© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Sabina Joseph, Head of Storage Global Partnerships and Alliances

Steve Nelson, Global Storage Partner Lead Architect

November 30, 2016

Three Customer Viewpoints: Private Equity,

Managed Services, and Government – How These

Customers Transformed Business Operations

through Storage

STG212

What to Expect from the Session

• Overview of AWS storage options

• Key use cases and reference architectures

• Customer Confessions – Killer Benefits!!!

• Jeff Pisano from Carlyle Group – Modernizing & Securing Carlyle

Group’s Data Infrastructure

• Ben Buckley from General Dynamics (GDIT) - Federal Agency

• Richard Spurlock from Cobalt Iron - Data Protection as a Service

• AWS Building Blocks and Call to Action

Amazon EFS

File

Amazon EBSAmazon EC2

Instance Store

Block

Amazon

S3/SIAAmazon Glacier

Object

Data Transfer

AWS Direct

ConnectAWS

SnowballISV Connectors

Amazon

Kinesis

Firehose

S3 Transfer

Acceleration

Storage

Gateway

Storage is a platform: AWS Storage Maturity

Primary Storage

• Primary Storage can be file, block and object storage targets

• Primary storage can provide

• Storage for a variety of customer workloads, file distribution services

• Translation for IP storage protocols, replication of storage

Backup and Recovery

Backups can be run on-premise to the cloud, either directly to a cloud target or via a gateway appliance, or within the cloud.

Backup is not archive• Backup represents a point in time copy of the data.

• Archived data is the only authoritative copy of the data.

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Modernizing & Securing Carlyle Group’s

Data InfrastructureJeff Pisano

VP Global Operations

What to Expect from the Session

Carlyle Group Overview

Carlyle Global Business Continuity

Modern File Services on AWS

Security Considerations for Cloud Files

About the Carlyle Group

The Carlyle Group is one of the world’s largest and most

diversified alternative asset management firms.

Corporate Private Equity

Real Assets

Global Market Solutions

Investment Solutions

128 Distinct Funds

170 Fund of Fund Vehicles

11 Core Industries

6 Continents

35 Global Offices

1,650 Employees

Previous State File StorageWith staff located across the globe and a heavy dependency on Excel files for key

business processes, fast and efficient access to local file servers is paramount.

Our Essential Business Application

Recent Business Continuity Plan interviews revealed that local

file servers are among Carlyle’s most essential business tools.

Our Essential Business Application

To provide localized storage across Carlyle’s distributed

enterprise, each office has its own physical file server.

Remote File Server ChallengesNo redundancy for local file servers, which presents a significant DR risk in the event of an

office outage. Additionally, global file sharing is slow and mobility is limited.

Current model lacks redundancy

in the case of outage/disaster

No Redundancy

Slow access to files outside

of home office

Slow Global File Sharing

In the event of an outage,

restoration can take up to a week

Long Restoration Time

Local file servers are available only

through the Carlyle network

Limited Mobility

File Sharing, Alone, Is Not The Solution

No Edge Data Persistence

No Legacy NAS Protocol Support

Shared SaaS Services Introduce Security Risk

VP

N

VP

N

*aaS Security Considerations

Data Centers

Networking

Storage

Servers

Virtualization

Operating Systems

SecurityData, Encryption, Authentication

Applications

Data Centers

Networking

Storage

Servers

Virtualization

Operating Systems

SecurityData, Encryption, Authentication

Applications

Data Centers

Networking

Storage

Servers

Virtualization

Operating Systems

SecurityData, Encryption, Authentication

Applications

IaaSInfrastructure As A Service

SaaSSoftware As A Service

On PremPrivate Data Center

= customer owned = vendor owned

Current State: AWS + CTERATo address these challenges, Carlyle leverages CTERA cloud storage gateways to provide

full data replication and 1-to-1 local drive mapping to Amazon S3.

CTERA Portal Global Cloud File System & Service Orchestration Carlyle AD

Endpoint File Sharing& Data Protection

Office File Sharing & Data Protection

Amazon S3 Cloud Storage Cost Effective, Limitless Object Storage

+

100% Private File Sharing & Data Protection

Secure Hybrid Cloud File Storage

3 Regions • Direct Connect To Carlyle Offices • Always-On DR

+ + +

Americas EMEA APJ

Significant Business Continuity ImprovementWith the CTERA cloud storage solution, local drives can be mapped to the cloud in the

event of a network outage—reducing restoration time from days to minutes.

Network outage

at Carlyle’s

Charlotte office

Local shared

drives

inaccessible

Shared drives sync’d to cloud

remotely via CTERA Portal

Carlyle private cloud powered by CTERA & AWS

Users in Charlotte office can quickly

retrieve and upload local files

Cloud Storage

NAS Gateway

+

High-Speed Global File SharingAdditionally, with CTERA cloud storage, Carlyle staff can now quickly access local files

from any global office with the same speed as their home office.

NY office requesting

Excel file from Hong Kong

London office requesting

PPT file from DC

Sydney office requesting

Word file from Paris

+

Phase II – Anywhere, Any DeviceWhile Phase I of Carlyle’s CTERA implementation will focus on DR and global file sharing,

Carlyle plans to leverage CTERA to provide mobile access to local files without having to

log in to the Carlyle network.

+

Enterprise Grade SecurityCTERA provides end-to-end security in its cloud storage products. This includes built-in

data-at-rest encryption, data-in-transit encryption, strong authentication, and identity

management.

CTERA source-based encryption

effectively creates a VPN for cloud

storage, Carlyle has all data encrypted

with via AES-256 encryption before it

is sent over the WAN.

Source-Based

Encryption

CTERA integrates with Carlyle’s Active

Directory to provide user authentication

and single sign-on, including password

expiration policies and AD forests

support.

Authentication & Identity

Management

In addition the encrypting the data

itself, all cloud traffic is transmitted

over a TLS connection.

Secure Connection,

In-Transit Encryption

CTERA uses SHA-1 (Secure Hash

Algorithm) to "fingerprint" the data sent

to the cloud—ensuring data integrity.

Data Integrity

Assurance

Reducing Overhead, Enhancing ProductivityBy reducing appliance volume and maintenance tasks, Carlyle’s IT Operations team can

focus more on delivering products and services that align with business strategy and

enhance the user experience.

AWS & CTERA Help Carlyle Reduce: Allowing Carlyle to Focus More on…

Expensive Traditional Filers

Likelihood of Hard Drive Failure

Engineering Maintenance Burden

Need for Additional Backups

Aligning budget and manpower with

strategic projects and initiatives

that support key business goals

Building an enhanced user

experience for Carlyle’s global staff

and investor community

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Ben Buckley

CTO and Principal Systems Engineer

Geospatial Programs

GDIT, a Federal Agency, and the Cloud

What we do• Enterprise IT

• Application

Development

• Cloud Solutions

• Data Analytics

• Infrastructure

• Mission Support

• Cyber

• Health Solutions

Aerospace

Combat Systems

IS&T

Marine Systems

Current Environment

Global user population

Centralized Footprint

90% storage and compute in two Data

Centers

Custom Application Development

• Capability

• Content management

VDI User Access

Central VDI hosting

Storage Centric

Content management

Unstructured data

Cloud

Government direction to move

by 2017

Need to distribute content globally

Drivers to moving to AWS

Focus of agency on Mission

(not infrastructure)

Data management needs are

a natural fit for Amazon S3 and

AWS orchestration capabilities

Rapid DevOps capability –

Government procurement

timeframes are often in conflict with

mission needs

Cost – Expense of establishing

remote datacenter for COOP are

onerous

Accelerate Data Movement to the Cloud

• Enables use of object

storage while

enabling traditional

Enterprise

performance and

features

• Accelerates cloud

adoption without

requiring applications

to change

• Portfolio approach

required to meet

diverse mission

needs

• Rapid backup and recovery performance with

inexpensive S3 storage

• De-duplication minimizes transport bandwidth

and cost while enabling much longer retention

• Secure offsite backup with FIPS 140-2 level 1

validated encryption

• Integrated easily with existing backup platform

NetApp AltaVault – Backup (NFS)

Avere FXT - NFS

• High performing NFS storage for legacy

applications while consuming inexpensive S3

object storage

• Automated data migration, mirroring

• High-availability support for mission applications

• Satisfy High performance CIFS needs of

mission applications while moving cold data

to S3

EMC Isilon Cloud Pools - CIFS

Success = Decommission• Backup migration allowed us

to rapidly decommission 6PB

of costly datacenter storage

($700K per year)

• High 10x deduplication across

12 AltaVault instances allowed

significantly longer backup

retention capability with less

storage consumption – 6 PB

backups stored on 650 TB

• 17-19x on virtual backup via

AltaVault

• Allowed us to decommission

expensive software (Veeam)

with over $500K annual

maintenance costs

Early

Adopter tax

• Early code from from Avere

and Dell EMC lacked maturity

• Avere builds have become

more mature for High-

performance NFS, with CIFS

on the horizon

• Dell EMC storage CIFS

performance has been

excellent, but cloud pool

challenges have delayed

additional migrations of

mission data

• Currently migrated over 2 PB

and decommissioned one

subsystems

Benefits Realized

Storage

Cost

• Decommissioned infrastructure responsible for 1.2 Million dollars in annual

tails while significantly decreasing administrative burden

Cloud Mandate

• Provided capability to government to migrate petabytes of object

storage to the cloud with no change required to applications

• Decommissioned over 6 PB of storage for backup and another 2.75 PB for

other gateways

• In process of migrating more systems with plans on decommission majority of

subsystems

• Secure offsite backups with rapid recovery and longer retention times

Next steps - DevOps

• Democratize data to all

applications while providing

discovery and security based on

metadata attributes

• Rapidly develop capability with

PaaS and immediate data

access

• Rapidly search, visualize and

analyze data from multiple

sources

• Reduce focus on infrastructure

and enhance mission

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Richard Spurlock

CEO and Founder

Data Protection as a Service Using Amazon Infrastructure

Introducing Cobalt Iron

• Richard Spurlock,

CEO and Founder

• Over 20 years

experience in all

aspects of data

protection (backup

and recovery)

• Founded in 2013

• ‘Born on the cloud’ business

• Specializing in:

• Adaptive Data Protection

• Hybrid cloud solutions

• Fortune 1000 organizations

• Currently delivering:

• Over 2 million cloud backups

per month

• In 40 countries, 6 continents

© 2016 Cobalt Iron | Confidential3

The brutality of backup

• Uncontrolled data growth

• Hundreds of moving parts:

• Facilities

• Data Protection policies

• Applications, databases, virtual

machines, servers, desktops

• Backup software, deduplication

appliances, storage systems and media

• No tolerance for downtime or data loss

• Need to provide adequate data

protection in a cost-effective way

© 2016 Cobalt Iron | Confidential4

Traditional on-

premises backup

• Up-front infrastructure

investment

• Complex test and audit

for Disaster Recovery

• Expertise required

The business value of cloud backupBackup and DRaaS are the #1 and #2 cloud infrastructure Use Cases

34

Reduce IT cost and

operational complexitySpeed time-to-market

Innovate on

business models

IT VALUE

Transform enterprises from aging backup to

modern comprehensive data protection

Delivers simplicity and flexibility at

all scale and localities

A data-centric architecture that

extends beyond backup

Enable advanced insights

© 2016 Cobalt Iron | Confidential

Amazon S3 + IBM Spectrum Protect (TSM) + Cobalt Iron

Amazon S3 relieves backup pressures

Backup from on-premises to cloud

Disaster Recovery in the cloud

Protect ‘born in the cloud’ data

Long term archiving for backup data

Enterprise Cloud DP SaaS

AWS Cloud

• Multiple sites and countries

• Over 50,000 desktops and laptops

• Hundreds of terabytes

• Primary data on-premises

• Backup to AWS world-wide

Example: Global chemical corporation

37

REMOTE FACILITIES

Benefits:

• Restore requests fail-over to the cloud

• DR in the cloud eliminates the need

for a recovery site

• Complies with data privacy laws

• Provides unified data protection

© 2016 Cobalt Iron | Confidential

Example: Large transportation corporation

38

• Two national data centers

• Thousands of systems• Physical and virtual

• Multiple storage vendors

• Mixed workloads• Small VMs to massive, many-

terabyte database systems

• Amazon S3 provides compute and storage for cloud apps and their backups, and long term retention for aging backups

© 2016 Cobalt Iron | Confidential

Benefits:• Consolidate multiple backup products

into a single data protection solution

• Eliminate over-provisioning and over-

price backup storage

• Provides simple, flexible protection

• Reduces costs while delivering

enhanced Service Levels

Example: Global appliance manufacturer

39

• 80+ large data centers, regional

data centers and remote facilities

• 2,600 systems

• Physical and virtual

• Multiple storage vendors

• Mixed workload includes SAP and

manufacturing systems

• Extending Managed Private Cloud

to Amazon landscape

© 2016 Cobalt Iron | Confidential

Benefits:

• Reduces the cost and pain of maintaining a multi-million

dollar infrastructure

• Improves data protection consistency and quality

• Tailors the infrastructure based on regional requirements

• Consistent data protection WW with audit and control

Key considerations for Data Protection as a Service

Set the right SLAs for your business

• Options to marry costs to service levels

Manage cultural differences

• Set and forget

• Eliminate constant care/feed/implement/upgrade/operate

Consume unified DP SaaS both on-premises and in the cloud

Cobalt Iron Adaptive Data Protection differentiators

• Analytics engine delivers service optimization and efficiency

• Embedded IBM software delivers scalability and peace of mind

• Amazon delivers flexible technology and consumption models

40© 2016 Cobalt Iron | Confidential

What’s next?

• Building blocks for enterprises

• Leveraging your investments

• Call to action!

ENTERPRISE

APPS

DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS

Data

Warehousing

Hadoop/

Spark

Streaming Data

Collection

Machine

Learning

Elastic

Search

Virtual

Desktops

Sharing &

Collaboration

Corporate

Email

Backup

Queuing &

Notifications

Workflow

Search

Email

Transcoding

One-click App

Deployment

Identity

Sync

Single Integrated

Console

Push

Notifications

DevOps Resource

Management

Application Lifecycle

Management

Containers

Triggers

Resource

Templates

TECHNICAL &

BUSINESS

SUPPORT

Account

Management

Support

Professional

Services

Training &

Certification

Security

& Pricing

Reports

Partner

Ecosystem

Solutions

Architects

MARKETPLACE

Business

Apps

Business

IntelligenceDatabases

DevOps

ToolsNetworkingSecurity Storage

RegionsAvailability

Zones

Points of

Presence

INFRASTRUCTURE

CORE SERVICES

ComputeVMs, Auto-scaling,

& Load Balancing

StorageObject, Blocks,

Archival, Import/Export

DatabasesRelational, NoSQL,

Caching, Migration

NetworkingVPC, DX, DNS

CDN

Access

Control

Identity

Management

Key

Management

& Storage

Monitoring

& Logs

Assessment

and reporting

Resource &

Usage Auditing

SECURITY & COMPLIANCE

Configuration

Compliance

Web application

firewall

HYBRID

ARCHITECTURE

Data

Backups

Integrated

App

Deployments

Direct

Connect

Identity

Federation

Integrated

Resource

Management

Integrated

Networking

API

Gateway

IoT

Rules

Engine

Device

Shadows

Device

SDKs

Registry

Device

Gateway

Streaming Data

Analysis

Business

Intelligence

Mobile

Analytics

Storage Partner SolutionsTechnology Solutions vetted by the AWS Storage Competency Program

aws.amazon.com/backup-recovery/partner-solutions/

Note: Represents a sample of storage partners

Backup and Recovery Primary Storage Archive BCDR

Solutions that leverage file, block, object,

and streamed data formats as an

extension to on-premises storage

Solutions that leverage Amazon S3 for

durable data backupSolutions that leverage Amazon

Glacier for durable and cost-effective

long-term data backup

Solutions that utilize AWS to enable

recovery strategies focused on RTO

and RPO requirements

http://aws.amazon.com/mp/storage

Primary Storage Backup and Recovery File Transfer and Data Replication

Provide cost efficient storage resources to

your Amazon EC2 based storage targets

Use AWS based storage resources as a fast,

cost conscious method of data protection

Accelerate your hybrid workloads by efficiently

moving data between AWS resources

Storage Solutions in AWS MarketplaceAWS offers cloud storage for virtually any architecture as well as cloud data migration

tools to move data into and out of the AWS Cloud. AWS Marketplace helps you integrate

your preferred storage industry vendors with your new AWS environment.

Ready-to-run on AWS — both pre-configured

& customizable for your unique needs

Deploy when you need it, 1-Click launch

in multiple regions around the world

Metered pricing by the hour. Pay only for

what you use. Volume licensing available

Leveraging your investments

Call to Action: recreate what you’ve learned

• AWS Partner Network

• https://aws.amazon.com/partners/

• APN Competency Program

• https://aws.amazon.com/partners/competencies/

• APN Storage Competency

• https://aws.amazon.com/backup-recovery/partner-solutions/

• AWS Storage Solutions in Marketplace

• http://aws.amazon.com/mp/storage

Thank you!

Remember to complete

your evaluations!