© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Ryan Kido, Sony Pictures Entertainment October 8, 2015 Sony Pictures Rapid Recovery Solution for Disaster Recovery and Business Continuity using Cloud Services ISM 202
Apr 16, 2017
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Ryan Kido, Sony Pictures Entertainment
October 8, 2015
Sony Pictures Rapid RecoverySolution for Disaster Recovery and
Business Continuity using Cloud Services
ISM 202
What to Expect from the Session
This session will discuss the solution used by Sony
Pictures Entertainment to achieve rapid business continuity
in digital media delivery and secure IT services.
The combination of AWS infrastructure, Amazon
WorkSpaces, and Aspera application software allowed
Sony Pictures Entertainment to restore file transfer
business services in less than one day and give business
users and administrators secure access to infrastructure.
What to Expect from the Session
Details include:
• An overview of the software and AWS infrastructure architecture
used on day one and through expansion of the service
• Statistics for media transfer volumes and delivery times achieved
• Use cases for VDI secure access and associated controls
• An overview of the longer-term hybrid architecture using the cloud
solution as a cost-effective disaster recovery/secondary
complement to Sony’s on-premises capabilities
• Business benefits, practical challenges, and best practices learned
in the process
A Quick Introduction
In the Beginning, Peace in the Kingdom
On Premises
Infrastructure
Global Access File Transfers Happy People
We Planned for Rain…
No One Expects the Spanish Inquisition
… our chief weapon is surprise… surprise and fear…
No time to cry over spilt milk… or bits…
Prior Experience with AWS
Proof of Concepts Next Gen DAM Leveraging Services
Secure File Transfer
So you’re telling me there’s a chance…
AWS Quick Option Existing Experience Aspera On-Demand Full Install in Hours
What’s in the Box?! Software: Aspera FaspEx
• Users send and receive
packages
• Web browser or a desktop
application (Drive)
• Administrators manage
permissions, control
transfer settings
What’s in the Box?! Software: Aspera Shares
• Web interface virtualizes
file systems and transfer
nodes as folders
• Security model for user
management, access
control
What’s in the Box?! Software: Aspera Console
• Centralized monitoring,
management, reporting
• Real-time dashboards show
all transfer activity
• Control file transfers,
priority, and bandwidth
What’s in the Box?! Software: OS
• RHEL version 6
What’s in the Box?! AWS Platform: Networking
• Amazon Route 53
• DNS and service routing
What’s in the Box?! AWS Platform: Compute
• Amazon EC2
• Web Servers: m1.xl
• File Transfer Servers: c3.8xl
* C3 chosen for enhanced networking
What’s in the Box?! AWS Platform: Storage
• Amazon S3
• Primary Storage Type
• One Bucket Per Service
• Amazon EBS
• Required when using
sync with “Aspera Shares”
What’s in the Box?! AWS Platform: App Services
• Amazon SES
• Application Notifications
Started Small… added On Demand
A Multi-Purpose Tool: What are we Moving?
Final Deployment
AWS S3
/Faspex
AWS S3
/Shares
EC2 Faspex
Transfer
Nodes
EBS
(1TB Each)
Faspex
Web Server
Shares
Web Server
EC2 Shares
Transfer
Node
Route 53
DNS
SES
SMTP Gateway
Console Web UI
m1.xl m1.xl
c3.8xlc3.8xl c3.8xl
So What can it DO? In an large month…
Transferred In Transferred Out S3 Storage
To S3 To S3 Per c3.8xl instance
Data Movement Over Time (TB-Month)
0
20
40
60
80
100
120
140
160
Nov10
Dec10
Jan11
Feb11
Mar11
Apr11
May11
Jun11
Jul 11 Aug11
Out (TB)
In (TB)
Single Node Throughput
Single Node Volume
Multi-Node Throughput, Hybrid, Cloud Only
Graphic – Geographic Locations
Data Mix: Video
Data Mix: Audio
Data Mix: Image
Data Mix: Other
Benefits
A More Resilient Future
Amazon WorkSpaces/VDI
Trust Issues
When you can’t entirely trust end points, how
do you secure access?
Manage as much as you can….
… but, limit the surface area to the end point
More Uses than duct tape
• Vendor Access to Server Environment
• Developer Access to Server Environment
• Many, many flavors of software configuration
• User Access to test and validate systems
• Leverage flat monthly pricing for Workspaces
What’s in the Box?! Software: Authentication
• AWS Identity and Access
Management (IAM)
• Additional Two Factor
Authentication
What’s in the Box?! Software: Desktop
• Multiple Customized/
Hardened Image(s)
• Desktop Management
Software and Agents
• Anti-virus/Anti-malware
Agents
• Optional software based on
usage type
What’s in the Box?! AWS Platform
• AWS Direct Connect
• Amazon WorkSpaces
• Ireland – support India
and Europe
• Oregon – support US
Amazon WorkSpaces Deployment
Administrator
Developer
User
Workspaces
Ireland
Workspaces
US West -
Oregon
Data Center Network
Benefits
Workstations
Lessons Learned
In Conclusion…
Wrap-up
• AWS as a dynamic BCP resource
• Large file/data maturity
• Other uses not always obvious
• Easy to move quickly; plan ahead
to maintain
Questions?
Thank you!
Remember to complete
your evaluations!