aws re:invent 2016: hybrid architectures: bridging the gap to the cloud( arc208 )
TRANSCRIPT
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Jamie Butler
Manager, Solutions Architecture
11/29/2016
ARC208: Hybrid Architectures, Bridging
the Gap to the Cloud
Introductions
What to Expect from the Session
• What is a 200 level talk
• Prerequisites
• Basic understanding of Cloud Computing
• Familiarity of AWS Regions/AZs
• Overview of the AWS services used for hybrid cloud
• Customer use-cases for hybrid cloud
• How to build a hybrid environment from scratch
Not an all or nothing decision
“Many of you may think what we’re
promoting here is that cloud is an all or
nothing decision. You either go into the
cloud or stay home. That is not the case.
What we’ve built is a whole set of
services that allow you to run both on-
premise and in the cloud seamlessly
together.”
– Werner Vogels
Customer’s Journey to the Cloud
Customer Environment
corporate data center
File Server
Active Directory
Domain Controller
Desktop
Let’s first talk about Identity
Identity Management - IAM
• Fine grained access control for AWS
resources
• Multi-factor authentication for highly
privileged users
• Can integrate with corporate directory
Identity and Access
Management
IAM- Federation
• Grant external identities access
to AWS resources
• External providers such as
Microsoft AD, Amazon,
Facebook, Google, or any
OpenID provider AWS Security
Token Service
Identity Management - Directory Service
• 3 versions; Microsoft AD, Simple AD,
AD Connector
• Managed Service
• Join instances to an AD Domain
• Single Sign-On to AWS Console and
Applications AWS Directory
Service
SSO in Action
Demo of Directory Services Console Login…
Let’s Move Some Data to AWS
Storage
S3 Standard S3 Standard - IA Amazon Glacier
Designed for Durability99.999999999% 99.999999999% 99.999999999%
Designed for Availability99.99%
99.9%N/A
Availability SLA99.9% 99% N/A
Minimum Object Size N/A 128KB* N/A
Minimum Storage Duration N/A 30 days 90 days
Retrieval Fee N/A per GB retrieved per GB retrieved**
First Byte Latency milliseconds milliseconds 4 hours
Storage Classobject level object level object level
Lifecycle Transitions yes yes yes
AWS Snowball
• Fast Data Transfer
• 256-bit Encryption
• Rugged and Portable
• End-to-End Tracking
• Secure Erasure
AWS Snowball
Start with backups
AWScorporate data center
File Server
Active Directory
Domain Controller
Desktop
Amazon S3
Backup Data
over the Internet
Glacier
Archive
Lifecycle Policy
Storage Gateway
• 3 Modes – Stored, Cached, VTL
• Securely transfers and stores data
• Durably backed by S3 and Glacier
• Uses industry standard iSCSI interface
AWS Storage
Gateway
Running out of SAN Space, No Problem
AWScorporate data center
File Server
Active Directory
Domain Controller
Desktop
Amazon S3
Storage Gateway
Cached Volume
Let’s talk about connectivity…
Virtual Private Cloud (VPC)
• Logical isolation of the AWS Cloud
• Complete control of your virtual networking environment
• Set your own IP address ranges
• Create subnets
• Configure routing tables and networking gateways
• Extend your corporate network and launch AWS
resources in a virtual network that you define
Virtual Private Cloud (VPC)
Three ways to connect to your VPC
• Over the Internet
• Hardware Virtual Private Network (VPN) using IPSec
• Configured in minutes
• AWS Direct Connect
• Service provided by Amazon Partner Network (APN) Partners
AWS Direct Connect
• Dedicated network connection to AWS
• Consistent network performance
• Speeds of 50-500Mbps, 1Gbps, and 10Gbps
• Most hardware VPN solutions top at 4Gbps
• Supports Active/Active and Active/Passive Border
Gateway Protocol (BGP) Multipath
Connectivity to AWS
virtual private cloudcorporate data center
File Server
Active Directory
Domain Controller
Desktop
VPN or Direct Connect
Compute
• Elastic Web-Scale Computing
• You’re in Control
• Flexible
• Reliable
• Secure
Let’s Move File Server to the Cloud
virtual private cloudcorporate data center
File Server
Active Directory
Domain Controller
Desktop
Let’s Move File Server to the Cloud
virtual private cloudcorporate data center
File Server
Active Directory
Domain Controller
Desktop
Let’s Move File Server to the Cloud
virtual private cloudcorporate data center
File Server
Active Directory
Domain Controller
Desktop
Building Servers in the Cloud
virtual private cloudcorporate data center
File Server
Active Directory
Domain Controller
Active Directory
Domain Controller
Desktop
Configure Directory Service
virtual private cloudcorporate data center
File Server
Active Directory
Domain Controller
Active Directory
Domain ControllerAWS Directory
Service
Desktop
AD Replication
Add EC2 File Server
virtual private cloudcorporate data center
File Server
Active Directory
Domain Controller
File Server
Active Directory
Domain ControllerAWS Directory
Service
Desktop
AD Replication
Configure Replication
virtual private cloudcorporate data center
File Server
Active Directory
Domain Controller
File Server
Active Directory
Domain ControllerAWS Directory
Service
Desktop
DFS Replication
AD Replication
EC2 Instances in Action
Demo video of building EC2 ADDC and File Server
Demo Environment
virtual private cloudcorporate data center
File Server
DFSR-Fileserver
Active Directory
Domain Controller
DFSR-DC
File Server
DFSR-FS-VPC
Active Directory
Domain Controller
DFSR-DC1-VPC
AWS Directory
Service
Desktop
DFS Replication
AD Replication
VegasCorp.com
CL4-VPC
What If We Added Storage Gateway?
virtual private cloudcorporate data center
File Server
Active Directory
Domain Controller
File Server
Active Directory
Domain ControllerAWS Directory
Service
Desktop
DFS Replication
AD Replication
Storage Gateway
Amazon S3
Backups / Snapshots
Storage Gateway Cost Comparison
Service Cost
Compute $359.42
EBS Storage $2,003.00
Total $2,362.42
Service Cost
Compute $534.37
EBS Storage $43.00
Storage GW $125.00
S3 604.68
Total $1,307.05
*Estimated pricing per month on demand
• Windows File Server on EC2
• 20TB EBS Storage
• Windows File Server on EC2
• Storage Gateway on EC2
• 20TB S3 Storage
Workspaces
• Windows 7/10 Desktop
• Easy Provisioning
• Secure and Encrypted
• Desktop and Mobile Clients
Amazon
WorkSpaces
Microsoft DFS-R Hybrid Deployment
virtual private cloudcorporate data center
File Server
Active Directory
Domain Controller
File Server
Active Directory
Domain ControllerAWS Directory
Service
Amazon
WorkSpaces
Desktop
DFS Replication
AD Replication
Storage Gateway
Amazon S3
Backups / Snapshots
Modifying Files On-premises or in AWS
Demo modifying data and showing sync….
Microsoft DFS-R Hybrid Deployment
virtual private cloudcorporate data center
File Server
Active Directory
Domain Controller
File Server
Active Directory
Domain ControllerAWS Directory
Service
Amazon
WorkSpaces
Desktop
DFS Replication
AD Replication
Storage Gateway
Amazon S3
Backups / Snapshots
What does this cost?
Service Cost
EC2 Compute $714.45
EBS Storage $46.00
Storage Gateway $125.00
S3 for SGW $604.68
S3-IA for backups $256.00
WorkSpaces (100 users) $3,500
Directory Service $0.00
Direct Connect $219.60
Business Support $546.50
Total $6,011.55*Estimated pricing per month on demand
** Data egress fees apply
Moving All In w/ HA
virtual private cloud
File Server
Active Directory
Domain ControllerAWS Directory
Service
Storage Gateway
Amazon S3
Backups / Snapshots
Availability Zone C
File Server
Active Directory
Domain ControllerAWS Directory
Service
Amazon
WorkSpaces
Storage Gateway
Availability Zone B
DFS Replication
AD Replication
Take a Look at these Other Services
Amazon EMR Amazon
Kinesis Elastic
TranscoderAWS OpsWorks
Amazon
WorkDocs
new!
Amazon Redshift AWS Database
Migration Service
Amazon
CloudFrontAWS
CodeCommit
AWS
CodeDeploy
AWS
CodePipeline
AWS
CloudHSM
Thank you!
Remember to complete
your evaluations!
Related Sessions
ARC316 - Hybrid IT: A Stepping Stone to All-In