© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

CJ Moses, GM, AWS Government Cloud Solutions

Keith Brooks, AWS GovCloud Senior Business Development Manager

October 2015

SEC204

AWS GovCloud (US)Not Just for Govies

What to expect from this session

1. Background on the AWS GovCloud (US) region

2. Overview of AWS GovCloud (US) features

3. Description of AWS GovCloud (US) users and suitable

workloads

4. Customer use case examples

Background and history

AWS GovCloud (US) features

Requirements for access to AWS GovCloud (US)

Can handle export

controlled data

US person(account holder)

US entity on US soil

AWS GovCloud (US) features

Managed by US

persons on US soil

Separate AWS

IAM and

authentication

Located in Pacific

NW (Oregon)

Data, network, and

machine isolation

AWS GovCloud (US) features

“Community Cloud” Multiple regulatory and compliance features

Who’s using AWS GovCloud (US)

and why?

2011 2012 2013 2014

AWS GovCloud (US) adoption

273% average YoY growth since launch

(Q4 2011 to Q4 2014)

Users span various types of enterprises

US Government

Federal, state, and local

Consulting firms and

systems integrators

Technology firms

and software

vendors

Resellers

Educational

institutions

Research

organizations

Commercial

industry

Nonprofit

organizations

Managed service

providers

…but all share common characteristics

Sensitive data and applications

Strict regulatory and compliance requirements

Restricted, community cloud preference

AWS cloud platform

AWS GovCloud (US) is fit for hosting sensitive data

Agriculture Copyright Critical infrastructure

Export control (ITAR) Financial Immigration

Intelligence Law enforcement Legal

Nuclear Patent Privacy (PII)

Proprietary (IP) Statistical (census) Tax

Transportation

All levels of Controlled Unclassified Information (CUI)

Example workloads on AWS GovCloud (US)

Web applications

and websites

Backup

and recovery

Archiving Disaster recovery Development

and test

Big dataHigh performance

computing

Business

applicationsEnterprise IT Mobile

Customer highlight: Planet Labs

Imaging the Earth

DailyTroy Toman

Director of Engineering

Planet Labs

troy@planet.com I @troytoman

Imaging the Earth DailyTroy Toman

Director of Engineering

Planet Labs

troy@planet.com I @troytoman

Planet Labs Proprietary & Confidential

Size: 10 x 10 x 30cm

Mass: 4kg

Radome – April 2014

Awarua, NZ

101 satellites launched on 9 rockets

Orange River, South Africa, August 4, 2015

Forest Management

Oregon, USA

Source: Landsat 8

Date: March 23, 2014

Forest Management

Oregon, USA

Source: Planet Labs

Date: May 2, 2014

150satellites

475 KMaltitude

sun synchronous orbit

30ground stations

10sites

370,000images per day

<24 hours

online catalog

APIfor data pipeline

and platform access

1000S of

servers

11 TBprocessed daily

Spacecraft Manufacturing and Operations Data Pipeline and Production Apps

Infrastructure

Challenges11 TB/day…everyday…forever

Regulatory compliance

Agile aerospace

Dynamic use cases

Multiple products/output formats

Complex/compute intensive pipeline

Procurement

Physical security

Inventory

DC operations

Server provisioning

Private cloud ops

Network management

Hardware maintenance

What could have been…

https://creativecommons.org/licenses/by-nc/2.0/

What AWS GovCloud (US) enables

us-gov-west us-west

Python (boto) AWS CLI

Amazon RDS

RDS

Amazon S3

S3AWS import/export

SAML

Ansible

CI

Git/GitHub

Analytics

Logging

Messaging

Ticketing

VPN gatewayVPN gateway

Amazon

Route 53

Route 53

Instances

Instances Spot

instances

Common

Ops/Dev Tools

Data Pipeline

Production APIsSpacecraft

Manufacturing/Operations

ansible-jenkins

├── environments

│ ├── preprod.ini

│ ├── prod-current.ini

│ ├── prod-new.ini

│ ├── space.ini

│ └── test.ini

├── jenkins.yml

├── planet_roles

│ ├── apache_saml

│ ├── aptly

│ ├── aptserver

│ ├── awscli

│ ├── base

│ ├── datadog_agent

│ ├── elasticsearch

│ ├── fpm

│ ├── graphite

│ ├── jenkins

│ ├──

A Transparent Planet…

…to act on change

Commercial access to space

Space-capable consumer technology

Compliant cloud services

Universal access

Customer Highlight: CSC

© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Jon Check, CSGov

AWS GovCloud (US) MigrationCSC’s separation drives rapid migration of

business applications to AWS GovCloud (US)

What to Expect from This Part of the Session

• Demonstrate a use case of successful, rapid migration of a large business’

application portfolio to AWS GovCloud (US).

• Provide a successful cloud migration process.

• Share reasons why we chose AWS GovCloud (US).

• Demonstrate how CSGov executed the process and migration.

• Provide success stories and lessons learned.

Our ChallengeMay 19, 2015, CSC announced that its Board of Directors unanimously approved a plan to separate the company into two publically traded, pure play leaders: one to serve commercial and government clients, and one to serve public sector clients in the US.

CSGov

Business Application Portfolios

200+ apps must

migrate by

October 1, 2015

Program Specific

Applications Types:

Collaboration

Finance

HR

Payroll

Security

Other

70,000 Employees

14,000 employees

Approximately:

250 servers (phys.

and virt.)

3 TB memory

1,300 processors

Infrastructure Types:

Physical

Virtual

Private cloud

SaaSData Centers

14+ data centers

SaaS providers

Data Centers

2 data centers

1 Gov CSP

SaaS providers

How Do We Attack This Problem?We need a strong systems integrator with proven applications migration processes to discover, plan, and execute our application separation between the two separate companies.

APPLICATION DISCOVERY

OPERATIONS ONBOARDING

APPLICATION AFFINITY GROUPING

MIGRATION EXECUTION

CLOUD ADOPTION ASSESSMENT

TARGET ASSESSMENT & ARCHITECTURE

APPLICATION TREATMENTS

MIGRATION VALIDATION

OPERATIONS PLANNING

CONTINUOUS IMPROVEMENT

Migration

Process

APPLICATION DISCOVERY

Migration – Shape CLOUD ADOPTION ASSESSMENT

CSGovOnly49%

CSC/CSGovShared

40%

CSC Only11%

Suitability ScorecardTells you the ideal level at which you should be looking

for a cloud-based alternative: SaaS, PaaS, IaaS.

Cloud Adoption RoadmapIdentifies treatments and prioritization based on

customer requirements and target environment.

Our Targets: Physical CSGov Data Center, CSGov

Private Cloud, AWS GovCloud (US), SaaS Providers

App Inventory

App Data Flow

Diagram

Why AWS GovCloud (US)?

Requirement AWS

GovCloud

(US)

Provide rapid, self-service infrastructure provisioning enabling an

aggressive migration schedule.

Government contracts require strict security standards and CSGov

aspires to provide highest security levels for our customers and our

business.

HR data will contain personally identifiable information, best

protected via DoD Impact Level 4 added security controls.

CSGov must retain ITAR compliance, and so should our cloud

service provider.

Ideally the CSP has an established relationship with CSGov.

Migration – TransformAPPLICATION AFFINITY GROUPING APPLICATION TREATMENTS

Not Migrate24%

Physical (NPS Data

Center)51%

Gov Cloud15%

SaaS10%

Treatment

Do not migrateApplication exists at a location/data center that will

remain. No need to migrate at this time.

Physical moveShip physical architecture with applications installed to

consolidated data center.

Migrate to AWS GovCloud (US)Initiate an application migration to AWS GovCloud (US),

via cloning, cloning and import/export, rebuilding, or

rebuilding with import/export.

Migrate to CSGov instance of SaaSCSGov is sharing a SaaS implementation with CSC.

Need to work with the SaaS providers to create a CSGov

dedicated instance and initiate a data migration and

purge.

Migration – Transform (Cont’d)MIGRATION EXECUTION MIGRATION VALIDATION

Physical CSGov Data Center/Private Cloud1. Data center preparation (space, power, network, staffing)

2. Application outage planning

3. Onsite installation

4. Configuration

5. Base testing

AWS GovCloud (US)1. Partnership with Racemi

2. Move group planning

3. Discover, capture, clone, configure

4. AWS import/export

5. Some straight rebuild

SaaS Providers1. Partnership with SaaS providers

2. Professional services

3. SaaS statement of work

4. Configuration migration/establishment

5. Base testing

• Release planning

• Reuse existing regression testing

• Manual test script execution

• User acceptance testing

• Go/no-go decision

• Go-live support period

Team used Agile methodologies to deliver the migration

execution (scrum planning, kanban execution)

Our AWS Architecture

Our AWS Architecture

Migration – ManageOPERATIONS ONBOARDING CONTINUOUS IMPROVEMENT

Integrated Technology Center (ITC)

integration: 1. CSC Answers (HR Help Desk)

2. CSC Technical Help Desk

3. Network Operations & Security Center (NOSC)

Application O&M teams1. Parallel O&M for a period of time to support rollback

2. Outage management

3. Triage

4. Scrumban teams

5. DevOps

Physical to cloud/virtual

Keep moving to the cloud!

Stateless architectures

High availability

Cloud service rich

Hybrid – VM/container/SaaS architectures

Offering enhancements

WHERE WE NEED TO BE…

WHERE WE STARTED…

WHERE WE ARE…

Lift & Shift

Optimize

Success Stories• Hybrid environment (compute, network, storage) on physical premises,

dedicated private cloud, government community cloud, SaaS provider, all

seamless to the end user….and it works!

• Agile methodology, delivered value early, identified issues, and mitigated them

rapidly.

• CSC used its own processes and methods to take on this aggressive

application migration effort—and they worked. Lessons will improve these

migration offerings, passing on value to our customers.

• DR recovery point time reduced from days to minutes with some of these

applications. Architected for resiliency to failures.

• Use of AWS, rapidly increased the time to value for our

cloud-based IaaS (compute, network and storage). Able to

execute plan in hours/days versus the weeks/months it would

have taken using alternative IaaS with same requirements.

Lessons Learned• No magic bullet for an enterprise migration.

• Plan for bandwidth. The biggest bottleneck in an automated migration/cloning to

cloud is bandwidth. Plan ahead, expect delays for bandwidth restrictions/issues.

• Do not disregard the importance of planning, especially the target environment

planning. Much harder to move migrated resources due to poor VPC/target

network planning.

• Automation cannot migrate everything. Expect some traditional migration

methods to be required.

• No Re-IP’ing is a great goal, but not entirely possible in a large-scale migration.

• Most importantly…utilize your partner expertise, heed their advice (AWS,

Racemi, SaaS Partners, etc.).

Thank You!

Important things to remember

AWS GovCloud (US) is a physically and logically isolated region

Separate AZs, console, IAM and authentication stack, and endpoints

AWS GovCloud (US) is not just for the US Government

Users span government, commercial entities, education and nonprofits

Remember the AWS Shared Responsibility ModelAWS IAM users can be non–US persons if adhering to shared responsibility

(e.g., development teams outside of the US w/o access to ITAR data)

Learn more about AWS GovCloud (US)

AWS GovCloud (US) webpagehttps://aws.amazon.com/govcloud-us/

AWS GovCloud (US) User Guidehttp://docs.aws.amazon.com/govcloud-us/latest/UserGuide/welcome.html

Keith BrooksAWS GovCloud Business Development

brookskl@amazon.com

CJ MosesGM, AWS Government Cloud Solutions

cmoses@amazon.com

Remember to complete

your evaluations!

Thank you!