Scanning the Internet for External Cloud Exposures via SSL Certs
Cloud Connectivity and Amazon Direct Connect
1. Breakfast Briefing:
Cloud Connectivity
& Amazon Direct
Connect
Name: Simon Acott
Job Title: Business & Partner Development Director
Date: 19th July 2012
3. Agenda/Speakers
• 08.30 Arrivals and breakfast
• 09.00 Introduction and Welcome
– Simon Acott, Business & Partner Development Director, Exponential-e
• 09.10 Cloud Computing: Is IT for me?
– Rob Marks, Partner at Moundsmere Management and Technology
• 09.40 Private Cloud Connectivity
– Adrian Hobbins, CTO, Exponential-e
• 09.55 Amazon Direct Connect
– Dominic Anschutz, Head of Cloud Operations, Exponential-e
• 10.20 Cloud Case Study – KCA Deutag
– Simon Acott, Business & Partner Development Director, Exponential-e
• 10.30 Q&A/Discussion
5. Rob Marks
oA seasoned IT professional who started in Retail/FMCG
oAround 20 years in Banking at Regional and Global CTO/CIO
oNow a partner in an independent IT and Management Consultancy
practice
oWorking across a broad range of sectors and industries
oAssist VC and Private Equity groups to re-launch and turn around
stalled or failing businesses
oProvide Interim Management
oDevelop strategy and implement for SME’s
6. Who is MMT
•MMT is an independent consulting, software and technology partnership that can provide a wealth of
international management and technology expertise across a wide range of industries.
•The owning partners have over 50 years of combined global industry experience providing professional
services and technology leadership assisting companies through times of change and transformation.
•Our Philosophy
–A trusted partner to Small, Medium and Large Enterprises that require interim skills that they may
not have in house.
–Well seasoned professionals with old fashioned integrity who bring a depth and breadth of
experience.
–A thorough, yet refreshingly straight forward, approach to the complex business and information
technology issues that are impacting companies today.
–Provide a cost effective solution in today’s challenging financial environment.
7. Questions
Does IT make my business competitive?
1
As an IT professional where do I add most value and as a
2 Business leader why focus on IT?
How do I use IT to make a difference?
3
Is IT a commodity?
4
How do I best manage my costs and balance this against
5 giving best value?
8. Cloud - New Phenomena?
o Bureau
o Outsourcing
o Hosting and shared services
• Sound familiar?
• All been associated with cost reduction & improving efficiency
But did they?
Is Cloud any different?
9. IT – A View from the top
•No doubt that IT is vital to all businesses
“Often seen as a necessary evil”
•IT functions are often poor at demonstrating true business value
“Seen as Expensive”
•Mysterious acronym filled fiefdoms
“Speak a different language – Geeks”
•Not in touch with the business
“From a different planet”
•
10. How is this changing/ Is it changing?
oIT directors often report into the CEO and not Finance
oIT Leaders help to shape future business strategy and are the enablers with
influence
oIT is a business within a business due to the size of its budgets and impact
oIT Leaders are more cost/value driven & therefore concentrate on facets of
IT that deliver business value
11. What’s Cloud Computing got to do
with it?
oIT is fast becoming a commodity – at least in the infrastructure area
oSmart IT champions concentrate on business differentiators not commodity
oCommodity can and will be delivered through partners
oCommodity services and multi use apps will be bought or licensed from
cloud based SaaS solution providers
oOnly high value IP or proprietary solutions will be developed and delivered
internally going forward
12. Recent Case Study
WaverleyTBS, a leading drinks wholesaler were acquired by Manfield Partners LLP from Heineken Plc in July
2010. WTBS had to be independent of HUK by Jan 2012. As WTBS depended entirely on its former parent for
all of its I.T. services, substantial work was required to develop its own independent solution.
Business Delivered
Requirement Solution
•Business process review and definition A total solution was delivered to WTBS
•IT Infrastructure (servers, PC’s, email, etc) on Sept 3rd 2011 ahead of the deadline
and at almost half of the cost of alternate
•Network (backbone and local)
systems integrator estimates without
•Telephony (mobile, land and telesales) missing a single customer order.
•CRM (sales management and reporting) “MMT delivered a robust solution exceeding our expectations.
•ERP (FI, HR, MM, SCM, SD, BI) They understood our needs and provided the vision, leadership
and governance to enable a successful outcome.”
•Warehouse Management and Logistics
William Hornby Gore, Manfield Partners
•Training (900 + users – plan and delivery)
•Future strategy and capability
13. Getting the mix right
RIGHT WRONG
oReduced fixed costs oNeed for higher initial investment
oFlexible organisation oConcentration on low value
oOnly skilled to make a difference activities
oLess technical and more business oNo option to turn down in a
focused downturn
oHigher impact on Business and oNo option to refresh infrastructure
increased kudos or applications architecture early
14. How extensive is the cloud used?
Recent statistics
Industry A new server is added to
• Financial services- 63%
the Cloud for every 600
• Manufacturing – 62%
smart phones or 120
• Healthcare – 59% tablets
• Transportation – 51%
Testing Growth
•7 out of 10 • 80% of new
companies commercial
are dipping a
toe in the apps will be
water deployed
•Infrastructure on Cloud in
and data first 2012
Compute power
•60% of server workload will
be virtualized
•Customer driven
•Pace
15. More evidence
$150 Billion – Size of the Cloud Computing $750 Million – The amount that Amazon.com’s
Market by 2013 AWS expects to earn in 2011
Gartner predicted that the market would move Amazon’s Web Service has provided businesses
rapidly to this figure and was supported by research with an infrastructure web service platform based
from Merrill Lynch who predicted even more in the cloud since 2006. It hit revenues of $500
surprising growth. Million in 2010 and is gaining huge momentum.
However, other cloud services entrants may
More businesses are feeling the pressure to move change this in the near future.
into cloud computing for the reasons we have
discussed.
16. How secure?
54% cited security as their top concern for transitioning to the cloud
Security is a top deterrent for companies
moving data sensitive apps into the cloud.
However, Cloud providers are now able to
become compliant with numerous security
regulations such as HIPAA, ISO 27001, and
PCI DSS. This allows industries like
Financial Services and Health Care to feel
more confident.
In fact a study conducted by Mimecast
concluded that 57% of their respondents
actually felt that Cloud Computing
increased their security compared to
traditional methods.
17. Cloud is all around us and here to
stay
• Technology • Businesses • Consumer
Companies
o Telecoms o Commoditizing o Backup
o Voice apps o Growth o Applications
o Stealth Services o Value o Services – Music etc
o Small to Medium
18. Cupertino, California may be home to the Apple
iCloud, but the clouds in the sky are still footloose
and trademark free.
19. Questions?
We are happy to help you!
Rob Marks - Partner
Moundsmere Management and
Technology LLP
Unit 5, Summerlea Court,
Herriard Business Park,
Herriard,
Basingstoke,
RG25 2PN
01256 381720
07768 306347
20. Cloud
Connectivity
Name: Adrian Hobbins
Job Title: CTO & Co Founder
21. Service Creation
Platform
Exponential-e believes that creating a bespoke solution should be as
simple as ordering from a menu. Our unique Service Creation
Platform enables companies to access all the services and
applications we host on our network through a single Ethernet
connection.
22. Cloud Aggregation
Exponential-e believes that creating a bespoke solution should be as
simple as ordering from a menu. Our unique Service Creation
Platform enables companies to access all the services and
applications we host on our network through a single Ethernet
connection.
23. The Exponential-e High Speed, Low Latency,
iSCSI capable network enables…..
Virtual Machine Mobility and High Availability
Alternate Data Centre Primary Data Centre
App App App App App App App App
OS OS OS OS OS OS OS OS
VMware VMotionTM
Storage Replication
Data Storage Replication
and Real-Time Synchronisation
24. Public Cloud
Systems
App
OS
Public Cloud
Private Cloud
Alternate Data Centre Primary Data Centre Systems
Private Cloud
Backup Systems App
App OS
OS
SmartWires
PSTN
Branch Office
Branch Office
Network 100Mbps or 1,000Mbps
Local Cloud App
Interface
Device (NID)
Next Generation
Systems Ethernet circuits
OS
25. Public
Internet
• Typical Enterprise Environment
– Mixture of legacy bare metal servers.
Internal – Some newer virtualised servers.
applications
and databases – Mixture of internal disks, database
Corporate
WAN
servers and dedicated SANs.
– Off-site tape backups.
– Insatiable demand for more computing
Off-site power and more storage.
Tape
Off-site Backups
Replication
26. Public
Internet The Enterprise Server LAN is
augmented with elastic computing
power and data storage in a
Cloud Data Centre
By extending services using VPLS
and Layer 2, applications and
Internal databases appear local.
applications
and databases
Corporate
WAN
Exponential-e seamlessly extends the
enterprise server LAN into a Hybrid
Cloud.
27. Public
Internet
Servers activated in the cloud
have direct Layer 2 access to
other services on the
Enterprise’s server LAN.
Internal
applications Using high speed, ultra low
and databases latency links, users are
Corporate
WAN unaware that systems are
located in the cloud.
Tape backups are eliminated by
replicating into low cost storage
in the cloud.
28. Public
Internet
Dual Cloud Data Centres offers
even higher system availability
and SLAs
Primary Alternate
Internal
applications
and databases
Corporate
WAN
Enterprise IT staff can remain in control of
their IT environment and can configure
cloud based resources.
Data Security & Privacy Issues Resolved
All servers, databases & applications sit on the
clean side of your firewall, no matter where the
cloud data centres are located.
29. On-Net Data Centres in the UK
Telecity PowerGate Telia Cromwell Road
Telecity Meridian Gate
Telecity Williams House SunGard LTC
Telecity Sovereign House
Telecity IFL2 (Manchester) Level3 Goswell Road
Level3 Braham Street
City Lifeline
Telstra LHC
Equinix Airport Gate LD2
Equinix Finsbury Pavement LD1 Global Switch 1
Equinix Park Royal LD3 Global Switch 2
Equinix Slough LD4
Scolocate Edinburgh
Interxion Hanbury Street
Sentrum Woking
Telehouse North
Telehouse East Iomart (Paul Street)
Telehouse West
Virtus Enfield DC1
32. Amazon
Direct Connect
Name: Dominic Anschutz
Job Title: Head of Cloud Operations
33. Overview
The noise in the market is all about placing data in the cloud – security,
compliance and risk. However, a good cloud strategy is underpinned with the
network providing the access to cloud services and providers. How secure is
the route to the cloud, is the infrastructure fit for purpose and is bandwidth
scalable?
34. Bandwidth Consumption
• An estimated one-third of the world's population is online
now, a proportion
that is sure to grow.
• More users, more devices that connect to networks, and more
data-heavy services to ride over the pipes are causing a
“bandwidth explosion”
Source: TeleGeography
37. Bandwidth Consumption….
• Some of the best numbers we have on bandwidth usage come
from Cisco's Visual Networking Index
• Global IP traffic has increased eightfold over the past 5 years, and will
increase threefold over the next 5 years.
• In 2016, the gigabyte equivalent of all movies ever made will cross global
IP networks every 3 minutes. Global IP networks will deliver 12.5
petabytes every 5 minutes in 2016.
• It would take over 6 million years to watch the amount of video that will
cross global IP networks each month in 2016
• Annual global IP traffic will surpass the zettabyte threshold (1.3
zettabytes) by the end of 2016
1,000,000,000,000,000,000,000 bytes
Source: Cisco Visual Networking Index
38. Why use Internet?
• Security
• Performance
• Control
• Quality of Service
• Cost
For cloud computing to truly become mainstream it’s time to rethink how
organisations connect to cloud services. If cloud remains synonymous with
the internet, then it will also remain synonymous with insecure and
Unreliable connectivity.
39. What is AWS Direct Connect?
• AWS Direct Connect lets you establish a dedicated network connection between
your network and one of the AWS Direct Connect locations
• Reduce your network costs, increase bandwidth throughput, and provide a more
consistent network experience than Internet-based connections.
• Using industry standard 802.1q VLANs, this dedicated connection can be
partitioned into multiple logical connections.
• Logical connections can be reconfigured at any time to meet your changing needs.
• Exponential-e one of 18 Global AWS Direct Connect Partners.
40. Highlights
• Reduces Your Bandwidth Costs
– AWS Direct Connect reduces your network costs as you are charged at the reduced AWS
Direct Connect data transfer rate rather than Internet data transfer rates.
• Consistent Network Performance
– Data is now routed which can provide a more consistent network experience.
• Compatible with all AWS Services
– Amazon Simple Storage Service (Amazon S3),
– Elastic Compute Cloud (Amazon EC2),
– Virtual Private Cloud (Amazon VPC).
• Private Connectivity to your Amazon VPC
– You can use AWS Direct Connect to establish a private logical connection from your on-
premise network directly to your Amazon VPC,.
• Elastic
– AWS Direct Connect makes it easy to scale your connection to meet your needs. AWS
Direct Connect provides 1 Gbps and 10 Gbps connections, and you can easily provision
multiple connections if you need more capacity.
41. AWS Direct Connect
EU West (Ireland) Amazon
AWS Cloud Virtual
(EC2, S3, etc.) Private Cloud
AWS Direct Connect
Amazon Virtual Location
Private Cloud AWS Direct Connect
Router
Docklands, London
Customer Router Private VLAN (VPC) traffic
Public (AWS Cloud) traffic
Customer Router /
Firewall
Customer premise
Customer DMZ Customer Internal
Network
42. Why Direct Connect?
• Predictable & reliable performance to your AWS cloud
• Enablement of new services and applications
• Increase Security through private connectivity
• Lower network costs by avoiding Internet transfer and
bandwidth charges
• Increase performance by bypassing congested Internet
connections
43. Is Amazon Secure?
• Sarbanes-Oxley (SOX) compliant
• ISO27001
• PCI DSS Level I Certification
• HIPAA compliant Architecture
• SAS70 (SOC 1) Type II Audit
• FIISMA Moderate ATO’s
• DIACAP MAC III-Sensitive
• SOC 1/SSAE 16/ISAE 3402
• FIPS 140-2
http://aws.amazon.com/security/
44. S3 Storage
• “Durable” S3 Storage
• SLA 99.999999999 %
• “If you store 10,000 objects with us, on average we may lose
one of them every 10 million years or so. This storage is
designed in such a way that we can sustain the concurrent
loss of data in two separate storage facilities.”
48. Cloud Case
Study:
KCA Deutag
Name: Simon Acott
Job Title: Business & Partner Development Directo
49. Case study
About KCA DEUTAG
• KCA DEUTAG is one of the world’s largest international drilling contractors
• Own and operate its own fleet of mobile offshore drilling units across the globe
• 100 year history of onshore and offshore drilling and engineering activities
• Employs 8,000 staff in more than 22 countries, from Germany, Russia,
the Middle East, the Caspian region to Norway.
• Headquartered in Aberdeen, Scotland
50. The Challenge
KCA DEUTAG needed to centralise critical services to
better support global operations
This would need to involve:
• Migrating the operating system from IBM Lotus
notes to a Microsoft environment
• Moving the data storage into a virtual environment.
• Data centre resiliency and scalability
• Data centre flexibility and cost-effective infrastructure
51. The Solution
• KCA DEUTAG already used us for a multi-site WAN, providing data and
voice services to their various sites around the UK
• This solution involved: managed servers, managed storage, tape back-up
and managed communications with connectivity, firewall, Load balancer
and a WAN optimiser
• A direct, private connection to the UK data centre
Migration of data centres and Microsoft applications, including:
GHz
36 processing 528
TB power GB
storage 230 memory
52. The Result
• Successful migration from IBM Lotus Notes to a Microsoft environment
• Centralised critical services (Microsoft Exchange, Lync, SharePoint) for 22 countries
• Secure and resilient on-net UK based data storage facility
• Significant CAPEX and OPEX savings
• Scalable IaaS platform that can expand with future requirements
“We were very happy with the deployment from
Exponential-e. It was well planned and well delivered.
We are now secure in the knowledge that we have a very
stable and highly resilient environment for our storage and
critical applications, and have significantly reduced upfront
capital expenditure.”
Brian Gordon, Service Delivery Manager, KCA DEUTAG.
Grange City Hotel – a customer of Exponential-eWhite paperAmazon Relationship
This forecast is part of the Cisco® Visual Networking Index (VNI), an ongoing initiative to track and forecast the impact of visual networking applicationsSummary Annual global IP traffic will surpass the zettabyte threshold (1.3 zettabytes) by the end of 2016. In 2016, global IP traffic will reach 1.3 zettabytes per year or 109.5 exabytes per month.Global IP traffic has increased eightfold over the past 5 years, and will increase threefold over the next 5 years. Overall, IP traffic will grow at a compound annual growth rate (CAGR) of 29 percent from 2011 to 2016.In 2016, the gigabyte equivalent of all movies ever made will cross global IP networks every 3 minutes. Global IP networks will deliver 12.5 petabytes every 5 minutes in 2016.Traffic from wireless devices will exceed traffic from wired devices by 2016. In 2016, wired devices will account for 39 percent of IP traffic, while Wi-Fi and mobile devices will account for 61 percent of IP traffic. In 2011, wired devices accounted for the majority of IP traffic at 55 percent.Business:Business Internet traffic will grow at a faster pace than IP WAN. IP WAN will grow at a CAGR of 18 percent, compared to a CAGR of 23 percent for fixed business Internet and 66 percent for mobile business Internet.Business IP traffic will grow fastest in the Middle East and Africa. Business IP traffic in the Middle East and Africa will grow at a CAGR of 33 percent,Business videoconferencing will grow sixfold over the forecast period. Business videoconferencing traffic is growing significantly faster than overall business IP traffic, at a CAGR of 48 percent between 2011 and 2016.Web-based videoconferencing will reach 56.3 percent of total business videoconferencing traffic in 2011Mobile:Global mobile data traffic will grow three times faster than fixed IP traffic from 2011 to 2016. Global mobile data traffic was 2 percent of total IP traffic in 2011, and will be 10 percent of total IP traffic in 2016.Video:Internet video to TV doubled in 2011. Internet video to TV will continue to grow at a rapid pace, increasing sixfold by 2016. Internet video to TV traffic will be 11 percent of consumer Internet video traffic in 2016, up from 8 percent in 2011.It would take over 6 million years to watch the amount of video that will cross global IP networks each month in 2016. Every second, 1.2 million minutes of video content will cross the network in 2016.Video-on-demand traffic will triple by 2016. The amount of VoD traffic in 2016 will be equivalent to 4 billion DVDs per month
While security remains the primary barrier to adoption for cloud, having a direct, private connection also deals with the performance issues which can be experienced by organisations accessing services over the internet. While organisations have extremely high-levels of control over performance on their LAN, the story is completely different when the internet becomes part of the equation. Your connection in this use-case is only as fast as the slowest part of the public internet, which means that as soon as the internet becomes at all congested, performance-levels experienced by end-users will suffer.
Reduces Your Bandwidth Costs – If you have bandwidth-heavy workloads that you wish to run in AWS, AWS Direct Connect reduces your network costs into and out of AWS in two ways. First, by transferring data to and from AWS directly, you can reduce your bandwidth commitment to your Internet service provider. Second, all data transferred over your dedicated connection is charged at the reduced AWS Direct Connect data transfer rate rather than Internet data transfer rates.Consistent Network Performance – Network latency over the Internet can vary given that the Internet is constantly changing how data gets from point A to B. With AWS Direct Connect, you choose the data that utilizes the dedicated connection and how that data is routed which can provide a more consistent network experience over Internet-based connections.Compatible with all AWS Services – AWS Direct Connect is a network service, and works with all AWS services that are accessible over the Internet, such as Amazon Simple Storage Service (Amazon S3), Elastic Compute Cloud (Amazon EC2), and Amazon Virtual Private Cloud (Amazon VPC).Private Connectivity to your Amazon VPC – You can use AWS Direct Connect to establish a private logical connection from your on-premise network directly to your Amazon VPC, providing you with a private, high bandwidth network connection between your network and your VPC. With multiple logical connections, you can even establish private connectivity to multiple VPCs while maintaining network isolation.Elastic – AWS Direct Connect makes it easy to scale your connection to meet your needs. AWS Direct Connect provides 1 Gbps and 10 Gbps connections, and you can easily provision multiple connections if you need more capacity. You can also use AWS Direct Connect instead of establishing a VPN connection over the Internet to your Amazon VPC, avoiding the need to utilize VPN hardware that frequently can’t support data transfer rates above 4 Gbps.
DR and DB and fast storage
The analogy we use to describe the benefits of direct, private cloud connections is to picture the route to the cloud as a motorway. In the same way that other drivers are a threat to our safety and slow our progress, the public internet is like a congested motorway - getting from A to B quickly and safely is dependent on traffic which is a factor outside of anyone’s control. A private cloud connection is like driving on your own dedicated road to which no one else has access. Without other traffic you’re safe from other drivers and will undoubtedly arrive at your destination faster.Large banks, for example, handling thousands of customer records, simply cannot afford to be processing or accessing that data in ‘public-view’. For these types of organisation, private cloud connections will surely be the only palatable type of connection.