AWS re:Invent 2016: Three Customer Viewpoints: Private Equity, Managed Services, and Government –...
-
Upload
amazon-web-services -
Category
Technology
-
view
245 -
download
1
Transcript of AWS re:Invent 2016: Three Customer Viewpoints: Private Equity, Managed Services, and Government –...
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Sabina Joseph, Head of Storage Global Partnerships and Alliances
Steve Nelson, Global Storage Partner Lead Architect
November 30, 2016
Three Customer Viewpoints: Private Equity,
Managed Services, and Government – How These
Customers Transformed Business Operations
through Storage
STG212
What to Expect from the Session
• Overview of AWS storage options
• Key use cases and reference architectures
• Customer Confessions – Killer Benefits!!!
• Jeff Pisano from Carlyle Group – Modernizing & Securing Carlyle
Group’s Data Infrastructure
• Ben Buckley from General Dynamics (GDIT) - Federal Agency
• Richard Spurlock from Cobalt Iron - Data Protection as a Service
• AWS Building Blocks and Call to Action
Amazon EFS
File
Amazon EBSAmazon EC2
Instance Store
Block
Amazon
S3/SIAAmazon Glacier
Object
Data Transfer
AWS Direct
ConnectAWS
SnowballISV Connectors
Amazon
Kinesis
Firehose
S3 Transfer
Acceleration
Storage
Gateway
Storage is a platform: AWS Storage Maturity
Primary Storage
• Primary Storage can be file, block and object storage targets
• Primary storage can provide
• Storage for a variety of customer workloads, file distribution services
• Translation for IP storage protocols, replication of storage
Backup and Recovery
Backups can be run on-premise to the cloud, either directly to a cloud target or via a gateway appliance, or within the cloud.
Backup is not archive• Backup represents a point in time copy of the data.
• Archived data is the only authoritative copy of the data.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Modernizing & Securing Carlyle Group’s
Data InfrastructureJeff Pisano
VP Global Operations
What to Expect from the Session
Carlyle Group Overview
Carlyle Global Business Continuity
Modern File Services on AWS
Security Considerations for Cloud Files
About the Carlyle Group
The Carlyle Group is one of the world’s largest and most
diversified alternative asset management firms.
Corporate Private Equity
Real Assets
Global Market Solutions
Investment Solutions
128 Distinct Funds
170 Fund of Fund Vehicles
11 Core Industries
6 Continents
35 Global Offices
1,650 Employees
Previous State File StorageWith staff located across the globe and a heavy dependency on Excel files for key
business processes, fast and efficient access to local file servers is paramount.
Our Essential Business Application
Recent Business Continuity Plan interviews revealed that local
file servers are among Carlyle’s most essential business tools.
Our Essential Business Application
To provide localized storage across Carlyle’s distributed
enterprise, each office has its own physical file server.
Remote File Server ChallengesNo redundancy for local file servers, which presents a significant DR risk in the event of an
office outage. Additionally, global file sharing is slow and mobility is limited.
Current model lacks redundancy
in the case of outage/disaster
No Redundancy
Slow access to files outside
of home office
Slow Global File Sharing
In the event of an outage,
restoration can take up to a week
Long Restoration Time
Local file servers are available only
through the Carlyle network
Limited Mobility
File Sharing, Alone, Is Not The Solution
No Edge Data Persistence
No Legacy NAS Protocol Support
Shared SaaS Services Introduce Security Risk
VP
N
VP
N
*aaS Security Considerations
Data Centers
Networking
Storage
Servers
Virtualization
Operating Systems
SecurityData, Encryption, Authentication
Applications
Data Centers
Networking
Storage
Servers
Virtualization
Operating Systems
SecurityData, Encryption, Authentication
Applications
Data Centers
Networking
Storage
Servers
Virtualization
Operating Systems
SecurityData, Encryption, Authentication
Applications
IaaSInfrastructure As A Service
SaaSSoftware As A Service
On PremPrivate Data Center
= customer owned = vendor owned
Current State: AWS + CTERATo address these challenges, Carlyle leverages CTERA cloud storage gateways to provide
full data replication and 1-to-1 local drive mapping to Amazon S3.
CTERA Portal Global Cloud File System & Service Orchestration Carlyle AD
Endpoint File Sharing& Data Protection
Office File Sharing & Data Protection
Amazon S3 Cloud Storage Cost Effective, Limitless Object Storage
+
100% Private File Sharing & Data Protection
Secure Hybrid Cloud File Storage
3 Regions • Direct Connect To Carlyle Offices • Always-On DR
+ + +
Americas EMEA APJ
Significant Business Continuity ImprovementWith the CTERA cloud storage solution, local drives can be mapped to the cloud in the
event of a network outage—reducing restoration time from days to minutes.
Network outage
at Carlyle’s
Charlotte office
Local shared
drives
inaccessible
Shared drives sync’d to cloud
remotely via CTERA Portal
Carlyle private cloud powered by CTERA & AWS
Users in Charlotte office can quickly
retrieve and upload local files
Cloud Storage
NAS Gateway
+
High-Speed Global File SharingAdditionally, with CTERA cloud storage, Carlyle staff can now quickly access local files
from any global office with the same speed as their home office.
NY office requesting
Excel file from Hong Kong
London office requesting
PPT file from DC
Sydney office requesting
Word file from Paris
+
Phase II – Anywhere, Any DeviceWhile Phase I of Carlyle’s CTERA implementation will focus on DR and global file sharing,
Carlyle plans to leverage CTERA to provide mobile access to local files without having to
log in to the Carlyle network.
+
Enterprise Grade SecurityCTERA provides end-to-end security in its cloud storage products. This includes built-in
data-at-rest encryption, data-in-transit encryption, strong authentication, and identity
management.
CTERA source-based encryption
effectively creates a VPN for cloud
storage, Carlyle has all data encrypted
with via AES-256 encryption before it
is sent over the WAN.
Source-Based
Encryption
CTERA integrates with Carlyle’s Active
Directory to provide user authentication
and single sign-on, including password
expiration policies and AD forests
support.
Authentication & Identity
Management
In addition the encrypting the data
itself, all cloud traffic is transmitted
over a TLS connection.
Secure Connection,
In-Transit Encryption
CTERA uses SHA-1 (Secure Hash
Algorithm) to "fingerprint" the data sent
to the cloud—ensuring data integrity.
Data Integrity
Assurance
Reducing Overhead, Enhancing ProductivityBy reducing appliance volume and maintenance tasks, Carlyle’s IT Operations team can
focus more on delivering products and services that align with business strategy and
enhance the user experience.
AWS & CTERA Help Carlyle Reduce: Allowing Carlyle to Focus More on…
Expensive Traditional Filers
Likelihood of Hard Drive Failure
Engineering Maintenance Burden
Need for Additional Backups
Aligning budget and manpower with
strategic projects and initiatives
that support key business goals
Building an enhanced user
experience for Carlyle’s global staff
and investor community
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Ben Buckley
CTO and Principal Systems Engineer
Geospatial Programs
GDIT, a Federal Agency, and the Cloud
What we do• Enterprise IT
• Application
Development
• Cloud Solutions
• Data Analytics
• Infrastructure
• Mission Support
• Cyber
• Health Solutions
Aerospace
Combat Systems
IS&T
Marine Systems
Current Environment
Global user population
Centralized Footprint
90% storage and compute in two Data
Centers
Custom Application Development
• Capability
• Content management
VDI User Access
Central VDI hosting
Storage Centric
Content management
Unstructured data
Cloud
Government direction to move
by 2017
Need to distribute content globally
Drivers to moving to AWS
Focus of agency on Mission
(not infrastructure)
Data management needs are
a natural fit for Amazon S3 and
AWS orchestration capabilities
Rapid DevOps capability –
Government procurement
timeframes are often in conflict with
mission needs
Cost – Expense of establishing
remote datacenter for COOP are
onerous
Accelerate Data Movement to the Cloud
• Enables use of object
storage while
enabling traditional
Enterprise
performance and
features
• Accelerates cloud
adoption without
requiring applications
to change
• Portfolio approach
required to meet
diverse mission
needs
• Rapid backup and recovery performance with
inexpensive S3 storage
• De-duplication minimizes transport bandwidth
and cost while enabling much longer retention
• Secure offsite backup with FIPS 140-2 level 1
validated encryption
• Integrated easily with existing backup platform
NetApp AltaVault – Backup (NFS)
Avere FXT - NFS
• High performing NFS storage for legacy
applications while consuming inexpensive S3
object storage
• Automated data migration, mirroring
• High-availability support for mission applications
• Satisfy High performance CIFS needs of
mission applications while moving cold data
to S3
EMC Isilon Cloud Pools - CIFS
Success = Decommission• Backup migration allowed us
to rapidly decommission 6PB
of costly datacenter storage
($700K per year)
• High 10x deduplication across
12 AltaVault instances allowed
significantly longer backup
retention capability with less
storage consumption – 6 PB
backups stored on 650 TB
• 17-19x on virtual backup via
AltaVault
• Allowed us to decommission
expensive software (Veeam)
with over $500K annual
maintenance costs
Early
Adopter tax
• Early code from from Avere
and Dell EMC lacked maturity
• Avere builds have become
more mature for High-
performance NFS, with CIFS
on the horizon
• Dell EMC storage CIFS
performance has been
excellent, but cloud pool
challenges have delayed
additional migrations of
mission data
• Currently migrated over 2 PB
and decommissioned one
subsystems
Benefits Realized
Storage
Cost
• Decommissioned infrastructure responsible for 1.2 Million dollars in annual
tails while significantly decreasing administrative burden
Cloud Mandate
• Provided capability to government to migrate petabytes of object
storage to the cloud with no change required to applications
• Decommissioned over 6 PB of storage for backup and another 2.75 PB for
other gateways
• In process of migrating more systems with plans on decommission majority of
subsystems
• Secure offsite backups with rapid recovery and longer retention times
Next steps - DevOps
• Democratize data to all
applications while providing
discovery and security based on
metadata attributes
• Rapidly develop capability with
PaaS and immediate data
access
• Rapidly search, visualize and
analyze data from multiple
sources
• Reduce focus on infrastructure
and enhance mission
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Richard Spurlock
CEO and Founder
Data Protection as a Service Using Amazon Infrastructure
Introducing Cobalt Iron
• Richard Spurlock,
CEO and Founder
• Over 20 years
experience in all
aspects of data
protection (backup
and recovery)
• Founded in 2013
• ‘Born on the cloud’ business
• Specializing in:
• Adaptive Data Protection
• Hybrid cloud solutions
• Fortune 1000 organizations
• Currently delivering:
• Over 2 million cloud backups
per month
• In 40 countries, 6 continents
© 2016 Cobalt Iron | Confidential3
The brutality of backup
• Uncontrolled data growth
• Hundreds of moving parts:
• Facilities
• Data Protection policies
• Applications, databases, virtual
machines, servers, desktops
• Backup software, deduplication
appliances, storage systems and media
• No tolerance for downtime or data loss
• Need to provide adequate data
protection in a cost-effective way
© 2016 Cobalt Iron | Confidential4
Traditional on-
premises backup
• Up-front infrastructure
investment
• Complex test and audit
for Disaster Recovery
• Expertise required
The business value of cloud backupBackup and DRaaS are the #1 and #2 cloud infrastructure Use Cases
34
Reduce IT cost and
operational complexitySpeed time-to-market
Innovate on
business models
IT VALUE
Transform enterprises from aging backup to
modern comprehensive data protection
Delivers simplicity and flexibility at
all scale and localities
A data-centric architecture that
extends beyond backup
Enable advanced insights
© 2016 Cobalt Iron | Confidential
Amazon S3 + IBM Spectrum Protect (TSM) + Cobalt Iron
Amazon S3 relieves backup pressures
Backup from on-premises to cloud
Disaster Recovery in the cloud
Protect ‘born in the cloud’ data
Long term archiving for backup data
Enterprise Cloud DP SaaS
AWS Cloud
• Multiple sites and countries
• Over 50,000 desktops and laptops
• Hundreds of terabytes
• Primary data on-premises
• Backup to AWS world-wide
Example: Global chemical corporation
37
REMOTE FACILITIES
Benefits:
• Restore requests fail-over to the cloud
• DR in the cloud eliminates the need
for a recovery site
• Complies with data privacy laws
• Provides unified data protection
© 2016 Cobalt Iron | Confidential
Example: Large transportation corporation
38
• Two national data centers
• Thousands of systems• Physical and virtual
• Multiple storage vendors
• Mixed workloads• Small VMs to massive, many-
terabyte database systems
• Amazon S3 provides compute and storage for cloud apps and their backups, and long term retention for aging backups
© 2016 Cobalt Iron | Confidential
Benefits:• Consolidate multiple backup products
into a single data protection solution
• Eliminate over-provisioning and over-
price backup storage
• Provides simple, flexible protection
• Reduces costs while delivering
enhanced Service Levels
Example: Global appliance manufacturer
39
• 80+ large data centers, regional
data centers and remote facilities
• 2,600 systems
• Physical and virtual
• Multiple storage vendors
• Mixed workload includes SAP and
manufacturing systems
• Extending Managed Private Cloud
to Amazon landscape
© 2016 Cobalt Iron | Confidential
Benefits:
• Reduces the cost and pain of maintaining a multi-million
dollar infrastructure
• Improves data protection consistency and quality
• Tailors the infrastructure based on regional requirements
• Consistent data protection WW with audit and control
Key considerations for Data Protection as a Service
Set the right SLAs for your business
• Options to marry costs to service levels
Manage cultural differences
• Set and forget
• Eliminate constant care/feed/implement/upgrade/operate
Consume unified DP SaaS both on-premises and in the cloud
Cobalt Iron Adaptive Data Protection differentiators
• Analytics engine delivers service optimization and efficiency
• Embedded IBM software delivers scalability and peace of mind
• Amazon delivers flexible technology and consumption models
40© 2016 Cobalt Iron | Confidential
What’s next?
• Building blocks for enterprises
• Leveraging your investments
• Call to action!
ENTERPRISE
APPS
DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS
Data
Warehousing
Hadoop/
Spark
Streaming Data
Collection
Machine
Learning
Elastic
Search
Virtual
Desktops
Sharing &
Collaboration
Corporate
Backup
Queuing &
Notifications
Workflow
Search
Transcoding
One-click App
Deployment
Identity
Sync
Single Integrated
Console
Push
Notifications
DevOps Resource
Management
Application Lifecycle
Management
Containers
Triggers
Resource
Templates
TECHNICAL &
BUSINESS
SUPPORT
Account
Management
Support
Professional
Services
Training &
Certification
Security
& Pricing
Reports
Partner
Ecosystem
Solutions
Architects
MARKETPLACE
Business
Apps
Business
IntelligenceDatabases
DevOps
ToolsNetworkingSecurity Storage
RegionsAvailability
Zones
Points of
Presence
INFRASTRUCTURE
CORE SERVICES
ComputeVMs, Auto-scaling,
& Load Balancing
StorageObject, Blocks,
Archival, Import/Export
DatabasesRelational, NoSQL,
Caching, Migration
NetworkingVPC, DX, DNS
CDN
Access
Control
Identity
Management
Key
Management
& Storage
Monitoring
& Logs
Assessment
and reporting
Resource &
Usage Auditing
SECURITY & COMPLIANCE
Configuration
Compliance
Web application
firewall
HYBRID
ARCHITECTURE
Data
Backups
Integrated
App
Deployments
Direct
Connect
Identity
Federation
Integrated
Resource
Management
Integrated
Networking
API
Gateway
IoT
Rules
Engine
Device
Shadows
Device
SDKs
Registry
Device
Gateway
Streaming Data
Analysis
Business
Intelligence
Mobile
Analytics
Storage Partner SolutionsTechnology Solutions vetted by the AWS Storage Competency Program
aws.amazon.com/backup-recovery/partner-solutions/
Note: Represents a sample of storage partners
Backup and Recovery Primary Storage Archive BCDR
Solutions that leverage file, block, object,
and streamed data formats as an
extension to on-premises storage
Solutions that leverage Amazon S3 for
durable data backupSolutions that leverage Amazon
Glacier for durable and cost-effective
long-term data backup
Solutions that utilize AWS to enable
recovery strategies focused on RTO
and RPO requirements
http://aws.amazon.com/mp/storage
Primary Storage Backup and Recovery File Transfer and Data Replication
Provide cost efficient storage resources to
your Amazon EC2 based storage targets
Use AWS based storage resources as a fast,
cost conscious method of data protection
Accelerate your hybrid workloads by efficiently
moving data between AWS resources
Storage Solutions in AWS MarketplaceAWS offers cloud storage for virtually any architecture as well as cloud data migration
tools to move data into and out of the AWS Cloud. AWS Marketplace helps you integrate
your preferred storage industry vendors with your new AWS environment.
Ready-to-run on AWS — both pre-configured
& customizable for your unique needs
Deploy when you need it, 1-Click launch
in multiple regions around the world
Metered pricing by the hour. Pay only for
what you use. Volume licensing available
Leveraging your investments
Call to Action: recreate what you’ve learned
• AWS Partner Network
• https://aws.amazon.com/partners/
• APN Competency Program
• https://aws.amazon.com/partners/competencies/
• APN Storage Competency
• https://aws.amazon.com/backup-recovery/partner-solutions/
• AWS Storage Solutions in Marketplace
• http://aws.amazon.com/mp/storage
Thank you!
Remember to complete
your evaluations!