![Page 1: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/1.jpg)
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
CJ Moses, GM, AWS Government Cloud Solutions
Keith Brooks, AWS GovCloud Senior Business Development Manager
October 2015
SEC204
AWS GovCloud (US)Not Just for Govies
![Page 2: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/2.jpg)
What to expect from this session
1. Background on the AWS GovCloud (US) region
2. Overview of AWS GovCloud (US) features
3. Description of AWS GovCloud (US) users and suitable
workloads
4. Customer use case examples
![Page 3: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/3.jpg)
Background and history
![Page 4: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/4.jpg)
AWS GovCloud (US) features
![Page 5: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/5.jpg)
Requirements for access to AWS GovCloud (US)
Can handle export
controlled data
US person(account holder)
US entity on US soil
![Page 6: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/6.jpg)
AWS GovCloud (US) features
Managed by US
persons on US soil
Separate AWS
IAM and
authentication
Located in Pacific
NW (Oregon)
Data, network, and
machine isolation
![Page 7: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/7.jpg)
AWS GovCloud (US) features
“Community Cloud” Multiple regulatory and compliance features
![Page 8: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/8.jpg)
Who’s using AWS GovCloud (US)
and why?
![Page 9: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/9.jpg)
2011 2012 2013 2014
AWS GovCloud (US) adoption
273% average YoY growth since launch
(Q4 2011 to Q4 2014)
![Page 10: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/10.jpg)
Users span various types of enterprises
US Government
Federal, state, and local
Consulting firms and
systems integrators
Technology firms
and software
vendors
Resellers
Educational
institutions
Research
organizations
Commercial
industry
Nonprofit
organizations
Managed service
providers
![Page 11: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/11.jpg)
…but all share common characteristics
Sensitive data and applications
Strict regulatory and compliance requirements
Restricted, community cloud preference
AWS cloud platform
![Page 12: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/12.jpg)
AWS GovCloud (US) is fit for hosting sensitive data
Agriculture Copyright Critical infrastructure
Export control (ITAR) Financial Immigration
Intelligence Law enforcement Legal
Nuclear Patent Privacy (PII)
Proprietary (IP) Statistical (census) Tax
Transportation
All levels of Controlled Unclassified Information (CUI)
![Page 13: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/13.jpg)
Example workloads on AWS GovCloud (US)
Web applications
and websites
Backup
and recovery
Archiving Disaster recovery Development
and test
Big dataHigh performance
computing
Business
applicationsEnterprise IT Mobile
![Page 14: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/14.jpg)
Customer highlight: Planet Labs
![Page 15: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/15.jpg)
Imaging the Earth
DailyTroy Toman
Director of Engineering
Planet Labs
[email protected] I @troytoman
Imaging the Earth DailyTroy Toman
Director of Engineering
Planet Labs
[email protected] I @troytoman
![Page 16: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/16.jpg)
![Page 17: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/17.jpg)
Planet Labs Proprietary & Confidential
Size: 10 x 10 x 30cm
Mass: 4kg
![Page 18: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/18.jpg)
Radome – April 2014
Awarua, NZ
![Page 19: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/19.jpg)
101 satellites launched on 9 rockets
![Page 20: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/20.jpg)
Orange River, South Africa, August 4, 2015
![Page 21: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/21.jpg)
Forest Management
Oregon, USA
Source: Landsat 8
Date: March 23, 2014
![Page 22: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/22.jpg)
Forest Management
Oregon, USA
Source: Planet Labs
Date: May 2, 2014
![Page 23: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/23.jpg)
150satellites
475 KMaltitude
sun synchronous orbit
30ground stations
10sites
370,000images per day
<24 hours
online catalog
APIfor data pipeline
and platform access
1000S of
servers
11 TBprocessed daily
Spacecraft Manufacturing and Operations Data Pipeline and Production Apps
![Page 24: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/24.jpg)
Infrastructure
Challenges11 TB/day…everyday…forever
Regulatory compliance
Agile aerospace
Dynamic use cases
Multiple products/output formats
Complex/compute intensive pipeline
![Page 25: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/25.jpg)
Procurement
Physical security
Inventory
DC operations
Server provisioning
Private cloud ops
Network management
Hardware maintenance
What could have been…
https://creativecommons.org/licenses/by-nc/2.0/
![Page 26: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/26.jpg)
What AWS GovCloud (US) enables
us-gov-west us-west
Python (boto) AWS CLI
Amazon RDS
RDS
Amazon S3
S3AWS import/export
SAML
Ansible
CI
Git/GitHub
Analytics
Logging
Messaging
Ticketing
VPN gatewayVPN gateway
Amazon
Route 53
Route 53
Instances
Instances Spot
instances
Common
Ops/Dev Tools
Data Pipeline
Production APIsSpacecraft
Manufacturing/Operations
![Page 27: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/27.jpg)
ansible-jenkins
├── environments
│ ├── preprod.ini
│ ├── prod-current.ini
│ ├── prod-new.ini
│ ├── space.ini
│ └── test.ini
├── jenkins.yml
├── planet_roles
│ ├── apache_saml
│ ├── aptly
│ ├── aptserver
│ ├── awscli
│ ├── base
│ ├── datadog_agent
│ ├── elasticsearch
│ ├── fpm
│ ├── graphite
│ ├── jenkins
│ ├──
![Page 28: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/28.jpg)
A Transparent Planet…
…to act on change
Commercial access to space
Space-capable consumer technology
Compliant cloud services
Universal access
![Page 29: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/29.jpg)
Customer Highlight: CSC
![Page 30: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/30.jpg)
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Jon Check, CSGov
AWS GovCloud (US) MigrationCSC’s separation drives rapid migration of
business applications to AWS GovCloud (US)
![Page 31: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/31.jpg)
What to Expect from This Part of the Session
• Demonstrate a use case of successful, rapid migration of a large business’
application portfolio to AWS GovCloud (US).
• Provide a successful cloud migration process.
• Share reasons why we chose AWS GovCloud (US).
• Demonstrate how CSGov executed the process and migration.
• Provide success stories and lessons learned.
![Page 32: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/32.jpg)
Our ChallengeMay 19, 2015, CSC announced that its Board of Directors unanimously approved a plan to separate the company into two publically traded, pure play leaders: one to serve commercial and government clients, and one to serve public sector clients in the US.
CSGov
Business Application Portfolios
200+ apps must
migrate by
October 1, 2015
Program Specific
Applications Types:
Collaboration
Finance
HR
Payroll
Security
Other
70,000 Employees
14,000 employees
Approximately:
250 servers (phys.
and virt.)
3 TB memory
1,300 processors
Infrastructure Types:
Physical
Virtual
Private cloud
SaaSData Centers
14+ data centers
SaaS providers
Data Centers
2 data centers
1 Gov CSP
SaaS providers
![Page 33: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/33.jpg)
How Do We Attack This Problem?We need a strong systems integrator with proven applications migration processes to discover, plan, and execute our application separation between the two separate companies.
APPLICATION DISCOVERY
OPERATIONS ONBOARDING
APPLICATION AFFINITY GROUPING
MIGRATION EXECUTION
CLOUD ADOPTION ASSESSMENT
TARGET ASSESSMENT & ARCHITECTURE
APPLICATION TREATMENTS
MIGRATION VALIDATION
OPERATIONS PLANNING
CONTINUOUS IMPROVEMENT
Migration
Process
![Page 34: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/34.jpg)
APPLICATION DISCOVERY
Migration – Shape CLOUD ADOPTION ASSESSMENT
CSGovOnly49%
CSC/CSGovShared
40%
CSC Only11%
Suitability ScorecardTells you the ideal level at which you should be looking
for a cloud-based alternative: SaaS, PaaS, IaaS.
Cloud Adoption RoadmapIdentifies treatments and prioritization based on
customer requirements and target environment.
Our Targets: Physical CSGov Data Center, CSGov
Private Cloud, AWS GovCloud (US), SaaS Providers
App Inventory
App Data Flow
Diagram
![Page 35: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/35.jpg)
Why AWS GovCloud (US)?
Requirement AWS
GovCloud
(US)
Provide rapid, self-service infrastructure provisioning enabling an
aggressive migration schedule.
Government contracts require strict security standards and CSGov
aspires to provide highest security levels for our customers and our
business.
HR data will contain personally identifiable information, best
protected via DoD Impact Level 4 added security controls.
CSGov must retain ITAR compliance, and so should our cloud
service provider.
Ideally the CSP has an established relationship with CSGov.
![Page 36: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/36.jpg)
Migration – TransformAPPLICATION AFFINITY GROUPING APPLICATION TREATMENTS
Not Migrate24%
Physical (NPS Data
Center)51%
Gov Cloud15%
SaaS10%
Treatment
Do not migrateApplication exists at a location/data center that will
remain. No need to migrate at this time.
Physical moveShip physical architecture with applications installed to
consolidated data center.
Migrate to AWS GovCloud (US)Initiate an application migration to AWS GovCloud (US),
via cloning, cloning and import/export, rebuilding, or
rebuilding with import/export.
Migrate to CSGov instance of SaaSCSGov is sharing a SaaS implementation with CSC.
Need to work with the SaaS providers to create a CSGov
dedicated instance and initiate a data migration and
purge.
![Page 37: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/37.jpg)
Migration – Transform (Cont’d)MIGRATION EXECUTION MIGRATION VALIDATION
Physical CSGov Data Center/Private Cloud1. Data center preparation (space, power, network, staffing)
2. Application outage planning
3. Onsite installation
4. Configuration
5. Base testing
AWS GovCloud (US)1. Partnership with Racemi
2. Move group planning
3. Discover, capture, clone, configure
4. AWS import/export
5. Some straight rebuild
SaaS Providers1. Partnership with SaaS providers
2. Professional services
3. SaaS statement of work
4. Configuration migration/establishment
5. Base testing
• Release planning
• Reuse existing regression testing
• Manual test script execution
• User acceptance testing
• Go/no-go decision
• Go-live support period
Team used Agile methodologies to deliver the migration
execution (scrum planning, kanban execution)
![Page 38: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/38.jpg)
Our AWS Architecture
![Page 39: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/39.jpg)
Our AWS Architecture
![Page 40: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/40.jpg)
Migration – ManageOPERATIONS ONBOARDING CONTINUOUS IMPROVEMENT
Integrated Technology Center (ITC)
integration: 1. CSC Answers (HR Help Desk)
2. CSC Technical Help Desk
3. Network Operations & Security Center (NOSC)
Application O&M teams1. Parallel O&M for a period of time to support rollback
2. Outage management
3. Triage
4. Scrumban teams
5. DevOps
Physical to cloud/virtual
Keep moving to the cloud!
Stateless architectures
High availability
Cloud service rich
Hybrid – VM/container/SaaS architectures
Offering enhancements
WHERE WE NEED TO BE…
WHERE WE STARTED…
WHERE WE ARE…
Lift & Shift
Optimize
![Page 41: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/41.jpg)
Success Stories• Hybrid environment (compute, network, storage) on physical premises,
dedicated private cloud, government community cloud, SaaS provider, all
seamless to the end user….and it works!
• Agile methodology, delivered value early, identified issues, and mitigated them
rapidly.
• CSC used its own processes and methods to take on this aggressive
application migration effort—and they worked. Lessons will improve these
migration offerings, passing on value to our customers.
• DR recovery point time reduced from days to minutes with some of these
applications. Architected for resiliency to failures.
• Use of AWS, rapidly increased the time to value for our
cloud-based IaaS (compute, network and storage). Able to
execute plan in hours/days versus the weeks/months it would
have taken using alternative IaaS with same requirements.
![Page 42: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/42.jpg)
Lessons Learned• No magic bullet for an enterprise migration.
• Plan for bandwidth. The biggest bottleneck in an automated migration/cloning to
cloud is bandwidth. Plan ahead, expect delays for bandwidth restrictions/issues.
• Do not disregard the importance of planning, especially the target environment
planning. Much harder to move migrated resources due to poor VPC/target
network planning.
• Automation cannot migrate everything. Expect some traditional migration
methods to be required.
• No Re-IP’ing is a great goal, but not entirely possible in a large-scale migration.
• Most importantly…utilize your partner expertise, heed their advice (AWS,
Racemi, SaaS Partners, etc.).
![Page 43: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/43.jpg)
Thank You!
![Page 44: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/44.jpg)
Important things to remember
AWS GovCloud (US) is a physically and logically isolated region
Separate AZs, console, IAM and authentication stack, and endpoints
AWS GovCloud (US) is not just for the US Government
Users span government, commercial entities, education and nonprofits
Remember the AWS Shared Responsibility ModelAWS IAM users can be non–US persons if adhering to shared responsibility
(e.g., development teams outside of the US w/o access to ITAR data)
![Page 45: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/45.jpg)
Learn more about AWS GovCloud (US)
AWS GovCloud (US) webpagehttps://aws.amazon.com/govcloud-us/
AWS GovCloud (US) User Guidehttp://docs.aws.amazon.com/govcloud-us/latest/UserGuide/welcome.html
Keith BrooksAWS GovCloud Business Development
CJ MosesGM, AWS Government Cloud Solutions
![Page 46: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/46.jpg)
Remember to complete
your evaluations!
![Page 47: (SEC204) AWS GovCloud (US): Not Just for Govies](https://reader031.vdocument.in/reader031/viewer/2022020314/58f2d6481a28ab8b7b8b4599/html5/thumbnails/47.jpg)
Thank you!