In the digital economy, the fast development and deployment of applications is critical to success. To thrive in this application-oriented business environment, IT organizations are acting now to change their tools and processes to better support agile development methodologies. This session will cover performance benchmarking, benefits of migrating existing workloads, use of key services like Amazon RDS and AWS CloudHSM, and demonstrate how to deploy applications securely and at scale. Session sponsored by Cisco.
2. What to Expect from the Session
• Challenges that necessitate automation
• Benefits to model-based approach for application
automation
• Automating image management
• Other features and services needed in an application-
centric future
3. Request Infrastructure
Verification
Hardware
Setup
Build VMs – New
or Clone
DNS Entries
Install, Setup,
Configure
Workload Database
Refresh
Latest Code
Deployment
Load Balancer
Entries
Web Server
Configuration
Firewall
Changes
External Interface &
Integration
PPM Tasks
Workload
Monitoring Setup
Security – VM
access control
Testing
1- 2 days 3- 5 days 2 – 4 weeks 3 – 5 days
1 – 2 days 4 – 7 days 2 – 3 days 2 – 5 days
2 – 5 days 1 -2 days 2 – 4 days 1 – 2 days
3 – 7 days 2 – 3 days 1 day 5 – 6 days
Task timeWait time
Deploying an Enterprise Application Without Automation
4. Request Infrastructure
Verification
Hardware
Setup
Build VMs – New
or Clone
DNS Entries
Install, Setup,
Configure
Workload Database
Refresh
Latest Code
Deployment
Load Balancer
Entries
Web Server
Configuration
Firewall
Changes
External Interface &
Integration
PPM Tasks
Workload
Monitoring Setup
Security – VM
access control
Testing
VM Automation Only – A Partial Solution
1 - 2 days
1 - 2 days 4 - 7 days 2 - 3 days 2 - 5 days
2 - 5 days 1 - 2 days 2 - 4 days 1 - 1 days
3 - 7 days 2 - 3 days 1 day 5 - 6 days
5. Request Infrastructure
Verification
Hardware
Setup
Build VMs – New
or Clone
DNS Entries
Install, Setup,
Configure
Workload Database
Refresh
Latest Code
Deployment
Load Balancer
Entries
Web Server
Configuration
External Interface &
Integration
PPM Tasks
Workload
Monitoring Setup
Testing
Network Automation Only – A Partial Solution
1 - 2 days
4 - 7 days 2 - 3 days 2 - 5 days
2 - 5 days 1 - 2 days 1 - 1 days
3 - 7 days 2 - 3 days 5 - 6 days
Firewall
Changes
Security – VM
access control
6. Infrastructure
Verification
Hardware
Setup
Build VMs –
New or Clone
Application Orchestration and Infrastructure
Automation – Still No Guaranteed Outcome
Latest Code
Deployment
External Interface &
Integration
Testing
2 - 5 days
1 - 1 days
5 - 6 days
Request
1 - 2 days
DNS Entries
Install, Setup,
Configure
Workload Database
Refresh
Load Balancer
Entries
Web Server
Configuration
Firewall
Changes
PPM Tasks
Workload
Monitoring Setup
Security – VM
access control
7. Why Migrate from On-premises Environments?
• Capacity limitations such as
resources, power or performance
• Pay for what you use
• Self-managed
• App runs best close to the “edge”
• It’s ready for you!
On-premises
Environment
8. Migrate Back? Hybrid Deployments?
• Multi-use database in an on-
premises environment is used
• Interact with other applications not
externally reachable
• Compliance requirements
• “Free” resources On-premises
Environment
9. Application Profile (Represented as Cube)
nginx_...
apache_...
mysql_...
2
CPU
4GB
Memory
20GB
Storage
Containers
Recipes
Scripts
Jar
War
Binaries
10. Application Profile (Represented as Cube)
Build
Environment
Infrastructure
Compute, Network,
Storage
Cloud Services
Load Balance, Storage
Images, Services, Containers
App and Web Servers
Cluster and Caching
Middleware
Database
OS and VM Images or Containers
Packages and
Files
Scripts Data
11. Build Automation is Generally Mature
Source
Repository
GitHub
Artifact
Repository
Artifactory
Build
Automation
Jenkins
17. What is Cisco CloudCenter?
Demos include, so what should you know about it?
• Cloud management and brokerage platform
• Uses Application Profile - model once, deploy anywhere
• Provides guardrails to automation
- Governance to any environment
- Policy and financial controls
- Multi-tenant and multi-account
• Benchmarking of applications
19. What are Options for Managing Images?
Images still need to be maintained and now at scale
Options
• Transform ”Gold” images to AWS
• Rebuild images dynamically
• Consume OS vendor-provided
images
Challenges
• Multiple virtualization formats
• Storage costs (not thin)
• Region-specific requirement
• Pace of patches increasing
• New deployments with old images
= exploitable until patched
21. Networking – Simplify the Complex thru APIs
• Consistent implementation between on-premises
environments and AWS needs a management strategy
• Multi Availability Zones required for uptime guarantee
• Different best practices from the firewalling we grew up with
Availability Zone
region
Availability Zone
web svr
web svr
web svr
web svr
web svr
web svr
web svr
web svr
web svr
web svr
web svr
web svr
web svr
web svr
web svr
web svr
web svr
web svr
web svr
web svr
24. Demo – Adopting AWS
Services Like RDS and Elastic
Load Balancing
Amazon
RDS
Elastic Load
Balancing
25. What About Your Crypto Keys?
AWS CloudHSM provides:
• Hardware – the H in HSM
(dedicated appliance)
• Storage of cryptographic keys
• Use AWS for sensitive data without
direct access to encryption keys
• AWS operations personnel do not have
access to your cryptographic domain
virtual private cloud
AWS
CloudHSM
AWS – manages
the appliance
You – control keys
and crypto operations