WSCA RFI WorkshopJune 14-15th, 2011
Mark Fox, Public Sector Sales ManagerGreg Duncan, Public Sector Solutions Architect
RFI Workshop Guidelines1. AWS Cloud baseline.2. AWS business and technical model vs. cloud industry?3. Organizational implications for customers. Ex. contract
administration, customer technical expertise, staff re-purposing 4. Impact on customer infrastructure (Bandwidth).5. AWS with GIS large datasets, and public access. 6. Critical Success Factors and potential pitfalls. 7. Experience and considerations with hybrid cloud? 8. Aggregated demand pricing model? Preconditions?9. Implications of software licensing in the cloud?
Tenets of AWS Cloud Computing
On Demand/Self-Service
Broad Network Access
Resource Pooling (Multi-Tenant Virtualization)
Rapid Elasticity; Scale up/down manual/auto
Measured Utility Pricing Model
No CAPEX
Improves time to delivery
Managed – 70/30 operational flip
Elastic and Pay-Per-Use Infrastructure
Unable to serve
customers
InfrastructureCost $& Demand
time
LargeCapital
Expenditure
OpportunityCost
PredictedDemand
TraditionalHardware
ActualDemand
AutomatedVirtualization
Current On-Premise
On-PremiseInfrastructure Your Managing All of
30% 70%
AWS Goal: Flip This Equation
AWSCloud-BasedInfrastructure
Your
More Time Confi
70%
30%70%
On-PremiseInfrastructure
30%
Managing All of
The “Living and Evolving” AWS Cloud Portfolio
ComputeAmazon EC2
Amazon Global Physical Infrastructure (Geographical Regions, Availability Zones, Edge Locations)
Infrastructure building blocks
Content DeliveryAmazon
EmailAmazon SES
WSCA ESRI GIS Application(s)
PaymentsAmazon DevPay
Parallel Processing
Amazon Elastic
MessagingAmazon SNSAmazon SQS
Libraries and Web Interface Tools Command Line
WorkforceAmazon
Mechanical
Authentication Monitoring Deployment and Automation
Platform building blocks
Tools to access services
Cross Service features
Amazon Elastic Compute Cloud
Amazon EC2 = Virtual MachineAmazon EC2: on-demand compute power New server instances in minutes (11 different sizes) Quickly scale capacity up or down Servers from $0.02 (2 cents) per hour On Demand, Reserved, and Spot Pricing
Key features: Support for Windows, Linux, FreeBSD, and OpenSolaris Supports all major web and application platforms Deploy across Availability Zones for reliability Monitors status and usage
The “Living and Evolving” AWS Cloud Portfolio
ComputeAmazon EC2
Amazon Global Physical Infrastructure (Geographical Regions, Availability Zones, Edge Locations)
Infrastructure building blocksStorage
Amazon S3Amazon EBS
Content DeliveryAmazon
EmailAmazon SES
WSCA ESRI GIS Application(s)
PaymentsAmazon DevPay
Parallel Processing
Amazon Elastic
MessagingAmazon SNSAmazon SQS
Libraries and Web Interface Tools Command Line
WorkforceAmazon
Mechanical
Authentication Monitoring Deployment and Automation
Platform building blocks
Tools to access services
Cross Service features
Amazon Elastic Block Store (EBS)
You can use Amazon EBS as you would use a hard drive on a physical server.
Amazon EBS is particularly well-suited for use as the primary storage for a file system, database or for any applications that require fine granular updates and access to raw, unformatted block-level storage.
Amazon Simple Storage Service (S3)
In traditional on-premise applications, this type of data would ordinarily be maintained on SAN or NAS. However, a cloud-based mechanism such as Amazon S3 is far more agile, flexible, and geo-redundant.
Amazon S3 is a highly scalable, durable and available distributed object store designed for mission-critical and primary data storage with an easy to use web service interface.
Scalable data storage in-the-cloudHighly available and durable (eleven “9’s”)Reduced Redundancy Option (four “9’s”)Pay-as-you-go pricing: Storage: tiered $0.18/GB to $0.15/GB Data Transfer Out: tiered $0.17/GB to $0.10/GB Data Transfer In: $0.10/GB Requests: nominal charges
Amazon Simple Storage Service (S3)
Aggregrate Compute & Storage to Leverage Economies of Scale across WSCA
Speed to Capacity
Everyday we add enough infrastructure capacity to power Amazon.com when it was in its 5th year of operation as a ~$3B company
The Cloud Scales: Amazon S3 Growth
Peak Requests:200,000+
per second
Total Number of Objects Stored in Amazon S3
2.9 Billion 14 Billion40 Billion
102 Billion
339 Billion
262 Billion
The “Living and Evolving” AWS Cloud Portfolio
ComputeAmazon EC2
Amazon Global Physical Infrastructure (Geographical Regions, Availability Zones, Edge Locations)
Infrastructure building blocksStorage
Amazon S3Amazon EBS
NetworkAmazon VPC
Elastic LBDirect Connect
Content DeliveryAmazon
EmailAmazon SES
WSCA ESRI GIS Application(s)
PaymentsAmazon DevPay
Parallel Processing
Amazon Elastic
MessagingAmazon SNSAmazon SQS
Libraries and Web Interface Tools Command Line
WorkforceAmazon
Mechanical
Authentication Monitoring Deployment and Automation
Platform building blocks
Tools to access services
Cross Service features
Customer’sNetwork
AmazonWeb ServicesCloud
Secure VPN Connection over the Internet
Subnets
Customer’s isolated AWS resources
Amazon VPC Architecture
RouterVPN Gateway
Internet
The “Living and Evolving” AWS Cloud
ComputeAmazon EC2
NetworkAmazon VPC
Elastic LBAmazon Route 53
Amazon Global Physical Infrastructure (Geographical Regions, Availability Zones, Edge Locations)
StorageAmazon S3
Amazon EBS
DatabaseAmazon RDS
Amazon SimpleDB
Infrastructure building blocks
Content DeliveryAmazon
EmailAmazon SES
WSCA ESRI GIS Application(s)
PaymentsAmazon DevPay
Parallel Processing
Amazon Elastic
MessagingAmazon SNSAmazon SQS
Libraries and Web Interface Tools Command Line
WorkforceAmazon
Mechanical
Authentication Monitoring Deployment and Automation
Platform building blocks
Tools to access services
Cross Service features
Amazon Relational Database Service (RDS)
Install your own database on EC2
Amazon RDS MySQL and Oracle 11g Managed Database Relational Database “by the hour” (license included) BYOL
Amazon RDS automates common administrative tasks to reduce the complexity and total cost of ownership. Amazon RDS automatically backs up your database and maintains your database software, allowing you to spend more time on application development.
Amazon Data Center Locations:Regions vs Availability Zones
US West (Northern California)
Availability Zone A
Availability Zone B
US East (Northern Virginia)
Availability Zone A
Availability Zone B
Availability Zone C
Availability Zone D
Amazon EC2 Regions:US East (Northern Virginia) / US West (Northern California) / EU (Dublin) / Asia Pacific (Singapore) / Japan (Tokyo)
Designing Applications for Scalability & Reliability
US East Region
Availability Zone Availability Zone
Amazon CloudWatchProvides monitoring for AWS cloud resources.
Elastic Load BalancingAutomatically distributes incoming application traffic across multiple Amazon EC2 instances.
Auto ScalingAutomatically scales Amazon EC2 capacity up or down according to pre-defined conditions.
Availability ZonesDelivers High Availability through delivery of services from multiple data centers within a region.
http://d36cz9buwru1tt.cloudfront.net/AWS_Cloud_Best_Practices.pdf
AWS Security
Certifications and Validations: SAS 70 Type II PCI DSS ISO 27001 FISMA DIACAP IATO
Security White Paper
Shared Security Model
HIPAA White Paper
Physical Security Military-grade perimeters Non-descript facilities 3+ levels of two-factor authentication
Data Security Redundant data storage SSH keys for EC2 access Stateful firewall / security groups Identity and Access Management (IAM)
http://d36cz9buwru1tt.cloudfront.net/pdf/AWS_Security_Whitepaper.pdf
Operating SystemApplicationSecurity GroupsOS FirewallsAccount Management
Shared Responsibility Model
FacilitiesPhysical SecurityPhysical InfrastructureVirtualization Infrastructure
AWS Customer
Customer: Recovery.Gov
ChallengeRecovery and Transparency Board needed a platform for their website that was scalable, secure, could be quickly deployed, and saved tax payer money
SolutionRATB chose a FISMA-compliant cloud computing solution based on Amazon Web Services• Deployed applications:
- Microsoft Sharepoint for web Content Management- Business Objection SAP for BI-Interactive map showing distribution of stimulus monies across state/local jurisdictions
Benefit• Avoided Capital expense, and added capacity to scale up and down based on demand • Saved $750k per year in first year and additional dollars from existing solution
“By migrating to the public cloud, the Recovery Board is in position to leverage many advantages including the ability keep the site up as millions of Americans help report potential fraud, waste, and abuse. The Board expects savings of about $750,000 during its current budget cycle and significantly more savings in the long-term.”
- Vivek Kundra, CIO, United States
Recovery.gov
“Cloud computing strikes me as a perfect tool to help achieve greater transparency and accountability. Moving to the cloud allows us to provide better service at lower costs. I hope this development will inspire other government entities to accelerate their own efforts. The American taxpayers would be the winners.’’ -Earl E. Devaney, the Board’s Chairman.
Recovery.gov
Geo-Location Services
ChallengeUSDA Food Nutrition Service needed to build a service, that would help constituents locate the geographically nearest stores that accept vouchers from the Supplemental Nutrition Assistance Program. This goal was set on an aggressive implementation schedule.
SolutionUSDA FNS worked with the firm ESRI to deploy a geo-location service, hosted on AWS.
Benefit• Avoided the need to procure servers• Fast time to market/time to implementation
•http://www.fns.usda.gov/snap/
“It’s a pretty complicated GIS solution and there’s lots of data involved. Instead of building the infrastructure to run this, we’re running it in the Amazon cloud. We were able to put it up there very quickly. We didn’t have to procure the servers. We were just buying a service from Amazon and it seems to be working very well. I think it’s a good model that we might follow again or other agencies can follow to host a fairly complex solution in a pretty short order.”
- Jonathan Alboum, CIO, Food Nutrition Service (Federal News Radio Interview, July 28, 2010)
USDA SNAP FNS Locator
ESRI was able to provision ArcGIS server on Amazon EC2 in less than 2 hours
Haitian Earthquake
www.Gulfofmexicoresponsemap.com was built using ArcServer Standard version 9.3.1 leveraging the Flex API which utilizes ArcGIS Online, Microsoft Bing, and Response Content• Response content is refreshed twice a day• Solution was deployed on Amazon Web Services
Japan Earthquake + Tsunami
Examples of “Best Practices”
Apply Your Information Management Program - that integrates Information AssuranceBuild and test in a sandbox environment – work out the bugs, figure out how to break it, architect to be resilientStandardize Machine Images – create gold copy images for production deployment/to launch new instancesDo the same stuff you do in-house – quarterly patch management, IDS/IPS, logging, tripwire, etc.Conduct a Risk Assessment - to determine level of security controls you requireRole Based Access Controls – restrict access to system components based upon need to know
Examples of “Best Practices” (cont.)
Use Encryption – for data in transit, for data at rest, filesystemKey Management – rotate keys used to access your resources (AWS does not hold these…you do)Setup Monitoring/Alerting – collect metrics and enable alerting for when events occurVulnerabilty Scans – allowed via a permission process (else we’ll kill/block the source of scans)Prepare for Failure – create backups, store data in more than one location, test backups, have a contingency system ready
2005
» AWS Services in N. California» AWS Multi-Factor Authentication» AWS Management Console » AWS Economics Center» AWS in Education» AWS Security Center» SAS70 Type II Audit» More services in EU» Lower EC2 Pricing» Lower S3 Pricing» Lower pricing for Outbound Data Transfer» AWS Solution Provider Program
» Amazon EC2» Amazon S3» Developer Portal & Forums
» Amazon SQS» Amazon Mechanical Turk
» Amazon SimpleDB » Amazon Flexible Payments Service» S3 in Europe» EC2 new instance types» AWS Start-Up Challenge
» Amazon Simple Notification Service» RDS Multi-Availability Zone Support» S3 Reduced Redundancy Storage » New Locations and Features for CloudFront » S3 Bucket Policies» Cluster Instances for EC2
2010
AWS Pace of Innovation
2006 2007 2008 2009
» Premium Support» Amazon CloudFront» EC2 Elastic IP addresses & Availability Zones» Windows Server, MySQL, Oracle, & JBoss on EC2» Lower Data Transfer Costs
» EC2 Reserved Instances» New SimpleDB Features» IBM on EC2» Windows Server 2008 on EC2» Amazon RDS» Amazon Virtual Private Cloud» Amazon Elastic MapReduce» EBS Shared Snapshots» Monitoring, Auto Scaling & Elastic Load Balancing for EC2» AWS Import/Export
» AWS Services in Singapore» RDS Reserved Database Instances» RDS Read Replicas & Lower Pricing» Lower Outbound Transfer Pricing» Data Transfer Usage Tiers» Consolidated Billing for AWS» Amazon S3 Versioning Feature» EC2 High Memory Instances
» Micro Instances» Lower Pricing for EC2 High Mem Instances » Identity & Access Management
» Amazon Linux AMI» Oracle on EC2» New EC2 Features» SUSE Linux on EC2
» Public Data Sets» Elastic Block Store» EC2 SLA» EC2 in EU» S3 Tiered Pricing
Customers in 190 Countries
Growing Partner Ecosystem
Resourceshttp://aws.amazon.com/solutions/global-solution-providers/esri/http://www.esri.com/technology-topics/cloud-gis/arcgis-and-the-cloud.htmlhttp://www.esri.com/library/whitepapers/pdfs/estimating-cost-gis-cloud.pdfhttp://www.esri.com/library/whitepapers/pdfs/gis-in-the-cloud-chappell.pdf
Over 200 joint customers
RFI Workshop Guidelines Q&A1. AWS Cloud baseline.2. AWS business and technical model vs. cloud industry?3. Organizational implications for customers. Ex. contract
administration, customer technical expertise, staff re-purposing 4. Impact on customer infrastructure (Bandwidth).5. AWS with GIS large datasets, and public access. 6. Critical Success Factors and potential pitfalls. 7. Experience and considerations with hybrid cloud? 8. Aggregated demand pricing model? Preconditions?9. Implications of software licensing in the cloud?
Thank You
Mark Fox – Public Sector Sales ManagerK. Greg Duncan - Public Sector Solutions Architect
Amazon Web [email protected]@amazon.com
42