9. 2007 2008 2009 2010 2011 2012
159
82
61
48
24
9
Including:
AWS Oregon Region
Elastic Beanstalk (Beta)
Amazon SES (Beta)
AWS CloudFormation
Amazon RDS for Oracle
AWS Direct Connect
AWS GovCloud (US)
Including:
Amazon SNS
Amazon CloudFront
Amazon Route 53
S3 Bucket Policies
RDS Multi-AZ Support
RDS Reserved Databases
AWS Import/Export
Including:
Amazon RDS
Amazon VPC
Amazon EMR
EC2 Auto Scaling
Including:
6 new Direct Connect Sites
DynamoDB
RDS in VPC
AWS Trusted Advisor
CloudFormation in VPC
AWS Storage Gateway
Amazon Glacier
Cost Allocation Tagging
CloudFront Live Streaming
Amazon CloudSearch
AWS Marketplace
Red Hat Reserved Instances
New EC2 Instance Types
Multi-AZ Oracle RDS
RDS SQL Server
EC2 RI Marketplace
AWSServiceLaunches&
FeatureUpdates
10. January February March
21
18
14
Including:
AWS Management Console Tablet
and Mobile Support
Elastic Transcoder
Price reduction for Amazon EC2,
global expansion of M3 Standard
Instances, and reduced data transfer
pricing.
Including:
Amazon Redshift Available to All
Customers
AWS OpsWorks
IAM Role and Auto Scaling Support
for Amazon CloudWatch Monitoring
Scripts for Linux
Amazon SQS and SNS Announce
Lower Prices and Expanded Free
Tiers - 50% price drop for SQS
Including:
New Lower Pricing for Amazon EC2
Reserved Instances
AWS Free Usage Tier Now Includes
Amazon ElastiCache
Amazon DynamoDB Reduces Prices
AWS Elastic Beanstalk for Node.js
Amazon RDS now supports 3TB and
30,000 Provisioned IOPS per database
instance
Announcing EBS-Optimized Support
for Additional Instance Types
53AWSServiceLaunches&Feature
Updatesthisyear
15. Free steak
campaign
Facebook
page
Mars
exploration ops
Consumer
social app
Ticket pricing
optimization
SAP &
Sharepoint
Securities Trading
Data Archiving
Gene
sequencing
Marketing
web site
Interactive
TV apps
Financial
markets analytics
R&D data
analysis
Consumer
social app
Big data
analytics
Web site &
media sharing
Disaster
recovery
Media
streaming
Web and
mobile apps
Streaming
webcasts
Facebook
app
Consumer
social app
EveryImaginableUseCase
18. 35 Price
Reductions
Since 2006
The AWS Price Reduction Philosophy
Ecosystem
Global Footprint
New Features
New ServicesInfrastructure
Innovation
More AWS
Usage
More
Infrastructure
Economies
of Scale
Lower
Infrastructure
Costs
Reduced
Prices
More
Customers
19. AWS Trusted Advisor
Cost optimizations
Security & Availability checks
Performance
recommendations
329,000
recommendations
$22M
in annualized
savings
To: AWS Customer
From: Amazon Web Services
Subject: Potential Cost Savings
Dear Customer,
We have identified $49,000 of potential
savings in your current AWS deployment.
-Amazon Web Services
To: AWS Customer
From: Amazon Web Services
Subject: Potential Cost Savings
Dear Customer,
We have identified $49,000 of potential
savings in your current AWS deployment.
-Amazon Web Services
To: AWS Customer
From: Amazon Web Services
Subject: Potential Cost Savings
Dear Customer,
We have identified $49,000 of potential
savings in your current AWS deployment.
-Amazon Web Services
Obsessed with Helping Customers Save Money
23. 1. TradeCapitalExpenseforVariableExpense
On-Premises
$0 to get started
Pay as you go
Source: IDC Whitepaper, sponsored by
Amazon, “The Business Value of Amazon
Web Services Accelerates Over Time.”
July 2012
Average of 400
servers replaced
per customer
24. 2.LowerVariableExpenseThanCompaniesCanDoThemselves
Source: IDC Whitepaper, sponsored by Amazon, “The Business Value of Amazon Web Services Accelerates Over Time.” July 2012
70% lower 5 year TCO per app
AWS
On-
premises
$3.01M
$0.90M
50% reduction in
analytics costs
Saved $34M on
SmartHub app
$3M reduction in
hosting costs
27. 4.DramaticallyIncreaseSpeed&Agility
Add New Dev Environment
Add New Production Environment
Add New Environment in Japan
Add 1,000 Servers
Remove 1,000 servers
Number of Instances 1,000
Instance Type M3 Extra Large
Availability Zone US-West-2b
Launch
aws.amazon.com/managementconsole
AWS: Infrastructure in MinutesOld World: Infrastructure in Weeks
28. “We reduced application
deployment times from 2
months to 3 days.”
“Time to deploy went from
weeks to hours.”
Source: IDC Whitepaper, sponsored by Amazon,
“The Business Value of Amazon Web Services
Accelerates Over Time.” July 2012
Overall
Deployment
Integration
Testing
Development
0
100%
200%
300%
400%
500%
600%
ImprovedEfficiency
Comparison of developer efficiency
with AWS and in-house alternatives
5X
Faster
31. / Utilisations du Cloud Computing dans le cadre du Réseau Ferré National
Sujets de la présentation
Faciliter la connaissance par le grand public de nos projets ferroviaires grâce
à la cartographie
Réaliser ponctuellement un grand nombre de calculs à un coût accessible
dans un temps raisonnable
32. Utilisations du Cloud Computing dans le cadre du Réseau Ferré National
La naissance
du projet
Chapitre 1
33. / Utilisations du Cloud Computing dans le cadre du Réseau Ferré National
Une idée chemine au sein de nos équipes
Une mission de RFF
nFaciliter l’accès aux propositions de tracés d’un grand projet ferroviaire aux différentes étapes de la
consultation
Une cible
nLe Grand Public
Les contributeurs internes
nL’équipe métier en charge du projet
nLe géomaticien régional
nL’équipe SI en charge de l’offre cartographique
nL’équipe SI en charge de l’innovation
Des échanges à l’origine d’une idée
nOffrir sur le site internet du projet la possibilité
de naviguer dans nos données cartographiques
34. / Utilisations du Cloud Computing dans le cadre du Réseau Ferré National
La déclinaison du besoin
Les données à présenter
nLes données décrivant l’environnement :
⎯carte de la France entière : routes et photos
nLes données RFF
⎯Le réseau existant
⎯Le projet : tracés, photos aériennes le long du tracé
Les fonctions à offrir
nSe localiser
nSe déplacer sur la carte
nZoomer
nAfficher, masquer des données
35. Utilisations du Cloud Computing dans le cadre du Réseau Ferré National
D’une idée
à
Un service
Chapitre 2
36. / Utilisations du Cloud Computing dans le cadre du Réseau Ferré National
Une proposition d’expérimentation
L’équipe innovation SI propose l’essai du Cloud
Le service de fourniture de données d’arrière-
plan
Offre de services BingMap
Le service de recherche d’une localisation Offre de services BingMap
Le service de fourniture des données RFF de
type vecteur
Offre IAAS de AWS supportant une solution ARCGIS SERVER de l’éditeur ESRI
Le service de fourniture des données RFF de
type image
Offre de stockage d’AWS
Le service de restitution à l’utilisateur final Solution 1 : Développement sur la base du client javascript de la société ESRI
Solution 2 (retenue): Développement sur la base du client javascript de la société Microsoft
37. / Utilisations du Cloud Computing dans le cadre du Réseau Ferré National
Convaincre en interne pour lancer le projet
Le DSI
Le RSSI L’architecte
Le responsable de la production
38. / Utilisations du Cloud Computing dans le cadre du Réseau Ferré National
Des exigences inhabituelles
Le public
nLes internautes et non des utilisateurs identifiés de notre SI
disponibilité
nLe service fonctionne en mode 24h/24 et 7j/7
nUne sensibilité très forte dans la semaine qui suit la publication de nouvelles données
La sollicitation
nLa capacité à absorber de forts pics de charge sur de courtes périodes
L’ergonomie
nIntuitive et fluide (similaire à notre expérience sur Internet)
Le déploiement
nLa capacité de déployer rapidement le service pour tous les projets RFF qui en ont besoin
39. / Utilisations du Cloud Computing dans le cadre du Réseau Ferré National
Situation deux ans après l’expérimentation
LES SITES EN PRODUCTION
nNotre site institutionnel
nUn site projet
LES SITES PREVUS
nMise en production d’un site projet pour juillet 2013 avec orthophotos
nDéploiement d’une carte interactive analogue sur 7 autres sites de grands projets d’ici fin 2013
40. Utilisations du Cloud Computing dans le cadre du Réseau Ferré National
Développement
en cours
d’un nouvel
usage
Chapitre 3
41. / Utilisations du Cloud Computing dans le cadre du Réseau Ferré National
Besoins de capacités de calculs
Le problème
nEffectuer un calcul d’itinéraire sur le réseau ferré pour tous les trains prévus sur un an environ
4 fois par an
Les dimensions du problèmes
nConnaître le descriptif de l’infrastructure ferroviaire et ses évolutions jour par jour sur la
période de calcul
nEffectuer environ 6 000 000 de calculs d’itinéraires
42. / Utilisations du Cloud Computing dans le cadre du Réseau Ferré National
Plus vite, sans investir
Le recours au Cloud :
nLa disponibilité de n serveurs pour distribuer les calculs
nUn coût fonction juste du temps de calcul
nPas d’investissements pour une infrastructure temporaire
Situation des résultats obtenus :
n12 heures sur 10 serveurs au lieu de 4 jours sur un seul
nUne facture de 100 $ pour 6 000 000 de calculs
Retour d’expérience :
nAdapter non seulement sa gestion de production informatique, mais aussi ses techniques de
développement
43. Utilisations du Cloud Computing dans le cadre du Réseau Ferré National
A bientôt
Sur nos lignes
45. 5. StopSpendingMoneyonUndifferentiatedHeavyLifting
buy and install new hardware
set up and configure new software
build new data centers
so you don’t have to...
Data Centers
Power
Cooling
Cabling
Networking
Racks
Servers
Storage
Labor
We take care of...
47. TheBenefitsofCloudComputing
✔ ✔ ✔ ✔ ✔
Replace
CapEx with
OpEx
Lower
Overall
Costs
No More
Guessing
Capacity
Agility /
Speed /
Innovation
Shift Focus to
Differentiation
Go Global
in Minutes
✔
49. Présenta)on
de
Millésima
• Négociant
en
vin
fondé
en
1983,
basé
à
Bordeaux
• 2
500
000
bouteilles
en
stock
• 70
000
clients
par)culiers
livrés
dans
120
pays
• CA
40
M€
• Mul)canal
• Panier
moyen
de
2000€
• Premier
site
e-‐commerce
en
1999
50. Oops!
My
Mistake...
• Lancement
d'un
site
Magento
USA
fin
2009
• DIY
• Trés
bon
ROI
• Rm
-‐rf
/
• Get
a
team
51. Let's
get
serious
• Bascule
de
nos
14
sites
sous
Magento
début
2010
• Hébergeur
physique
"spécialisé"
• Contrat
de
3
ans
• Catastrophe:
Don't
get
Married
in
Vegas!
52. Efficiency
• Hébergeur
de
renommée
interna)onale
• Trés
gros
Hardware
&
equipes
qualifiées
• Tenta)ve
de
Hack
et
choix
Cornélien!
• Toujours
pas
adapté
à
nos
besoins
53. Test
and
Learn
• Début
2012
le
web
fait
60%
du
CA
et
80%
des
nouveaux
clients
• Et
le
Cloud?
Pourquoi
pas
mes
lequel?
• Test
de
2
"grands"
Cloud
• Test
de
l'infogérance
• And
the
Winners
are...
54. AWS
+
eNovance
• Scalabilité
:
Hardware
à
la
demande
• Préproduc)on
===
Produc)on
• Facture
plus
légère
• Support
devops
24/7
en
Français
• Plus
de
sueurs
froide
aux
annonces
du
Marke)ng
• Don’t
Worry
be
Happy!
61. The Good News is that the Cloud isn’t an ‘All or
Nothing’ Choice
Corporate
Data Centers
On-Premises
Resources
Cloud
Resources
Seamless
Integration
62. Active Directory
Network Configuration
Encryption
Back-up Appliances
Users & Access Rules
Your Private Network
HSM Appliance
Cloud back-ups
AWS Direct Connect
Your On-
Premise Apps
Your Cloud
Apps
Integrating AWS with Your Existing On-Premises
Infrastructure
Corporate
Data Centers
67. Strategy2:BuildNewAppsfortheCloud
Faster to build
Facebook
App
Global Web
Sites
Mobile
Streaming
Social
Games
Consumer
apps
Genetic
Sequencing
Marketing
Campaigns
Less expensive to run
Distributed architectures
for high availability
Easier to manage
Financial record
archiving
68. Canal+ Runs Key Customer Apps on AWS
Le Grand Journal iPad App
74. Profile 2012
World leader in building materials
Major player in the cement, aggregates and concrete
industries
We contribute to the construction of cities throughout the
world with innovative solutions, providing cities with more
housing, and make them more compact, more durable,
more beautiful and better connected
Operating in 64 countries
65,000 employees
€15.8 billion of annual sales
1,570 production sites
Listed on the Paris Stock Exchange
74
75. Presentation name or chapter Date |
A well-balanced geographical portfolio
75
North America
€3,375m 8,821
Latin America
€961m 2,609
Middle East and Africa
€4,283m 19,644
Western Europe
€3,181m 11,448
Central and Eastern Europe
€1,270m 7,041
Asia
€2,746m 14,774
Annual sales Employees
76. |Building Better Cities| |May 2013|
Our markets
76
HOUSING
ROADS
RAILWAYS
BRIDGES
INFRASTRUCTURE
PRIVATE/PUBLIC
BUILDINGS
On all these markets, we provide innovative and environmentally-
friendly solutions.
77. §The State of Global Economy
§Long Term Stagnation in the Developed World
§Rapid Growth in the Developing World (BRICs, etc)
§Lafarge’s Financial Position
§High Level of Indebtedness post ORASCOM in 2008 ( €17 bn in 2008)
§Share Price Collapse and down grading to “Junk” status
Economic Context
78. Architectural Context
Technology Debt
§Hardware…..Long term under-investment
§Software….Too many legacy versions in production
Lack of consistent architecture
§Data Centres…. Too many
§Software…. Too much
Lack of business confidence
§Failure of services during critical business periods
79. Strategic Directions
§Consolidate and decommission where we can ( Create critical mass )
§Lease don’t buy (CAPEX to OPEX)
§Move to the cloud ( Pay for use )
§Partner ( Share risk )
79
81. CTO Vision
Security
Governance
Physical Infrastructure
Middleware ( OS’s, DB’s, etc)
Identity Management and Access Rights Management Service
( Employee Provisioning )
Employee
ID
In House DCPublic Cloud
Private
( On / Off Premise)
ERP
(Test)
ERP
(Dev)
ERP
(Prod)
HRIS
Email
Social
Net-
working
Content
Manage-
ment
CRM Internet,
Intranet
(Portals,
etc)
Consistent Management Tools
Consistent User Experience
82. Lafarge’s AWS Experience
§Initiative driven by:
§ stability problems created by ageing hardware platforms
§ lack of bandwidth during the DC consolidation
§Group Institutional Sites migrated during 2010 and 2011
§ ROI under 3 months
§ Mirroring in place for key sites
§Group Internet Sites migrated during 2012
§ ROI under 12 months
§ Permanent VPN in place betz
§Circa 50 VMs in production
§Key Success Factors
§ Partnership and technical support from Edifixio
§ Clarity of Roles and Responsibilities
§Future Plans
§ Platform modernisation with migration from Websphere to Drupal
82
84. Strategy6:All-in
10,000s of EC2 instances in
multiple regions & zones
100s of middle tier services &
applications
~70 billion events per day
At peak consumes 1/3 of US
Internet bandwidth
88. Amazon VPC
EC2 EC2
EC2EC2
Amazon Route 53
Availability
Zone B
Availability
Zone A
AWS Direct Connect
Los Angeles
Singapore
Japan
London
Sao Paolo
New York
Sydney
AWSNetworkingServices
90. Easily archive files from on-
premises or directly from
Amazon S3
$0.01 per GB per month
Designed for 11 9s of
durability, just like Amazon S3Amazon Glacier
images
videos
files
binaries
snapshots
S3
NAS
AmazonGlacier
93. Data warehouse as a service
Scale from hundreds of gigabytes to
a petabyte or more
Use your existing SQL-based tools
Pay as you go
$999/TB/Year
10GigE (HPC)
Amazon S3
Ingestion Backup
Restore
Node Node
Node
Node
Standard
BI Tools
JDBC/ODBC
AmazonRedShift
96. Integrated application management solution for ops-
minded developers and IT admins
Model, control and automate applications of nearly any
scale and complexity
Management Console, SDKs, or CLI
No additional cost
AWSOpsWorks
97. AWSCloudHSM
Dedicated access to HSM
appliances managed &
monitored by AWS, but you
control the keys
Increase performance for
applications that use HSMs for
key storage or encryption
Comply with stringent regulatory
and contractual requirements for
key protection
EC2 Instance
AWS CloudHSM
AWS CloudHSM
103. UniversalCloudSecurity
Every Customer Has Access to the Same Security Capabilities, and
Gets to Choose What’s Right for Their Business
•Governments
•Financial Sector
•Pharmaceuticals
•Entertainment
•Start-Ups
•Social Media
•Home Users
104. AWS allows you to see your entire infrastructure at the click of a
mouse. Can you map your current network?
VisibleCloudSecurity
This
Or
This?
105. AuditableCloudSecurity
How do you know AWS is right for your business?
3rd Party Audits
•Independent auditors
Artifacts
•Plans, Policies and Procedures
Logs
•Obtained
•Retained
•Analyzed
107. Control Objective 1: Security Organization
•Who we are
•Proper control & access within the organization
Control Objective 2: Amazon User Access
•How we vet our staff
•Minimization of access
Security&ComplianceControlObjectives
108. Control Objective 3: Logical Security
•Our staff start with no systems access
•Need-based access grants
•Rigorous systems separation
•Systems access grants regularly re-evaluated & automatically revoked
Security&ComplianceControlObjectives
109. Control Objective 4: Secure Data Handling
•Storage media destroyed before being permitted outside our datacenters
•Media destruction consistent with US Dept. of Defense Directive 5220.22
Control Objective 5: Physical Security and Environmental Safeguards
•Keeping our facilities safe
•Maintaining the physical operating parameters of our datacenters
Security&ComplianceControlObjectives
110. Control Objective 6: Change Management
•Continuous Operation
Control Objective 7: Data Integrity, Availability and Redundancy
•Ensuring your data remains safe, intact & available
Control Objective 8: Incident Handling
•Processes & procedures for mitigating and managing potential issues
Security&ComplianceControlObjectives
111. •Let AWS do the heavy lifting
•This is what we do – and we do it all the time
•As the AWS customer you can focus on your business and not be distracted by the muck
SharedResponsibility
AWS
•Facilities
•Physical Security
•Physical Infrastructure
•Network Infrastructure
•Virtualization Infrastructure
Customer
•Choice of Guest OS
•Application Configuration Options
•Account Management flexibility
•Security Groups
•Network ACLs
112. •Large non-descript facilities
•Robust perimeter controls
•2 factor authentication for entry
•Controlled, need-based access for AWS employees
•All access is logged and reviewed
PhysicalSecurity
114. NetworkSecurity
•DDoS attacks defended at the border
•Man in the Middle attacks
•SSL endpoints
•IP Spoofing prohibited
•Port scanning prohibited
•Packet Sniffing prevented
115. AmazonEC2Security
Host operating system
•Individual SSH keyed logins via bastion host for AWS admins
•All accesses logged and audited
Guest operating system
•Customer controlled at root level
•AWS admins cannot log in
•Customer-generated keypairs
Stateful firewall
•Mandatory inbound firewall, default deny mode
Signed API calls
•Require X.509 certificate or customer’s secret AWS key
116. AmazonVirtualPrivateCloud(VPC)
•Create a logically isolated environment in Amazon’s highly scalable infrastructure
•Specify your private IP address range into one or more public or private subnets
•Control inbound and outbound access to and from individual subnets using
stateless Network Access Control Lists
•Protect your Instances with stateful filters for inbound and outbound traffic using
Security Groups
•Bridge your VPC and your onsite IT infrastructure with an industry standard
encrypted VPN connection and/or AWS Direct Connect
118. AmazonVPC-DedicatedInstances
•Option to ensure physical hosts are not shared with other customers
•$10/hr flat fee per Region + small hourly charge
•Can identify specific Instances as dedicated
•Optionally configure entire VPC as dedicated
119. Customers have requirements that require them to use specific encryption key
management procedures not previously possible on AWS
•Requirements are based on contractual or regulatory mandates for keeping encryption
keys stored in a specific manner or with specific access controls
•Good key management is critical
Customers want to run applications and store data in AWS but previously had to
retain keys in HSMs in on-premises datacenters
•Applications may slow down due to network latency
•Requires several DCs to provide high availability, disaster recovery and durability of keys
CustomerChallenge: Encryption
120. •AWS offers several data protection mechanisms including access control,
encryption, etc.
•AWS CloudHSM complements existing AWS data protection and encryption
solutions
•With AWS CloudHSM customers can:
•Encrypt data inside AWS
•Store keys in AWS within a Hardware Security Module
•Decide how to encrypt data – the AWS CloudHSM implements cryptographic functions
and key storage for customer applications
•Use third party validated hardware for key storage
AWSDataProtectionSolutions
121. WhatisAWSCloudHSM?
•Customers receive dedicated access to HSM appliances
•HSMs are physically located in AWS datacenters – in close network
proximity to Amazon EC2 instances
•Physically managed and monitored by AWS, but customers control their
own keys
•HSMs are inside customer’s VPC – dedicated to the customer and isolated
from the rest of the network
AWS CloudHSM
122. AWSCloudHSMServiceHighlights
•Secure Key Storage – customers retain control of their own keys and
cryptographic operations on the HSM
•Contractual and Regulatory Compliance – helps customers comply with the
most stringent regulatory and contractual requirements for key protection
•Reliable and Durable Key Storage – AWS CloudHSMs are located in multiple
Availability Zones and Regions to help customers build highly available
applications that require secure key storage
•Simple and Secure Connectivity – AWS CloudHSMs are in the customer’s VPC
•Better Application Performance – reduce network latency and increase the
performance of AWS applications that use HSMs
123. AWSDeploymentModels
Logical Server and
Application Isolation
Granular Information
Access Policy
Logical Network
Isolation
Physical server
Isolation
Government Only
Physical Network and
Facility Isolation
ITAR Compliant
(US Persons Only)
Sample Workloads
Commercial Cloud ü ü Public facing apps. Web
sites, Dev test etc.
Virtual Private Cloud
(VPC)
ü ü ü ü Data Center extension, TIC
environment, email,
FISMA low and Moderate
AWS GovCloud (US) ü ü ü ü ü ü US Persons Compliant and
Government Specific Apps.
124. Everything You Do Now Can Be Done in the Cloud
•Intrusion Detection
•Intrusion Prevention
•Packet Capture
•Firewalls
•Access Control Lists
•Multi-Factor Authentication
•Identity and Access Management
FamiliarCloudSecurity
