17h30 aws enterprise_app_jvaria

Enterprise Applications in the Cloud

Jinesh Varia@jinman

Technology Evangelist

4 TrendsLots of enterprise customer storiesEnterprise ArchitectureTipsResources

Today

Trusted by Enterprises and Government Agencies

Why are Enterprises using AWS?

The Cloud API Standard

Global Footprint and Expansion

Operational Excellence

Rate of Innovation

Security and Compliance

Deploy

Enterprise Features

Enterprises are using AWS cloud

as a secure extension of their existing datacenters

Trend #1

DirectConnectLocationCorporate

Data Center

Amazon Virtual Private

Cloud

10G

Cloud as an extension of their existing data centers

SAS 70 Type II AuditISO 27001/2 CertificationPCI DSS 2.0 Level 1-5HIPAA/SOX ComplianceFISMA A&A ModerateFEDRamp/GSA ATO

Enforce IAM policiesUse MFA, VPC, Leverage S3

bucket policies, EC2 Security groups, EFS in EC2 Etc..

Encrypt data in transitEncrypt data at rest

Protect your AWS CredentialsRotate your keys

Secure your application

In the Cloud, Security is a Shared Responsibility

Application Security

Services Security

Infrastructure Security

How we secure our infrastructure

What security options and features are available to you?

How can you secure your application and what is your responsibility?

Amazon VPC

AWS Region

Public Subnet

Private Subnet

Corporate data center

Corporate Headquarters

Availability Zone 1

Availability Zone 2

Branch Offices

VPN GatewayCustomer Gateway

Internet Gateway

Router

DirectConnectLocation

Amazon S3 Amazon SimpleDB Amazon SES Amazon SQSNew Enterprise IT Network architecture

10G

VPC is part of the Autodesk internal networkSource: Autodesk

ApplicationServers

On-premises Host

AWS Storage Gateway VM

Direct Attached or Storage Area Network Disks

iSCSI

SSL

AWS Storage Gateway Service

Amazon EC2

Amazon S3

Amazon EBS

Your Data Center Amazon Web Services

New Enterprise IT Storage architecture

Enterprise Security Features

AWS Identity And Access Management• User management• Policy-based granular access control• Web login to individual users• Manage users and groups using Console

Identity Federation• Security Token Service• LDAP/AD Integration

Multi-Factor Authentication• Virtual MFA• Physical Device

Consolidated BillingInvoicing

Android, iOS, Windows, Blackberry

Gemalto

Risk compliance. How is SOX compliance achieved if in-scope systems are deployed in the cloud provider environment?

HealthCare compliance. Is it possible to meet HIPAA/GLBA certification requirements while deployed in the cloud provider environment?

E-Discovery. Does the cloud provider meet the customer’s needs to meet electronic discovery procedures and requirements?

Data center tours or Third Party Access. Are data center tours by customers allowed by the cloud provider?

Hypervisor vulnerabilities. Has the cloud provider addressed known hypervisor vulnerabilities?

Distributed Denial Of Service (DDoS) attacks. How does the provider protect their service against DDoS attacks?

Data ownership. What are the cloud provider’s rights over customer data?Data isolation. Does the cloud provider adequately isolate customer data?

Scheduled maintenance outages. Does the provider specify when systems will be brought down for maintenance?

Data durability

Service Provider and Customer business continuity.

Backups.

Vulnerability management.Privileged Actions

AWS Security and Compliance Center(http://aws.amazon.com/security/)

Answers to many security & privacy questions• Security whitepaper• Risk and Compliance whitepaper

Security bulletinsCustomer penetration testingSecurity best practicesCompliance FAQ and Guidance

You own the data, not AWS. You choose which geographic

location to store the data. It doesn’t move unless you decide to move it.

You should consider the sensitivity of your data and decide if and how you will encrypt your data while it is in transit and while it is at rest.

Your IT, Risk, Compliance and Audit requirements can be met by AWS Reports (SAS 70) and external certifications (ISO27001, PCI, FISMA)

You can download or delete your data whenever you like.

You can set highly granular permissions to manage access of a user to specific service operations, data, and resources in the cloud for greater security control.

Involve your Security Teams early in the process

Tip #1

#1 Enterprises are using AWS as a secure extension of their existing datacenters (Leveraging VPC, DX, SGW, IAM)

4 Key Trends in the Enterprise….

The flexibility of the AWS Cloud enables Enterprises to deploy

enterprise-grade apps in the cloud

Trend #2

Enterprise Software in the cloud - BYOL

Microsoft Exchange Server, Microsoft SharePoint Server, Microsoft SQL Standard Server, Microsoft SQL Enterprise Server, Microsoft Lync Server, Microsoft System Center servers, and Microsoft Dynamics CRM through License Mobility Software Assurance

Oracle fully supports Oracle E-Business Suite, Oracle’s PeopleSoft Enterprise, Oracle’s Siebel CRM, Oracle Fusion Middleware, Oracle Database, and Oracle Linux on the portion of AWS EC2 which uses Oracle VM.

SAP® solutions, including SAP® Rapid Deployment solutions and SAP® BusinessObjects™ solutions , All-in-One

IBM DB2, Informix, Lotus® Forms Turbo, WebSphere® Application Server, WebSphere® sMash, WebSphere Portal Server, Lotus® Web Content Management Standard Edition , InfoSphere Information Server, Lotus Domino®, Lotus Web Content Management Standard Edition®, Tivoli Monitoring®

Amazon Corporate IT Deploys Mission-Critical Corporate Intranet running SharePoint 2010 to AWS Cloud

BenefitsInfrastructure Procurement Time Reduced from over four to six weeks to minutes.Server Image Build Process that had previously taken a half day is now automated.Annual Infrastructure Costs Cut by 22 percent when replacing on-premise hardware with equivalent cloud resources.Eliminating Operational Overhead of server lease returns, freeing up approximately 2 weeks of engineering overhead per year by replacing servers with equivalent cloud resources.

Mission-Critical Application on AWS

UsesMicrosoft SQL Server 2008Microsoft Windows Server R2Microsoft SharePoint 2010On Amazon EC2 (in Amazon VPC) and Amazon EBS, DirectConnect

Windows BitLockerWindows DPAPI

ProblemKnown availability issues in the primary datacenter

Santa Monica datacenter ran out of capacity

Cost and complexity of building a new datacenter were prohibitive

SolutionMigrated Microsoft SharePoint production to AWS

Deployed SAP ERP dev & test environments on AWS

Ready to move SAP ERP production to AWS

BenefitsIncreased time-to-market by reducing server provisioning time from 5 weeks to 2 days

Reduced operating costs for SAP Dev & Test around 50%

Lessened environmental demands with power & cooling

Freed up IT resources that are now focused on solving business problems

Recovery.gov, Treasury.gov and several others

SharePoint migration and consolidation projects with Recovery.gov, Treasury.gov, Army Corp of Engineers, ++

Microsoft License Mobility program to license server applications on AWS

Uses SharePoint 2010, SQL Server 2008, ForeFront

Old Infrastructure

AWS Cloud Infrastructure

Infra Cost Comparison~60-70% savings

SharePoint Deployment is easy and one-click away using AWS CloudFormation

http://aws.amazon.com/cloudformation/aws-cloudformation-templates/

Launches SharePoint Foundation 2010 running on Microsoft Windows Server® 2008 R2

Public site SharePoint reference architecture on AWS

Whitepaper: http://bit.ly/aws-sharepoint

RemoteAdmin

InternetGateway

AWS Region

Availability Zone 2

Private Subnet

Availability Zone 1

DMZ Private Subnet Private Subnet Private Subnet

Private Subnet

Private Subnet

Private Subnet Private Subnet Private Subnet

Private Subnet

DMZ

Threat Mgmt Gateway

Threat Mgmt Gateway

NAT

RDGW

RDGW

Primary DC/DNS

Active Directory

Active DirectoryDatabase Tier

Database Tier

Primary DB

Mirror DB

Witness

Application Server Tier

Web Tier

Application Server Tier

Web Tier

Central Admin &SharePoint Services

Central Admin &SharePoint Services

IIS & SharePointWeb Front End

IIS & SharePointWeb Front End

ELBInternet

NAT

Backup DC/DNS

Tip #2: Get Licensing right

OracleAll Oracle Software licenses are fully portable to EC2 (ELA, ULA, NUP, BPO)Oracle Cloud Licensing Policy

Microsoft All Windows Server Applications are

available (EA, ESA, OVA, Open License and Select Plus (with SA Option) For Licensed apps, need appropriate CALs)

License Mobility with Software Assurance

Find and buy software that runs in the AWS cloud

AWS Marketplace is for customers searching for development and business software from well known vendors including 10gen, CA, Canonical, Check Point, IBM, Microsoft, Perforce, Red Hat, Riverbed, SAP, and Zend.

Benefits for Buyers• Find software that runs on the

AWS Cloud • Start applications in minutes

with 1-Click launch • Pay by the hour for your

software and be billed on your AWS bill

Benefits for Sellers• Reach new customers• Easily add hourly billing to

your software• Help customers get running

faster by giving them software as pre-configured server images

AWS Architecture Center(http://aws.amazon.com/architecture)

WhitepapersAmazon.com SharePoint 2010 Deployment Case study ArchitectureRunning High-Availability SQL Server on AWSSharePoint Reference Architecturehttp://bit.ly/aws-sharepointSingle Sign-on using ADFS: Step-by-Step GuideSecuring Microsoft Applications on AWS (New!)

#1 Enterprises are using AWS as a secure extension of their existing datacenters (Leveraging VPC, DX, SGW, IAM)

#2 Flexibility: Enterprises are deploying enterprise-grade apps from Microsoft, Oracle, SAP, IBM.. On AWS

4 Key Trends in the Enterprise….

Agility and reduced cost remain the key adoption drivers in the enterprise today

Trend #3

350,000 Minutes (7-8 Months)

Time to provision a server in an enterprise

Time to provision a server in the cloud<5 Minutes

$1000 To rack and stack on-premise

$260 For 3 years (reserved 100% utilized)

Agility and Reduced Cost = key enterprise drivers

NASA CIO’s decree: “Replace Every Procurement Screen with a Provisioning Screen”

Bank – Credit-Risk Simulation Application

Bankinter brought average time-to-solution down from 23 hours to 20 minutes and dramatically reduced processing time.

“With AWS, we now have the power to decide how fast we want to obtain simulation results, and, more importantly, we have the ability to run simulations not possible before due to the large amount of infrastructure required.” – Castillo, Director, Bankinter

Bankinter was founded in June 1965 as a Spanish industrial bank through a joint venture by Banco de Santander and Bank of America

• Complete elimination of tape from the

archival process

• Faster recovery speeds

• Protects 246 nodes and 40TB daily

Business Benefits

Archive Vaulting solution

Reliability of AWS cloud has enabled Samsung to be highly available to meet their SLA targets.

AWS’ Global Infrastructure Regions enables Samsung to easily expand their services and accelerate time to market across the world.

Samsung uses AWS platform of technology infrastructure services to build Smart Hub application.

Smart Hub application runs on AWS cloud for users of Smart TV and Blu-ray players to access content of 3rd party providers.

Use of AWS Business Benefit

Samsung Powers Smart Hub Service with AWS, Reducing Costs by 85% and Saving $34 Million

“If we were to use the traditional on-premise datacenter, we would have spent $34 million dollars more in hardware and maintenance expenses during the first two years. With AWS cloud, we met our reliability and performance objectives at a fraction of the cost.”

Mr. Chun KangPrincipal Engineer, Visual Display Division

• 58% savings over existing infrastructure

• Faster network speeds

• Improved load times

• Already planning future migrations

(TicketsWest, corporate production)

Business Benefits

Old Infrastructure

AWS Cloud Infrastructure

Infra Cost Comparison~58% savings!

Recommended Configuration for the Cloud

Multi-AZ

Use Provisioned IOPS

volumes (New!)

Snapshots vs. Backups

RDS vs. RDBMS

Federated Authorization

Automated Deployments

Logs -> S3

Persist Intelligently;

Ephemeral, EBS,

DynamoDB or S3

Secure your Credentials

Auto-scaling for Auto-

Recovery

Elastic Network Interfaces

Elastic Load Balancing

(SSL)

Operational Checklist Whitepaper

#1 Enterprises are using AWS as a secure extension of their existing datacenters (Leveraging VPC, DX, SGW, IAM)

#2 Flexibility: Enterprises are deploying enterprise-grade apps from Microsoft, Oracle, SAP, IBM.. On AWS

#3 Agility and reduced cost are the key adoption drivers in the enterprise today

4 Key Trends in the Enterprise….

Migrating to the cloud is not all or nothing; Classify your IT assets

Trend #4

Classifying your IT Assets

List all your IT assetsIdentify upward and downward dependenciesStart classifying your IT assets into different categories:• Applications with Top Secret, Secret,

or Public data sets• Applications with low, medium and

high compliance requirements• Applications that are internal-only,

partner-only or customer-facing• Applications with low, medium and

high coupling• Applications with strict, relaxed

licensing

Dashboard

Report

CRM

Search

DB

logs

ServiceLDAP

AuthWeb

EngineOLAP

ERP

• Search for under-utilized IT assets

• Applications that has immediate business need to scale

• Applications that are running out of capacity

• Easiest to move today• That Builds support within

your organization and creates awareness and excitement

Stack rank your IT assets

Examples:• Web Applications• Batch Processing systems• Content Management

Systems• Digital Asset Management

Systems• Log Processing systems• Collaborative Tools• Big Data Analytics Platforms

Pick the Low-hanging Fruits First

Dashboard

Report

CRM

Search

DB

logs

ServiceLDAP

AuthWeb

EngineOLAP

ERP

CRM

Search

DB

Dashboard

Report

CRM

Search

DB

logs

ServiceLDAP

AuthWeb

EngineOLAP

ERP

Move application by application

Business Benefit

• F500 global energy management

company with operations in more

than 100 countries (110,000

employees)

• Started moving Internet and

Intranet workloads to AWS in early

2011

• Runs 15 production applications

on AWS

• Open and flexible platform

allows Schneider to run Java

and .NET apps on Windows

and Linux virtual servers

• Increased IT agility by rolling

out new applications faster on

AWS

Should migration to the cloud led by business teams or IT Teams?

• No minimum commitment

up front and pay per use

brings significant savings

• Fast provisioning within

minutes for many

applications

• Elasticity – the ability to

expand and contract IT

infrastructure as needed

Business Benefits

• Operationalizing their cloud

strategy

• Shell Foundation Platform – an

IT framework – is AWS approved

• Core operational applications

running in production on AWS

• Development and test

environments running on AWS

Cloud Benefits

Zero upfront investment

On-demand provisioning

Instant scalability

Auto scaling and elasticity

Pay as you go

Removes undifferentiated

heavy lifting

Developer productivity

Automation

Cloud

Strategy

New applications

Build a Cloud-Ready

Design

Existing Applications

“No-brainer to move” Apps

Planned Phased Migration

Migrating to the cloud

Large Enterprise

Cloud Migration : a Phased-driven Strategy Whitepaper

Find it at http://aws.amazon.com/whitepapers

Tip #4

Examples• Dev/Test applications• Backup/Archive• Self-contained Web Applications• Social Media Product Marketing

Campaigns• Customer Training Sites• Video Portals (Transcoding and

Hosting)• Pre-sales Demo Portal• Software Downloads• Trial Applications

Identify and move the Cloud-Ready Apps quickly

#1 Enterprises are using AWS as a secure extension of their existing datacenters (Leveraging VPC, DX, SGW, IAM)

#2 Flexibility: Enterprises are deploying enterprise-grade apps from Microsoft, Oracle, SAP, IBM.. On AWS

#3 Agility and reduced cost are the key adoption drivers in the enterprise today

#4 Migrating to the cloud is not all or nothing; Classify your IT assets; Its easy and cost-effective

4 Key Trends in the Enterprise….

#1 Involve your security teams early in the process

#2 Get licensing right; leverage cloud licensing models

#3 Leverage best practices and configure for the cloud

#4 Move low-hanging fruits first and gain confidence

Tips

#1 Security & Risk and Compliance Whitepaper

#2 SharePoint, SQL Server, Microsoft Security, Oracle Whitepapers

#3 Operational Checklist Whitepaper

#4 Cloud Migration whitepaper

Resources – http://aws.amazon.com/whitepapers

[email protected]: @jinman

Thank you!

http://aws.amazon.com