© 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc.

IT Extreme Makeover with

Hybrid ScenariosChris Munns, AWS Solutions Architect

March 26, 2014

Y-Hack 2013

https://secure.flickr.com/photos/psd/4389135567/

Who Are You?

Chris Munns - @chrismunns

– Amazon Web Services Solutions Architect

– New Yorker

– Formerly Senior Operations @Etsy & @Meetup

– Little time at a Hedgefund and Xerox

– Rochester Institute of Technology: Applied Networking and

Systems Administration ‘05

– Internet Geek

Who Are You?

• This session is recommended for anyone considering using the AWS Cloud to augment their current IT capabilities.

• If you need more data points on “What is Cloud?” or “Value of Cloud in your Operations” this session is not for you.

• This session targets IT decision makers who are tasked with solving cloud transition obstacles.

Today our customers:(Typically)

Understand the value of

Cloud

Understand the value of

Amazon Web Services

Know that they will be

transitioning more to cloud

sometime in the near future

Know they can revolutionize the

way they manage information

technology

This is

Good!

Today our customers:(Typically)

Have physical datacenter

resources

Have legacy applications

that are under maintained

Have siloed teams and

complicated processes

Have strict business

requirements on IT

This is

Good!

Reality

• Your datacenters aren’t going away overnight

• Your staff will need some leveling up/re-tooling

• Your applications and infrastructure will need a

go through

• “the show must go on”

Painting the picture of

a customer in transition

Meet MaybeU Corp

25+ year old business

500 - 10,000 employees

Technology isn’t their business, but it enables it

Post-2008, budgets are

down

Legacy products and business pay

the bills today

Meet MaybeU Corp’s Technology

Technology boom in

the late 90s, early

2000s

Lots of big metal

that hasn’t been

rethought in a while

2+ Physical

datacenters

Legacy operating

systems, languages,

databases

Lots of client-server

model apps

About 50%

virtualized

Meet MaybeU Corp’s Technology Staff

Siloed around

business unit or

core function

Tenured

Protective of

territory

Dated technology

practices

Change averse

CTO/CIO/CFO are

not aligned on

priorities

Meet MaybeU Corp’s Future Goals

Embrace web &

mobile apps

Get out of the

datacenter business

Understand what

Big Data means to

them

Improve DR

capabilities

Streamline IT

Explore new

business

opportunities

MaybeU Corp is like a

lot of our customers(see previous slides)

here there???

What MaybeU Corp might need is

a bit of an “IT Extreme Makeover”

with a “Hybrid” infrastructure

What MaybeU Corp might need is

a bit of an “IT Extreme Makeover”

with a “Hybrid” infrastructure

Infrastructure Mullet

Infrastructure Mullet

Infrastructure Mullet

Infrastructure Mullet

Cloud Datacenter

Integrating AWS with Your Existing On-Premises

Infrastructure

Active Directory

Network Configuration

Encryption

Back-up Appliances

Your On-Premise

Apps

Corporate Data

Centers

Integrating AWS with Your Existing On-Premises

Infrastructure

Active Directory

Network Configuration

Encryption

Back-up Appliances

Users & Access Rules

Your Private Network

HSM Appliance

Cloud back-ups

AWS Direct Connect

Your On-Premise

Apps

Your Cloud AppsCorporate Data

Centers

Virtual Private Cloud (VPC)

Mix and Match – Web Layer on AWS

AWS region

Web

Layer

Private

Connection

Your Data Center

Internet

App

Layer

Database

Layer

Mix and Match – Web Layer on Premise

AWS region

Private

Connection

Your Data Center

Internet

Web

Layer

App

Layer

DB

Layer

Mix and Match – Distributed

AWS region

Private

Connection

Your Data Center

Internet

App

Layer

Web

Layer

DB

Layer

Disaster Recovery Pilot Light

Web

Server

Application

Server

DB

Server

Data Volume

EC2 Web

Server

EC2

Application

Server

EC2 DB

Server

EBS Data

Volume

Data Mirroring/

Replication

Amazon Elastic

Compute Cloud

(EC2) instances are

stopped and AMIs

are created.

Instances can be

restarted if primary

application goes

down.

Smaller EC2 Instance for

DB but may be stopped

and restarted as a larger

EC2 instance.

Route 53

User

Corporate Data Center

Repoint DNS in an

Outage

Where do we start?

Tour the House

Tour the House

• What is the current state of MaybeU’s IT

technology?

• What is the current state of MaybeU’s IT staff?

• What tools does the staff use to manage the

infrastructure?

• What processes are in place to use those tools?

MaybeU’s IT Tech evaluation

• Operating systems

• Databases

• Home built applications

• 3rd Party applications

• Languages supported

MaybeU’s IT Staff evaluation

• Understand how a move to cloud can help the

business?

• Is there a skills gap?

• Hungry to learn?

• Energy to learn?

• Desire for developers to use cloud services?

MaybeU’s IT Tools evaluation

• 3rd Party vs. Home grown?

• Flexibility in multi-site abilities?

• Cost?

• Licensing?

• Cloud-friendly capabilities in recent versions?

• Existing tool sprawl?

MaybeU’s IT Process evaluation

• Process documentation

• Manual vs. Automated?

• Specific to vendor equipment/software?

• Auditable?

• Accountable?

Blueprint

Blueprint

• Make a matrix of fully supported, semi supported,

and unsupported OSes, databases and applications

• Figure out what could move and what must stay(for

now)

• Enable developers to begin writing code against

AWS services

• Identify PoC’s and low hanging fruit with value at

both business and operational levels

AWS supports a wide range of technologies

Blueprint

• Begin training those who will lead the charge

• Review what operational processes might need

to change

• Identify tools that can increase operational

agility

• Encourage use of the AWS Free Tier

• Make use of the Test Drive Program

Test Drive Major Workloads at No Cost

Ready to use preconfigured test workloads for fast PoC:

SAP Microsoft Oracle Red Hat Many

others

AWS Marketplace & Partners Can Help

• Customer can find, research,

buy software

• Simple pricing, aligns with

EC2 usage model

• Launch in minutes

• Marketplace billing integrated

into your AWS account

• 1300+ products across 20+

categories

Learn more at: aws.amazon.com/marketplace

Leverage AWS’s People & Content

• AWS Solutions Architects

• AWS Professional Services

• AWS Enterprise Support

• AWS Training and Certification

• AWS Documentation, Whitepapers, Articles &

Tutorials

We have partners ready to help

Lay the foundation

• Begin deploying development & test

environments

• Build and deploy your VPC(s)

• Get people access– IAM

– Account Federation

– Use MFA

Our Development &Test Infrastructure

Developers

&

OperationsInternal

GitCI Server

Pre-commit

Hook

Testing Environment Subnet

CI Workers

Dev Environment VPC Subnet

DEV

WEB

ELBDev Stack

Tier 1

Dev Stack

Tier 2

Dev

MySQL

DB

Instance

DEV

APP ELB

VPN

TUNNEL

VPN facing VPC Subnet

Virtual

Private

Gateway

Monitorin

g

Dev Admin

Instance

NAT

Instance

Amazon

DynamoDB

Amazon SQS

Amazon S3

Lay the foundation

• Deploy key infrastructure services

• Authentication

• DNS

• Logging– Enable logging in CloudTrail!

AWS

region• Domain Controllers

launched in internal VPC

• Internal VPC instances join

domain upon launch

• Instances use Dynamic

DNS to register both A and

PTR records

• Domain controller

replicates with Corporate

AD servers

• VPC DNS forwarding to

corporate DNS

Active Directory + DNS in the VPC

Public Facing

Web App

Internal

Corporate

App

VPN

Connection

Corporate Data center

corp.example.com

AD Controller

Domain

Controller

+ DNS

example.com

DNS

AD

Replication

Domain Join +

DNS Queries

DNS

Forward

Requests

New Instance:

friendly-vpc-123.corp.example.com

Lay the foundation

• Set up tagged billing and billing alerts

• Start setting policies around naming & structure

of resources

• Establish a tagging policy

• Get finance/procurement aware of the new

expenses

console.aws.amazon.com/billing/

Billing Alerts

Build

• Iterate, iterate, iterate

• Automate, automate, automate

• Remove siloes between people!!

• Encourage knowledge sharing

• Encourage lean practices like TDD

• Move on to more complicated hybrid scenarios

AWS Application Management Solutions

Convenience Control

Elastic Beanstalk OpsWorks

Higher-level Services

CloudFormation

Do it yourself

AWS

region

Public Facing

Web App

Internal

Corporate

App #1

HA Pair VPN

Endpoints

Corporate Data center

Internal

Corporate

App #2

Internal

Corporate

App #3

Internal

Corporate

App #4

Services

VPC

• VPNs or Peering between a

central “Hub” VPC and

“Spoke” VPC’s broken out by

purpose, project or business

unit.

• Control VPC contains

common services for all app

VPCs

• Reduces overhead of running

common services across

each “spoke” environment

VPN Hub and Spoke Hybrids

Extend Your DC with Direct ConnectAWS region

Public Facing

Web App

Internal

Corporate

App #1

Your Data

Center

Internal

Corporate

App #2

Internal

Corporate

App #3

Internal

Corporate

App #4

AWS Direct Connect

Location

Native Extension of your DC using

your own IP addressing schema

without Internet access over private

TelCo lines : Direct Connect Private Connection

One or Multiple

50 – 500 Mbps,

1 Gbps or 10 Gbps pipes

Finishing touches

• Continue to migrate applications

• Continue to re-evaluate current status vs. goals

• Continue to encourage staff to keep on top of

new technologies and best practices

• Write your own best practices documents, how-

tos and tutorials for internal consumption

• Contribute to an AWS case study!

© 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc.

IT Extreme Makeover with

Hybrid ScenariosChris Munns, AWS Solutions Architect

March 26, 2014

Thank you!