Embed Size (px)
Citation preview
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Shaun Ray Head of Solution Architecture, South East Asia
Mission Critical Application
Workloads on AWS
What You Will Learn
Walkthrough the best practice for deploying business
critical applications
Dive deep into fault tolerant and high performance
architectures
Learn about securing sensitive data and workloads in the
AWS cloud
Agenda
Why are customers running mission critical applications on AWS
What critical workloads run on AWS
Banking
Health
Media
Migrating a critical workload
Networking
Security
Audit
Resilience
Why are customers running
critical workloads on AWS?
Customer Success Story
Capital One is using AWS as a central part of its technology strategy. As a result,
the bank plans to reduce its data center footprint from eight to three by 2018.
Capital One is one of the nation’s largest banks and offers credit cards, checking
and savings accounts, auto loans, rewards, and online banking services for
consumers and businesses. It is using or experimenting with nearly every AWS
service to develop, test, build, and run its most critical workloads, including its
new flagship mobile-banking application.
"The financial service industry attracts some of the worst cyber criminals. We work closely with AWS to
develop a security model, which we believe enables us to operate more securely in the public cloud than
we can in our own data centers."– Rob Alexander, Capital One's CIO
Customer Success Story
Orion Health is a health-specific software company that develops modern and
creative solutions for healthcare organizations across the globe. By working with
APN consulting partner, Logicworks, and using AWS the company built Cal
INDEX, one of the largest health information exchanges in the US. By using
AWS, Orion health can scale its platform to handle millions of patient records and
build HIPAA-compliant solutions for its customers.
Customer Success Story
The company migrated some of its enterprise applications including SAP
Business Objects, SAP GRC, and Oracle Enterprise Manager from traditional
data centers to AWS. By using AWS, the publisher has shortened its time to
market for new development projects from 6 months to 1 day and reduced its
data center footprint from six to two facilities.
“In particular, the AWS focus on overall security, the ability to isolate systems from the Internet while
running in the cloud, and the ability to encrypt data with our own managed keys addresses our
requirements better than alternative solutions.”
– Mike Wedderburn-Clarke, Infrastructure Architect at News UK
Benefits of running MCW on
AWS
SecurityA few of our many certifications:
Secured premises
Secured access
Built-in firewalls
Unique users
Multi-factor authentication
Private subnets
Encrypted data storage
Dedicated connection
AWS looks
after the
security OF the
platform
AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability ZonesEdge
Locations
Encryption Key
ManagementClient and Server
Encryption
Network Traffic
Protection
Platform, Applications, Identity & Access Management
Operating System, Network & Firewall Configuration
Customer ContentC
usto
me
rs
Security is shared between AWS and Customers
Customers are
responsible for
their security IN
the Cloud
AWS Global Infrastructure
Region
Edge Location
Over 1 million active customers across 190 countries
800+ government agencies
3,000+ educational institutions
12 regions (2016: USA, India, UK)
33 availability zones
54 edge locations
Reliability & Scale:
Availability Zones
AZ
AZ
AZ AZ AZ
Transit
Transit
Example AWS Availability Zone
AZ
AZ
AZ AZ AZ
Transit
Transit
Example AWS Data Center
Why run critical workloads on AWS
*as of July 31, 2014
Building and managing cloud since 2006
12 regions, 33 availability zones, 54 edge locations
Thousands of partners; 2,500+ Marketplace products
Security & Reliability
Performance
Experience
Scale
Ecosystem
Extensive VM and network performance options
Security in layers approach and 99.95% application SLA
What is a mission critical
workload?
Anatomy of a critical workload
Holds sensitive data, liability if breached or deleted
>100 Users, > $10K per minute, Contractual Liability
Loss of data, destruction of IP, productivity penalty
Large scale customer impact if not available
Material Impact
Resilient
Available
Secure
What mission critical
workloads can I run on AWS?
Critical Applications
Vendor Applications
SAP Business Suite, Netweaver, BusinessObjects, B1, HANA
Oracle eBusiness, PeopleSoft, Siebel, JDE, Database 11g/12c
Microsoft SharePoint, Exchange, Dynamics, SQL Server
IBM Websphere, DataStage
Infor LN, M3, Syteline, Lawson
Today AWS customers run a wide array of business applications
Companies of all sizes run business applications on AWS
Enterprise Agreement
Commercial and Legal
Data Sovereignty
Regulation
Liability and IP
Ownership
Direct Connect
Private Link to
AWS
Non-Public Applications
Cost Reduction
Public Endpoint Access
Enterprise Support
Proactive Engagement
Infrastructure Event Management
(IEM)
15 Minute Response
Proactive Support
Key Enablers
Consolidated Billing
payer account ownerNon - Production AWS
Account
Master Consolidated Billing
AWS Account
Production AWS
Account
Consolidated Billing
linked account owner
Consolidated Billing
linked account owner
Cross
Account
Role
IAM
User
IAM
User
(billing)
Payer and Linked Accounts
Availability Zone 1 Availability Zone 2
Internet
10.0.0.510.0.0.6
10.0.3.5
VPC Subnet VPC Subnet VPC Subnet
Virtual Private Gateway
Customer Gateway
VPN Connection
Customer Data Center
10.0.0.0/16CIDR Block:
S3
VPC Subnet
10.0.0.810.0.0.7
10.1.0.510.1.0.6
Elastic Load
Balancing
Did we hit our objectives?
Encrypted EBS, IPSEC VPN, Security Groups
No Data Loss, Encryption, Auto-Healing
Replicated DB, Dual AZ, 99.999999999% S3, Auto-
Recovery
Two AZ, Auto scale, Elastic Load Balancing
Material Impact
Resilient
Available
Secure
AWS CloudTrail
You are making
API calls...On a growing set of
services around
the world…
AWS CloudTrail
is continuously
recording API
calls…
And delivering
log files to you
HTTP and HTTPs requests logged with ELB Logging
API and Console calls logged with CloudTrail Logs
Network traffic logged with VPC Flow Logs
VPC change history logged with AWS Config
IAM policy and user changed logged with AWS Config
Application level metrics logged with CloudWatch Logs
Out of the box….
AWS
CloudTrail
IAMEBS
RDS
Redshift
S3
Glacier
Encrypted in transit
and at rest
Fully auditable
Fully managed
keys
Restricted access
Ubiquitous Encryption
Environment Setup
virtual private cloud
virtual private cloudvirtual private cloudvirtual private cloudvirtual private cloud
Shared
DevelopmentTestPre-ProdProduction
virtual private cloud
Audit
AWS Directory
Service
corporate data center
customer
gateway
VPN
connection
VPN
gateway
AD
flow logsAWS
CloudTrail
Feature Cost
Amazon VPC $0
VPC Security Groups $0
AWS Identity & Access Management (IAM) $0
AWS Security Token Service (STS) $0
AWS CloudTrail (service) $0
VPC Flow Logs $0
TLS-enabled AWS API access $0
How much does security cost..
Summary
Tools to secure your
workload
Protect your data
through encryptionOperate the way
you want
A mission critical workload is more resilient, available and secure when using
the AWS cloud. By leveraging our platform you can connect your critical
applications seamlessly to system running in AWS.
