Comenzando com la nube hibrida

535 visualizaciones

Publicado el

2016 AWS Summit Bogotá - Comenzando com la nube hibrida

Publicado en: Tecnología
0 comentarios
2 recomendaciones
Estadísticas
Notas
  • Sé el primero en comentar

Sin descargas
Visualizaciones
Visualizaciones totales
535
En SlideShare
0
De insertados
0
Número de insertados
12
Acciones
Compartido
0
Descargas
48
Comentarios
0
Recomendaciones
2
Insertados 0
No insertados

No hay notas en la diapositiva.

Comenzando com la nube hibrida

  1. 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Alex Coqueiro Public Sector Solutions Architect Abril, 2016 Comenzando con la nube híbrida
  2. 2. Direct ConnectTunnels Backup & Archive Storage Expansion Common Hybrid Workloads What is Hybrid IT? Integrated Network Next Steps Control Enterprise Integration Federation Dev Operations Today we’ll cover
  3. 3. Direct ConnectTunnels Backup & Archive Storage Expansion Common Hybrid Workloads What is Hybrid IT? Integrated Network Next Steps Control Enterprise Integration Federation Dev Operations Today we’ll cover
  4. 4. Cloud is an ALL or NOTHING proposition
  5. 5. The Good News is it isn’t an ‘All or Nothing’ Choice Corporate Data Centers On-Premises Resources Cloud Resources Integration
  6. 6. Hybrid IT
  7. 7. Hybrid IT: A Definition http://www.gartner.com/technology/research/technical-professionals/hybrid-cloud.jsp “Hybrid IT is the result of combining internal and external services, usually from a combination of internal and public clouds, in support of a business outcome.”
  8. 8. http://www.gartner.com/technology/research/technical-professionals/hybrid-cloud.jsp “Hybrid IT is the result of combining internal and external services, usually from a combination of internal and public clouds, in support of a business outcome.” Hybrid IT: A Definition
  9. 9. Your Data Center
  10. 10. Your Data Center
  11. 11. Extending Your DC to your Cloud Provider Your Data Center Your LAN Segments AWS VPC
  12. 12. Integrated networking # 10.0.100.0 # 10.0.200.0 Integrating AWS with existing On-Prem Infrastructure Integrated access control Microsoft Active Directory Custom LDAP Commom Hybrid Workloads App 1 AWS Storage Gateway Single pane of glass Enterprise Integration
  13. 13. Direct ConnectTunnels Backup & Archive Storage Expansion Common Hybrid Workloads What is Hybrid IT? Integrated Network Next Steps Control Enterprise Integration Federation Dev Operations Today we’ll cover
  14. 14. Direct ConnectVirtual Private Cloud (VPC) Services: Networking
  15. 15. Trend: Integrated Network Your Data Center Project A Deployed Virtual Private Cloud (VPC) Direct Connect
  16. 16. VPN Tunnels Customer VPN Gateway Directory Server Database Server Application Server Client VPC Configuration • VPC CIDR Network: 10.100.0.0/16 • VPC Subnet 1: 10.100.0.0/23 • VPC Subnet 2: 10.100.2.0/23 • VPN Type: Dynamic BGP • Security Group: HTTP, HTTPS, SSH, ICMP Data Center Configuration • Corporate Network: 10.96.0.0/16 • DC Network: 10.96.24.0/21 • VPN Gateway IP: 54.254.241.240 Your First Virtual Private Cloud Application Server Availability Zone BAvailability Zone A
  17. 17. VPN Tunnels Customer VPN Gateway Directory Server Database Server Application Server Client Other VPC Features • Multiple VPCs per account • Multiple network interfaces per EC2 instance • Multiple IPs per interface • Move network interfaces between EC2 instances • Egress filtering with security groups and network ACLs • Virtual network peering between VPCs • Direct Connect cross region routing • Support for dedicated instance, single tenant EC2 Services: Networking Application Server Availability Zone BAvailability Zone A VPC Released 2009 • Mature virtual networking service • Highly scalable, up to 64K hosts per VPC • Features focused on enterprise integration
  18. 18. Integrate your network with Amazon VPC • Connect via standard IPSEC Internet VPN tunnels, or • Private link to AWS Direct Connect peering location, or a combination of both • Connection port speeds from 50M to 10G, you choose the connection speed you want • Connect multiple VPCs using industry standard VLANs and layer 3 routing protocols • Integrate your network to your private VPC resources • Deploy your own network equipment into Direct Connect peering location, e.g. WAN Optimization Devices Compute Storage AWS Global Infrastructure Database App Services Deployment & Administration Networking Customer VPC Internet VPN Connection Customer IPSEC Router/Firewall Customer Direct Connect Router Private Direct Connect Customer Corporate Network Services: Networking: Direct Connect
  19. 19. Direct ConnectTunnels Backup & Archive Storage Expansion Common Hybrid Workloads What is Hybrid IT? Integrated Network Next Steps Control Enterprise Integration Federation Dev Operations Today we’ll cover
  20. 20. Common Hybrid Workloads
  21. 21. Common Hybrid Workloads
  22. 22. AWS Storage Gateway AWS S3 Simple Storage Service Services: Storage
  23. 23. Application Server Virtual Server File Server Database Server Backup System On-premise backup server with S3 • Eliminate tape, hardware, off-site storage • Reduce capital expense for backup infrastructure • Never worry about backup durability • Never run out of backup capacity • Backup gateway integrated to Amazon S3 • Data stored off-site, with high durability, in multiple locations • Take advantage of advanced storage optimization options, De-duplication, compression, WAN acceleration Backup and Archive Amazon S3
  24. 24. Application Server Virtual Server File Server Database Server Amazon S3 Solutions supporting backup and archive to S3 Veeam Backup & Replication Symantec Net Backup Oracle RMAN and Secure Backup Module CommVault Simpana AWS Storage Gateway VTL Riverbed Whitewater Backup System Backup and Archive
  25. 25. On-premise storage appliance with S3 • Reduce capital expense for storage infrastructure • Never worry about storage durability • Never run out of storage capacity • Storage appliance integrated to Amazon S3 • Data durably stored off-site in multiple locations • Virtual volumes presented to local network as iSCSI volumes, NFS, CIFS • Local disk cache to provide fast on-premise access • Take advantage of advanced storage optimization options, Block based de-duplication, compression, WAN acceleration • Security through gateway side encryption Application Server Virtual Server File Server Database Server S3 Integrated Appliance Storage Expansion Amazon S3
  26. 26. Application Server Virtual Server File Server Database Server S3 Integrated Appliance Solutions supporting storage expansion to S3 TwinStrata CloudArray Riverbed Whitewater Panzura Global NAS Aspera on-demand AWS Storage Gateway Cached Volumes Storage Expansion Amazon S3
  27. 27. Direct ConnectTunnels Backup & Archive Storage Expansion Common Hybrid Workloads What is Hybrid IT? Integrated Network Next Steps Control Enterprise Integration Federation Dev Operations Today we’ll cover
  28. 28. How do I integrate AWS? Access Control Identity Federation Development Operations
  29. 29. AWS Directory Services AWS Identity and Access Management Services: Security
  30. 30. Securing Your AWS Resources AWS Identity and Access Management • AWS IAM enables you to securely control access to AWS services and resources • Fine grained control of user permissions, resources and actions. You get to choose who can do what in your AWS environment and from where • You can easily add multi factor authentication using smartphone apps or hardware tokens • Create users or groups • Assign permissions to groups • Where actions are allowed from Application Server • Who can create subnets • Who can modify security groups • Who can launch EC2 instances, into which subnet • Grant rights to applications • To access AWS resources • With built-in key rotation • No storing of credentials in code • Secure access to console • Require MFA on API action
  31. 31. New directory in AWS Directory Integration AWS Directory Service Connect existing directory to AWS Simple AD AD Connector Based on Samba 4 Custom federation proxy On-premises Microsoft AD
  32. 32. AD Connector AD CAA-AdministratorAccessRole CAA-NetworkAccessRole CAA-CloudEngineerRole CAA-ReadOnlyAccessRole NetworkAccessRole - “Action”:[stsAssumeRole], “Resource”: “arn:aws:iam::[account1-id]:role/IAM-1-NetworkAccessRole-* “Resource”: “arn:aws:iam::[account2-id]:role/IAM-1-NetworkAccessRole-* “Resource”: “arn:aws:iam::[account2-id]:role/IAM-1-NetworkAccessRole-* Management account 1 2 3 Application account 4 Switch role AdministratorAccessRole NetworkAccessRole CloudEngineerRole ReadOnlyAccessRole Trusted entities: Assume role policy document “Principal”: “AWS”:“arn:aws:iam::[management-account-id]:role/CAA-NetworkAccessRole” “Action”: “sts:AssumeRole” mycompany.awsapps.com/console
  33. 33. AWS CodeDeploy Services: Application
  34. 34. Coordinate automated deployment Scale from 1 instance to thousands Deploy without downtime Centralize deployment control and monitoring Staging CodeDeployv1, v2, v3 Production Dev Just like Amazon Application revisions Deployment groups
  35. 35. Set up your target environments (Hybrid or Not) Agent Agent Agent Staging Agent Agent Agent Agent Agent Agent Production Deployment group (on-premises)Deployment group (AWS) Group instances by: • Auto Scaling group • Amazon EC2 tag • On-premises tag
  36. 36. Operations On AWS into existing Tools Management Portal for vCenter Management Pack for SCOM Systems Manager for SCVMM
  37. 37. Operations On AWS Integrating AWS into your operations • AWS CloudWatch provides real-time insight into your AWS services, integrate your own metrics, create and act on alarms • AWS SNS allows integration with your alerting systems • Your current tools still work – install on EC2 instance • Your tools already have AWS API integration
  38. 38. Direct ConnectTunnels Backup & Archive Storage Expansion Common Hybrid Workloads What is Hybrid IT? Integrated Network Next Steps Control Enterprise Integration Federation Dev Operations Today we’ll cover
  39. 39. Try It! Proof of concept will answer tons of questions Think cloud first for all new deployments
  40. 40. Gracias

×