November 12, 2014 | Las Vegas, NV
Paul Nau, Senior Consultant, AWS Professional Services
Miha Kralj, Principal Consultant, AWS Professional Services
Our journey today
Amazon VPCVPNBackup & archive Storage
expansion
Common workloads in hybrid infrastructure
What is hybrid infrastructure?
Connectivity
Integrated
AWS Direct Connect
Authentication
Enterprise integration
FederationOperations monitoring
Start
On-premises resources
Data center
Cloud services
Cloud infrastructure
Workload Migration
and integration
Enterprise
management tools
Access/authentication
control integration
Connectivity
VPC subnet
Availability Zone
Security group
VPC subnet
Availability Zone
Security group
VirtualGateway
https://aws.amazon.com/vpc/faqs/#C9
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/
VPC_VPN.html
Corporate data center
Users
Data center router
Servers
Internet
IPSec VPN
http://aws.amazon.com/directconnect/
Corporate data center
Users
VPC subnet
Availability Zone
Security group
VPC subnet
Availability Zone
Security group
Data center router
Customer router
Servers
AWS Direct Connectlocation
AWS Direct Connect routers
VirtualGateway
VPC Subnet
Availability Zone
Security group
VPC subnet
Availability Zone
Security group
http://aws.amazon.com/directconnect/
Corporate data center
Users
Data center router
Customer Router
Servers
IPSec VPN
AWS Direct Connectlocation
AWS Direct Connect routers
VirtualGateway
http://aws.amazon.com/microsoft/whitepapers/ad-reference-
architecture/
Active Directory Replication
Corporate data center
Users
AD.Domain
Servers
Domain controller
Domain controller
VPC subnet
Availability Zone
Security group
VirtualGateway
Domain controller
VPC subnet
Availability Zone
Security groupType Port Number
TCP54, 88, 135, 137, 139, 389, 445, 464, 636, 3268, 3269, 5722, 49152-65535
UDP53,67,123, 138, 389, 445, 464, 2535, 5355, 49152-65535
Replication
http://aws.amazon.com/directoryservice/
AWS Directory ServiceConnect
Corporate data center
Users
AD.Domain
Servers
Domain controller
VPC subnet
Availability Zone
Security group
VirtualGateway
VPC subnet
Availability Zone
Security group
AWS federation/account governance
Financial users, controllers SOC/AuditorsGlobal AWS admin
Billing account
Software development
Non-prodaccount #1
Production account #1
User managementaccount
Security / Auditaccount
Non-prodaccount. #2
App ownersDevOps teams
Security/auditProductionDev/test/sandboxFinancial
Consolidated Billing, Billing Alerts
Read-only access for all accounts
Operations Monitoring
VPC subnet
Availability Zone
Security group
VPC subnet
Availability Zone
Security group
VirtualGateway
Corporate data center
Users
Data center router
UpdateServers
Connectivity
AWS CloudTrail
Amazon CloudWatch
SIEMAggregator
Corporate data center
Amazon Simple Storage Service (S3)
Amazon Glacier
Applicationserver
Virtualserver
Fileserver
Databaseserver
Backupsystem
AWS Storage Gateway
iSCSI
Symantec Net Backup
Veeam Backup & Replication
Cloud ONTAP Secure Cloud-
Integrated Backup
AWS Marketplace Partners
Corporate data center
Amazon Simple Storage Service
Applicationserver
Virtualserver
Fileserver
Databaseserver
Storageappliance
AWS Storage Gateway
iSCSI
Cloud ONTAP Secure Cloud-
Integrated Backup
Panzura Global NAS
TwinStrata CloudArray
AWS Marketplace Partners