subnet-f9a51991 c3.medium Admin, Directory

i-407b3316 Directory Server vpc-ebfd0283 subnet-f9a51991 c3.medium Admin, Directory

Resource Tracking and Cost Allocation

Get more visibility into your infrastructure

• Describe AWS services through an API call

Resource Tracking and Cost Allocation

Get more visibility into your infrastructure

• Describe AWS services through an API call

• Resources in AWS can have tags

• Tags can be used to control permissions

Name: APAWSIN001

Purpose: Production

Application: SharePoint Farm 03

Business Unit: Marketing

Cost Centre: 2384234

Resource Tracking and Cost Allocation

Get more visibility into your infrastructure

• Describe AWS services through an API call

• Resources in AWS can have tags

• Tags can be used to control permissions, and

• Allocate costs, enabling charge back of services

Resource Tracking and Cost Allocation

Get more visibility into your infrastructure

• Describe AWS services through an API call

• Resources in AWS can have tags

• Tags can be used to control permissions, and

• Allocate costs, enabling charge back of services

• Dynamically generate a full inventory

VPN

Tunnels

Customer VPN

Gateway

Directory

ServerDatabase

ServerApplication

Server

Jumpstart A Project

Availability Zone B

Application

Server

Availability Zone A

We’ve just got started, what’s next?

• Get lean, test a hypothesis

• Deliver new business value

• Alleviate internal constraints

• Mitigate capital expenditure

• Consolidate and reduce costs

“Hybrid IT, in support of a

business outcome.”

Business

Perspective

Maturity

PerspectivePeople

Perspective

Process

Perspective

Operations

Perspective

Security

Perspective

Platform

Perspective

Need Help Getting Started?

Thank you!