© 2013 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc.

ARC310: Orchestration and Deployment Options for Hybrid Enterprise Environments

Donn Morrill, Amazon Web Services

November 13, 2013

What is Hybrid Cloud? A composition of two or more distinct cloud

infrastructures that remain unique entities, but are bound together by standardized or

proprietary technology that enables data and application portability.

“Special Publication 800-145 - The NIST Definition of Cloud Computing” – September, 2011

Requisite Gartner Quote

“Nearly half of large enterprises will have hybrid cloud deployments by

the end of 2017.”

http://www.gartner.com/newsroom/id/2599315 - October 1, 2013

Why Hybrid Cloud? • All the things the cloud provides

– Agility – Economics – Scale

• But something gets in the way – Compliance – Previous investment – Legacy workloads – Attitudes

What do Enterprises Want in Hybrid?

• Ability to deploy identical stacks

• Interoperability between clouds

• Ability to leverage one provisioning framework

• Ability to leverage one operational framework

Hybrid Considerations • Core Infrastructure

• Security – Authentication and Entitlements

– Identity Management

– Data Sovereignty

• Operations and Monitoring

Hybrid Considerations

• Cost Containment

• Pace of Innovation

• Cloud Orchestration

• Application Deployment

• Processes and Change Management

Today We’ll Focus On

• Preparing Core Infrastructure

• Orchestration Strategies

• Application Deployment Strategies

Preparing Core Infrastructure

Active Directory

Network Configuration

Encryption

Back-up Appliances

Users & Access Rules

Your Private Network

HSM Appliance

Cloud back-ups

AWS Direct Connect

Your Data Center Your Cloud

Core Infrastructure Considerations Driven by Business Requirements!

• Performance & Latency • Business Continuity • Geography • Data Sovereignty • Security • And Many More…

Some Relevant AWS Services • Amazon Virtual Private Cloud (VPC)

– ARC202: Wednesday, 1:30 – Delfino 4003

• AWS Direct Connect – ARC304: Friday, 9:00 AM – Lando 4303

• AWS Identity and Access Management (IAM) – SEC201: Wednesday, 1:30 – Marcello 4406

Some Relevant AWS Services • AWS CloudFormation

• VM Import / Export

• AWS Management Pack for Microsoft System Center

• AWS API, SDKs, and Tools

Hybrid Orchestration Strategies

A Decision Framework DIMENSION LOW MEDIUM HIGH

Organizational Buy-In

None or grassroots

Divisional Top Down (CIO/CEO)

IT Capabilities In-house Limited Partner Limited

In-house Limited Trusted Partner

In-house Advanced Trusted Partner(s)

IT Vision

Operational Somewhat forward thinking

Innovative and cutting edge

AWS Experience

None/Limited Some Extensive

Choices, Choices, Choices

Tool Capabilities Considerations • Multi Public Cloud Support • Monitoring and Alerting • Identity Federation • Service Catalog • End-user Self Provisioning • Cost Reporting and Chargeback • Cloud-based Operation

Three Orchestration Strategies

• Native Integration

• Deploy New Orchestration Layer

• Extend Existing Orchestration Tools

Native Integration Build a custom layer using API-level capabilities. Best When: • Have in-house development skills • Need very fine-grained control • Licensing costs are a big issue

Native Integration DIMENSION LOW MEDIUM HIGH

Organizational Buy-In

None or grassroots

Divisional Top Down (CIO/CEO)

IT Capabilities In-house Limited Partner Limited

In-house Limited Trusted Partner

In-house Advanced Trusted Partner(s)

IT Vision

Operational Somewhat forward thinking

Innovative and cutting edge

AWS Experience

None / Limited Some Extensive

Native Integration - Pros • Incorporate all services or only what you need • Maximum flexibility • React quickly to new features and services • Leverage existing open-source tools

– Eucalyptus – Netflix Asgard – CloudStack

• No licensing fees

Native Integration - Cons • Need in-house development skills • Possible long development cycles • Private cloud must support API-level access • Support must come from in-house

New Orchestration Layer Invest in new hybrid orchestration tools. Best When: • Have moderate time constraints • Want the latest and greatest • Have trusted partners

New Orchestration Layer DIMENSION LOW MEDIUM HIGH

Organizational Buy-In

None or grassroots

Divisional Top Down (CIO/CEO)

IT Capabilities In-house Limited Partner Limited

In-house Limited Trusted Partner

In-house Advanced Trusted Partner(s)

IT Vision

Operational Somewhat forward thinking

Innovative and cutting edge

AWS Experience

None / Limited Some Extensive

New Orchestration Layer - Pros • Get latest and greatest capabilities • Multi-cloud support • Faster than DIY • Vendor-provided support

New Orchestration Layer - Cons • Licensing costs • Rip-and-replace legacy tools • Maintaining feature parity with AWS • Requires some specialized skills

Extend Existing Tools Leverage existing investments in tools Best When: • Have aggressive time constraints • Don’t need latest and greatest • Have strong relationship with

existing tools vendor

Extend Existing Tools DIMENSION LOW MEDIUM HIGH

Organizational Buy-In

None or grassroots

Divisional Top Down (CIO/CEO)

IT Capabilities In-house Limited Partner Limited

In-house Limited Trusted Partner

In-house Advanced Trusted Partner(s)

IT Vision

Operational Somewhat forward thinking

Innovative and cutting edge

AWS Experience

None / Limited Some Extensive

Extend Existing Tools - Pros • No rip-and-replace • Can be fastest path to hybrid • Familiarity with tools and vendors • Vendor-provided support • Requires least amount of specialized skills

Extend Existing Tools - Cons • Limited feature sets • Licensing costs • Maintaining feature parity with AWS • A “good enough” approach

Application Deployment Strategies

...

Corporate Data Centers

App 1

App 2

App N

... App 1

App 2

App N

Horizontal Run partial application layers on AWS

• Storage • Disaster Recovery • Database • Extend / Burst into AWS

Horizontal - Pros • Can keep sensitive layers in-house

– Data – IP / Trade Secrets – Regulatory Restricted

• Relatively easier compliance

Horizontal - Cons • More complex than vertical • Harder to undo if relationship with cloud

vendor sours

Vertical Deploy full application stacks on AWS • Net-new Workloads • Development and QA

Vertical - Pros • Quick to Implement / Minimal Integration • Good Application Stack Isolation • Leverages Cloud Benefits at Each Layer • Fairly Easy to Undo

Vertical - Cons • Doesn’t Really Leverage In-House IT

Resources • Must Have Well Established Governance

Policies for All Layers

That’s all great Donn, but how do I actually get started?

Getting Started • Storage / Backups and Archive

• Development and Test

• Net New Workloads

• Disaster Recovery

• Cloud Bursting

• Migrate Legacy Workloads

Getting Started – Storage / Backup

Getting Started – Storage / Backup

Getting Started – Network Topology

Subnet 1

… Subnet 2 Subnet N

Considerations • Overlapping networks • IP stinginess

• VPC CIDR too small • Subnets too small

Getting Started – Connectivity

Considerations • Public Internet vs. Direct Connect • Redundancy

Customer Data Center

DX Location

Getting Started – IAM

Considerations • Identity Federation • AWS vs. App Stack Access • Build vs. Buy

What Next? • AWS Account Team • Trusted Partners • Resources

– http://aws.amazon.com/architecture – http://aws.amazon.com/enterprise

Please give us your feedback on this presentation

As a thank you, we will select prize winners daily for completed surveys!

ARC310