AWS Summit Berlin 2013 - Euroforum - Moving an Entire Physical Data Center in AWS
1. Migra&on
eines
physikalischen
Datacenters
zu
AWS
Heterogene
Herausforderung
für
den
Übergang
eines
firmeneigenen
physikalischen
Datacenters
in
ein
kompleA
virtualisiertes
Datacenter
bei
AWS
Marcus.Fritsche@informa.com
3. Überführung
eines
phys.
Datacenters
zu
AWS
Eine
kleine
Revolu&on?
Zeit
Zeit
Zeit
König
Ludwig
2
1500
Public
Cloud
2012
Mein
Serverraum
1996
2006
Private
Cloud
Server
Virtual.
1900
Instustrial
Age
1980
Global
Economy
8. Encryp&on
(Server-‐Volumes,
Storage,
Networks)
=>
Got
some
experience
and
daily
improvements
Roll
based
Administra&on
“IAM”
(e.g.
terminate
a
server)
Mul&factor
Authen&ca&on
(HW-‐Token
take
Mme,
..)
Datenschutz:
9. Encryp&on
ProtectV
Master
ProtectV
Secondary
KeySec
App
Master
KeySec
App
Secondary
WAN
AWS
Informa
(DE
/
UK)
12. Datacenter
located
in
Europe
(Ireland
and
in
???)
Audi&ng
AuQragsdatenverarbeitung:
AWS
act
as
Data
Processor
as
defined
in
SecMon
11
(§11
BDSG)
Legal
Requirements
–
Bundesdatenschutzgesetz
&
European
Data
Protec&on
Law
14. Develope
number
of
AMIs,
Storage
Types,
NICs,
Load-‐Balancer,
…
Backup
Rollout
of
a
dynamic
XenApp-‐Farm
…
Technology
:
15. System
Redundancy:
Mirroring
producMon
files
to
a
dedicated
server
in
another
Availability
Zone
(AZ)
Backup
(on
OS-‐Level)
Daily
EBS
snapshot
in
regional
storage
area
(held
in
all
AZ)
using
the
“Volume
Shadow
Service”
from
AWS
AZ
1
(prod)
AZ
2
(BRC)
AZ
3
Subnet
1
(LAN)
Subnet
11
(LAN)
Subnet
9
(Test)
Subnet
2
(DMZ1)
Subnet
12
(DMZ1)
Subnet
3
(DMZ2)
Subnet
13
(DMZ2)
Backup:
20. Long-‐term
File-‐Archive
in
AWS
S3
...
hap://corporate-‐archive.s3-‐website-‐eu-‐west-‐1.amazonaws.com/html/
A
script
is
generaMng
a
browse-‐able
link
structure
out
of
the
S3
flat
file
system
[Graphic
from
AWS]
To
protect
this
“publicly
available
data”;
a
policy
for
the
bucket
“corporate-‐archive”
is
blocks
all
IPs
apart
of
the
own
Proxy-‐IPs
24. What
are
our
next
steps!
• AutomaMon
of
AdministraMve
Processes
• Cost-‐
and
Performance
Tuning
• Increase
Security
• Test
and
Verify
Business
Recovery
FuncMon
25. …
und
bei
Fragen
wenden
Sie
sich
gerne
an
fritsche@4security.de