Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
•Als PPTX, PDF herunterladen•
3 gefällt mir•2,833 views
Amazon Web Services (AWS) provides on-demand computing resources and services in the cloud, with pay-as-you-go pricing. This session provides an overview and describes how using AWS resources instead of your own is like purchasing electricity from a power company instead of running your own generator. Using AWS resources provides many of the same benefits as a public utility: Capacity exactly matches your need, you pay only for what you use, economies of scale result in lower costs, and the service is provided by a vendor experienced in running large-scale networks. A high-level overview of AWS’s infrastructure (such as AWS Regions and Availability Zones) and AWS services is provided as part of this session.
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Andere mochten auch (20)
Ähnlich wie Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Ähnlich wie Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016 (20)
Mehr von Amazon Web Services
Mehr von Amazon Web Services (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
- 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Mark Fox, Sr. Manager DoD Programs, AWS June 20, 2016 Introduction to AWS Cloud Computing
- 3. …get into cloud computing?
- 4. What sets AWS apart? Building and managing cloud since 2006 70+ services to support virtually any cloud workload History of rapid, customer-driven releases 12 regions, 33 availability zones, 54 edge locations 51 proactive price reductions to date Tens of thousands of partners; 2,500+ Marketplace products Experience Service breadth & depth Pace of innovation Global footprint Pricing philosophy Ecosystem
- 5. AWS Mission Enable businesses and developers to use web services* to build scalable, sophisticated applications. *What people now call “the cloud”
- 7. Region Redundant tier-1 region-to-region connectivity Transit Centers connect: • Private links to other regions • Private links to Direct Connect customers • Internet through peering & paid transit AZs on separate flood plains AZs fault separated (sub-stations) AZs TYPICALLY <1 ms separation 25 Tbps peak inter-AZ traffic AZa AZc AZbDC DC DC DC DC DC DC DC DC DC DC DC TC TC
- 8. Why Availability Zones? Challenges with traditional asynchronous replication between distant data centers • Committing to an SSD order 1 to 2 ms • But LA to New York is 74 ms roundtrip • You can’t wait 74 ms to commit a transaction Traditional failure, difficult decision: • Failover & lose transactions, or • Or don’t failover & lose availability • Difficult choice AZs for no-admin failover • Sync works when < 2 ms • Combine with regional replication for very high availability (VHA) 74 ms
- 9. Example AWS Availability Zone AZ AZ AZ AZ AZ Transit Transit
- 10. Example AWS Data Center
- 11. Technical & Business Support Hybrid Architecture Application Marketplace Analytics Application Services Mobile Services Development & Operations Internet of Things Enterprise Applications Security & Compliance Core Services Infrastructure
- 12. ENTERPRISE APPS DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS Data Warehousing Hadoop/ Spark Streaming Data Collection Machine Learning Elastic Search Virtual Desktops Sharing & Collaboration Corporate Email Backup Queuing & Notifications Workflow Search Email Transcoding One-click App Deployment Identity Sync Single Integrated Console Push Notifications DevOps Resource Management Application Lifecycle Management Containers Triggers Resource Templates TECHNICAL & BUSINESS SUPPORT Account Management Support Professional Services Training & Certification Security & Pricing Reports Partner Ecosystem Solutions Architects MARKETPLACE Business Apps Business Intelligence Databases DevOps Tools NetworkingSecurity Storage Regions Availability Zones Points of Presence INFRASTRUCTURE CORE SERVICES Compute VMs, Auto-scaling, & Load Balancing Storage Object, Blocks, Archival, Import/Export Databases Relational, NoSQL, Caching, Migration Networking VPC, DX, DNS CDN Access Control Identity Management Key Management & Storage Monitoring & Logs Assessment and reporting Resource & Usage Auditing SECURITY & COMPLIANCE Configuration Compliance Web application firewall HYBRID ARCHITECTURE Data Backups Integrated App Deployments Direct Connect Identity Federation Integrated Resource Management Integrated Networking API Gateway IoT Rules Engine Device Shadows Device SDKs Registry Device Gateway Streaming Data Analysis Business Intelligence Mobile Analytics
- 13. Not just the expansive services… much deeper features Compute Storage Block storage: Magnetic General purpose SSD Provisioned IOPS SSD Object storage: Life cycle management Event triggers Data locality control Elastic File System POSIX Compliant Relational databases RDS for MySQL RDS for SQL Server RDS for Oracle RDS for PostgreSQL RDS for Amazon Aurora Multi-AZ synchronous replication Read replica support Auditing, security & compliance Configuration history Usage audit logs Change notifications Dedicated HSMs Customer controlled keys General purpose (M3) Compute optimized (C3) Memory optimized (R3) GPU optimized (G2) Storage optimized (D2) IO optimized (I2) Low-cost, burstable performance (T2)
- 14. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Network security Server security Customer applications & content You get to define your controls IN the cloud AWS takes care of the security OF the cloud Mission owner & partner AWS and you share responsibility for security Data security Access control
- 15. Strengthen your security posture Powerful native functionality and tools at no additional charge Over 30 global compliance certifications and accreditations Leverage security enhancements gleaned from 1 M+ customer experiences Benefit from AWS industry leading security teams 24/7, 365 days a year Security infrastructure built to satisfy military, global banks, and other high-sensitivity organizations “We work closely with AWS to develop a security model, which we believe enables us to operate more securely in the public cloud than we can in our own data centers.” Rob Alexander - CIO, Capital One
- 16. Access a deep set of cloud security tools Encryption AWS KMS AWS CloudHSM Server-side encryption Networking Amazon VPC AWS WAF Compliance AWS ConfigAWS CloudTrailAWS Service Catalog Identity AWS IAM Active Directory integration SAML-based federation
- 17. Architected for government security requirements And many more… https://aws.amazon.com/compliance/
- 18. 2011 2012 2013 2014 “AWS is the overwhelming market share leader, with more than five times the compute capacity in use than the aggregate total of the other fourteen providers.” Gartner Magic Quadrant past 4 years
- 19. Gartner Magic Quadrant for Cloud Infrastructure as a Service, Worldwide (May 2015) Gartner “Magic Quadrant for Cloud Infrastructure as a Service, Worldwide,” Lydia Leong, Douglas Toombs, Bob Gill, May 18, 2015. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available at http://aws.amazon.com/resources/analyst-reports/. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. “AWS has a diverse customer base and the broadest range of use cases, including enterprise and mission-critical applications. It is the overwhelming market share leader, with over 10 times more cloud IaaS compute capacity in use than the aggregate total of the other 14 providers in this Magic Quadrant.”
- 20. Application hosting considerations @craw 0 10 20 30 40 50 60 70 80 90 100 2012 2013 2014 2015 2016 2017 2018 2019 2020 Changing face of Enterprise IT SaaS Public Cloud Private Cloud On Premise Indicative Only “By 2020, the distinction between public and private cloud disappears as self-built private clouds become extinct #idcgrac” Crawford Del Prete; EVP, Products and Chief Research Officer
- 21. An expansive ecosystem Thousands of the world’s largest technology and consulting companies 31 Global Premier Consulting partners 8 Enterprise-focused competencies 2,100+ products available for 1-click deployment across 23 distinct product categories Customers run over 70 M hours of software per month
- 22. AWS Cloud Eliminate costly technical debt and reallocate resources so you can deliver high-value, revenue-generating projects faster. Innovate faster and solidify your competitive advantage by merging startup agility with enterprise experience and resources. Reduce risk by focusing resources dedicated to security, compliance and availability to the most important areas of your business. "AWS is our trusted partner that is going to run our company for the next 140 years.” Jim Fowler – CIO, General Electric
- 23. AWS website and Console demonstration Paul Bockelman • Website • www.aws.amazon.com • Amazon EC2 ⁻ Pricing ⁻ Developer resources • AWS Management Console navigation • Front page services • AWS Billing and Cost Management console • Support Center- AWS Service Health Dashboard • AWS Trusted Advisor • http://calculator.s3.amazonaws.com/index.html
- 24. Thank you!
Hinweis der Redaktion
- We are often asked the question: how did Amazon get into cloud computing? Amazon is really good at providing an immense selection of products, and of shipping those products to customers efficiently. But behind that online capability lies years of experience in providing technical services to the business that ensures our online stores are secure, fast, always available and capable of meeting huge seasonal demand.
- We are often asked the question: how did Amazon get into cloud computing? Amazon is really good at providing an immense selection of products, and of shipping those products to customers efficiently. But behind that online capability lies years of experience in providing technical services to the business that ensures our online stores are secure, fast, always available and capable of meeting huge seasonal demand.
- TALKING POINTS Customers have selected AWS for years because we have proven ourselves committed to customer success. We believe we stand apart in the market because of six factors: Experience, Service Breadth and Depth, Pace of Innovation, Global Footprint, Pricing Philosophy, and Partner Ecosystem Updated 12/15/2015 – BDS – Changed to 50+ services (from 40+), 30 AZ, 54 Edge locations, tens of thousands of partners and 2300+ software offerings Updated 12/16/2015 – MGD – Updated 50+ services language to reflect “virtually any cloud workload” consistent with approved PR language.
- Over ten years ago, the technical teams supporting Amazon.com were moving from providing software and hardware capabilities to a service orientated approach - that is packaging things in an easy to consume way so that deployments by parts of the business were easier, faster and more scalable (Give example with attendees “One group provides storage, one time, one queuing). As Amazon opened up its internal services to third party sellers, and we published simple web services such as our catalog search, it became apparent very quickly that developers were hungry for more, and that Amazon had developed significant technical know-how that could be packaged for others to use. We asked ourselves 'what if we could package everything we do and offer it to others over the web?'. 'What if other businesses could leverage the scale and reach of Amazon.com?'
- So in 2006 Amazon Web Services was born. It's mission was clear: to enable businesses and developers to use web services to scalable sophisticated applications. It's interesting to note that what we called Web Services, has now morphed into a common term 'the Cloud'. Amazon Web Services is and always has been a distinct and individual Amazon organization.
- First: Talk about Regions… how many there are, why you’d use them, etc. <click> Second: Talk about Points of Presence. <click> Third: Talk about the notion of AZs within a Region. And now let’s dive into what a Region looks like in more detail <click> We briefly mentioned Regions before… Regions are the orange circles and think of them as geographically seperated parts of the world. And a Region is divided into what we call Availability Zones. But as you can see we have 12 Regions (with 5 more coming on line soon) around with world spread out over 5 continents. But think of a Region as a way to run your application in a geographical location that’s closest to your users... Or maybe you have to comply with regulatory requirements which says you need to store data within a country of origin. So each Region is independent for data sovereignty purposes. You can see there’s also a GovCloud Region.. AWS GovCloud (US) is an isolated AWS Region designed to allow US government agencies and customers to move workloads into the cloud by helping them meet certain regulatory and compliance requirements. The AWS GovCloud (US) framework allows US government agencies and their contractors to comply with U.S. International Traffic in Arms Regulations (ITAR) regulations as well as the Federal Risk and Authorization Management Program (FedRAMP) requirements. AWS GovCloud (US) has received an Agency Authorization to Operate (ATO) from the US Department of Health and Human Services (HHS) utilizing a FedRAMP accredited Third Party Assessment Organization (3PAO) for several AWS services. But let’s take a look at a Region... <click>
- Updated 12/15/2015 – BDS – Updated govcloud to have 3 AZs You can choose to deploy and run your applications in multiple physical locations within the AWS cloud. Our data center footprint is global, spanning 5 continents with highly redundant clusters of data centers in each region. Amazon Web Services are available in geographic Regions that are independent and separate as much as possible for data sovereignty and as much as possible offer the same services. When you use AWS, you can specify the Region in which your data will be stored, instances run, queues started, and databases instantiated. Within each Region are Availability Zones (AZs). Availability Zones are distinct locations that are engineered to be insulated from failures in other Availability Zones and provide inexpensive, low latency network connectivity to other Availability Zones in the same Region. By launching instances in separate Availability Zones, you can protect your applications from a failure (unlikely as it might be) that affects an entire zone. Regions consist of one or more Availability Zones, are geographically dispersed, and are in separate geographic areas or countries. The Amazon EC2 service level agreement commitment is 99.95% availability for each Amazon EC2 Region. Our footprint is expanding continuously as we increase capacity, redundancy and add locations to meet the needs of our customers around the world. AWS maintains Regions, which are major geographic areas, and Availability Zones (AZ), which are individual data centers, or clusters of data centers that make up a Region. Independent and separate that as much as possible offer the same services. But they have isolation as much as possible for data sovereignty. Today, AWS operates 9 Regions around the world. Each Region has a minimum of 2 AZs (separate power, flood planes, etc) to allow customers to set up high availability architectures and data redundancy. An abstraction of a datacenter with fault isolation but close enough to build high availability architectures. In addition to Regions, AWS maintains edge locations that supporting Route 53 DNS and Amazon CloudFront (CDN) points of presence. Each availability zone is designed as an independent failure zone. This means that availability zones are physically separated within a typical metropolitan region and are located in lower risk flood plains (specific flood zone categorization varies by Region). In addition to discrete uninterruptable power supply (UPS) and onsite backup generation facilities, they are each fed via different grids from independent utilities to further reduce single points of failure. Availability zones are all redundantly connected to multiple tier-1 transit providers.
- The depth and breadth of the AWS platform does this. No other cloud provides so many options with so much functionality. Let’s take a look at the some of the things that are possible with the platform…
- The depth and breadth of the AWS platform does this. No other cloud provides so many options with so much functionality. Let’s take a look at the some of the things that are possible with the platform…
- At AWS we have a shared security model, where we are responsible for some aspects of security, whereas you get to choose other security measures you put in place. As AWS we are responsible for the security of the underlying infrastructure . That of course include physical security across our regions, our data centers, our availability zones, our edge locations. We are also responsible for the security of the foundation services that underpin the AWS environment. This includes the infrastructure that supports our compute, storage, database and networking services. As a customer, then, you have a choice of what security controls you choose to deploy to protect your virtual networks, servers, your data and what access control policies you wish to put in place. For highly sensitive content and applications you may want to put very stringent controls in place. For less sensitive applications, you may want to dial security back – you get to choose.
- It can be difficult to see a latent security threat before it causes damage in traditional architectures because of the high degree of interconnected systems. By moving to AWS, you adopt a Shared Responsibility Model where we are responsible for the security of the cloud, and you are responsible for the security of your applications in the cloud. Under this model, you benefit from: Lean, purpose-built hardware designed to work together and present an extremely small attack surface On-going investment in security tools and features The ability to build a resilient environment with the security you need, but without the capital outlay, and at a much lower operational overhead A global security team that monitors and responds to over 1 million customer experiences across the globe and applies that learning to every customer. When we identify and remediate a problem for a single customer, we resolve it for every customer. This is a level of visibility that virtually no single organization can achieve on its own. The US military, global banks, healthcare organizations, and other extremely security conscious organizations trust the AWS platform to keep them secure. CAPITAL ONE: Capital One is using AWS to reduce its data centers from eight to three by 2018. Capital One is one of the nation’s largest banks and offers credit cards, checking and savings accounts, auto loans, rewards, and online banking services for consumers and businesses. The bank is using or experimenting with nearly every AWS service to develop, test, build, and run its most critical workloads, including its new flagship mobile-banking application. Rob Alexander, Capital One's chief information officer, says, "The financial service industry attracts some of the worst cyber criminals. We work closely with AWS to develop a security model, which we believe enables us to operate more securely in the public cloud than we can in our own data centers." Capital One selected AWS for its security model and for the ability to provision infrastructure on the fly, the elasticity to handle purchasing demands at peak times, its high availability, and its pace of innovation. [http://aws.amazon.com/solutions/case-studies/capital-one/]
- To protect your application, AWS invests in a broad portfolio of security, identity, and management tools to help ensure your applications are secure and operate in a compliant manner. --NETWORKING-- Amazon VPC: Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. With Amazon VPC, you can make the Amazon cloud a seamless extension of your existing on-premises resources. AWS WAF: AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application. New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns. Also, AWS WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules. --ENCRYPTION— AWS KMS: AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys. AWS Key Management Service is integrated with several other AWS services to help you protect your data you store with these services. AWS Key Management Service is also integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs. AWS CloudHSM: The AWS CloudHSM service helps you meet corporate, contractual and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) appliances within the AWS cloud. With CloudHSM, you control the encryption keys and cryptographic operations performed by the HSM. Server-side Encryption: AWS allows data to be encrypted with AWS service managed keys, AWS managed keys via AWS KMS, or customer managed keys. We also make the AWS Encyption SDK freely available to help developers correctly generate and use encryption keys, as well as protect the key after it has been used. --IDENTITY-- AWS IAM: AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. AWS Directory Service: AWS Directory Service makes it easy to setup and run Microsoft Active Directory (AD) in the AWS cloud, or connect your AWS resources with an existing on-premises Microsoft Active Directory. Once your directory is created, you can use it to manage users and groups, provide single sign-on to applications and services, create and apply group policy, domain join Amazon EC2 instances, as well as simplify the deployment and management of cloud-based Linux and Microsoft Windows workloads. SAML Federation: AWS IAM supports SAML 2.0 to allow identity integration with most major identity management solutions. [http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml_3rd-party.html] --COMPLIANCE— AWS Service Catalog: AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS. These IT services can include everything from virtual machine images, servers, software, and databases to complete multi-tier application architectures. AWS Service Catalog allows you to centrally manage commonly deployed IT services, and helps you achieve consistent governance and meet your compliance requirements, while enabling users to quickly deploy only the approved IT services they need. AWS CloudTrail: AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service. With CloudTrail, you can get a history of AWS API calls for your account, including API calls made via the AWS Management Console, AWS SDKs, command line tools, and higher-level AWS services (such as AWS CloudFormation). The AWS API call history produced by CloudTrail enables security analysis, resource change tracking, and compliance auditing. AWS Config: AWS Config is a fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance. Config Rules enables you to create rules that automatically check the configuration of AWS resources recorded by AWS Config. With AWS Config, you can discover existing and deleted AWS resources, determine your overall compliance against rules, and dive into configuration details of a resource at any point in time. These capabilities enable compliance auditing, security analysis, resource change tracking, and troubleshooting.
- AWS also provides the broadest set of accreditations and certifications of any cloud provider.
- Annual view since inception
- REMINDER! Amazon Web Services to Gartner External Use Policy As a subscriber to Gartner Services, all Amazon Web Services associates are obligated to seek permission from Gartner in order to use the "Gartner" name, take excerpts of Gartner research or quote Gartner analysts. All such use must comply with the Gartner Copyright and Quote Policy on gartner.com, which includes submitting usage requests in writing to quote.requests@gartner.com for review and approval prior to distribution. It is very important to follow these requirements to insure that Amazon Web Services does not violate its agreement with Gartner.
- TALKING POINTS AWS has the largest ecosystem in the cloud (by far) and it continues to grow at a rapid clip. It’s very likely the SI and ISV partners of choice for the customer are already partners of AWS. Having this support in place makes it much easier to adopt and shift existing business processes to the cloud. Marketplace allows customers to directly deploy business applications to their AWS environment, simplifying licensing and deployment.
- Your relationship with Amazon Web Services frees you up to pursue innovative, high-value business objectives, by: Enhancing your agility, through a reduction of technical debt. Allowing you to create, test and get to market faster with disruptive products and services designed to generate a significant competitive advantage. While improving security and compliance processes, as well as increasing availability of critical resources In short, Amazon Web Services allows you to devote more resources to customer-focused innovation, giving you tools you need to succeed in today’s fast-paced, often disruptive, application-based economy. GENERAL ELECTRIC: General Electric (GE) is migrating more than 9,000 workloads, including 300 disparate ERP systems, to AWS while reducing its datacenter footprint from 34 to four over the next three years. The company is the world’s Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive, and predictive. Jim Fowler, General Electric's chief information officer, noting that GE has been around for 140 years, says, "AWS is our trusted partner that is going to run our company for the next 140 years.” As an example, the GE Oil & Gas division has started this journey by migrating more than half of its core applications to AWS while achieving a 52 percent reduction in its total cost of ownership. [http://aws.amazon.com/solutions/case-studies/general-electric/]