Recomendados
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Destaque
Semelhante a 17h30 aws enterprise_app_jvaria
Semelhante a 17h30 aws enterprise_app_jvaria (20)
Mais de Luiz Gustavo Santos
Mais de Luiz Gustavo Santos (20)
Último
Último (20)
17h30 aws enterprise_app_jvaria
- 1. Enterprise Applications in the Cloud Jinesh Varia @jinman Technology Evangelist
- 2. Today 4 Trends Lots of enterprise customer stories Enterprise Architecture Tips Resources
- 3. Trusted by Enterprises and Government Agencies
- 4. Why are Enterprises using AWS? Enterprise Features Security and Compliance The Cloud API Standard Global Footprint Operational Rate of and Expansion Excellence Innovation
- 5. Trend #1 Enterprises are using AWS cloud as asecure extension of their existing datacenters
- 6. Cloud as an extension of their existing data centers 10G DirectConnect Amazon Corporate Location Virtual Private Data Center Cloud
- 7. In the Cloud, Security is a Shared Responsibility SAS 70 Type II Audit Encrypt data in transit ISO 27001/2 Certification Encrypt data at rest PCI DSS 2.0 Level 1-5 Protect your AWS Credentials HIPAA/SOX Compliance Rotate your keys FISMA A&A Moderate Infrastructure Application Secure your application FEDRamp/GSA ATO Security Security How we secure our How can you secure infrastructure your application and what is your Services Security responsibility? What security Enforce IAM policies options and Use MFA, VPC, Leverage S3 features are bucket policies, EC2 Security available to you? groups, EFS in EC2 Etc..
- 9. Corporate data center Availability Zone 1 DirectConnect Location 10G Private Router Subnet Customer VPN Gateway Gateway Corporate Headquarters Internet Public Subnet Gateway Amazon VPC Availability Zone 2 Branch Offices Amazon S3 Amazon SimpleDB Amazon SES Amazon SQS New Enterprise IT AWS Region Network architecture
- 10. VPC is part of the Autodesk internal network Source: Autodesk
- 11. Your Data Center Amazon Web Services iSCSI Amazon SSL EC2 AWS Storage Gateway VM Application On-premises AWS Servers Amazon S3 Host Storage Gateway Service Amazon EBS Direct Attached or Storage Area Network Disks New Enterprise IT Storage architecture
- 12. Enterprise Security Features AWS Identity And Access Management • User management • Policy-based granular access control • Web login to individual users • Manage users and groups using Console Identity Federation • Security Token Service • LDAP/AD Integration Multi-Factor Authentication • Virtual MFA • Physical Device Consolidated Billing Invoicing Android, iOS, Gemalto Windows, Blackberry
- 13. Risk compliance. How is SOX compliance Data durability achieved if in-scope systems are deployed in the cloud provider environment? Distributed Denial Of Service (DDoS) attacks. Service Provider and Customer How does the provider protect their service business continuity. against DDoS attacks? HealthCare compliance. Is it possible to meet Backups. HIPAA/GLBA certification requirements while deployed in the cloud provider environment? Data center tours or Third Party Access. Are Hypervisor vulnerabilities. Has the cloud data center tours by customers allowed by the provider addressed known hypervisor cloud provider? Vulnerability vulnerabilities? E-Discovery. Does the cloud provider meet the management. customer’s needs to meet electronic discovery Privileged procedures and requirements? Actions Scheduled maintenance Data ownership. What are the cloud provider’s rights outages. Does the provider over customer data? specify when systems will Data isolation. Does the cloud provider adequately be brought down for isolate customer data? maintenance?
- 14. AWS Security and Compliance Center (http://aws.amazon.com/security/) Answers to many security & privacy questions • Security whitepaper • Risk and Compliance whitepaper Security bulletins Customer penetration testing Security best practices Compliance FAQ and Guidance
- 15. You own the data, not AWS. You choose which geographic Tip #1 location to store the data. It doesn’t move unless you decide to move it. You should consider the sensitivity of your data and decide if and how Involve your you will encrypt your data while it is Security in transit and while it is at rest. Your IT, Risk, Compliance and Audit Teams early requirements can be met by AWS Reports (SAS 70) and external in the certifications (ISO27001, PCI, FISMA) process You can download or delete your data whenever you like. You can set highly granular permissions to manage access of a user to specific service operations, data, and resources in the cloud for greater security control.
- 16. 4 Key Trends in the Enterprise…. #1 Enterprises are using AWS as a secure extension of their existing datacenters (Leveraging VPC, DX, SGW, IAM)
- 17. Trend #2 The flexibility of the AWS Cloud enables Enterprises to deploy enterprise-grade apps in the cloud
- 18. Enterprise Software in the cloud - BYOL Microsoft Exchange Server, Microsoft SharePoint Server, Microsoft SQL Standard Server, Microsoft SQL Enterprise Server, Microsoft Lync Server, Microsoft System Center servers, and Microsoft Dynamics CRM through License Mobility Software Assurance Oracle fully supports Oracle E-Business Suite, Oracle’s PeopleSoft Enterprise, Oracle’s Siebel CRM, Oracle Fusion Middleware, Oracle Database, and Oracle Linux on the portion of AWS EC2 which uses Oracle VM. IBM DB2, Informix, Lotus® Forms Turbo, WebSphere® Application Server, WebSphere® sMash, WebSphere Portal Server, Lotus® Web Content Management Standard Edition , InfoSphere Information Server, Lotus Domino®, Lotus Web Content Management Standard Edition®, Tivoli Monitoring® SAP® solutions, including SAP® Rapid Deployment solutions and SAP® BusinessObjects™ solutions , All-in-One
- 19. Benefits Infrastructure Procurement Time Reduced from over four to six weeks to minutes. Server Image Build Process that had Amazon Corporate IT previously taken a half day is now automated. Deploys Mission- Annual Infrastructure Costs Cut by Critical Corporate 22 percent when replacing on- Intranet running premise hardware with equivalent cloud resources. SharePoint 2010 to Eliminating Operational Overhead AWS Cloud of server lease returns, freeing up approximately 2 weeks of engineering overhead per year by replacing servers with equivalent cloud resources.
- 20. Mission-Critical Application on AWS Uses Microsoft SQL Server 2008 Microsoft Windows Server R2 Microsoft SharePoint 2010 On Amazon EC2 (in Amazon VPC) and Amazon EBS, DirectConnect Windows BitLocker Windows DPAPI
- 22. Problem Solution Benefits Known availability issues Migrated Microsoft Increased time-to-market in the primary SharePoint production to by reducing server datacenter AWS provisioning time from 5 weeks to 2 days Santa Monica datacenter Deployed SAP ERP dev & ran out of capacity test environments on Reduced operating costs AWS for SAP Dev & Test around Cost and complexity of 50% building a new Ready to move SAP ERP Lessened environmental datacenter were production to AWS demands with power & prohibitive cooling Freed up IT resources that are now focused on solving business problems
- 23. Recovery.gov, Treasury.gov and several others SharePoint migration and consolidation projects with Recovery.gov, Treasury.gov, Army Corp of Engineers, ++ Microsoft License Mobility program to license server applications on AWS Uses SharePoint 2010, SQL Server 2008, ForeFront Infra Cost Comparison ~60-70% savings AWS Cloud Infrastructure Old Infrastructure
- 24. SharePoint Deployment is easy and one-click away using AWS CloudFormation Launches SharePoint Foundation 2010 running on Microsoft Windows Server® 2008 R2 http://aws.amazon.com/cloudformation/aws-cloudformation-templates/
- 25. Public site SharePoint reference architecture on AWS DMZ Private Subnet Private Subnet Private Subnet Private Subnet NAT Web Tier Application Database Tier Active Directory Server Tier RDGW Private Subnet Remote Primary DC/DNS Admin Primary DB IIS & SharePoint Central Admin & Web Front End SharePoint Services Threat Mgmt Gateway Availability Zone 1 ELB Threat Mgmt Gateway Internet Internet Gateway IIS & SharePoint Central Admin & Mirror DB Web Front End SharePoint Services Private Subnet Witness RDGW Backup DC/DNS Application NAT Web Tier Database Tier Active Directory Server Tier DMZ Private Subnet Private Subnet Private Subnet Private Subnet Availability Zone 2 Whitepaper: http://bit.ly/aws-sharepoint AWS Region
- 26. Tip #2: Get Licensing right Oracle All Oracle Software licenses are fully portable to EC2 (ELA, ULA, NUP, BPO) Oracle Cloud Licensing Policy Microsoft All Windows Server Applications are available (EA, ESA, OVA, Open License and Select Plus (with SA Option) For Licensed apps, need appropriate CALs) License Mobility with Software Assurance
- 27. Find and buy software that runs in the AWS cloud
- 28. AWS Marketplace is for customers searching for development and business software from well known vendors including 10gen, CA, Canonical, Check Point, IBM, Microsoft, Perforce, Red Hat, Riverbed, SAP, and Zend. Benefits for Buyers Benefits for Sellers • Find software that runs on the • Reach new customers AWS Cloud • Easily add hourly billing to • Start applications in minutes your software with 1-Click launch • Help customers get running • Pay by the hour for your faster by giving them software and be billed on your software as pre-configured AWS bill server images
- 29. AWS Architecture Center (http://aws.amazon.com/architecture) Whitepapers Amazon.com SharePoint 2010 Deployment Case study Architecture Running High-Availability SQL Server on AWS SharePoint Reference Architecture http://bit.ly/aws-sharepoint Single Sign-on using ADFS: Step-by- Step Guide Securing Microsoft Applications on AWS (New!)
- 30. 4 Key Trends in the Enterprise…. #1 Enterprises are using AWS as a secure extension of their existing datacenters (Leveraging VPC, DX, SGW, IAM) #2 Flexibility: Enterprises are deploying enterprise-grade apps from Microsoft, Oracle, SAP, IBM.. On AWS
- 31. Trend #3 Agility and reduced cost remain the key adoption drivers in the enterprise today
- 32. Agility and Reduced Cost = key enterprise drivers Time to provision a server in an enterprise 350,000 Minutes (7-8 Months) $1000 To rack and stack on-premise Time to provision a server in the cloud <5 Minutes $260 For 3 years (reserved 100% utilized)
- 33. NASA CIO’s decree: “Replace Every Procurement Screen with a Provisioning Screen”
- 34. Bank – Credit-Risk Simulation Application Bankinter brought average time-to- solution down from 23 hours to 20 Bankinter was founded minutes and dramatically reduced in June 1965 as a processing time. Spanish industrial bank “With AWS, we now have the power to through a joint venture decide how fast we want to obtain by Banco de Santander simulation results, and, more and Bank of America importantly, we have the ability to run simulations not possible before due to the large amount of infrastructure required.” – Castillo, Director, Bankinter
- 35. Archive Vaulting solution Business Benefits • Complete elimination of tape from the archival process • Faster recovery speeds • Protects 246 nodes and 40TB daily
- 36. Samsung Powers Smart Hub Service with AWS, Reducing Costs by 85% and Saving $34 Million Use of AWS Business Benefit Samsung uses AWS platform of technology Reliability of AWS cloud has enabled infrastructure services to build Smart Hub Samsung to be highly available to meet application. their SLA targets. Smart Hub application runs on AWS cloud for AWS’ Global Infrastructure Regions users of Smart TV and Blu-ray players to enables Samsung to easily expand their access content of 3rd party providers. services and accelerate time to market across the world. “If we were to use the traditional on-premise datacenter, we would have spent $34 million dollars more in hardware and maintenance expenses during the first two years. With AWS cloud, we met our reliability and performance objectives at a fraction of the cost.” Mr. Chun Kang Principal Engineer, Visual Display Division
- 37. Infra Cost Comparison ~58% savings! AWS Cloud Infrastructure Old Infrastructure Business Benefits • 58% savings over existing infrastructure • Faster network speeds • Improved load times • Already planning future migrations (TicketsWest, corporate production)
- 38. Recommended Configuration for the Cloud Multi-AZ Persist Intelligently; Use Provisioned IOPS Ephemeral, EBS, DynamoD volumes (New!) B or S3 Snapshots vs. Backups Secure your Credentials RDS vs. RDBMS Auto-scaling for Auto- Federated Authorization Recovery Automated Deployments Elastic Network Interfaces Logs -> S3 Elastic Load Balancing (SSL)
- 40. 4 Key Trends in the Enterprise…. #1 Enterprises are using AWS as a secure extension of their existing datacenters (Leveraging VPC, DX, SGW, IAM) #2 Flexibility: Enterprises are deploying enterprise-grade apps from Microsoft, Oracle, SAP, IBM.. On AWS #3 Agility and reduced cost are the key adoption drivers in the enterprise today
- 41. Trend #4 Migrating to the cloud is not all or nothing; Classify your IT assets
- 42. Classifying your IT Assets List all your IT assets Dash board Identify upward and downward dependencies Web CRM Auth Start classifying your IT assets into different categories: • Applications with Top LDAP Service Secret, Secret, or Public data sets DB • Applications with low, medium and Search high compliance requirements OLAP Engine • Applications that are internal- only, partner-only or customer-facing • Applications with low, medium and high coupling ERP Report logs • Applications with strict, relaxed licensing
- 43. Stack rank your IT assets • Search for under-utilized IT assets • Applications that has immediate business need to scale • Applications that are running out of capacity • Easiest to move today • That Builds support within your organization and creates awareness and excitement
- 44. Pick the Low-hanging Fruits First Dash board Examples: • Web Applications • Batch Processing systems Web CRM Auth • Content Management Systems Servic DB LDAP e • Digital Asset Management Search Systems OLAP Engine • Log Processing systems • Collaborative Tools ERP Report logs • Big Data Analytics Platforms
- 45. Move application by application Dash board Web CRM CRM Auth Servic LDAP e DB DB Search OLAP Engine ERP Report logs
- 46. Business Benefit • Open and flexible platform • F500 global energy management allows Schneider to run Java company with operations in more and .NET apps on Windows than 100 countries (110,000 and Linux virtual servers employees) • Started moving Internet and • Increased IT agility by rolling Intranet workloads to AWS in early out new applications faster on 2011 AWS • Runs 15 production applications on AWS
- 48. Should migration to the cloud led by business teams or IT Teams?
- 49. Business Benefits • No minimum commitment up front and pay per use • Operationalizing their cloud brings significant savings strategy • Fast provisioning within • Shell Foundation Platform – an minutes for many IT framework – is AWS approved • Core operational applications applications running in production on AWS • Elasticity – the ability to • Development and test expand and contract IT environments running on AWS infrastructure as needed
- 50. Migrating to the cloud Cloud Benefits Build a New Zero upfront investment Cloud-Ready applications Design On-demand provisioning Cloud Strategy “No-brainer to Instant scalability move” Apps Existing Auto scaling and Applications elasticity Planned Phased Pay as you go Large Enterprise Migration Removes undifferentiated heavy lifting Developer productivity Automation
- 51. Cloud Migration : a Phased-driven Strategy Whitepaper Find it at http://aws.amazon.com/whitepapers
- 52. Tip #4 Examples • Dev/Test applications Identify and • Backup/Archive move the • Self-contained Web Applications Cloud-Ready • Social Media Product Marketing Campaigns Apps quickly • Customer Training Sites • Video Portals (Transcoding and Hosting) • Pre-sales Demo Portal • Software Downloads • Trial Applications
- 53. 4 Key Trends in the Enterprise…. #1 Enterprises are using AWS as a secure extension of their existing datacenters (Leveraging VPC, DX, SGW, IAM) #2 Flexibility: Enterprises are deploying enterprise-grade apps from Microsoft, Oracle, SAP, IBM.. On AWS #3 Agility and reduced cost are the key adoption drivers in the enterprise today #4 Migrating to the cloud is not all or nothing; Classify your IT assets; Its easy and cost-effective
- 54. Tips #1 Involve your security teams early in the process #2 Get licensing right; leverage cloud licensing models #3 Leverage best practices and configure for the cloud #4 Move low-hanging fruits first and gain confidence
- 55. Resources – http://aws.amazon.com/whitepapers #1 Security & Risk and Compliance Whitepaper #2 SharePoint, SQL Server, Microsoft Security, Oracle Whitepapers #3 Operational Checklist Whitepaper #4 Cloud Migration whitepaper
- 56. Thank you! jvaria@amazon.com Twitter: @jinman
Notas do Editor
- Amazon Web Services serves hundreds of thousands of customers in more than 190 countries from startups to Fortune 500s. Ourcusetomers include internet businesses like Netflix and Yelp; media companies like Newsweek and NY times and large enterprises like Shell, Farmer’s insurance and Hitachi.
- You can extend your corporate datacenter to the cloud. Create a private slice of the public cloud and define your own network topology so that your corporate network can breathe in and breathe out. This year, we also released one dedicated
- Security is not optional. We have to built it every single layer right from perimeter to the application. In the cloud, security is a shared responsibility. Infrastructure security is responsibility of the AWS. This year amazon worked really hard and now have achieved all the security certifications. Best of all you get all these security certifications for free. Even if you don’t have credit card workloads, you still get the same secure infrastructure. For Infrastructure security, you can get full SAS 70 audit report on requestFor Services Security, we provide detailed technical documentation on how to use the featuresFor Application Security, we have security bulletins (security center), provide you with security guidance, Premium Support
- This is a screen shot of Amazon VPC Web management console. You can create several different VPC configurations right from point and click interface of VPC. Let’s see how all this works.
- This is how most of the enterprises are leveraging VPC – What I call the new Enterprise IT network architecture – which will be powered by the cloud.
- Autodesk leverages Amazon VPC as extension of their corporate datacenter. VPC is part of their internal network. They had 3 datacenters since 2009, VPC is 4th datacenter. It was so successful within Autodesk that they identified several new business opportunities and products as a result of this integration.
- We understand that you might have 100s of questions around risk and compliance.
- Helping to protect the confidentiality, integrity, and availability of our customers’ systems and data is of the utmost importance to AWS, as is maintaining customer trust and confidence. Control Environment, Control Objectives, Environmental safeguards, Business continuity. Also provide security best practices.
- Security is often a concern expressed when moving to the cloud. Hence it is very important to understand and analyze security of the App-level for example, understand what is your threats and what is the likelihoods of those threats and how can those be avoided using the variety of security features, options and services that AWS provides. Understand that you own the data not AWS. Understand for your regulatory requirements, you choose the geo location and we will not move the data unless you tell us to do so. Understand that there different options based on your sensitivity of your data you can choose the encrypt/decrypt your datasets. You can download back or delete the data whenever you like. And you can give highly granular permissions and sophisticated control to yourThere is a separate talk on security and security best practices but the actionable conclusion or big take away from this slide is We have often found that security discussion is typically ends when the company has awareness of Security (features, services, options) and it often comes down getting people on the same page when it comes to security – Hence we advise you to involve your security teams early in the processAndy’s Security IT team was involved early on. Andy knew that there solutions exists and that his teams needs to be aware of the different options.
- We understand that in order to run Enterprise applications you need enterprise grade software. Today, you can really choose a range of enterprise software to run on AWS. All this software is certified and supported by the vendors themselves and bring your own license (BYOL). This is one of the core differentiators of AWS that you can move packaged applications to the cloud or when moving to the newer versions of these applications, instead of upgrading the software on-premises, they move to the cloud and do a diagonal upgrade.
- We build services not just for our customers but ourselves. We use them because we believe in them. One project I am really proud of is How Amazon moved its corporate intranet that stores highly sensitive data. In this project, we made sure Amazon is transparent…….At the end of the project, we not only …..
- The beauty about this deployment project was that it used variety of 3p packaged software on VPC.
- Flexibility – we support licensing models for a wide variety of software. Oracle ULR for Oracle licensing information on the cloud
- TaxFinanceLegalAWS FraudAWS Data ServicesAWS Identity ServicesAWS AuthBusiness Development / ISV PartnersCS / Developer SupportEC2EBS BillingKAOSSecurityMarketingDev Resources / Portal
- Bankinter uses Amazon Web Services (AWS) as an integral part of their credit-risk simulation application, developing complex algorithms to simulate diverse scenarios in order to evaluate the financial health of their clients. Bank at least 400,000 simulations to get realistic results.Through the use of AWS, Bankinter brought average time-to-solution down from 23 hours to 20 minutes and dramatically reduced processing, with the ability to reduce even further when required.
- Working with AWS solutions provider 2nd Watch to create hyper-local web and mobile platforms for travelersMigrating from co-location facility with limited flexibility, inadequate performance, and high operating expensesUtilizing Amazon EC2 with Elastic Load Balancing, Amazon S3, Amazon VPC, and Amazon CloudFront.
- Member of the Capgemini group, a top global strategic partner since 91, Oracle Diamond Partner, end-to-end services for Oracle on AWShttp://www.us.sogeti.com/what-we-do/alliances-oracle.html
- The first step in the migration of existing applications comes to classifying your IT assets. Some customers have looked at their IT departments from 50K view and have created dependency tree of their logical constructs. Listing all your IT assets and identifying the upward and downward dependencies. Within every organization there are variety of applications of different sizes and shapes and with different set of characteristics. Thinking that if one application cannot move, does not mean all applications cannot move. Breaking down the big job, into small tasks and tackling each task individually will get the big job done. So he classified the IT Asset portfolio into different categories – Top secret, secret, public datasets, Application with high low medium compliance requirements, Applications different security and licensing requirements.
- Stack ranking your assets and prioritizing the applications based on simple criteria you defined earlier. Andy noticed very quickly that there were several applications which are “No Brainer to Move” and can be moved today and will result in immediate benefits of the cloud. At the same time, He also did not just select some applications that were just easy to move but also that were complex and can be used as a internal success story within the companyYou will notice that some applications are just plain drop dead cool if they moved to the cloud like your content, tutorial websites, pre-sales demo environments.
- After listing them, he started to stack rank this IT assets based on the analysis. The applications that would take time to move to the cloud are NOT off the list they are just lower down the list. And the applications that are low hanging fruits are up the list. Pick the low hanging fruits first, gain some experience and then tackle the other applications. For example web applications or content management systems etc are all easy to move and can be forklifted to the cloud.
- Schneider Electric is an international energy management specialist operating in more than 100 countries. The company has over 110,000 employees For its Intranet-based applications, Schneider Electric is using Amazon Virtual Private Cloud (Amazon VPC) in combination with the Riverbed Cloud Steelhead service. Riverbed Cloud Steelhead accelerates data traffic between the company’s existing wide-area network and its Amazon VPC. Since the migrated applications are Java and .NET-based legacy systems, the Schneider Electric IT team established the applications within the Amazon VPC using the necessary Windows and Linux operating systems.
- Shell started provisioning AWS services in April 2010 The Shell Foundation Platform – an IT framework – is AWS approvedThat means that the Center of Excellence has a pre-approved framework that allows LOBs to deploy cloud-approved applications onto AWSThe Shell Foundation Platform is a framework used by all new projects utilizing on-demand cloud services. The SFP is certified to run on AWS. Compliant applications built on the SFP are able to be run in production on AWS.
- There are severalapproaches to building a cloud strategy. We’ve seen customers from all size companies, from all industries get started with AWS in different waysBuilding a cloud strategy really depends on the companies needs. As a CIO or a manager reporting to the CIO, we recommend that you have a 2 part strategy for your Enterprise to get started in the cloud. For new applications, build and design new architectures with the cloud in mind. We have seen several customers like New York times who were quickly able to leverage some of cloud architecture patterns of implementing elasticity from ground up, loosely coupling etc. in other words, build a cloud-ready design from scratch.Just like greenfield applications can benefit from the cloud, existing application can too benefit from the cloud. For existing applications, we recommend building a migration plan, and transitioning application by application. This enables organizations to gain experience with the cloud as they begin to transition larger chunks of their infrastructure. When building this plan, you will notice that there are number of apps that are simply no-brainer to move to the cloud and can be moved very easily today. And other apps, they take methodical phased plan approach.This strategy has worked for several of our customers. Whether you are startup or an SMB or Large enterprise or an SI helping the customer, the strategy does not really need to change. We have noticed that when customers have followed the step by step phased planned approach - (some of which I will discuss in this presentation) and have invested time and resources towards building proof of concept projects, they clearly see the tremendous potential of AWS, and are able to leverage its strengths very quickly. And want to move other apps as well.
- The Blueprint offers a step by step approach to cloud migration and has been proven successful. When customers will follow this blueprint and focus on creating a proof of concept, they will immediately see value in their proof of concept projects and see tremendous potential in the AWS cloud. After they move their first application to the cloud, they will get new ideas and will want to move them into the cloud.
- Applications that are very interesting, easy to experiment with, simple sel