metropolis font check - vmware vforum · aws 全球基礎設施 vmware cloud on aws...
TRANSCRIPT
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
領先的運算,儲存與網路虛擬化技術
支援廣大的商業應用場景
類標準的企業資料中心架構
靈活的計費模式與經濟性
涵蓋各類型雲服務
全球規模與快速部署
聯合設計的解決方案可為客戶提供最佳的VMware和AWS
私有雲公有雲的聯合出擊
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
VMware Cloud on AWS使用場景
客戶可以選擇在企業私有雲和AWS之間部署工作負載
次世代應用程式
Application
Modernization
Next-Gen App
Build Out
Enterprise
Workloads
Application Specific
Data Center Wide
Infrastructure
Refresh
Consolidate Migrate
資料中心延伸
Protect Additional
Workloads
DR Data Center
Replacement
Add or Modernize
DR solutions
Primary Secondary
雲端遷移
Primary
A B C D
災難備援
Footprint Expansion
On-Demand
Capacity
Test / Dev
Expand
Maintain
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
VMware Cloud on AWS全球可用區域
TokyoOregon
N. Virginia
London
Sydney
Frankfurt
California
Already Available in this region
Planned Availability
Singapore
Ohio
Ireland
Paris
Canada
Mumbai
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
IT管理員的一天
Manager
公司的生意變好了,為了讓業務同仁更迅速的了解客戶狀況,我們需要在最短的時間內建立一套客
戶資訊查詢系統.但公司目前沒有多餘的運算跟儲存資源可以支援這個專案,對了,由於公司還在
成長,員工還會逐步增加,別忘了考量系統未來的擴充性跟安全性.
Joe “沒問題. VMware Cloud on AWS會是個好方案”
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS 全球基礎設施
VMware Cloud on AWS
客戶資料中心
AWS services
vCentervCenter
vSAN NSXvSphere
Hybrid linked-mode
AWSLambda
AmazonS3
AmazonRDS
Amazon Kinesis
AmazonALB
Elastic Network Interface
VMware vRealize Suite, PowerCLI AWS CloudFormation, CLI
On-Prem
引入VMC on AWS意味著….
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Joe 決定要採用VMC on AWS方案但該從哪裡開始?
Step 1: 在VMC on AWS建立一個生產應用
• 註冊一個VMware on AWS Account
• 連結VMC Accoun與原生AWS Account
• 在VMC上建立一個SDDC環境
• 在VMC上部署客戶服務登錄系統
• 透過AWS Application LoadBlancer分發連線請求
Joe需要做的是
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
IAM
Cross Account
Role
AWS
Managed Policy
Customer-Owned
AWS Account
CloudFormation
Template
VMware Cloud on AWS
SDDC Account Customer
IAM UserVMware Cloud
Management Services
vmc.vmware.com
連結VMC on AWS Account與原生AWS Account
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
VM VM
CGW
Production
Workload
VMware Cloud on AWS
SDDC AccountAWS Account
ALBIGW
IP Target Group
• 192.168.1.11
• 192.168.1.12
• 192.168.1.13
本地用戶
ENI
AmazonS3
AmazonCloudWatch
藉由AWS網路服務連線Production Workload
VM
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
DEMO
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Manager突然又說….
Manager
Joe幹得好!上次的系統運作得很順暢,CEO跟業務都很滿意.但你知道我們已經開始拓展海外市場
了,為了提升服務品質跟客戶滿意度,這系統要能提供跨國分公司的存取,效能要跟本地存一致,
當然應用程式的安全性也記得一併考量.
Joe心裡想 “還好有AWS,不用一小時就能搞定”
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Joe 需要透過哪些手段來達成Manager設定的目標呢?
Step 2: 運用AWS全球基礎設施部署服務
• 部署AWS CloudFront滿足連線效能與使用者體驗
• 搭配AWS WAF自動化建立OWASP10全球防禦機制
• 運用Route 53設定Error Page
• 運用ACM取得免費憑證與自動更新
• 強制用戶使用HTTPS進行連線
Joe需要做的是
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
VM VM
CGW
Production
Workload
VMware Cloud on AWS
SDDC AccountAWS Account
ALBIGW ENI
AmazonS3
AmazonCloudWatch
CloudFront
WAFRoute 53
全球用戶
AWS CloudFront搭配AWS WAF輕鬆解決
VM
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon Route 53 Amazon CloudFront
✓ DNS Header Validations
✓ Good vs. Bad Resolvers
✓ Priority Based Traffic Shaping
✓ Inline Inspection & SYN Proxy Protection
✓ Protection Against Slow Reads (Slowloris)
✓ Only Accepts valid HTTP/TCP packets
✓ Safeguards against SSL Abuse
AWS全球130+ PoP強化應用可靠性與安全性
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Fast incidence
responsePowerful, flexible rule
language
AffordableSecurity automation Preconfigured
templates
Easy to deploy
AWS CloudFront搭配AWS WAF的效益
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
DEMO
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
安全事件收集與視覺化分析
Manager
老闆問說用了AWS CloudFront搭配AWS WAF後有沒有發揮效果啊,都沒聽到一些安全回報,到底有
沒有用啊?看來不能做個視覺化分析系統,最好有個全文檢索比較好進行事件分析,也能同時滿足
接下來GDPR稽核的要求.不要問何時要完成,越快越好!
Joe “No news is good news,需求不能一次講完嗎”
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Joe 如何在最短時間內建立事件分析流程呢?
Step 3: 運用AWS Managed Services搞定
• 啟用AWS WAF Logging
• 部署ElasticSearch Domain
• 啟用Kinesis Firehose將WAF Log串流到ElasticSearch
• 運用Kibana視覺化Log事件
• 將 Log Raw Data儲存S3保存
Joe需要做的是
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
VM
CGW
Production
Workload
VMware Cloud on AWS
SDDC AccountAWS Account
ALBIGW ENI
S3
CloudFront
WAF
Route 53
用戶
AmazonElasticSearch Kibana
AmazonFirehose
Log Stream
AWS Managed Services建立Event Analytics流程
VM VM
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon Elasticsearch
+AWS託管服務
Amazon
Elasticsearch
Service
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
DEMO