4. Why are Enterprises using AWS?
Enterprise Features Security and Compliance The Cloud API
Standard
Global Footprint Operational Rate of
and Expansion Excellence Innovation
6. Cloud as an extension of their existing data centers
10G
DirectConnect
Amazon
Corporate Location
Virtual Private
Data Center Cloud
7. In the Cloud, Security is a Shared Responsibility
SAS 70 Type II Audit
Encrypt data in transit
ISO 27001/2 Certification
Encrypt data at rest
PCI DSS 2.0 Level 1-5
Protect your AWS Credentials
HIPAA/SOX Compliance
Rotate your keys
FISMA A&A Moderate Infrastructure Application Secure your application
FEDRamp/GSA ATO Security Security
How we secure our How can you secure
infrastructure your application and
what is your
Services Security responsibility?
What security
Enforce IAM policies
options and Use MFA, VPC, Leverage S3
features are bucket policies, EC2 Security
available to you? groups, EFS in EC2 Etc..
8.
9. Corporate
data center
Availability Zone 1
DirectConnect
Location
10G
Private
Router Subnet
Customer VPN Gateway
Gateway
Corporate
Headquarters
Internet Public Subnet
Gateway
Amazon VPC
Availability Zone 2
Branch Offices
Amazon S3 Amazon SimpleDB Amazon SES Amazon SQS
New Enterprise IT AWS Region
Network architecture
10. VPC is part of the Autodesk internal network
Source: Autodesk
11. Your Data Center Amazon Web Services
iSCSI Amazon
SSL
EC2
AWS Storage
Gateway VM
Application On-premises AWS
Servers Amazon S3
Host Storage
Gateway
Service
Amazon
EBS
Direct Attached or
Storage Area Network Disks
New Enterprise IT
Storage architecture
12. Enterprise Security Features
AWS Identity And Access Management
• User management
• Policy-based granular access control
• Web login to individual users
• Manage users and groups using Console
Identity Federation
• Security Token Service
• LDAP/AD Integration
Multi-Factor Authentication
• Virtual MFA
• Physical Device
Consolidated Billing
Invoicing
Android, iOS,
Gemalto
Windows, Blackberry
13. Risk compliance. How is SOX compliance Data durability
achieved if in-scope systems are deployed in
the cloud provider environment?
Distributed Denial Of Service (DDoS) attacks.
Service Provider and Customer
How does the provider protect their service
business continuity.
against DDoS attacks?
HealthCare compliance. Is it possible to meet Backups.
HIPAA/GLBA certification requirements while deployed in
the cloud provider environment?
Data center tours or Third Party Access. Are
Hypervisor vulnerabilities. Has the cloud data center tours by customers allowed by the
provider addressed known hypervisor cloud provider?
Vulnerability
vulnerabilities?
E-Discovery. Does the cloud provider meet the management.
customer’s needs to meet electronic discovery Privileged
procedures and requirements? Actions
Scheduled maintenance Data ownership. What are the cloud provider’s rights
outages. Does the provider over customer data?
specify when systems will Data isolation. Does the cloud provider adequately
be brought down for isolate customer data?
maintenance?
14. AWS Security and Compliance Center
(http://aws.amazon.com/security/)
Answers to many security &
privacy questions
• Security whitepaper
• Risk and Compliance whitepaper
Security bulletins
Customer penetration testing
Security best practices
Compliance FAQ and Guidance
15. You own the data, not AWS.
You choose which geographic
Tip #1 location to store the data. It doesn’t
move unless you decide to move it.
You should consider the sensitivity
of your data and decide if and how
Involve your you will encrypt your data while it is
Security in transit and while it is at rest.
Your IT, Risk, Compliance and Audit
Teams early requirements can be met by AWS
Reports (SAS 70) and external
in the certifications (ISO27001, PCI, FISMA)
process You can download or delete your
data whenever you like.
You can set highly granular
permissions to manage access of a
user to specific service operations,
data, and resources in the cloud for
greater security control.
16. 4 Key Trends in the Enterprise….
#1 Enterprises are using AWS as a secure extension of their
existing datacenters (Leveraging VPC, DX, SGW, IAM)
17. Trend #2
The flexibility of the AWS Cloud
enables Enterprises to deploy
enterprise-grade apps
in the cloud
18. Enterprise Software in the cloud - BYOL
Microsoft Exchange Server, Microsoft SharePoint Server, Microsoft
SQL Standard Server, Microsoft SQL Enterprise Server, Microsoft
Lync Server, Microsoft System Center servers, and Microsoft
Dynamics CRM through License Mobility Software Assurance
Oracle fully supports Oracle E-Business Suite, Oracle’s PeopleSoft
Enterprise, Oracle’s Siebel CRM, Oracle Fusion Middleware, Oracle
Database, and Oracle Linux on the portion of AWS EC2 which uses
Oracle VM.
IBM DB2, Informix, Lotus® Forms Turbo, WebSphere® Application
Server, WebSphere® sMash, WebSphere Portal Server, Lotus® Web
Content Management Standard Edition , InfoSphere Information
Server, Lotus Domino®, Lotus Web Content Management Standard
Edition®, Tivoli Monitoring®
SAP® solutions, including SAP® Rapid Deployment solutions and
SAP® BusinessObjects™ solutions , All-in-One
19. Benefits
Infrastructure Procurement Time
Reduced from over four to six
weeks to minutes.
Server Image Build Process that had
Amazon Corporate IT previously taken a half day is now
automated.
Deploys Mission- Annual Infrastructure Costs Cut by
Critical Corporate 22 percent when replacing on-
Intranet running premise hardware with equivalent
cloud resources.
SharePoint 2010 to
Eliminating Operational Overhead
AWS Cloud of server lease returns, freeing up
approximately 2 weeks of
engineering overhead per year by
replacing servers with equivalent
cloud resources.
20. Mission-Critical Application on AWS
Uses
Microsoft SQL Server
2008
Microsoft Windows
Server R2
Microsoft SharePoint
2010
On Amazon EC2 (in
Amazon VPC) and
Amazon EBS,
DirectConnect
Windows BitLocker
Windows DPAPI
21.
22. Problem Solution Benefits
Known availability issues Migrated Microsoft Increased time-to-market
in the primary SharePoint production to by reducing server
datacenter AWS provisioning time from 5
weeks to 2 days
Santa Monica datacenter Deployed SAP ERP dev &
ran out of capacity test environments on Reduced operating costs
AWS for SAP Dev & Test around
Cost and complexity of 50%
building a new Ready to move SAP ERP
Lessened environmental
datacenter were production to AWS
demands with power &
prohibitive
cooling
Freed up IT resources that
are now focused on
solving business problems
23. Recovery.gov, Treasury.gov and several others
SharePoint migration and consolidation projects with
Recovery.gov, Treasury.gov, Army Corp of Engineers, ++
Microsoft License Mobility program to license server
applications on AWS
Uses SharePoint 2010, SQL Server 2008, ForeFront
Infra Cost Comparison
~60-70% savings
AWS Cloud
Infrastructure
Old Infrastructure
24. SharePoint Deployment is easy and one-click
away using AWS CloudFormation
Launches SharePoint Foundation 2010 running
on Microsoft Windows Server® 2008 R2
http://aws.amazon.com/cloudformation/aws-cloudformation-templates/
25. Public site SharePoint reference architecture on AWS
DMZ Private Subnet Private Subnet Private Subnet Private Subnet
NAT Web Tier Application Database Tier Active Directory
Server Tier
RDGW
Private Subnet
Remote
Primary DC/DNS
Admin Primary DB
IIS & SharePoint Central Admin &
Web Front End SharePoint Services
Threat Mgmt Gateway
Availability Zone 1
ELB Threat Mgmt Gateway
Internet
Internet
Gateway
IIS & SharePoint Central Admin & Mirror DB
Web Front End SharePoint Services
Private Subnet
Witness
RDGW
Backup DC/DNS
Application
NAT Web Tier Database Tier Active Directory
Server Tier
DMZ Private Subnet Private Subnet Private Subnet Private Subnet
Availability Zone 2
Whitepaper: http://bit.ly/aws-sharepoint
AWS Region
26. Tip #2: Get Licensing right
Oracle
All Oracle Software licenses are fully
portable to EC2 (ELA, ULA, NUP, BPO)
Oracle Cloud Licensing Policy
Microsoft
All Windows Server Applications are
available (EA, ESA, OVA, Open License and
Select Plus (with SA Option) For Licensed
apps, need appropriate CALs)
License Mobility with Software Assurance
27. Find and buy software
that runs in the AWS cloud
28. AWS Marketplace is for customers searching for development and business
software from well known vendors including 10gen, CA, Canonical, Check Point,
IBM, Microsoft, Perforce, Red Hat, Riverbed, SAP, and Zend.
Benefits for Buyers Benefits for Sellers
• Find software that runs on the • Reach new customers
AWS Cloud • Easily add hourly billing to
• Start applications in minutes your software
with 1-Click launch • Help customers get running
• Pay by the hour for your faster by giving them
software and be billed on your software as pre-configured
AWS bill server images
29. AWS Architecture Center
(http://aws.amazon.com/architecture)
Whitepapers
Amazon.com SharePoint 2010
Deployment Case study Architecture
Running High-Availability SQL Server
on AWS
SharePoint Reference Architecture
http://bit.ly/aws-sharepoint
Single Sign-on using ADFS: Step-by-
Step Guide
Securing Microsoft Applications on
AWS (New!)
30. 4 Key Trends in the Enterprise….
#1 Enterprises are using AWS as a secure extension of their
existing datacenters (Leveraging VPC, DX, SGW, IAM)
#2 Flexibility: Enterprises are deploying enterprise-grade apps
from Microsoft, Oracle, SAP, IBM.. On AWS
31. Trend #3
Agility and reduced cost
remain the key adoption drivers
in the enterprise today
32. Agility and Reduced Cost = key enterprise drivers
Time to provision a server in an enterprise
350,000 Minutes (7-8 Months)
$1000 To rack and stack on-premise
Time to provision a server in the cloud
<5 Minutes
$260 For 3 years (reserved 100% utilized)
33. NASA CIO’s decree: “Replace Every
Procurement Screen with a Provisioning
Screen”
34. Bank – Credit-Risk Simulation Application
Bankinter brought average time-to-
solution down from 23 hours to 20
Bankinter was founded minutes and dramatically reduced
in June 1965 as a processing time.
Spanish industrial bank “With AWS, we now have the power to
through a joint venture decide how fast we want to obtain
by Banco de Santander simulation results, and, more
and Bank of America importantly, we have the ability to run
simulations not possible before due to the
large amount of infrastructure required.” –
Castillo, Director, Bankinter
35. Archive Vaulting solution
Business Benefits
• Complete elimination of tape from the
archival process
• Faster recovery speeds
• Protects 246 nodes and 40TB daily
36. Samsung Powers Smart Hub Service with
AWS, Reducing Costs by 85% and Saving $34 Million
Use of AWS Business Benefit
Samsung uses AWS platform of technology Reliability of AWS cloud has enabled
infrastructure services to build Smart Hub Samsung to be highly available to meet
application. their SLA targets.
Smart Hub application runs on AWS cloud for AWS’ Global Infrastructure Regions
users of Smart TV and Blu-ray players to enables Samsung to easily expand their
access content of 3rd party providers. services and accelerate time to market
across the world.
“If we were to use the traditional on-premise datacenter, we would have spent
$34 million dollars more in hardware and maintenance expenses during the first
two years. With AWS cloud, we met our reliability and performance objectives at
a fraction of the cost.”
Mr. Chun Kang
Principal Engineer, Visual Display Division
37. Infra Cost Comparison
~58% savings!
AWS Cloud
Infrastructure
Old Infrastructure
Business Benefits
• 58% savings over existing infrastructure
• Faster network speeds
• Improved load times
• Already planning future migrations
(TicketsWest, corporate production)
38. Recommended Configuration for the Cloud
Multi-AZ Persist Intelligently;
Use Provisioned IOPS Ephemeral, EBS, DynamoD
volumes (New!) B or S3
Snapshots vs. Backups Secure your Credentials
RDS vs. RDBMS Auto-scaling for Auto-
Federated Authorization Recovery
Automated Deployments Elastic Network Interfaces
Logs -> S3 Elastic Load Balancing
(SSL)
40. 4 Key Trends in the Enterprise….
#1 Enterprises are using AWS as a secure extension of their
existing datacenters (Leveraging VPC, DX, SGW, IAM)
#2 Flexibility: Enterprises are deploying enterprise-grade apps
from Microsoft, Oracle, SAP, IBM.. On AWS
#3 Agility and reduced cost are the key adoption drivers in the
enterprise today
42. Classifying your IT Assets
List all your IT assets
Dash
board
Identify upward and downward
dependencies
Web CRM Auth Start classifying your IT assets
into different categories:
• Applications with Top
LDAP Service Secret, Secret, or Public data sets
DB
• Applications with low, medium and
Search high compliance requirements
OLAP Engine • Applications that are internal-
only, partner-only or customer-facing
• Applications with low, medium and
high coupling
ERP Report logs
• Applications with strict, relaxed
licensing
43. Stack rank your IT assets
• Search for under-utilized IT
assets
• Applications that has
immediate business need to
scale
• Applications that are running
out of capacity
• Easiest to move today
• That Builds support within
your organization and
creates awareness and
excitement
44. Pick the Low-hanging Fruits First
Dash
board
Examples:
• Web Applications
• Batch Processing systems
Web CRM Auth
• Content Management
Systems
Servic
DB
LDAP
e
• Digital Asset Management
Search Systems
OLAP Engine • Log Processing systems
• Collaborative Tools
ERP Report logs
• Big Data Analytics Platforms
45. Move application by application
Dash
board
Web CRM
CRM Auth
Servic
LDAP
e
DB
DB
Search
OLAP Engine
ERP Report logs
46. Business Benefit
• Open and flexible platform
• F500 global energy management allows Schneider to run Java
company with operations in more
and .NET apps on Windows
than 100 countries (110,000
and Linux virtual servers
employees)
• Started moving Internet and • Increased IT agility by rolling
Intranet workloads to AWS in early out new applications faster on
2011 AWS
• Runs 15 production applications
on AWS
49. Business Benefits
• No minimum commitment
up front and pay per use
• Operationalizing their cloud brings significant savings
strategy
• Fast provisioning within
• Shell Foundation Platform – an
minutes for many
IT framework – is AWS approved
• Core operational applications applications
running in production on AWS • Elasticity – the ability to
• Development and test expand and contract IT
environments running on AWS
infrastructure as needed
50. Migrating to the cloud
Cloud
Benefits
Build a
New Zero upfront investment
Cloud-Ready
applications
Design
On-demand provisioning
Cloud
Strategy “No-brainer to Instant scalability
move” Apps
Existing Auto scaling and
Applications elasticity
Planned
Phased Pay as you go
Large Enterprise Migration
Removes undifferentiated
heavy lifting
Developer productivity
Automation
51. Cloud Migration : a Phased-driven Strategy Whitepaper
Find it at http://aws.amazon.com/whitepapers
52. Tip #4
Examples
• Dev/Test applications
Identify and • Backup/Archive
move the • Self-contained Web Applications
Cloud-Ready • Social Media Product Marketing
Campaigns
Apps quickly • Customer Training Sites
• Video Portals (Transcoding and
Hosting)
• Pre-sales Demo Portal
• Software Downloads
• Trial Applications
53. 4 Key Trends in the Enterprise….
#1 Enterprises are using AWS as a secure extension of their
existing datacenters (Leveraging VPC, DX, SGW, IAM)
#2 Flexibility: Enterprises are deploying enterprise-grade apps
from Microsoft, Oracle, SAP, IBM.. On AWS
#3 Agility and reduced cost are the key adoption drivers in the
enterprise today
#4 Migrating to the cloud is not all or nothing; Classify your IT
assets; Its easy and cost-effective
54. Tips
#1 Involve your security teams early in the process
#2 Get licensing right; leverage cloud licensing models
#3 Leverage best practices and configure for the cloud
#4 Move low-hanging fruits first and gain confidence
Amazon Web Services serves hundreds of thousands of customers in more than 190 countries from startups to Fortune 500s. Ourcusetomers include internet businesses like Netflix and Yelp; media companies like Newsweek and NY times and large enterprises like Shell, Farmer’s insurance and Hitachi.
You can extend your corporate datacenter to the cloud. Create a private slice of the public cloud and define your own network topology so that your corporate network can breathe in and breathe out. This year, we also released one dedicated
Security is not optional. We have to built it every single layer right from perimeter to the application. In the cloud, security is a shared responsibility. Infrastructure security is responsibility of the AWS. This year amazon worked really hard and now have achieved all the security certifications. Best of all you get all these security certifications for free. Even if you don’t have credit card workloads, you still get the same secure infrastructure. For Infrastructure security, you can get full SAS 70 audit report on requestFor Services Security, we provide detailed technical documentation on how to use the featuresFor Application Security, we have security bulletins (security center), provide you with security guidance, Premium Support
This is a screen shot of Amazon VPC Web management console. You can create several different VPC configurations right from point and click interface of VPC. Let’s see how all this works.
This is how most of the enterprises are leveraging VPC – What I call the new Enterprise IT network architecture – which will be powered by the cloud.
Autodesk leverages Amazon VPC as extension of their corporate datacenter. VPC is part of their internal network. They had 3 datacenters since 2009, VPC is 4th datacenter. It was so successful within Autodesk that they identified several new business opportunities and products as a result of this integration.
We understand that you might have 100s of questions around risk and compliance.
Helping to protect the confidentiality, integrity, and availability of our customers’ systems and data is of the utmost importance to AWS, as is maintaining customer trust and confidence. Control Environment, Control Objectives, Environmental safeguards, Business continuity. Also provide security best practices.
Security is often a concern expressed when moving to the cloud. Hence it is very important to understand and analyze security of the App-level for example, understand what is your threats and what is the likelihoods of those threats and how can those be avoided using the variety of security features, options and services that AWS provides. Understand that you own the data not AWS. Understand for your regulatory requirements, you choose the geo location and we will not move the data unless you tell us to do so. Understand that there different options based on your sensitivity of your data you can choose the encrypt/decrypt your datasets. You can download back or delete the data whenever you like. And you can give highly granular permissions and sophisticated control to yourThere is a separate talk on security and security best practices but the actionable conclusion or big take away from this slide is We have often found that security discussion is typically ends when the company has awareness of Security (features, services, options) and it often comes down getting people on the same page when it comes to security – Hence we advise you to involve your security teams early in the processAndy’s Security IT team was involved early on. Andy knew that there solutions exists and that his teams needs to be aware of the different options.
We understand that in order to run Enterprise applications you need enterprise grade software. Today, you can really choose a range of enterprise software to run on AWS. All this software is certified and supported by the vendors themselves and bring your own license (BYOL). This is one of the core differentiators of AWS that you can move packaged applications to the cloud or when moving to the newer versions of these applications, instead of upgrading the software on-premises, they move to the cloud and do a diagonal upgrade.
We build services not just for our customers but ourselves. We use them because we believe in them. One project I am really proud of is How Amazon moved its corporate intranet that stores highly sensitive data. In this project, we made sure Amazon is transparent…….At the end of the project, we not only …..
The beauty about this deployment project was that it used variety of 3p packaged software on VPC.
Flexibility – we support licensing models for a wide variety of software. Oracle ULR for Oracle licensing information on the cloud
TaxFinanceLegalAWS FraudAWS Data ServicesAWS Identity ServicesAWS AuthBusiness Development / ISV PartnersCS / Developer SupportEC2EBS BillingKAOSSecurityMarketingDev Resources / Portal
Bankinter uses Amazon Web Services (AWS) as an integral part of their credit-risk simulation application, developing complex algorithms to simulate diverse scenarios in order to evaluate the financial health of their clients. Bank at least 400,000 simulations to get realistic results.Through the use of AWS, Bankinter brought average time-to-solution down from 23 hours to 20 minutes and dramatically reduced processing, with the ability to reduce even further when required.
Working with AWS solutions provider 2nd Watch to create hyper-local web and mobile platforms for travelersMigrating from co-location facility with limited flexibility, inadequate performance, and high operating expensesUtilizing Amazon EC2 with Elastic Load Balancing, Amazon S3, Amazon VPC, and Amazon CloudFront.
Member of the Capgemini group, a top global strategic partner since 91, Oracle Diamond Partner, end-to-end services for Oracle on AWShttp://www.us.sogeti.com/what-we-do/alliances-oracle.html
The first step in the migration of existing applications comes to classifying your IT assets. Some customers have looked at their IT departments from 50K view and have created dependency tree of their logical constructs. Listing all your IT assets and identifying the upward and downward dependencies. Within every organization there are variety of applications of different sizes and shapes and with different set of characteristics. Thinking that if one application cannot move, does not mean all applications cannot move. Breaking down the big job, into small tasks and tackling each task individually will get the big job done. So he classified the IT Asset portfolio into different categories – Top secret, secret, public datasets, Application with high low medium compliance requirements, Applications different security and licensing requirements.
Stack ranking your assets and prioritizing the applications based on simple criteria you defined earlier. Andy noticed very quickly that there were several applications which are “No Brainer to Move” and can be moved today and will result in immediate benefits of the cloud. At the same time, He also did not just select some applications that were just easy to move but also that were complex and can be used as a internal success story within the companyYou will notice that some applications are just plain drop dead cool if they moved to the cloud like your content, tutorial websites, pre-sales demo environments.
After listing them, he started to stack rank this IT assets based on the analysis. The applications that would take time to move to the cloud are NOT off the list they are just lower down the list. And the applications that are low hanging fruits are up the list. Pick the low hanging fruits first, gain some experience and then tackle the other applications. For example web applications or content management systems etc are all easy to move and can be forklifted to the cloud.
Schneider Electric is an international energy management specialist operating in more than 100 countries. The company has over 110,000 employees For its Intranet-based applications, Schneider Electric is using Amazon Virtual Private Cloud (Amazon VPC) in combination with the Riverbed Cloud Steelhead service. Riverbed Cloud Steelhead accelerates data traffic between the company’s existing wide-area network and its Amazon VPC. Since the migrated applications are Java and .NET-based legacy systems, the Schneider Electric IT team established the applications within the Amazon VPC using the necessary Windows and Linux operating systems.
Shell started provisioning AWS services in April 2010 The Shell Foundation Platform – an IT framework – is AWS approvedThat means that the Center of Excellence has a pre-approved framework that allows LOBs to deploy cloud-approved applications onto AWSThe Shell Foundation Platform is a framework used by all new projects utilizing on-demand cloud services. The SFP is certified to run on AWS. Compliant applications built on the SFP are able to be run in production on AWS.
There are severalapproaches to building a cloud strategy. We’ve seen customers from all size companies, from all industries get started with AWS in different waysBuilding a cloud strategy really depends on the companies needs. As a CIO or a manager reporting to the CIO, we recommend that you have a 2 part strategy for your Enterprise to get started in the cloud. For new applications, build and design new architectures with the cloud in mind. We have seen several customers like New York times who were quickly able to leverage some of cloud architecture patterns of implementing elasticity from ground up, loosely coupling etc. in other words, build a cloud-ready design from scratch.Just like greenfield applications can benefit from the cloud, existing application can too benefit from the cloud. For existing applications, we recommend building a migration plan, and transitioning application by application. This enables organizations to gain experience with the cloud as they begin to transition larger chunks of their infrastructure. When building this plan, you will notice that there are number of apps that are simply no-brainer to move to the cloud and can be moved very easily today. And other apps, they take methodical phased plan approach.This strategy has worked for several of our customers. Whether you are startup or an SMB or Large enterprise or an SI helping the customer, the strategy does not really need to change. We have noticed that when customers have followed the step by step phased planned approach - (some of which I will discuss in this presentation) and have invested time and resources towards building proof of concept projects, they clearly see the tremendous potential of AWS, and are able to leverage its strengths very quickly. And want to move other apps as well.
The Blueprint offers a step by step approach to cloud migration and has been proven successful. When customers will follow this blueprint and focus on creating a proof of concept, they will immediately see value in their proof of concept projects and see tremendous potential in the AWS cloud. After they move their first application to the cloud, they will get new ideas and will want to move them into the cloud.
Applications that are very interesting, easy to experiment with, simple sel