best practices for partnering with aws
TRANSCRIPT
Leveraging Marketplace and AWS
Partner Network Resources
Josh Hofmann, Senior Manager, NA Partner Development
Barry Russell, Head of Global Marketplace BD
Matt Yanchyshyn, Senior Manager, Solution Architecture
PartnerNetwork
Agenda - Leveraging AWS Partner Network
resources
1. APN and AWS Global Partner
Programs and best practices
2. Leveraging the AWS
Marketplace
3. Incorporating security best
practices into your solutions
PartnerNetwork
AWS Global Partner Programs and
Best PracticesJosh Hofmann
NA Partner Leader West
Trends in the AWS Partner Network ecosystem
Partners are:• Joining the APN at record pace
• Growing their AWS offerings quickly
• Offering packaged services & solutions
Enterprises are:• Asking for DevOps and managed services
• Increasingly deploying SaaS software
• Using AWS Marketplace software for production
Provide:
• Software
• Databases
• OS and tooling solutions
Provide:
• Professional services
• AWS integration, migration,
managed services
Technology partners Consulting partners
Premier
Advanced
Standard
Registered
Delivery Model ExpertiseExperiencePartner Type
Your roadmap: AWS Global Partner Programs
Channel Programs
MSP Program
SaaS Program
Competency
Program
Government
Program
Test Drive
AWS Marketplace
Consulting
TechnologyGTM Resources
Go-To-Market
PartnerNetwork
APN Benefits for partnersTraining & Enablement
• On-Demand Sales & Technical
Training & Accreditations
• APN Webcast Videos
• 20% Discount Classroom Training
• Solutions Architect Office Hours
• AWS QuickStarts
• Subsidized Classroom Training
• ProServe Bootcamp Training
• Product Development Credits
• Named Solutions Architect
• 10 Days Free AWS ProServe
Marketing & Go-to-Market
• Syndicated Web Content
• Email Marketing Platform
• Partner Enablement Guides
• Opportunity Registration
• Listing in the AWS Directory
• Marketing Development Funding
• Demand Generation Campaigns
• AWS Written Case Study
• Proof-of-Concept Credits/Funding
• Listed on AWS Solution Pages
• Named Partner Manager
• Validates partners with proven workload and
vertical capabilities
• Differentiates APN Partners to AWS Customers
• Validated based on:
• Customer success, AWS certifications,
technical readiness, AWS product or practice
review, customer references
APN Competency Program
Current APN competencies
Digital media
Storage
Life sciences Healthcare
SAP Oracle
Big data
Microsoft
Channel Reseller Program
Validation Audit for all Partners in the Program
• Enables qualified APN Consulting
Partners to resell AWS services to
both commercial and public sector
AWS customers
• Ideal for partners building value-
added offerings on AWS
• Partner handles billing,
procurement, and support for their
customers
“Being an AWS Channel Reseller
enables us to establish an even
closer partnership with our
customers and deliver value to
them by accelerating adoption of
the services provided by AWS.“
- Cloudreach
Value-added solutions are driving revenue
AWS Managed Services ProgramFor Consulting Partners offering managed
services on AWS• Technical Enablement – DevOps Approach,
Security, Customer Expectations
• Business Enablement – Marketing and Go-to-Market
Validation Audit to Qualify for the Program• Migration, operations, security, and cloud infrastructure management
• Proactive monitoring and automation of customer’s environment
Self-Assess with the Validation Checklist in the APN Portal
“AWS is raising the bar on partners to ensure a consistent and rewarding
customer experience” – 2nd Watch
Professional Services / Strategy Consulting / Architecture
2x to 5x
Multiplier on top
Of AWS
Application / Development / Integration / Migration
$50k
To
$200K
Managed Infrastructure Services
15% to 40%
Uplift
On AWS
AWS Optimization
RI Purchases
Reduce Costs
30% to 60%
Software
5% to 30%
License
MarginsApp/Dev Example:
$150K to build app
$100K on-demand over 1 year to run on AWS
$50K in third-party SW license
On-premises to AWS cloud transformation:
3X to 10X uplift over AWS spend
Customer example for managed services
3X = $300K
$150K
25% = $25K
40% reduce
$40K 20% margin
$10K
Overall Cost:
$635K
$450K project
$85k recurring
Software-as-a-Service Program (Preview)
Enables partners to deploy on AWS in
a SaaS delivery model
Technical & Business Enablement
• Apply on APN Portal today
• SaaS Reference Page on Portal
• SaaS Webcasts
• SaaS Program Office Hours
• Creating a SaaS Partner Community to
collaborate and share best practices
“By 2017, about 26.2% of all new business software
purchases will be of service-enabled software.” - IDC
“We are pleased to be one of the
members of AWS’ SaaS Partner
Program, which gives us access to
tools and training to assist us in
designing and delivering cloud-based
applications.” - PegaSystems
Consulting Partner best practices
Packaged service
& solution offeringsFixed price
migration
DevOps
workshops
Security as a
service
Script most
common projects
Technology Partner best practices
Deploying
SaaS on AWS
Engaging
Consulting
Partners
Taking a solution
approach
Promotion via the
AWS brand
All-in on AWS
18% of all software delivery will be SaaS by 2017 (IDC)
Cloud software will grow to $76.1 billion by 2017 (IDC)
AWS Marketplace
Barry Russell
Head of Global Business Development
Where does AWS Marketplace fit?...as part of a
customer solution enabling Workloads moving to AWS
Enterprise Applications
Administration & Security
Core Services
Platform Services
Infrastructure
AWS Marketplace
Why cloud changes software procurement
“35MM+ physical servers
globally today – only
15% in the cloud” *IDC
Cloud is shifting software from
perpetuity to subscription OR
consumption-based
Enterprises invest $310B
annually in software
Selecting, purchasing, and
deploying is still slow and
manual
“…50% of workloads will
move to the cloud by
2018” *IDC
Companies use BYOL to
bring premise license over
or buy “as needed”
through AWS Marketplace
So what shift is happening?
• Enterprise, Government, SMB changing how they buy and deploy
• Procurement teams looking to cloud catalogs for departmental projects
• Software consumption “as you go”
• Software market now transforming with cloud, as did infrastructure
• And a 5 Workload to cloud model (we are aligning with our Global Field):
– Media Workloads
– BI/Big Data Workloads
– Storage Workloads
– WebSite Workloads
– DevOps Workloads
AWS Marketplace
About us
• Launched in April 2012
• Publishes software
• Over 700 software partners
• More than 2,200 product listings
Benefits to customers
• Easy product discovery
• Simplifies procurement for customers
• Eliminate license management
• One AWS bill
• Consume hourly, monthly, annually
By the numbers…
400% Usage Growth in
2014
Over 1B Hours of software
consumed annually
2,200 products and growing
AWS Marketplace customers – Who is buying?
AWS Intelligence Community (IC) Marketplace (*note we are taking ISV submissions now for this catalog)
SoftNAS – Success of the start-up on AWS
• With software vetted on AWS Marketplace,
Enterprises can buy start-up with confidence and
without any additional paperwork
• From 15 customers to 280+ in 1 year
• 87% conversion to paid customers from free trials
“AWS Marketplace reduced over 20 individual steps to a
simple ‘1-Click’ allowing us to deliver…in less than 2 minutes.
What took customers weeks if not months, and costs
thousands of dollars can now be accomplished in under two
minutes…It enables SoftNAS to deliver a seamless cloud
based storage solution, get access to the global AWS
customer base while at the same time provide a low-cost
channel compared to traditional IT channels.”
– Bill Hood, Founder and SVP Cloud Markets
Digital marketing drives adoption
How does an ISV, SI, or VAR get into AWS Marketplace?
• Simple process; can be ready in 30 days
• Security product testing and screen
• Provide us products as an AMI
• Give us metadata about your product
• Tell us how to price your products
• Engage AWS Marketplace BD for launch plan
…and you are ready to go!!!
How do I build a transformational business with
AWS Marketplace?
• Use AWS Marketplace as primary sales and
delivery channel (ISV and Consulting Partners)
• Train your technical and field staff on AWS using
APN Programs
• Participate in our Customer Data Sharing Program
• GTM best practices:
– Comp your field to align with ours
– Build website assets; point to your listing
– Develop quarterly GTM plans
• List your full software suite - price annually
• Take advantage of PoC GTM funding
Security Best Practices
Matt Yanchyshyn
Sr. Manager, Solutions Architecture
AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability ZonesEdge
locations
AWS is responsible for the security of the cloud
AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability ZonesEdge
Locations
Client-side data
encryption
Server-side data
encryptionNetwork traffic
protection
Platform, applications, identity & access management
Operating system, network, & firewall configuration
Customer applications & contentC
usto
mers
Customers configure their security in the cloud
Defense-in-depthAWS compliance
program
Third-party
attestationsPhysic
al
Security groups
VPC configuration
Netw
ork
Web application firewalls
Bastion hosts
Encryption in-transit
Hardened AMIs
OS and apppatch mgmt.
IAM roles for EC2
IAM credentialsSyste
m s
ecurity
Logical access controls
User authentication
Encryption at-restD
ata
security
AWS security offerings
Auditability
Compliance
reports
Visibility
Amazon CloudWatch
AWS CloudTrail
AWS Config
“Describe” APIs
Control
AWS IAM
AWS CloudHSM
AWS CloudFormation
AWS KMS
Encryption: data at rest
EBS
Volume encryption
EBS encryption OS toolsAWS
marketplace/partner
Object encryption
S3 server-side
encryption (SSE)
S3 SSE w/ customer provided keys Client-side encryption
Database encryption
Amazon Redshift
encryption
RDS
PostgreSQL
KMS
RDS
MYSQL
KMS
RDS
ORACLE
TDE/HSM
RDS MSSQL
TDE
Built-in firewall: security groups and NACLs
• VPC security groups (mandatory)– Instance level, stateful
– Supports ALLOW rules only
– Default deny inbound, allow outbound
– Use as “whitelist” – least privilege
• VPC NACLs (optional)– Subnet level, stateless
– Supports ALLOW and DENY
– Default allow all
– Use as “blacklist”/“guardrails”(port 135,21,23…)
• Separation of duties
• Changes audited via AWS CloudTrail
• Additional cost for SGs/NACLs: $0
Physical Interfaces
Customer 1
Hypervisor
Customer 2 Customer n…
…
Virtual Interfaces
Firewall
Customer 1
Security
Groups
Customer 2
Security
Groups
Customer n
Security
Groups
Security Groups
Enforce consistent security on your hosts
Launch
instanceEC2
AMI catalog Running instance
Your instance
Hardening
Audit and logging
Vulnerability management
Malware and HIPS
Whitelisting and integrity
User administration
Operating system
Configure
instance
Configure and harden EC2 instances based on security and compliance needs
Host-based protection software
Restrict access where possible
Connect to existing services
Separate static assets and move servers away from
the edge
Inbound HTTP
CloudFront
Amazon S3
WAFDynamic
App
App
AppPeering
Identity and Access Management (IAM)Create appropriate principles, authorization, and privileges for AWS resources
Multi-factor authenticationAWS Identify and
Access Management
Policies
User
Groups
Roles
Principle of least privilege
User User Hardware Virtual
IAM AWS administrative users
Root account
Note: Always associate the account owner ID with
an MFA device and store it in a secured place!
AWS partner solutions extend & enhance security
• Some examples:– Cisco CSR (VPN)
– Sophos UTM (firewall, …)
– Alert Logic Web Security Manager (WAF)
– Alert Logic Threat Manager (NIDS)
– Trend Micro Deep Security (IDPS)
– Trend Micro SecureCloud (encryption)
– Dome9 SecOps (security group audit & management)
– …
