Hear how customers adopt AWS Cloud at scale. This session will be presented by Jonathan Allen – AWS Enterprise Strategist and Evangelist. Sharing some of his personal experience as the previous CTO of Capital One and his lessons learned moving to cloud and from working with many customers across the paradigms of People, Process and Technology and leveraging first-hand knowledge of the AWS Cloud Adoption Framework and Mass Migration best practice.
Speaker: John Allen, Enterprise Strategist, AWS
6. 16 Regions – 44 Availability Zones – 87 Edge Locations
Region & Number of Availability Zones
US East
N. Virginia (6), Ohio
(3)
US West
N. California (3),
Oregon (3)
Asia Pacific
Mumbai (2), Seoul
(2), Singapore (2),
Sydney (3), Tokyo (3)
Canada
Central (2)
China
Beijing (2)
Europe
Frankfurt (3), Ireland
(3), London (2)
South America
Sao Paulo (3)
AWS GovCloud (US-
West) (2)
New Regions (coming soon)
China, France, Hong Kong,
Sweden, AWS GovCloud
(US-East), Bahrain
AWS Global Infrastructure
8. Shared responsibility model
CUSTOMER DATA
PLATFORM, APPLICATIONS, IDENTITY & ACCESS
MANAGEMENT
OPERATING SYSTEM, NETWORK & FIREWALL CONFIGURATION
CLIENT-SIDE DATA
ENCRYPTION & DATA
INTEGRITY AUTHENTICATION
SERVER-SIDE ENCRYPTION
(FILE SYSTEM AND/OR DATA)
NETWORK TRAFFIC
PROTECTION
(ENCRYPTION, INTEGRITY
AND/OR IDENTITY)
NETWORKINGDATABASECOMPUTE STORAGE
REGIONS
AVAILABILITY ZONES
EDGE
LOCATIONS
AWS GLOBAL
INFRASTRUCTURE
CUSTOMERCOMPUTE
RESPONSIBLE
FOR SECURITY
”IN” THE CLOUD
RESPONSIBLE
FOR SECURITY
”OF” THE
CLOUD
9. Virtual Private Cloud
Isolated cloud resources
Web Application
Firewall
Filter Malicious Web
Traffic
Shield
DDoS protection
Certificate Manager
Provision, manage, and
deploy SSL/TSL
certificates
Networking
Key Management
Service
Manage creation and
control of encryption keys
CloudHSM
Hardware-based key
storage
Server-Side
Encryption
Flexible data encryption
options
Encryption
IAM
Manage user access and
encryption keys
SAML Federation
SAML 2.0 support to
allow on-prem identity
integration
Directory Service
Host and manage
Microsoft Active Directory
Organizations
Manage settings for
multiple accounts
Identity &
Management
Service Catalog
Create and use
standardized products
Config
Track resource inventory
and changes
CloudTrail
Track user activity and
API usage
CloudWatch
Monitor resources and
applications
Inspector
Analyze application
security
Compliance
Access a deep set of cloud security tools
Macie
Discover, Classify &
Protect data
10. Certifications /
Attestations
C5 [Germany], Cyber Essentials Plus [UK], DoD SRG, FedRAMP, FIPS, IRAP [Australia],
ISO 27001, ISO 27017, ISO 27018, ISO 9001, MLPS Level 3 [China],
MTCS Tier 3 [Singapore], PCI DSS Level 1, SEC Rule 17a-4(f), SOC 1, SOC 2, SOC 3
Laws,
Regulations,
and Privacy
DNB [Netherlands], DPA – 1998 [U.K.], EAR, EU Data Protection Directive,
EU Model Clauses, FERPA, Gramm-Leach-Bliley Act (GLBA), HIPAA, HITECH, IRS 1075,
ITAR, My Number Act [Japan], PDPA – 2010 [Malaysia], PDPA – 2012 [Singapore],
PIPEDA [Canada], Privacy Act [Australia], Privacy Act [New Zealand],
Spanish DPA Authorization, VPAT / Section 508
Alignments and
Frameworks
CIS, CJIS, CLIA, CMS Edge, CMSR, CSA, EU-US Privacy Shield, FISC [Japan], FISMA,
G-Cloud [U.K.], GxP (FDA CFR 21 Part 11), ICREA, IT Grundschutz [Germany], MITA 3.0,
MPAA, NIST, PHR, UK Cloud Security Principles, Uptime Institute Tiers
More assurance programs than anyone else
18. The Challenge For AI: Scale
Tons of GPUs and CPUs
Serverless
Tons of GPUs
Elastic capacity
Pre-built images
IoT and mobile
deployment
Mobile optimization
IoT device optimization
PBs of existing
migrated data and
newly created data
Data Training Inference At the Edge
19. Application Developers
Amazon Rekognition
Amazon Machine Learning
Amazon Polly
Amazon Lex
Natural Language Understanding (NLU)
& Automatic Speech Recognition (ASR)
Image Recognition & Analysis
Text-to-Speech
Managed Machine Learning
AWS Deep Learning AMI
Use and scale deep learning
frameworks quickly and easily
Data Scientists & Researchers
Artificial Intelligence fully integrated in AWS
21. AWS Pace Of Innovation: New Capabilities Daily
22. " Invention requires two
things: the ability to try a
lot of experiments, and
not having to live with
the collateral damage of
failed experiments "
Andy Jassy
CEO, Amazon Web Services
24. r
Products & Services
CTO/VP Applications
Digital Products, Brand
Websites, Mobile
Applications, Point of Sale
Systems, Commerce
E-mail, Productivity,
Collaboration, HR,
Finance, ERP
Back Office Systems
CIO/VP Corp Systems
Desktop Support, Device
Management, Telephony,
IT Support
End User Computing
VP IT Support
Encryption, Key Management, Identity
Management, Firewalls, IDS, DDoS
Information Security
CISO
Traditional Enterprise IT
25. r
Products & Services
CTO/VP Applications
Digital Products, Brand
Websites, Mobile
Applications, Point of Sale
Systems, Commerce
E-mail, Productivity,
Collaboration, HR,
Finance, ERP
Back Office Systems
CIO/VP Corp Systems
Desktop Support, Device
Management, Telephony,
IT Support
End User Computing
VP IT Support
Encryption, Key Management, Identity
Management, Firewalls, IDS, DDoS
Information Security
CISO
Traditional Enterprise IT
Infrastructure/Delivery
VP Infrastructure
26. r
Products & Services
CTO/VP Applications
Digital Products, Brand
Websites, Mobile
Applications, Point of Sale
Systems, Commerce
E-mail, Productivity,
Collaboration, HR,
Finance, ERP
Back Office Systems
CIO/VP Corp Systems
Desktop Support, Device
Management, Telephony,
IT Support
End User Computing
VP IT Support
Encryption, Key Management, Identity
Management, Firewalls, IDS, DDoS
Information Security
CISO
Traditional Enterprise IT
Infrastructure/Delivery
VP Infrastructure PMO Engineering Operations Design
27. r
Products & Services
CTO/VP Applications
Back Office Systems
CIO/VP Corp Systems
End User Computing
VP IT Support
Information Security
Future of Enterprise IT – Hybrid state
Infrastructure/Delivery
VP Infrastructure
Cloud CoE
29. Wait, what’s a two-pizza team?
“If you can't feed a team with two pizzas,
the team is too large.”
- Jeff Bezos
30. Staff your 2 Pizza Team
Product Manager
“Swiss Army Knife” initially taking on all
functions of the Cloud Business Office (CBO).
Works directly with business and/or
development teams to generate and prioritize
backlog of what cloud services need to be
delivered to support first-mover applications.
Cloud Adoption Framework – People Perspective
31. Lead Architect
Accountable for overall cloud technical
architecture; partners with Product Manager to
translate customer requirements into technical
deliverables; establishes technical direction;
does technical delivery as well.
Cloud Adoption Framework – People Perspective
Staff your 2 Pizza Team
32. Infrastructure Engineers
Provide integrations with corporate
datacenters, shared cloud infrastructure
services, Works on engineering and
continuous improvement of infrastructure
stacks, templates, images, and other artifacts.Leadership
Cloud Adoption Framework – People Perspective
Staff your 2 Pizza Team
33. Security Engineers
Provide standardized offerings to facilitate
ongoing security and compliance within
application stacks and the cloud environment
overall; Integrates security standards and
controls products and offerings.LeadershipInfrastructure
Cloud Adoption Framework – People Perspective
Staff your 2 Pizza Team
34. Operations Engineers
Provide outcomes to facilitate the successful
deployment of applications on infrastructure
stacks: artifact/code repositories, upgrades,
patching. Also responsible for operational
health: metrics, logging, alerting, inventory,
capacity, and billing/tag management.
LeadershipInfrastructure Security
Cloud Adoption Framework – People Perspective
Staff your 2 Pizza Team
35. Application Engineers
Representatives of the first-mover application
teams. Work closely with the Tiger Team to
provide the voice of the customer as cloud
services are being developed.LeadershipInfrastructure Security
Operations
Cloud Adoption Framework – People Perspective
Staff your 2 Pizza Team
38. • Agile is best
• “You Build it, You Own It”
• Split teams, add more
• YAGNI = You Aren't Going to Need It - Use out of the box functionality
• Strong opinions are best held lightly, use Data to make decisions
• Develop Configuration as Code competency
• Focus on Continuous Integration/Continuous Delivery
• Work with Business Partners to enable them to directly influence and leverage what the
teams produce
Lessons learned on 2 Pizza teams
39. r
Products & Services
CTO/VP Applications
Back Office Systems
CIO/VP Corp Systems
End User Computing
VP IT Support
Information Security
Future of Enterprise IT – Hybrid state
Infrastructure/Delivery
VP Infrastructure
Cloud CoE & DevOps
40. r
Products & Services
CTO/VP Applications
End User Computing
VP IT Support
Information Security
Future of Enterprise IT
Cloud Centre of Excellence & DevOps
Back Office Systems
CIO/VP Corp Systems
41. r
Products & Services
CTO/VP Applications
Back Office Systems
CIO/VP Corp Systems
End User Computing
VP IT Support
Information Security
CISO
Traditional Enterprise IT
Infrastructure/Delivery
VP Infrastructure
AWS Identity and Access Management
(IAM), AWS CloudHSM, AWS Key
Management Service (AWS KMS),
Security Groups, AWS Marketplace
AWS Elastic Beanstalk,
AWS Lambda, Amazon
SQS, Amazon SNS, Amazon
Mobile Analytics, Amazon
CloudFront
Amazon WorkMail,
Amazon WorkDocs,
AWS Marketplace, AWS
Directory Service, SaaS
Amazon WorkSpaces,
Amazon AppStream,
AWS Marketplace, AWS
Mobile Services, SaaS
Amazon EC2, Amazon S3, Amazon RDS,
Amazon VPC, Amazon Direct Connect,
Directory Service, IAM, AWS Service Catalog
42. Getting started
EXPERIMENTATION
DEVELOPMENT & TEST
PRODUCTION
INNOVATION LABS: E.G. MOBILE APP PILOTS, HACKATHONS
E.G. ONLINE BANKING, STREAM DATA PROCESSING
E.G. MOBILE BANKING APP
2014 2015 2016
Source: Capital One Re:invent Keynote 2015
54. Microservices
Five Years Agoto Functions
Amazon
Kinesis
Amazon API
Gateway
Amazon SNS
Amazon S3
Amazon
DynamoDB
Amazon
SQS
Standard building brick
services provide standardized
platform capabilities
55. Amazon SNS
Amazon S3
Amazon API
Gateway
Amazon
SQS
Amazon
Kinesis
Amazon
DynamoDB
Microservices
to Functions
Business Logic
Glue between
the bricks
Standard building brick
services provide standardized
platform capabilities
56. Amazon SNS
Amazon S3
Amazon API
Gateway
Amazon
SQS
Amazon
Kinesis
Amazon
DynamoDB
Microservices
to Functions
57. Amazon SNS
Amazon S3
Amazon API
Gateway
Amazon
SQS
Amazon
Kinesis
Amazon
DynamoDB
Microservices
to Functions
58. Amazon SNS
Amazon S3
Amazon API
Gateway
Amazon
SQS
Amazon
Kinesis
Amazon
DynamoDB
Microservices
to FunctionsEphemeral
63. Amazon SNS
Amazon S3
Amazon API
Gateway
Amazon
SQS
Amazon
Kinesis
Amazon
DynamoDB
Microservices
to
Functions
Ephemeral
When the system is
idle, it shuts down and
costs nothing to run
71. • Enel is implementing an ambitious Data Center
Transformation, leveraging the cloud
• 75% of the whole infrastructure is being migrated
• 5,000 servers migrated from September 2015 to April
2016
Outcome:
• Saving of 11%-21% on computational power due to
off/on, reserved instances and downsizing
• Savings of 21%-50% on Storage, through rightsizing
• Increased operational efficiency by reducing
provisioning lead time from 3-4 weeks to 2 days
Enel operates in more than 30 countries, serving 61
million customers with a 1.9 million kilometers of grid
network. Enel has been listed by Fortune 5th out of 50
companies that can change the world.
Through the shift to AWS we
achieved a saving of up to 50% in
storage costs, 20% in computational
power, and reduced the time
required to provision from 3-4 weeks
to two days
Fabio Veronese
Head of ICT Solution Center Infrastructure & Networks
Head of Infrastructure and Technological Services
Enel uses AWS to achieve Operational Transformation
through migration
“
”
72.
73. Invention comes in many forms and
at many scales. The most radical and
transformative of inventions are
often those that empower others to
unleash their creativity – to pursue
their dreams.
Jeffrey P. Bezos
Founder and Chief Executive Officer
Amazon.com, Inc.
75. @jonathanallen02
The Future Waits for Nobody – My Capital One
Journey to the AWS Cloud
http://bit.ly/2uCim2c
A 12 Step Program to Get from Zero to
Hundreds of AWS-Certified Engineers
http://bit.ly/2wIyJrm
jnatall@amazon.com
76. R E M E M B E R — “ A L L O F Y O U R A S S U M E D C O N S T R A I N T S A R E D E B ATA B L E . ”
@jonathanallen02 jnatall@amazon.com
Thank you!