Amazon Web Services (AWS) provides on-demand computing resources and services in the cloud, with pay-as-you-go pricing. This session provides an overview and describes how using AWS resources instead of your own is like purchasing electricity from a power company instead of running your own generator. Using AWS resources provides many of the same benefits as a public utility: Capacity exactly matches your need, you pay only for what you use, economies of scale result in lower costs, and the service is provided by a vendor experienced in running large-scale networks. A high-level overview of AWS’s infrastructure (such as AWS Regions and Availability Zones) and AWS services is provided as part of this session.
4. What sets AWS apart?
Building and managing cloud since 2006
70+ services to support virtually any cloud workload
History of rapid, customer-driven releases
12 regions, 33 availability zones, 54 edge locations
51 proactive price reductions to date
Tens of thousands of partners; 2,500+ Marketplace products
Experience
Service breadth & depth
Pace of innovation
Global footprint
Pricing philosophy
Ecosystem
5. AWS Mission
Enable businesses and developers to use web
services* to build scalable, sophisticated applications.
*What people now call “the cloud”
6.
7. Region
Redundant tier-1
region-to-region
connectivity
Transit Centers connect:
• Private links to other regions
• Private links to Direct Connect customers
• Internet through peering & paid transit
AZs on separate flood plains
AZs fault separated (sub-stations)
AZs TYPICALLY <1 ms separation
25 Tbps peak inter-AZ traffic
AZa
AZc
AZbDC
DC
DC
DC
DC
DC
DC
DC
DC
DC
DC
DC
TC
TC
8. Why Availability Zones?
Challenges with traditional asynchronous replication between distant data
centers
• Committing to an SSD order 1 to 2 ms
• But LA to New York is 74 ms roundtrip
• You can’t wait 74 ms to commit a transaction
Traditional failure, difficult decision:
• Failover & lose transactions, or
• Or don’t failover & lose availability
• Difficult choice
AZs for no-admin failover
• Sync works when < 2 ms
• Combine with regional replication for
very high availability (VHA)
74 ms
12. ENTERPRISE
APPS
DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS
Data
Warehousing
Hadoop/
Spark
Streaming Data
Collection
Machine
Learning
Elastic
Search
Virtual
Desktops
Sharing &
Collaboration
Corporate
Email
Backup
Queuing &
Notifications
Workflow
Search
Email
Transcoding
One-click App
Deployment
Identity
Sync
Single Integrated
Console
Push
Notifications
DevOps Resource
Management
Application Lifecycle
Management
Containers
Triggers
Resource
Templates
TECHNICAL &
BUSINESS
SUPPORT
Account
Management
Support
Professional
Services
Training &
Certification
Security
& Pricing
Reports
Partner
Ecosystem
Solutions
Architects
MARKETPLACE
Business
Apps
Business
Intelligence
Databases
DevOps
Tools
NetworkingSecurity Storage
Regions
Availability
Zones
Points of
Presence
INFRASTRUCTURE
CORE SERVICES
Compute
VMs, Auto-scaling,
& Load Balancing
Storage
Object, Blocks,
Archival, Import/Export
Databases
Relational, NoSQL,
Caching, Migration
Networking
VPC, DX, DNS
CDN
Access
Control
Identity
Management
Key
Management
& Storage
Monitoring
& Logs
Assessment
and reporting
Resource &
Usage Auditing
SECURITY & COMPLIANCE
Configuration
Compliance
Web application
firewall
HYBRID
ARCHITECTURE
Data
Backups
Integrated
App
Deployments
Direct
Connect
Identity
Federation
Integrated
Resource
Management
Integrated
Networking
API
Gateway
IoT
Rules
Engine
Device
Shadows
Device
SDKs
Registry
Device
Gateway
Streaming Data
Analysis
Business
Intelligence
Mobile
Analytics
13. Not just the expansive services…
much deeper features
Compute Storage
Block storage:
Magnetic
General purpose SSD
Provisioned IOPS SSD
Object storage:
Life cycle management
Event triggers
Data locality control
Elastic File System
POSIX Compliant
Relational
databases
RDS for MySQL
RDS for SQL Server
RDS for Oracle
RDS for PostgreSQL
RDS for Amazon Aurora
Multi-AZ synchronous
replication
Read replica support
Auditing, security
& compliance
Configuration history
Usage audit logs
Change notifications
Dedicated HSMs
Customer controlled
keys
General purpose (M3)
Compute optimized (C3)
Memory optimized (R3)
GPU optimized (G2)
Storage optimized (D2)
IO optimized (I2)
Low-cost, burstable
performance (T2)
14. AWS Foundation Services
Compute Storage Database Networking
AWS Global Infrastructure
Regions
Availability Zones
Edge Locations
Network
security
Server
security
Customer applications & content
You get to define
your controls IN
the cloud
AWS takes care
of the security
OF the cloud
Mission
owner &
partner
AWS and you share responsibility for security
Data
security
Access
control
15. Strengthen your security posture
Powerful native functionality and
tools at no additional charge
Over 30 global compliance
certifications and accreditations
Leverage security enhancements gleaned
from 1 M+ customer experiences
Benefit from AWS industry leading
security teams 24/7, 365 days a year
Security infrastructure built to
satisfy military, global banks, and other
high-sensitivity organizations
“We work closely with AWS to
develop a security model, which we
believe enables us to operate more
securely in the public cloud than we
can in our own data centers.”
Rob Alexander - CIO, Capital One
16. Access a deep set of cloud security tools
Encryption
AWS KMS AWS CloudHSM Server-side
encryption
Networking
Amazon VPC AWS WAF
Compliance
AWS ConfigAWS CloudTrailAWS Service
Catalog
Identity
AWS IAM Active
Directory
integration
SAML-based
federation
18. 2011 2012 2013 2014
“AWS is the overwhelming market share leader, with more than five times the
compute capacity in use than the aggregate total of the other fourteen
providers.”
Gartner Magic Quadrant past 4 years
19. Gartner Magic Quadrant for
Cloud Infrastructure as a Service, Worldwide (May 2015)
Gartner “Magic Quadrant for Cloud Infrastructure as a Service, Worldwide,” Lydia Leong, Douglas Toombs, Bob Gill, May 18, 2015. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger
research note and should be evaluated in the context of the entire report. The Gartner report is available at http://aws.amazon.com/resources/analyst-reports/. Gartner does not endorse any vendor, product or
service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of
Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or
fitness for a particular purpose.
“AWS has a diverse customer base and the broadest range of use cases, including enterprise
and mission-critical applications. It is the overwhelming market share leader, with over 10
times more cloud IaaS compute capacity in use than the aggregate total of the other 14
providers in this Magic Quadrant.”
20. Application hosting considerations
@craw
0
10
20
30
40
50
60
70
80
90
100
2012 2013 2014 2015 2016 2017 2018 2019 2020
Changing face of Enterprise IT
SaaS Public Cloud Private Cloud On Premise
Indicative Only
“By 2020, the distinction between public and private cloud disappears as self-built
private clouds become extinct #idcgrac” Crawford Del Prete; EVP, Products and
Chief Research Officer
21. An expansive ecosystem
Thousands of the world’s largest
technology and consulting companies
31 Global Premier Consulting partners
8 Enterprise-focused competencies
2,100+ products available for 1-click
deployment across 23 distinct product
categories
Customers run over 70 M hours of
software per month
22. AWS Cloud
Eliminate costly technical debt and reallocate resources
so you can deliver high-value, revenue-generating projects faster.
Innovate faster and solidify your competitive advantage by
merging startup agility with enterprise experience and resources.
Reduce risk by focusing resources dedicated to security, compliance
and availability to the most important areas of your business.
"AWS is our trusted partner that is going to run our company for the next 140 years.”
Jim Fowler – CIO, General Electric
23. AWS website and Console demonstration
Paul Bockelman
• Website
• www.aws.amazon.com
• Amazon EC2
⁻ Pricing
⁻ Developer resources
• AWS Management Console navigation
• Front page services
• AWS Billing and Cost Management console
• Support Center- AWS Service Health Dashboard
• AWS Trusted Advisor
• http://calculator.s3.amazonaws.com/index.html
We are often asked the question: how did Amazon get into cloud computing? Amazon is really good at providing an immense selection of products, and of shipping those products to customers efficiently. But behind that online capability lies years of experience in providing technical services to the business that ensures our online stores are secure, fast, always available and capable of meeting huge seasonal demand.
We are often asked the question: how did Amazon get into cloud computing? Amazon is really good at providing an immense selection of products, and of shipping those products to customers efficiently. But behind that online capability lies years of experience in providing technical services to the business that ensures our online stores are secure, fast, always available and capable of meeting huge seasonal demand.
TALKING POINTS
Customers have selected AWS for years because we have proven ourselves committed to customer success.
We believe we stand apart in the market because of six factors: Experience, Service Breadth and Depth, Pace of Innovation, Global Footprint, Pricing Philosophy, and Partner Ecosystem
Updated 12/15/2015 – BDS – Changed to 50+ services (from 40+), 30 AZ, 54 Edge locations, tens of thousands of partners and 2300+ software offerings
Updated 12/16/2015 – MGD – Updated 50+ services language to reflect “virtually any cloud workload” consistent with approved PR language.
Over ten years ago, the technical teams supporting Amazon.com were moving from providing software and hardware capabilities to a service orientated approach - that is packaging things in an easy to consume way so that deployments by parts of the business were easier, faster and more scalable (Give example with attendees “One group provides storage, one time, one queuing). As Amazon opened up its internal services to third party sellers, and we published simple web services such as our catalog search, it became apparent very quickly that developers were hungry for more, and that Amazon had developed significant technical know-how that could be packaged for others to use. We asked ourselves 'what if we could package everything we do and offer it to others over the web?'. 'What if other businesses could leverage the scale and reach of Amazon.com?'
So in 2006 Amazon Web Services was born. It's mission was clear: to enable businesses and developers to use web services to scalable sophisticated applications. It's interesting to note that what we called Web Services, has now morphed into a common term 'the Cloud'. Amazon Web Services is and always has been a distinct and individual Amazon organization.
First: Talk about Regions… how many there are, why you’d use them, etc.
<click>
Second: Talk about Points of Presence.
<click>
Third: Talk about the notion of AZs within a Region. And now let’s dive into what a Region looks like in more detail <click>
We briefly mentioned Regions before… Regions are the orange circles and think of them as geographically seperated parts of the world. And a Region is divided into what we call Availability Zones. But as you can see we have 12 Regions (with 5 more coming on line soon) around with world spread out over 5 continents.
But think of a Region as a way to run your application in a geographical location that’s closest to your users... Or maybe you have to comply with regulatory requirements which says you need to store data within a country of origin. So each Region is independent for data sovereignty purposes.
You can see there’s also a GovCloud Region.. AWS GovCloud (US) is an isolated AWS Region designed to allow US government agencies and customers to move workloads into the cloud by helping them meet certain regulatory and compliance requirements. The AWS GovCloud (US) framework allows US government agencies and their contractors to comply with U.S. International Traffic in Arms Regulations (ITAR) regulations as well as the Federal Risk and Authorization Management Program (FedRAMP) requirements. AWS GovCloud (US) has received an Agency Authorization to Operate (ATO) from the US Department of Health and Human Services (HHS) utilizing a FedRAMP accredited Third Party Assessment Organization (3PAO) for several AWS services.
But let’s take a look at a Region... <click>
Updated 12/15/2015 – BDS – Updated govcloud to have 3 AZs
You can choose to deploy and run your applications in multiple physical locations within the AWS cloud.
Our data center footprint is global, spanning 5 continents with highly redundant clusters of data centers in each region.
Amazon Web Services are available in geographic Regions that are independent and separate as much as possible for data sovereignty and as much as possible offer the same services.
When you use AWS, you can specify the Region in which your data will be stored, instances run, queues started, and databases instantiated.
Within each Region are Availability Zones (AZs).
Availability Zones are distinct locations that are engineered to be insulated from failures in other Availability Zones and provide inexpensive, low latency network connectivity to other Availability Zones in the same Region. By launching instances in separate Availability Zones, you can protect your applications from a failure (unlikely as it might be) that affects an entire zone. Regions consist of one or more Availability Zones, are geographically dispersed, and are in separate geographic areas or countries. The Amazon EC2 service level agreement commitment is 99.95% availability for each Amazon EC2 Region.
Our footprint is expanding continuously as we increase capacity, redundancy and add locations to meet the needs of our customers around the world.
AWS maintains Regions, which are major geographic areas, and Availability Zones (AZ), which are individual data centers, or clusters of data centers that make up a Region. Independent and separate that as much as possible offer the same services. But they have isolation as much as possible for data sovereignty.
Today, AWS operates 9 Regions around the world. Each Region has a minimum of 2 AZs (separate power, flood planes, etc) to allow customers to set up high availability architectures and data redundancy. An abstraction of a datacenter with fault isolation but close enough to build high availability architectures.
In addition to Regions, AWS maintains edge locations that supporting Route 53 DNS and Amazon CloudFront (CDN) points of presence.
Each availability zone is designed as an independent failure zone. This means that availability zones are physically separated within a typical metropolitan region and are located in lower risk flood plains (specific flood zone categorization varies by Region). In addition to discrete uninterruptable power supply (UPS) and onsite backup generation facilities, they are each fed via different grids from independent utilities to further reduce single points of failure. Availability zones are all redundantly connected to multiple tier-1 transit providers.
The depth and breadth of the AWS platform does this. No other cloud provides so many options with so much functionality.
Let’s take a look at the some of the things that are possible with the platform…
The depth and breadth of the AWS platform does this. No other cloud provides so many options with so much functionality.
Let’s take a look at the some of the things that are possible with the platform…
At AWS we have a shared security model, where we are responsible for some aspects of security, whereas you get to choose other security measures you put in place.
As AWS we are responsible for the security of the underlying infrastructure . That of course include physical security across our regions, our data centers, our availability zones, our edge locations. We are also responsible for the security of the foundation services that underpin the AWS environment. This includes the infrastructure that supports our compute, storage, database and networking services.
As a customer, then, you have a choice of what security controls you choose to deploy to protect your virtual networks, servers, your data and what access control policies you wish to put in place. For highly sensitive content and applications you may want to put very stringent controls in place. For less sensitive applications, you may want to dial security back – you get to choose.
It can be difficult to see a latent security threat before it causes damage in traditional architectures because of the high degree of interconnected systems.
By moving to AWS, you adopt a Shared Responsibility Model where we are responsible for the security of the cloud, and you are responsible for the security of your applications in the cloud.
Under this model, you benefit from:
Lean, purpose-built hardware designed to work together and present an extremely small attack surface
On-going investment in security tools and features
The ability to build a resilient environment with the security you need, but without the capital outlay, and at a much lower operational overhead
A global security team that monitors and responds to over 1 million customer experiences across the globe and applies that learning to every customer. When we identify and remediate a problem for a single customer, we resolve it for every customer. This is a level of visibility that virtually no single organization can achieve on its own.
The US military, global banks, healthcare organizations, and other extremely security conscious organizations trust the AWS platform to keep them secure.
CAPITAL ONE: Capital One is using AWS to reduce its data centers from eight to three by 2018. Capital One is one of the nation’s largest banks and offers credit cards, checking and savings accounts, auto loans, rewards, and online banking services for consumers and businesses. The bank is using or experimenting with nearly every AWS service to develop, test, build, and run its most critical workloads, including its new flagship mobile-banking application. Rob Alexander, Capital One's chief information officer, says, "The financial service industry attracts some of the worst cyber criminals. We work closely with AWS to develop a security model, which we believe enables us to operate more securely in the public cloud than we can in our own data centers." Capital One selected AWS for its security model and for the ability to provision infrastructure on the fly, the elasticity to handle purchasing demands at peak times, its high availability, and its pace of innovation. [http://aws.amazon.com/solutions/case-studies/capital-one/]
To protect your application, AWS invests in a broad portfolio of security, identity, and management tools to help ensure your applications are secure and operate in a compliant manner.
--NETWORKING--
Amazon VPC: Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. With Amazon VPC, you can make the Amazon cloud a seamless extension of your existing on-premises resources.
AWS WAF: AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application. New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns. Also, AWS WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules.
--ENCRYPTION—
AWS KMS: AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys. AWS Key Management Service is integrated with several other AWS services to help you protect your data you store with these services. AWS Key Management Service is also integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs.
AWS CloudHSM: The AWS CloudHSM service helps you meet corporate, contractual and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) appliances within the AWS cloud. With CloudHSM, you control the encryption keys and cryptographic operations performed by the HSM.
Server-side Encryption: AWS allows data to be encrypted with AWS service managed keys, AWS managed keys via AWS KMS, or customer managed keys. We also make the AWS Encyption SDK freely available to help developers correctly generate and use encryption keys, as well as protect the key after it has been used.
--IDENTITY--
AWS IAM: AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.
AWS Directory Service: AWS Directory Service makes it easy to setup and run Microsoft Active Directory (AD) in the AWS cloud, or connect your AWS resources with an existing on-premises Microsoft Active Directory. Once your directory is created, you can use it to manage users and groups, provide single sign-on to applications and services, create and apply group policy, domain join Amazon EC2 instances, as well as simplify the deployment and management of cloud-based Linux and Microsoft Windows workloads.
SAML Federation: AWS IAM supports SAML 2.0 to allow identity integration with most major identity management solutions. [http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml_3rd-party.html]
--COMPLIANCE—
AWS Service Catalog: AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS. These IT services can include everything from virtual machine images, servers, software, and databases to complete multi-tier application architectures. AWS Service Catalog allows you to centrally manage commonly deployed IT services, and helps you achieve consistent governance and meet your compliance requirements, while enabling users to quickly deploy only the approved IT services they need.
AWS CloudTrail: AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service. With CloudTrail, you can get a history of AWS API calls for your account, including API calls made via the AWS Management Console, AWS SDKs, command line tools, and higher-level AWS services (such as AWS CloudFormation). The AWS API call history produced by CloudTrail enables security analysis, resource change tracking, and compliance auditing.
AWS Config: AWS Config is a fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance. Config Rules enables you to create rules that automatically check the configuration of AWS resources recorded by AWS Config. With AWS Config, you can discover existing and deleted AWS resources, determine your overall compliance against rules, and dive into configuration details of a resource at any point in time. These capabilities enable compliance auditing, security analysis, resource change tracking, and troubleshooting.
AWS also provides the broadest set of accreditations and certifications of any cloud provider.
Annual view since inception
REMINDER! Amazon Web Services to Gartner External Use Policy
As a subscriber to Gartner Services, all Amazon Web Services associates are obligated to seek permission from Gartner in order to use the "Gartner" name, take excerpts of Gartner research or quote Gartner analysts. All such use must comply with the Gartner Copyright and Quote Policy on gartner.com, which includes submitting usage requests in writing to quote.requests@gartner.com for review and approval prior to distribution. It is very important to follow these requirements to insure that Amazon Web Services does not violate its agreement with Gartner.
TALKING POINTS
AWS has the largest ecosystem in the cloud (by far) and it continues to grow at a rapid clip.
It’s very likely the SI and ISV partners of choice for the customer are already partners of AWS.
Having this support in place makes it much easier to adopt and shift existing business processes to the cloud.
Marketplace allows customers to directly deploy business applications to their AWS environment, simplifying licensing and deployment.
Your relationship with Amazon Web Services frees you up to pursue innovative, high-value business objectives, by:
Enhancing your agility, through a reduction of technical debt.
Allowing you to create, test and get to market faster with disruptive products and services designed to generate a significant competitive advantage.
While improving security and compliance processes, as well as increasing availability of critical resources
In short, Amazon Web Services allows you to devote more resources to customer-focused innovation, giving you tools you need to succeed in today’s fast-paced, often disruptive, application-based economy.
GENERAL ELECTRIC: General Electric (GE) is migrating more than 9,000 workloads, including 300 disparate ERP systems, to AWS while reducing its datacenter footprint from 34 to four over the next three years. The company is the world’s Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive, and predictive. Jim Fowler, General Electric's chief information officer, noting that GE has been around for 140 years, says, "AWS is our trusted partner that is going to run our company for the next 140 years.” As an example, the GE Oil & Gas division has started this journey by migrating more than half of its core applications to AWS while achieving a 52 percent reduction in its total cost of ownership. [http://aws.amazon.com/solutions/case-studies/general-electric/]