Enterprise Applications in the Cloud
Jinesh Varia
@jinman
Technology Evangelist
4 Trends
Lots of enterprise customer stories
Enterprise Architecture
Tips
Resources
Today
Trusted by Enterprises and Government Agencies
Why are Enterprises using AWS?
The Cloud API
Standard
Global Footprint
and Expansion Operational
Excellence
Rate of
Innovation
Security and Compliance Enterprise Features
Enterprises are using AWS cloud
as a secure extension of their existing datacenters
Trend #1
DirectConnect Location Corporate
Data Center
Amazon Virtual Private
Cloud
10G
Cloud as an extension of their existing data centers
SAS 70 Type II Audit ISO 27001/2 Certification PCI DSS 2.0 Level 1-5 HIPAA/SOX Compliance FISMA A&A Moderate FEDRamp/GSA ATO
Enforce IAM policies Use MFA, VPC, Leverage S3
bucket policies, EC2 Security groups, EFS in EC2 Etc..
Encrypt data in transit Encrypt data at rest
Protect your AWS Credentials Rotate your keys
Secure your application
In the Cloud, Security is a Shared Responsibility
Application Security
Services Security
Infrastructure Security
How we secure our infrastructure
What security options and features are available to you?
How can you secure your application and what is your responsibility?
Amazon VPC
AWS Region
Public Subnet
Private Subnet
Corporate data center
Corporate Headquarters
Availability Zone 1
Availability Zone 2
Branch Offices
VPN Gateway Customer Gateway
Internet Gateway
Router
DirectConnect Location
Amazon S3 Amazon SimpleDB Amazon SES Amazon SQS New Enterprise IT Network architecture
10G
VPC is part of the Autodesk internal network
Source: Autodesk
Application Servers
On-premises Host
AWS Storage Gateway VM
Direct Attached or Storage Area Network Disks
iSCSI
SSL
AWS
Storage
Gateway
Service
Amazon
EC2
Amazon S3
Amazon
EBS
Your Data Center Amazon Web Services
New Enterprise IT Storage architecture
Enterprise Security Features
AWS Identity And Access Management
• User management
• Policy-based granular access control
• Web login to individual users
• Manage users and groups using Console
Identity Federation
• Security Token Service
• LDAP/AD Integration
Multi-Factor Authentication
• Virtual MFA
• Physical Device
Consolidated Billing
Invoicing
Android, iOS,
Windows, Blackberry Gemalto
Risk compliance. How is SOX compliance achieved if in-scope systems are deployed in the cloud provider environment?
HealthCare compliance. Is it possible to meet HIPAA/GLBA certification requirements while deployed in the cloud provider environment?
E-Discovery. Does the cloud provider meet the customer’s needs to meet electronic discovery procedures and requirements?
Data center tours or Third Party Access. Are data center tours by customers allowed by the cloud provider?
Hypervisor vulnerabilities. Has the cloud provider addressed known hypervisor vulnerabilities?
Distributed Denial Of Service (DDoS) attacks. How does the provider protect their service against DDoS attacks?
Data ownership. What are the cloud provider’s rights over customer data? Data isolation. Does the cloud provider adequately isolate customer data?
Scheduled maintenance outages. Does the provider specify when systems will be brought down for maintenance?
Data durability
Service Provider and Customer business continuity.
Backups.
Vulnerability management. Privileged Actions
AWS Security and Compliance Center (http://aws.amazon.com/security/)
Answers to many security & privacy questions • Security whitepaper • Risk and Compliance whitepaper
Security bulletins
Customer penetration testing
Security best practices
Compliance FAQ and Guidance
You own the data, not AWS.
You choose which geographic location to store the data. It doesn’t move unless you decide to move it.
You should consider the sensitivity of your data and decide if and how you will encrypt your data while it is in transit and while it is at rest.
Your IT, Risk, Compliance and Audit requirements can be met by AWS Reports (SAS 70) and external certifications (ISO27001, PCI, FISMA)
You can download or delete your data whenever you like.
You can set highly granular permissions to manage access of a user to specific service operations, data, and resources in the cloud for greater security control.
Involve your
Security
Teams early
in the
process
Tip #1
#1 Enterprises are using AWS as a secure extension of their existing datacenters (Leveraging VPC, DX, SGW, IAM)
4 Key Trends in the Enterprise….
The flexibility of the AWS Cloud enables Enterprises to deploy
enterprise-grade apps in the cloud
Trend #2
Enterprise Software in the cloud - BYOL
Microsoft Exchange Server, Microsoft SharePoint Server, Microsoft SQL Standard Server, Microsoft SQL Enterprise Server, Microsoft Lync Server, Microsoft System Center servers, and Microsoft Dynamics CRM through License Mobility Software Assurance
Oracle fully supports Oracle E-Business Suite, Oracle’s PeopleSoft Enterprise, Oracle’s Siebel CRM, Oracle Fusion Middleware, Oracle Database, and Oracle Linux on the portion of AWS EC2 which uses Oracle VM.
SAP® solutions, including SAP® Rapid Deployment solutions and SAP® BusinessObjects™ solutions , All-in-One
IBM DB2, Informix, Lotus® Forms Turbo, WebSphere® Application Server, WebSphere® sMash, WebSphere Portal Server, Lotus® Web Content Management Standard Edition , InfoSphere Information Server, Lotus Domino®, Lotus Web Content Management Standard Edition®, Tivoli Monitoring®
Amazon Corporate IT Deploys Mission-Critical Corporate Intranet running SharePoint 2010 to AWS Cloud
Benefits Infrastructure Procurement Time Reduced from over four to six weeks to minutes.
Server Image Build Process that had previously taken a half day is now automated.
Annual Infrastructure Costs Cut by 22 percent when replacing on-premise hardware with equivalent cloud resources.
Eliminating Operational Overhead of server lease returns, freeing up approximately 2 weeks of engineering overhead per year by replacing servers with equivalent cloud resources.
Mission-Critical Application on AWS
Uses
Microsoft SQL Server 2008
Microsoft Windows Server R2
Microsoft SharePoint 2010
On Amazon EC2 (in Amazon VPC) and Amazon EBS, DirectConnect
Windows BitLocker
Windows DPAPI
Problem
Known availability issues in the primary datacenter
Santa Monica datacenter ran out of capacity
Cost and complexity of building a new datacenter were prohibitive
Solution
Migrated Microsoft SharePoint production to AWS
Deployed SAP ERP dev & test environments on AWS
Ready to move SAP ERP production to AWS
Benefits
Increased time-to-market by reducing server provisioning time from 5 weeks to 2 days
Reduced operating costs for SAP Dev & Test around 50%
Lessened environmental demands with power & cooling
Freed up IT resources that are now focused on solving business problems
Recovery.gov, Treasury.gov and several others
SharePoint migration and consolidation projects with Recovery.gov, Treasury.gov, Army Corp of Engineers, ++
Microsoft License Mobility program to license server applications on AWS
Uses SharePoint 2010, SQL Server 2008, ForeFront
Old Infrastructure
AWS CloudInfrastructure
Infra Cost Comparison ~60-70% savings
SharePoint Deployment is easy and one-click away using AWS CloudFormation
http://aws.amazon.com/cloudformation/aws-cloudformation-templates/
Launches SharePoint Foundation 2010 running
on Microsoft Windows Server® 2008 R2
Public site SharePoint reference architecture on AWS
Whitepaper: http://bit.ly/aws-sharepoint
Remote
Admin
Internet
Gateway
AWS Region
Availability Zone 2
Private Subnet
Availability Zone 1
DMZ Private Subnet Private Subnet Private Subnet
Private Subnet
Private Subnet
Private Subnet Private Subnet Private Subnet
Private Subnet
DMZ
Threat Mgmt Gateway
Threat Mgmt Gateway
NAT
RDGW
RDGW
Primary DC/DNS
Active Directory
Active Directory Database Tier
Database Tier
Primary DB
Mirror DB
Witness
Application
Server Tier
Web Tier
Application
Server Tier Web Tier
Central Admin &
SharePoint Services
Central Admin &
SharePoint Services
IIS & SharePoint
Web Front End
IIS & SharePoint
Web Front End
ELB Internet
NAT
Backup DC/DNS
Tip #2: Get Licensing right
Oracle
All Oracle Software licenses are fully portable to EC2 (ELA, ULA, NUP, BPO)
Oracle Cloud Licensing Policy
Microsoft All Windows Server Applications are
available (EA, ESA, OVA, Open License and Select Plus (with SA Option) For Licensed apps, need appropriate CALs)
License Mobility with Software Assurance
Find and buy software
that runs in the AWS cloud
AWS Marketplace is for customers searching for development and business
software from well known vendors including 10gen, CA, Canonical, Check Point,
IBM, Microsoft, Perforce, Red Hat, Riverbed, SAP, and Zend.
Benefits for Buyers • Find software that runs on the
AWS Cloud
• Start applications in minutes
with 1-Click launch
• Pay by the hour for your
software and be billed on your
AWS bill
Benefits for Sellers • Reach new customers
• Easily add hourly billing to
your software
• Help customers get running
faster by giving them
software as pre-configured
server images
AWS Architecture Center (http://aws.amazon.com/architecture)
Whitepapers
Amazon.com SharePoint 2010 Deployment Case study Architecture
Running High-Availability SQL Server on AWS
SharePoint Reference Architecture http://bit.ly/aws-sharepoint
Single Sign-on using ADFS: Step-by-Step Guide
Securing Microsoft Applications on AWS (New!)
#1 Enterprises are using AWS as a secure extension of their existing datacenters (Leveraging VPC, DX, SGW, IAM)
#2 Flexibility: Enterprises are deploying enterprise-grade apps from Microsoft, Oracle, SAP, IBM.. On AWS
4 Key Trends in the Enterprise….
Agility and reduced cost remain the key adoption drivers in the enterprise today
Trend #3
350,000 Minutes (7-8 Months)
Time to provision a server in an enterprise
Time to provision a server in the cloud <5 Minutes
$1000 To rack and stack on-premise
$260 For 3 years (reserved 100% utilized)
Agility and Reduced Cost = key enterprise drivers
NASA CIO’s decree: “Replace Every Procurement Screen with a Provisioning Screen”
Bank – Credit-Risk Simulation Application
Bankinter brought average time-to-
solution down from 23 hours to 20
minutes and dramatically reduced
processing time. “With AWS, we now have the power to decide how fast we want to obtain simulation results, and, more importantly, we have the ability to run simulations not possible before due to the large amount of infrastructure required.” – Castillo, Director, Bankinter
Bankinter was founded in June 1965 as a Spanish industrial bank through a joint venture by Banco de Santander and Bank of America
• Complete elimination of tape from the
archival process
• Faster recovery speeds
• Protects 246 nodes and 40TB daily
Business Benefits
Archive Vaulting solution
Reliability of AWS cloud has enabled
Samsung to be highly available to meet
their SLA targets.
AWS’ Global Infrastructure Regions
enables Samsung to easily expand their
services and accelerate time to market
across the world.
Samsung uses AWS platform of technology
infrastructure services to build Smart Hub
application.
Smart Hub application runs on AWS cloud for
users of Smart TV and Blu-ray players to
access content of 3rd party providers.
Use of AWS Business Benefit
Samsung Powers Smart Hub Service with AWS, Reducing Costs by 85% and Saving $34 Million
“If we were to use the traditional on-premise datacenter, we would have spent
$34 million dollars more in hardware and maintenance expenses during the first
two years. With AWS cloud, we met our reliability and performance objectives at
a fraction of the cost.”
Mr. Chun Kang
Principal Engineer, Visual Display Division
• 58% savings over existing infrastructure
• Faster network speeds
• Improved load times
• Already planning future migrations
(TicketsWest, corporate production)
Business Benefits
Old Infrastructure
AWS CloudInfrastructure
Infra Cost Comparison ~58% savings!
Recommended Configuration for the Cloud
Multi-AZ
Use Provisioned IOPS
volumes (New!)
Snapshots vs. Backups
RDS vs. RDBMS
Federated Authorization
Automated Deployments
Logs -> S3
Persist Intelligently;
Ephemeral, EBS,
DynamoDB or S3
Secure your Credentials
Auto-scaling for Auto-
Recovery
Elastic Network Interfaces
Elastic Load Balancing
(SSL)
Operational Checklist Whitepaper
#1 Enterprises are using AWS as a secure extension of their existing datacenters (Leveraging VPC, DX, SGW, IAM)
#2 Flexibility: Enterprises are deploying enterprise-grade apps from Microsoft, Oracle, SAP, IBM.. On AWS
#3 Agility and reduced cost are the key adoption drivers in the
enterprise today
4 Key Trends in the Enterprise….
Migrating to the cloud
is not all or nothing; Classify your IT assets
Trend #4
Classifying your IT Assets
List all your IT assets
Identify upward and downward dependencies
Start classifying your IT assets into different categories: • Applications with Top Secret, Secret,
or Public data sets
• Applications with low, medium and high compliance requirements
• Applications that are internal-only, partner-only or customer-facing
• Applications with low, medium and high coupling
• Applications with strict, relaxed licensing
Dash board
Report
CRM
Search
DB
logs
Service LDAP
Auth Web
Engine OLAP
ERP
• Search for under-utilized IT assets
• Applications that has immediate business need to scale
• Applications that are running out of capacity
• Easiest to move today • That Builds support within
your organization and creates awareness and excitement
Stack rank your IT assets
Examples: • Web Applications • Batch Processing systems • Content Management
Systems • Digital Asset Management
Systems • Log Processing systems • Collaborative Tools • Big Data Analytics Platforms
Pick the Low-hanging Fruits First
Dash board
Report
CRM
Search
DB
logs
Service
LDAP
Auth Web
Engine OLAP
ERP
CRM
Search
DB
Dash board
Report
CRM
Search
DB
logs
Service
LDAP
Auth Web
Engine OLAP
ERP
Move application by application
Business Benefit
• F500 global energy management
company with operations in more
than 100 countries (110,000
employees)
• Started moving Internet and
Intranet workloads to AWS in early
2011
• Runs 15 production applications
on AWS
• Open and flexible platform
allows Schneider to run Java
and .NET apps on Windows
and Linux virtual servers
• Increased IT agility by rolling
out new applications faster on
AWS
Should migration to the cloud led by business teams or IT Teams?
• No minimum commitment
up front and pay per use
brings significant savings
• Fast provisioning within
minutes for many
applications
• Elasticity – the ability to
expand and contract IT
infrastructure as needed
Business Benefits
• Operationalizing their cloud
strategy
• Shell Foundation Platform – an
IT framework – is AWS approved
• Core operational applications
running in production on AWS
• Development and test
environments running on AWS
Cloud Benefits
Zero upfront investment
On-demand provisioning
Instant scalability
Auto scaling and elasticity
Pay as you go
Removes undifferentiated heavy lifting
Developer productivity
Automation
Cloud
Strategy
New applications
Build a Cloud-Ready
Design
Existing Applications
“No-brainer to move” Apps
Planned Phased
Migration
Migrating to the cloud
Large Enterprise
Cloud Migration : a Phased-driven Strategy Whitepaper
Find it at http://aws.amazon.com/whitepapers
Tip #4
Examples • Dev/Test applications
• Backup/Archive
• Self-contained Web Applications
• Social Media Product Marketing Campaigns
• Customer Training Sites
• Video Portals (Transcoding and Hosting)
• Pre-sales Demo Portal
• Software Downloads
• Trial Applications
Identify and move the Cloud-Ready Apps quickly
#1 Enterprises are using AWS as a secure extension of their existing datacenters (Leveraging VPC, DX, SGW, IAM)
#2 Flexibility: Enterprises are deploying enterprise-grade apps from Microsoft, Oracle, SAP, IBM.. On AWS
#3 Agility and reduced cost are the key adoption drivers in the
enterprise today
#4 Migrating to the cloud is not all or nothing; Classify your IT assets; Its easy and cost-effective
4 Key Trends in the Enterprise….
#1 Involve your security teams early in the process
#2 Get licensing right; leverage cloud licensing models
#3 Leverage best practices and configure for the cloud
#4 Move low-hanging fruits first and gain confidence
Tips
#1 Security & Risk and Compliance Whitepaper
#2 SharePoint, SQL Server, Microsoft Security, Oracle Whitepapers
#3 Operational Checklist Whitepaper
#4 Cloud Migration whitepaper
Resources – http://aws.amazon.com/whitepapers
http://aws.amazon.com