orchestration & deployment options for hybrid enterprise environments (arc310) | aws re:invent...
DESCRIPTION
Configure once, deploy anywhere is one of the most sought-after enterprise operations requirements. Large-scale IT shops want to keep the flexibility of using on-premises and cloud environments simultaneously while maintaining the monolithic custom, complex deployment workflows and operations. This session brings together several hybrid enterprise requirements and compares orchestration and deployment models in depth without a vendor pitch or a bias. This session outlines several key factors to consider from the point of view of a large-scale real IT shop executive. Since each IT shop is unique, this session compares strengths, weaknesses, opportunities, and the risks of each model and then helps participants create new hybrid orchestration and deployment options for the hybrid enterprise environments.TRANSCRIPT
© 2013 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc.
ARC310: Orchestration and Deployment Options for Hybrid Enterprise Environments
Donn Morrill, Amazon Web Services
November 13, 2013
What is Hybrid Cloud? A composition of two or more distinct cloud
infrastructures that remain unique entities, but are bound together by standardized or
proprietary technology that enables data and application portability.
“Special Publication 800-145 - The NIST Definition of Cloud Computing” – September, 2011
Requisite Gartner Quote
“Nearly half of large enterprises will have hybrid cloud deployments by
the end of 2017.”
http://www.gartner.com/newsroom/id/2599315 - October 1, 2013
Why Hybrid Cloud? • All the things the cloud provides
– Agility – Economics – Scale
• But something gets in the way – Compliance – Previous investment – Legacy workloads – Attitudes
What do Enterprises Want in Hybrid?
• Ability to deploy identical stacks
• Interoperability between clouds
• Ability to leverage one provisioning framework
• Ability to leverage one operational framework
Hybrid Considerations • Core Infrastructure
• Security – Authentication and Entitlements
– Identity Management
– Data Sovereignty
• Operations and Monitoring
Hybrid Considerations
• Cost Containment
• Pace of Innovation
• Cloud Orchestration
• Application Deployment
• Processes and Change Management
Today We’ll Focus On
• Preparing Core Infrastructure
• Orchestration Strategies
• Application Deployment Strategies
Preparing Core Infrastructure
Active Directory
Network Configuration
Encryption
Back-up Appliances
Users & Access Rules
Your Private Network
HSM Appliance
Cloud back-ups
AWS Direct Connect
Your Data Center Your Cloud
Core Infrastructure Considerations Driven by Business Requirements!
• Performance & Latency • Business Continuity • Geography • Data Sovereignty • Security • And Many More…
Some Relevant AWS Services • Amazon Virtual Private Cloud (VPC)
– ARC202: Wednesday, 1:30 – Delfino 4003
• AWS Direct Connect – ARC304: Friday, 9:00 AM – Lando 4303
• AWS Identity and Access Management (IAM) – SEC201: Wednesday, 1:30 – Marcello 4406
Some Relevant AWS Services • AWS CloudFormation
• VM Import / Export
• AWS Management Pack for Microsoft System Center
• AWS API, SDKs, and Tools
Hybrid Orchestration Strategies
A Decision Framework DIMENSION LOW MEDIUM HIGH
Organizational Buy-In
None or grassroots
Divisional Top Down (CIO/CEO)
IT Capabilities In-house Limited Partner Limited
In-house Limited Trusted Partner
In-house Advanced Trusted Partner(s)
IT Vision
Operational Somewhat forward thinking
Innovative and cutting edge
AWS Experience
None/Limited Some Extensive
Choices, Choices, Choices
Tool Capabilities Considerations • Multi Public Cloud Support • Monitoring and Alerting • Identity Federation • Service Catalog • End-user Self Provisioning • Cost Reporting and Chargeback • Cloud-based Operation
Three Orchestration Strategies
• Native Integration
• Deploy New Orchestration Layer
• Extend Existing Orchestration Tools
Native Integration Build a custom layer using API-level capabilities. Best When: • Have in-house development skills • Need very fine-grained control • Licensing costs are a big issue
Native Integration DIMENSION LOW MEDIUM HIGH
Organizational Buy-In
None or grassroots
Divisional Top Down (CIO/CEO)
IT Capabilities In-house Limited Partner Limited
In-house Limited Trusted Partner
In-house Advanced Trusted Partner(s)
IT Vision
Operational Somewhat forward thinking
Innovative and cutting edge
AWS Experience
None / Limited Some Extensive
Native Integration - Pros • Incorporate all services or only what you need • Maximum flexibility • React quickly to new features and services • Leverage existing open-source tools
– Eucalyptus – Netflix Asgard – CloudStack
• No licensing fees
Native Integration - Cons • Need in-house development skills • Possible long development cycles • Private cloud must support API-level access • Support must come from in-house
New Orchestration Layer Invest in new hybrid orchestration tools. Best When: • Have moderate time constraints • Want the latest and greatest • Have trusted partners
New Orchestration Layer DIMENSION LOW MEDIUM HIGH
Organizational Buy-In
None or grassroots
Divisional Top Down (CIO/CEO)
IT Capabilities In-house Limited Partner Limited
In-house Limited Trusted Partner
In-house Advanced Trusted Partner(s)
IT Vision
Operational Somewhat forward thinking
Innovative and cutting edge
AWS Experience
None / Limited Some Extensive
New Orchestration Layer - Pros • Get latest and greatest capabilities • Multi-cloud support • Faster than DIY • Vendor-provided support
New Orchestration Layer - Cons • Licensing costs • Rip-and-replace legacy tools • Maintaining feature parity with AWS • Requires some specialized skills
Extend Existing Tools Leverage existing investments in tools Best When: • Have aggressive time constraints • Don’t need latest and greatest • Have strong relationship with
existing tools vendor
Extend Existing Tools DIMENSION LOW MEDIUM HIGH
Organizational Buy-In
None or grassroots
Divisional Top Down (CIO/CEO)
IT Capabilities In-house Limited Partner Limited
In-house Limited Trusted Partner
In-house Advanced Trusted Partner(s)
IT Vision
Operational Somewhat forward thinking
Innovative and cutting edge
AWS Experience
None / Limited Some Extensive
Extend Existing Tools - Pros • No rip-and-replace • Can be fastest path to hybrid • Familiarity with tools and vendors • Vendor-provided support • Requires least amount of specialized skills
Extend Existing Tools - Cons • Limited feature sets • Licensing costs • Maintaining feature parity with AWS • A “good enough” approach
Application Deployment Strategies
...
Corporate Data Centers
App 1
App 2
App N
... App 1
App 2
App N
Horizontal Run partial application layers on AWS
• Storage • Disaster Recovery • Database • Extend / Burst into AWS
Horizontal - Pros • Can keep sensitive layers in-house
– Data – IP / Trade Secrets – Regulatory Restricted
• Relatively easier compliance
Horizontal - Cons • More complex than vertical • Harder to undo if relationship with cloud
vendor sours
Vertical Deploy full application stacks on AWS • Net-new Workloads • Development and QA
Vertical - Pros • Quick to Implement / Minimal Integration • Good Application Stack Isolation • Leverages Cloud Benefits at Each Layer • Fairly Easy to Undo
Vertical - Cons • Doesn’t Really Leverage In-House IT
Resources • Must Have Well Established Governance
Policies for All Layers
That’s all great Donn, but how do I actually get started?
Getting Started • Storage / Backups and Archive
• Development and Test
• Net New Workloads
• Disaster Recovery
• Cloud Bursting
• Migrate Legacy Workloads
Getting Started – Storage / Backup
Getting Started – Storage / Backup
Getting Started – Network Topology
Subnet 1
… Subnet 2 Subnet N
Considerations • Overlapping networks • IP stinginess
• VPC CIDR too small • Subnets too small
Getting Started – Connectivity
Considerations • Public Internet vs. Direct Connect • Redundancy
Customer Data Center
DX Location
Getting Started – IAM
Considerations • Identity Federation • AWS vs. App Stack Access • Build vs. Buy
What Next? • AWS Account Team • Trusted Partners • Resources
– http://aws.amazon.com/architecture – http://aws.amazon.com/enterprise
Please give us your feedback on this presentation
As a thank you, we will select prize winners daily for completed surveys!
ARC310