comenzando com la nube hibrida
TRANSCRIPT
![Page 1: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/1.jpg)
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Alex Coqueiro
Public Sector Solutions Architect
Abril, 2016
Comenzando con la nube híbrida
![Page 2: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/2.jpg)
Direct ConnectTunnels
Backup &
Archive
Storage
Expansion
Common Hybrid
WorkloadsWhat is
Hybrid IT?
Integrated
Network
Next
Steps
Control
Enterprise
Integration
Federation Dev Operations
Today we’ll cover
![Page 3: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/3.jpg)
Direct ConnectTunnels
Backup &
Archive
Storage
Expansion
Common Hybrid
WorkloadsWhat is
Hybrid IT?
Integrated
Network
Next
Steps
Control
Enterprise
Integration
Federation Dev Operations
Today we’ll cover
![Page 4: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/4.jpg)
Cloud is an ALL or NOTHING proposition
![Page 5: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/5.jpg)
The Good News is it isn’t an ‘All or Nothing’ Choice
Corporate
Data Centers
On-Premises
Resources
Cloud
ResourcesIntegration
![Page 6: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/6.jpg)
Hybrid IT
![Page 7: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/7.jpg)
Hybrid IT: A Definition
http://www.gartner.com/technology/research/technical-professionals/hybrid-cloud.jsp
“Hybrid IT is the result of combining internal and
external services, usually from a combination of
internal and public clouds, in support of a business
outcome.”
![Page 8: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/8.jpg)
http://www.gartner.com/technology/research/technical-professionals/hybrid-cloud.jsp
“Hybrid IT is the result of combining internal and
external services, usually from a combination of
internal and public clouds, in support of a business
outcome.”
Hybrid IT: A Definition
![Page 9: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/9.jpg)
Your Data Center
![Page 10: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/10.jpg)
Your Data Center
![Page 11: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/11.jpg)
Extending Your DC to your Cloud Provider
Your Data Center
Your LAN
Segments
AWS VPC
![Page 12: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/12.jpg)
Integrated
networking
# 10.0.100.0
# 10.0.200.0
Integrating AWS with existing On-Prem Infrastructure
Integrated
access control
Microsoft Active
Directory
Custom
LDAP
Commom Hybrid
Workloads
App 1
AWS Storage Gateway
Single pane
of glass
Enterprise
Integration
![Page 13: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/13.jpg)
Direct ConnectTunnels
Backup &
Archive
Storage
Expansion
Common Hybrid
WorkloadsWhat is
Hybrid IT?
Integrated
Network
Next
Steps
Control
Enterprise
Integration
Federation Dev Operations
Today we’ll cover
![Page 14: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/14.jpg)
Direct ConnectVirtual Private
Cloud (VPC)
Services: Networking
![Page 15: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/15.jpg)
Trend: Integrated Network
Your Data Center
Project ADeployed
Virtual Private
Cloud (VPC)
Direct Connect
![Page 16: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/16.jpg)
VPN
Tunnels
Customer VPN
Gateway
Directory
Server
Database
Server
Application
Server
Client
VPC Configuration• VPC CIDR Network: 10.100.0.0/16
• VPC Subnet 1: 10.100.0.0/23
• VPC Subnet 2: 10.100.2.0/23
• VPN Type: Dynamic BGP
• Security Group: HTTP, HTTPS, SSH, ICMP
Data Center Configuration• Corporate Network: 10.96.0.0/16
• DC Network: 10.96.24.0/21
• VPN Gateway IP: 54.254.241.240
Your First Virtual Private Cloud
Application
Server
Availability Zone BAvailability Zone A
![Page 17: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/17.jpg)
VPN
Tunnels
Customer VPN
Gateway
Directory
Server
Database
Server
Application
Server
Client
Other VPC Features • Multiple VPCs per account
• Multiple network interfaces per EC2 instance
• Multiple IPs per interface
• Move network interfaces between EC2 instances
• Egress filtering with security groups and network ACLs
• Virtual network peering between VPCs
• Direct Connect cross region routing
• Support for dedicated instance, single tenant EC2
Services: Networking
Application
Server
Availability Zone BAvailability Zone A
VPC Released 2009• Mature virtual networking service
• Highly scalable, up to 64K hosts per VPC
• Features focused on enterprise integration
![Page 18: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/18.jpg)
Integrate your network with Amazon VPC• Connect via standard IPSEC Internet VPN tunnels, or
• Private link to AWS Direct Connect peering location,
or a combination of both
• Connection port speeds from 50M to 10G, you choose the
connection speed you want
• Connect multiple VPCs using industry standard VLANs and
layer 3 routing protocols
• Integrate your network to your private VPC resources
• Deploy your own network equipment into Direct Connect
peering location, e.g. WAN Optimization Devices
Compute Storage
AWS Global Infrastructure
Database
App Services
Deployment & Administration
Networking
Customer VPC
Internet VPN
Connection
Customer IPSEC
Router/FirewallCustomer Direct
Connect Router
Private Direct
Connect
Customer Corporate
Network
Services: Networking: Direct Connect
![Page 19: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/19.jpg)
Direct ConnectTunnels
Backup &
Archive
Storage
Expansion
Common Hybrid
WorkloadsWhat is
Hybrid IT?
Integrated
Network
Next
Steps
Control
Enterprise
Integration
Federation Dev Operations
Today we’ll cover
![Page 20: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/20.jpg)
Common Hybrid Workloads
![Page 21: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/21.jpg)
Common Hybrid Workloads
![Page 22: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/22.jpg)
AWS Storage
GatewayAWS S3
Simple Storage
Service
Services: Storage
![Page 23: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/23.jpg)
Application
Server
Virtual
Server
File
Server
Database
Server
Backup
System
On-premise backup server with S3• Eliminate tape, hardware, off-site storage
• Reduce capital expense for backup infrastructure
• Never worry about backup durability
• Never run out of backup capacity
• Backup gateway integrated to Amazon S3
• Data stored off-site, with high durability, in multiple locations
• Take advantage of advanced storage optimization options,
De-duplication, compression, WAN acceleration
Backup and Archive
Amazon S3
![Page 24: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/24.jpg)
Application
Server
Virtual
Server
File
Server
Database
Server
Amazon S3
Solutions supporting backup and archive to S3
Veeam Backup & Replication
Symantec Net Backup
Oracle RMAN and Secure Backup Module
CommVault Simpana
AWS Storage Gateway VTL
Riverbed Whitewater
Backup
System
Backup and Archive
![Page 25: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/25.jpg)
On-premise storage appliance with S3• Reduce capital expense for storage infrastructure
• Never worry about storage durability
• Never run out of storage capacity
• Storage appliance integrated to Amazon S3
• Data durably stored off-site in multiple locations
• Virtual volumes presented to local network as
iSCSI volumes, NFS, CIFS
• Local disk cache to provide fast on-premise access
• Take advantage of advanced storage optimization options,
Block based de-duplication, compression, WAN acceleration
• Security through gateway side encryption
Application
Server
Virtual
Server
File
Server
Database
Server
S3 Integrated
Appliance
Storage Expansion
Amazon S3
![Page 26: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/26.jpg)
Application
Server
Virtual
Server
File
Server
Database
Server
S3 Integrated
Appliance
Solutions supporting storage expansion to S3
TwinStrata CloudArray
Riverbed Whitewater
Panzura Global NAS
Aspera on-demand
AWS Storage Gateway Cached Volumes
Storage Expansion
Amazon S3
![Page 27: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/27.jpg)
Direct ConnectTunnels
Backup &
Archive
Storage
Expansion
Common Hybrid
WorkloadsWhat is
Hybrid IT?
Integrated
Network
Next
Steps
Control
Enterprise
Integration
Federation Dev Operations
Today we’ll cover
![Page 28: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/28.jpg)
How do I integrate AWS?
Access
Control
Identity
FederationDevelopment Operations
![Page 29: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/29.jpg)
AWS Directory
Services
AWS Identity and
Access
Management
Services: Security
![Page 30: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/30.jpg)
Securing Your AWS Resources
AWS Identity and Access Management• AWS IAM enables you to securely control access to AWS
services and resources
• Fine grained control of user permissions, resources and actions.
You get to choose who can do what in your AWS environment
and from where
• You can easily add multi factor authentication using smartphone
apps or hardware tokens• Create users or groups
• Assign permissions to groups
• Where actions are allowed from
Application
Server
• Who can create subnets
• Who can modify security groups
• Who can launch EC2 instances,
into which subnet
• Grant rights to applications
• To access AWS resources
• With built-in key rotation
• No storing of credentials in code
• Secure access to console
• Require MFA on API action
![Page 31: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/31.jpg)
New directory in AWS
Directory IntegrationAWS Directory Service
Connect existing directory to AWS
Simple AD AD ConnectorBased on Samba 4
Custom federation proxy
On-premises
Microsoft AD
![Page 32: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/32.jpg)
AD Connector
AD
CAA-AdministratorAccessRole
CAA-NetworkAccessRole
CAA-CloudEngineerRole
CAA-ReadOnlyAccessRole
NetworkAccessRole - “Action”:[stsAssumeRole],
“Resource”: “arn:aws:iam::[account1-id]:role/IAM-1-NetworkAccessRole-*
“Resource”: “arn:aws:iam::[account2-id]:role/IAM-1-NetworkAccessRole-*
“Resource”: “arn:aws:iam::[account2-id]:role/IAM-1-NetworkAccessRole-*
Management
account
1
2
3
Application account
4
Switch role
AdministratorAccessRole
NetworkAccessRole
CloudEngineerRole
ReadOnlyAccessRole
Trusted entities: Assume role policy document“Principal”:
“AWS”:“arn:aws:iam::[management-account-id]:role/CAA-NetworkAccessRole”
“Action”: “sts:AssumeRole”
mycompany.awsapps.com/console
![Page 33: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/33.jpg)
AWS CodeDeploy
Services: Application
![Page 34: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/34.jpg)
Coordinate automated deployment
Scale from 1 instance to thousands
Deploy without downtime
Centralize deployment control and monitoring
Staging
CodeDeployv1, v2, v3
Production
Dev
Just like Amazon
Application
revisions
Deployment groups
![Page 35: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/35.jpg)
Set up your target environments (Hybrid or Not)
Agent Agent Agent
Staging
Agent Agent
Agent Agent
Agent
Agent
Production
Deployment group (on-premises)Deployment group (AWS)
Group instances by:
• Auto Scaling group
• Amazon EC2 tag
• On-premises tag
![Page 36: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/36.jpg)
Operations On AWS into existing Tools
Management
Portal for vCenter
Management Pack
for SCOM
Systems Manager
for SCVMM
![Page 37: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/37.jpg)
Operations On AWS
Integrating AWS into your operations• AWS CloudWatch provides real-time insight into your AWS
services, integrate your own metrics, create and act on alarms
• AWS SNS allows integration with your alerting systems
• Your current tools still work – install on EC2 instance
• Your tools already have AWS API integration
![Page 38: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/38.jpg)
Direct ConnectTunnels
Backup &
Archive
Storage
Expansion
Common Hybrid
WorkloadsWhat is
Hybrid IT?
Integrated
Network
Next
Steps
Control
Enterprise
Integration
Federation Dev Operations
Today we’ll cover
![Page 39: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/39.jpg)
Try It!
Proof of concept will
answer tons of
questions
Think cloud firstfor all new
deployments
![Page 40: Comenzando com la nube hibrida](https://reader033.vdocuments.pub/reader033/viewer/2022051521/586fe2a31a28ab18428b7c45/html5/thumbnails/40.jpg)
Gracias