4. Why are Enterprises using AWS?
Enterprise Features Security and Compliance The Cloud API
Standard
Global Footprint Operational Rate of
and Expansion Excellence Innovation
6. Cloud as an extension of their existing data centers
10G
DirectConnect
Amazon
Corporate Location
Virtual Private
Data Center Cloud
7. In the Cloud, Security is a Shared Responsibility
SAS 70 Type II Audit
Encrypt data in transit
ISO 27001/2 Certification
Encrypt data at rest
PCI DSS 2.0 Level 1-5
Protect your AWS Credentials
HIPAA/SOX Compliance
Rotate your keys
FISMA A&A Moderate Infrastructure Application Secure your application
FEDRamp/GSA ATO Security Security
How we secure our How can you secure
infrastructure your application and
what is your
Services Security responsibility?
What security
Enforce IAM policies
options and Use MFA, VPC, Leverage S3
features are bucket policies, EC2 Security
available to you? groups, EFS in EC2 Etc..
8.
9. Corporate
data center
Availability Zone 1
DirectConnect
Location
10G
Private
Router Subnet
Customer VPN Gateway
Gateway
Corporate
Headquarters
Internet Public Subnet
Gateway
Amazon VPC
Availability Zone 2
Branch Offices
Amazon S3 Amazon SimpleDB Amazon SES Amazon SQS
New Enterprise IT AWS Region
Network architecture
10. VPC is part of the Autodesk internal network
Source: Autodesk
11. Your Data Center Amazon Web Services
iSCSI Amazon
SSL
EC2
AWS Storage
Gateway VM
Application On-premises AWS
Servers Amazon S3
Host Storage
Gateway
Service
Amazon
EBS
Direct Attached or
Storage Area Network Disks
New Enterprise IT
Storage architecture
12. Enterprise Security Features
AWS Identity And Access Management
• User management
• Policy-based granular access control
• Web login to individual users
• Manage users and groups using Console
Identity Federation
• Security Token Service
• LDAP/AD Integration
Multi-Factor Authentication
• Virtual MFA
• Physical Device
Consolidated Billing
Invoicing
Android, iOS,
Gemalto
Windows, Blackberry
13. Risk compliance. How is SOX compliance Data durability
achieved if in-scope systems are deployed in
the cloud provider environment?
Distributed Denial Of Service (DDoS) attacks.
Service Provider and Customer
How does the provider protect their service
business continuity.
against DDoS attacks?
HealthCare compliance. Is it possible to meet Backups.
HIPAA/GLBA certification requirements while deployed in
the cloud provider environment?
Data center tours or Third Party Access. Are
Hypervisor vulnerabilities. Has the cloud data center tours by customers allowed by the
provider addressed known hypervisor cloud provider?
Vulnerability
vulnerabilities?
E-Discovery. Does the cloud provider meet the management.
customer’s needs to meet electronic discovery Privileged
procedures and requirements? Actions
Scheduled maintenance Data ownership. What are the cloud provider’s rights
outages. Does the provider over customer data?
specify when systems will Data isolation. Does the cloud provider adequately
be brought down for isolate customer data?
maintenance?
14. AWS Security and Compliance Center
(http://aws.amazon.com/security/)
Answers to many security &
privacy questions
• Security whitepaper
• Risk and Compliance whitepaper
Security bulletins
Customer penetration testing
Security best practices
Compliance FAQ and Guidance
15. You own the data, not AWS.
You choose which geographic
Tip #1 location to store the data. It doesn’t
move unless you decide to move it.
You should consider the sensitivity
of your data and decide if and how
Involve your you will encrypt your data while it is
Security in transit and while it is at rest.
Your IT, Risk, Compliance and Audit
Teams early requirements can be met by AWS
Reports (SAS 70) and external
in the certifications (ISO27001, PCI, FISMA)
process You can download or delete your
data whenever you like.
You can set highly granular
permissions to manage access of a
user to specific service operations,
data, and resources in the cloud for
greater security control.
16. 4 Key Trends in the Enterprise….
#1 Enterprises are using AWS as a secure extension of their
existing datacenters (Leveraging VPC, DX, SGW, IAM)
17. Trend #2
The flexibility of the AWS Cloud
enables Enterprises to deploy
enterprise-grade apps
in the cloud
18. Enterprise Software in the cloud - BYOL
Microsoft Exchange Server, Microsoft SharePoint Server, Microsoft
SQL Standard Server, Microsoft SQL Enterprise Server, Microsoft
Lync Server, Microsoft System Center servers, and Microsoft
Dynamics CRM through License Mobility Software Assurance
Oracle fully supports Oracle E-Business Suite, Oracle’s PeopleSoft
Enterprise, Oracle’s Siebel CRM, Oracle Fusion Middleware, Oracle
Database, and Oracle Linux on the portion of AWS EC2 which uses
Oracle VM.
IBM DB2, Informix, Lotus® Forms Turbo, WebSphere® Application
Server, WebSphere® sMash, WebSphere Portal Server, Lotus® Web
Content Management Standard Edition , InfoSphere Information
Server, Lotus Domino®, Lotus Web Content Management Standard
Edition®, Tivoli Monitoring®
SAP® solutions, including SAP® Rapid Deployment solutions and
SAP® BusinessObjects™ solutions , All-in-One
19. Benefits
Infrastructure Procurement Time
Reduced from over four to six
weeks to minutes.
Server Image Build Process that had
Amazon Corporate IT previously taken a half day is now
automated.
Deploys Mission- Annual Infrastructure Costs Cut by
Critical Corporate 22 percent when replacing on-
Intranet running premise hardware with equivalent
cloud resources.
SharePoint 2010 to
Eliminating Operational Overhead
AWS Cloud of server lease returns, freeing up
approximately 2 weeks of
engineering overhead per year by
replacing servers with equivalent
cloud resources.
20. Mission-Critical Application on AWS
Uses
Microsoft SQL Server
2008
Microsoft Windows
Server R2
Microsoft SharePoint
2010
On Amazon EC2 (in
Amazon VPC) and
Amazon EBS,
DirectConnect
Windows BitLocker
Windows DPAPI
21.
22. Problem Solution Benefits
Known availability issues Migrated Microsoft Increased time-to-market
in the primary SharePoint production to by reducing server
datacenter AWS provisioning time from 5
weeks to 2 days
Santa Monica datacenter Deployed SAP ERP dev &
ran out of capacity test environments on Reduced operating costs
AWS for SAP Dev & Test around
Cost and complexity of 50%
building a new Ready to move SAP ERP
Lessened environmental
datacenter were production to AWS
demands with power &
prohibitive
cooling
Freed up IT resources that
are now focused on
solving business problems
23. Recovery.gov, Treasury.gov and several others
SharePoint migration and consolidation projects with
Recovery.gov, Treasury.gov, Army Corp of Engineers, ++
Microsoft License Mobility program to license server
applications on AWS
Uses SharePoint 2010, SQL Server 2008, ForeFront
Infra Cost Comparison
~60-70% savings
AWS Cloud
Infrastructure
Old Infrastructure
24. SharePoint Deployment is easy and one-click
away using AWS CloudFormation
Launches SharePoint Foundation 2010 running
on Microsoft Windows Server® 2008 R2
http://aws.amazon.com/cloudformation/aws-cloudformation-templates/
25. Public site SharePoint reference architecture on AWS
DMZ Private Subnet Private Subnet Private Subnet Private Subnet
NAT Web Tier Application Database Tier Active Directory
Server Tier
RDGW
Private Subnet
Remote
Primary DC/DNS
Admin Primary DB
IIS & SharePoint Central Admin &
Web Front End SharePoint Services
Threat Mgmt Gateway
Availability Zone 1
ELB Threat Mgmt Gateway
Internet
Internet
Gateway
IIS & SharePoint Central Admin & Mirror DB
Web Front End SharePoint Services
Private Subnet
Witness
RDGW
Backup DC/DNS
Application
NAT Web Tier Database Tier Active Directory
Server Tier
DMZ Private Subnet Private Subnet Private Subnet Private Subnet
Availability Zone 2
Whitepaper: http://bit.ly/aws-sharepoint
AWS Region
26. Tip #2: Get Licensing right
Oracle
All Oracle Software licenses are fully
portable to EC2 (ELA, ULA, NUP, BPO)
Oracle Cloud Licensing Policy
Microsoft
All Windows Server Applications are
available (EA, ESA, OVA, Open License and
Select Plus (with SA Option) For Licensed
apps, need appropriate CALs)
License Mobility with Software Assurance
27. Find and buy software
that runs in the AWS cloud
28. AWS Marketplace is for customers searching for development and business
software from well known vendors including 10gen, CA, Canonical, Check Point,
IBM, Microsoft, Perforce, Red Hat, Riverbed, SAP, and Zend.
Benefits for Buyers Benefits for Sellers
• Find software that runs on the • Reach new customers
AWS Cloud • Easily add hourly billing to
• Start applications in minutes your software
with 1-Click launch • Help customers get running
• Pay by the hour for your faster by giving them
software and be billed on your software as pre-configured
AWS bill server images
29. AWS Architecture Center
(http://aws.amazon.com/architecture)
Whitepapers
Amazon.com SharePoint 2010
Deployment Case study Architecture
Running High-Availability SQL Server
on AWS
SharePoint Reference Architecture
http://bit.ly/aws-sharepoint
Single Sign-on using ADFS: Step-by-
Step Guide
Securing Microsoft Applications on
AWS (New!)
30. 4 Key Trends in the Enterprise….
#1 Enterprises are using AWS as a secure extension of their
existing datacenters (Leveraging VPC, DX, SGW, IAM)
#2 Flexibility: Enterprises are deploying enterprise-grade apps
from Microsoft, Oracle, SAP, IBM.. On AWS
31. Trend #3
Agility and reduced cost
remain the key adoption drivers
in the enterprise today
32. Agility and Reduced Cost = key enterprise drivers
Time to provision a server in an enterprise
350,000 Minutes (7-8 Months)
$1000 To rack and stack on-premise
Time to provision a server in the cloud
<5 Minutes
$260 For 3 years (reserved 100% utilized)
33. NASA CIO’s decree: “Replace Every
Procurement Screen with a Provisioning
Screen”
34. Bank – Credit-Risk Simulation Application
Bankinter brought average time-to-
solution down from 23 hours to 20
Bankinter was founded minutes and dramatically reduced
in June 1965 as a processing time.
Spanish industrial bank “With AWS, we now have the power to
through a joint venture decide how fast we want to obtain
by Banco de Santander simulation results, and, more importantly,
and Bank of America we have the ability to run simulations not
possible before due to the large amount of
infrastructure required.” – Castillo,
Director, Bankinter
35. Archive Vaulting solution
Business Benefits
• Complete elimination of tape from the
archival process
• Faster recovery speeds
• Protects 246 nodes and 40TB daily
36. Samsung Powers Smart Hub Service with AWS,
Reducing Costs by 85% and Saving $34 Million
Use of AWS Business Benefit
Samsung uses AWS platform of technology Reliability of AWS cloud has enabled
infrastructure services to build Smart Hub Samsung to be highly available to meet
application. their SLA targets.
Smart Hub application runs on AWS cloud for AWS’ Global Infrastructure Regions
users of Smart TV and Blu-ray players to enables Samsung to easily expand their
access content of 3rd party providers. services and accelerate time to market
across the world.
“If we were to use the traditional on-premise datacenter, we would have spent
$34 million dollars more in hardware and maintenance expenses during the first
two years. With AWS cloud, we met our reliability and performance objectives at
a fraction of the cost.”
Mr. Chun Kang
Principal Engineer, Visual Display Division
37. Infra Cost Comparison
~58% savings!
AWS Cloud
Infrastructure
Old Infrastructure
Business Benefits
• 58% savings over existing infrastructure
• Faster network speeds
• Improved load times
• Already planning future migrations
(TicketsWest, corporate production)
38. Recommended Configuration for the Cloud
Multi-AZ Persist Intelligently;
Use Provisioned IOPS Ephemeral, EBS,
volumes (New!) DynamoDB or S3
Snapshots vs. Backups Secure your Credentials
RDS vs. RDBMS Auto-scaling for Auto-
Federated Authorization Recovery
Automated Deployments Elastic Network Interfaces
Logs -> S3 Elastic Load Balancing
(SSL)
40. 4 Key Trends in the Enterprise….
#1 Enterprises are using AWS as a secure extension of their
existing datacenters (Leveraging VPC, DX, SGW, IAM)
#2 Flexibility: Enterprises are deploying enterprise-grade apps
from Microsoft, Oracle, SAP, IBM.. On AWS
#3 Agility and reduced cost are the key adoption drivers in the
enterprise today
42. Classifying your IT Assets
List all your IT assets
Dash
board
Identify upward and downward
dependencies
Web CRM Auth Start classifying your IT assets
into different categories:
• Applications with Top Secret, Secret,
LDAP Service or Public data sets
DB
• Applications with low, medium and
Search high compliance requirements
OLAP Engine • Applications that are internal-only,
partner-only or customer-facing
• Applications with low, medium and
high coupling
ERP Report logs
• Applications with strict, relaxed
licensing
43. Stack rank your IT assets
• Search for under-utilized IT
assets
• Applications that has
immediate business need to
scale
• Applications that are running
out of capacity
• Easiest to move today
• That Builds support within
your organization and
creates awareness and
excitement
44. Pick the Low-hanging Fruits First
Dash
board
Examples:
• Web Applications
• Batch Processing systems
Web CRM Auth
• Content Management
Systems
Servic
DB
LDAP
e
• Digital Asset Management
Search Systems
OLAP Engine • Log Processing systems
• Collaborative Tools
ERP Report logs
• Big Data Analytics Platforms
45. Move application by application
Dash
board
Web CRM
CRM Auth
Servic
LDAP
e
DB
DB
Search
OLAP Engine
ERP Report logs
46. Business Benefit
• Open and flexible platform
• F500 global energy management allows Schneider to run Java
company with operations in more
and .NET apps on Windows
than 100 countries (110,000
and Linux virtual servers
employees)
• Started moving Internet and • Increased IT agility by rolling
Intranet workloads to AWS in early out new applications faster on
2011 AWS
• Runs 15 production applications
on AWS
49. Business Benefits
• No minimum commitment
up front and pay per use
• Operationalizing their cloud brings significant savings
strategy
• Fast provisioning within
• Shell Foundation Platform – an
minutes for many
IT framework – is AWS approved
• Core operational applications applications
running in production on AWS • Elasticity – the ability to
• Development and test expand and contract IT
environments running on AWS
infrastructure as needed
50. Migrating to the cloud
Cloud
Benefits
Build a
New Zero upfront investment
Cloud-Ready
applications
Design
On-demand provisioning
Cloud
Strategy “No-brainer to Instant scalability
move” Apps
Existing Auto scaling and
Applications elasticity
Planned
Phased Pay as you go
Large Enterprise Migration
Removes undifferentiated
heavy lifting
Developer productivity
Automation
51. Cloud Migration : a Phased-driven Strategy Whitepaper
Find it at http://aws.amazon.com/whitepapers
52. Tip #4
Examples
• Dev/Test applications
Identify and • Backup/Archive
move the • Self-contained Web Applications
Cloud-Ready • Social Media Product Marketing
Campaigns
Apps quickly • Customer Training Sites
• Video Portals (Transcoding and
Hosting)
• Pre-sales Demo Portal
• Software Downloads
• Trial Applications
53. 4 Key Trends in the Enterprise….
#1 Enterprises are using AWS as a secure extension of their
existing datacenters (Leveraging VPC, DX, SGW, IAM)
#2 Flexibility: Enterprises are deploying enterprise-grade apps
from Microsoft, Oracle, SAP, IBM.. On AWS
#3 Agility and reduced cost are the key adoption drivers in the
enterprise today
#4 Migrating to the cloud is not all or nothing; Classify your IT
assets; Its easy and cost-effective
54. Tips
#1 Involve your security teams early in the process
#2 Get licensing right; leverage cloud licensing models
#3 Leverage best practices and configure for the cloud
#4 Move low-hanging fruits first and gain confidence