3. Webinar How To’s
• How can I submit a question?
• How can I get a copy of the
presentation?
Special Note: Webinar is being recorded
4. What We’ll Cover
• AWS Platform Overview
• How Can I Use AWS to Extend My
Datacenter?
• AWS Services For Extending Your Datacenter
• How Do I Manage My AWS Datacenter?
• Customer Case Study – Production Web
Hosting
5. Please Welcome
Kris Bliesner Craig Carl
Chief Executive Officer Solutions Architect
2nd Watch Amazon Web Services
kris@2ndwatch.com crcarl@amazon.com
6. Craig Carl
Solutions Architect
Amazon Web Services
crcarl@amazon.com
7. Cloud Computing Benefits
No Up-Front Low Cost Pay Only for
Capital Expense What You Use
Self-Service Easily Scale Up Improve Agility &
Infrastructure and Down Time-to-Market
Deploy
8. AWS Pace of Innovation
82
New Service Announcements Including:
S3 Multi-Object Delete
& Updates AWS Sao Paulo Region
61
AWS Oregon Region
http://aws.typepad.com Including: Elastic Beanstalk (Beta)
Amazon SNS Amazon SES (Beta)
Amazon CloudFront AWS CloudFormation
48 Amazon Route 53 Amazon RDS for Oracle
S3 Bucket Policies AWS Direct Connect
Including: RDS Multi-AZ Support AWS GovCloud (US)
Amazon RDS RDS Reserved Databases Amazon ElastiCache
Amazon VPC AWS Import/Export VPC Virtual Networking
Amazon EMR AWS IAM Beta VPC Dedicated Instances
24 EC2 Auto Scaling AWS Singapore Region SMS Text Notification
EC2 Reserved Instances Cluster Instances for EC2 CloudFront Live Streaming
Including:
EC2 Elastic Load Balance Micro Instances for EC2 AWS Tokyo Region
Amazon SimpleDB
9 Amazon Cloudfront
AWS Import/Export Amazon Linux AMI SAP RDS on EC2
AWS Mngmt Console Oracle Apps on EC2 SAP BO on EC2
Including: Amazon EBS
Win Srv 2008 on EC2 SUSE Linux on EC2 Win Srv 2008 R2 on EC2
Amazon FPS EC2 Availability Zones
IBM Apps on EC2 VM Import for EC2 Win Srv 2003 VM Import
Red Hat Enterprise on EC2 EC2 Elastic IP Addresses
2007 2008 2009 2010 2011
9. Global Infrastructure for Global Enterprises
GovCloud US West US West US East South EU Asia Asia
(US ITAR (Northern (Oregon) (Northern America (Ireland) Pacific Pacific
Region) California) Virginia) (Sao Paulo) (Singapore) (Tokyo)
AWS Regions
http://aws.amazon.com/about-aws/globalinfrastructure
AWS Edge Locations
10. AWS Regions and Availability Zones
Customer Decides Where Applications and Data Reside
11. Compute & Storage Services
Virtual Servers in the Cloud
Amazon EC2 Your Choice of Linux and Windows
Easy to Scale Up and Down
Hard Drive for Virtual Servers on EC2
Amazon EBS Designed for High-Performance
You can Mount a Drive or Boot from EBS
High-Volume Storage in the Cloud
Amazon S3 Designed for Durability and Scalability
Number of Objects is Virtually Unlimited
12. Amazon Simple Storage Service
(Amazon S3)
• Storage for the Internet. Natively online, HTTP
access
• Store and retrieve any amount of data, any time, from
anywhere on the web
• Highly scalable, reliable, fast and durable (default =
99.9999999% durability)
13. Database Options
Self-Managed Managed Databases
Database Server on Amazon Relational Amazon
Amazon EC2 Database Service (RDS) DynamoDB
Your choice of
Oracle or MySQL offered as NoSQL data store
database running on
a service SSD storage
Amazon EC2
Bring Your Own Flexible Licensing: BYOL or Seamless scalability with
License (BYOL) License Included zero administration
14. Built for Enterprise Security Standards
Certifications Physical Security HW, SW, Network
SOC 1 Type 2 Datacenters in Systematic change
(formerly SAS-70) nondescript facilities management
ISO 27001 Physical access Phased updates
strictly controlled deployment
PCI DSS for EC2,
S3, EBS, VPC, RDS, Must pass two-factor Safe storage
ELB, IAM authentication at decommission
least twice for floor
FISMA Moderate Automated
access
Compliant Controls monitoring and self-
Physical access audit
HIPAA & ITAR
logged and audited
Compliant Advanced network
Architecture protection
15. Step 4: Security (Shared Model)
SAS 70 Type II Audit
Encrypt data in transit
ISO 27001/2 Certification
Encrypt data at rest
PCI DSS 2.0 Level 1-5
Protect your AWS Credentials
HIPAA/SOX Compliance
Rotate your keys
FISMA Moderate Infrastructure Application
Secure your OS and applications
FEDRamp / GSA ATO Security Security
How we secure our How can you secure your
infrastructure application and what is
your responsibility?
Services Security
What security options
and features are
Enforce IAM policies
available to you?
Use MFA, VPC, Leverage S3 bucket
policies, EC2 Security groups, EFS in
EC2 Etc..
16. Networking & Security
On-Demand AWS Direct Amazon Virtual
instances Connect Private Cloud (VPC)
Internet
Amazon EC2 instance
Dedicated connection Private VPN
running in the on-
between your datacenter connection to your
demand cloud.
and AWS AWS resources
17. What are Customer Running on AWS?
Business Oracle, SAP, Microsoft, IBM
Applications Line-of-Business Applications
Digital Media Distribution
Web Gaming
Applications Media Sharing
Social Media
Big Data & Analytics for Consumer Web
High Performance Genome Sequencing
Computing Large Scale Batch Processing
Backup & Recovery
Disaster Recovery Disaster Recovery
& Archive Archive
20. 2nd Watch Overview
• Production Application • Dev/Test Environments
Hosting • Disaster Recovery
• Security and Compliance • TCO/ROI Analysis
• 24x7 Operations
2nd Watch Service Offerings
Strategy and Cloud Cloud Build and Support
Roadmaps Assessments Architecture Migrations Services
21. Why use AWS to extend my Datacenter?
• Extend the capacity of my current systems
• Batch processing – data analysis
• Start new projects without buying new
hardware
• Use AWS as a backup datacenter
22. How can I use AWS to Extend my Datacenter?
Use AWS VPC to connect via IPSec VPN to your existing Datacenter
Availability Zone 1
EC2 Instances
VPN
EC2 Instances
Users or Availability Zone 2
Customers
Customer Datacenter
23. How can I use AWS to Extend my Datacenter?
Use AWS as a production hosting platform
Availability Zone 1
EC2 Instances
VPN
EC2 Instances
Users or Availability Zone 2
Customers
Customer Datacenter
24. Where do I start?
• Step 1: Strategy
• Step 2: Connectivity
• Step 3: Network
• Step 4: Security
• Step 5: Tier 0 Infrastructure
• Step 6: Application Build
• Step 7: Manage my AWS Datacenter
25. Step 1: Strategy
• Clear definition of needs and usage of
AWS
– What data will I need present?
– What accounts need access to the service?
– Is this a new build or an extension of an
existing workflow?
26. Step 2: Connectivity Options
AWS Direct Amazon Virtual Amazon Virtual
Connect Private Cloud (VPC) Private Cloud (VPC)
Internet
AWS Customer
Managed Managed
Dedicated connection Private VPN Private VPN
between your datacenter connection to your connection to your
and AWS AWS resources AWS resources
27. Step 3: Network
• Virtual Private Cloud (VPC) enables two
important things:
– Local Subnet addressing
– Virtual Private Network (VPN) connections
• There are 4 possible VPC scenarios:
1) Public Subnet Only
2) Public and Private Subnets
3) Public and Private Subnets with VPN
4) Private Subnet Only with VPN
28. Step 4: AWS Security Groups
• Use to create an Access Control List (ACL) for
EC2 Instances
• Create groups to manage types of traffic
– Example:
• Website Tier
• Database Tier
• Network Security Groups can be used to secure
subnet traffic
– Example:
• Trusted
• UnTrusted
29. Step 4: Security Headlines
• Always use VPC
– Network layer ACLs
– Security Group ACLs
– Routing Rules
– Private and Public Subnet Options
• Multifactor Authentication
– Keyfob or Google Authenticator
• Unicast network will require agent based
protection
– IDS, Auditing, etc.
30. Step 5: Tier 0 Infrastructure
• Authentication
– No OS Authentication Service – bring your own
– Active Directory
• Use full Domain Controller or Read-Only Domain Controller in VPC
• Monitoring
– Use your own monitoring system
• Add Cloud Watch metrics for AWS specific services (ELB, EBS, EMR, etc.)
– Use Cloud Watch as your central monitoring system
• Custom scripts available for both Linux and Windows
• Tie into SNS for notifications
• Auditing/Logging
– Use SQS and SNS to notify of AWS specific events
– Connect Instances to your existing system
31. Step 6: Application Build
• Build your VPC, Security Groups, Instances, etc.
and use Cloud Formation to build out a template
once you reach Gold State
• Run Cloud Formation Template to replicate
environment for Dev, Test, Staging or other
environments
• Make your infrastructure build repeatable
• Use source control to track changes
32. Step 7: Manage my AWS Datacenter (On Premises)
Customer Datacenter AWS
Authentication Management Reduced footprint authentication
Audit/Logging AWS Service authorization
Systems Management
Corporate
Data Center
Availability Zone 1
VPN Gateway
Customer Gateway
Corporate
Headquarters
Availability Zone 2
Internet Gateway
S3 SQS/SNS/SES SWF Elastic SimpleDB Dynamo
Beanstalk DB
Branch Offices
33. Step 7: Manage my AWS Datacenter (AWS)
Customer Datacenter AWS
Replicated Authentication Full Authentication
AWS Service Authorization
Audit/Logging
Systems Management
Corporate
Data Center
Availability Zone 1
VPN Gateway
Customer Gateway
Corporate
Headquarters
Availability Zone 2
Internet Gateway
S3 SQS/SNS/SES SWF Elastic SimpleDB Dynamo
Beanstalk DB
Branch Offices
34. 2nd Watch Case Study
• Public website infrastructure needs to be refreshed
• Current infrastructure model doesn’t scale well
• Expensive to deploy & operate to accommodate
peak loads
• AWS equivalent of current infrastructure is 43%-58%
less expensive at typical traffic levels
• AWS scales on-demand to peak traffic levels at very
low costs
• AWS provides a Content Delivery Network at very
low cost, improving page load times and conversion
rate
.
35. Data Security
AWS
– All storage devices follow process
• DoD 5220.22-M (“National Industrial Security Program Operating
Manual”)
• NIST 800-88 (“Guidelines for Media Sanitization”)
– Upon decommission
• Degaussed
• Physically destroyed
Customer on AWS
– S3 data encrypted at rest
– No public interface to data
– All Datacenter traffic is encrypted via IPSec
36. AWS Security
• Secure by default
• VPC to control detailed network access policy
• Elastic Load Balancer is only public interface (80 and
443 only)
• IPSec VPN to Red Lion Datacenter encrypts all
management traffic and traffic to physical assets
(Application Servers, etc.)
37. Integration with Existing Tools
• Existing environment and tools
– VPN for connectivity to existing datacenter
– Existing management tools
– Active Directory with existing domain
• Email and SMS alerts for monitoring and alarms
– Tracks changes to infrastructure due to Auto Scaling
– Alerts based on system indicators
38. High Availability
• Multiple Availability Zones (AZs)
• Region wide AWS tools
• Local Active Directory
• Auto scale group for Web Servers
• Mirror on SQL Servers
39. www.mycompany.com
Elastic Load
Balancer content.mycompany.com
TS+
1
EC2 Authentication Tier
CloudFront
LB IDS IDS LB (CDN)
VPC Subnet A (Public)
IDS
EC2 Authentication Tier
Amazon EBS
Web Web Web Web
CloudWatch Server Server Server Server Snapshots
Alarms
VPC Subnet B
EC2 Authentication Tier
AD DS
Amazon SNS S3
Notifications
VPC Subnet C
EC2 Database Tier
EBS
Snapshots
Amazon SES DB Replication
Email M S
VPC Subnet D
Availability Zone 1 Availability Zone 2
Region: Oregon
VPN Tunnel
Ops Tooling /
Mgmt Tools
Monitoring
Security Group Security / A.V.
Custom RDP Audit
Availability Zone Data Center
Region
40. “With AWS and 2nd Watch, we have found a much more cost
effective way to keep the lights on for a critical part of our
infrastructure while reducing the risk of IT resources getting
distracted from our core business strategies.”
David Barbieri, SVP and CIO
http://aws.amazon.com/solutions/case-studies/red-lion/
Infra Cost Comparison Business Benefits
~58% savings!
• 58% savings over existing infrastructure
AWS Cloud Infrastructure • Faster network speeds
• Improved load times
• Already planning future migrations
Old Infrastructure
(TicketsWest, corporate production)
41. Shared Responsibilities
AWS 2nd Watch or Customer Customer
Facilities Architecture Build Application
Physical Security Engineering Build Application Development
Physical Infrastructure Security Groups Application Fixes / Patches
Network Infrastructure Firewalls Customer Contact
Virtualization Network Configuration Compliance
Infrastructure
Monitoring and Reporting
Operating System
42. Getting Started
• Clearly define your strategy and targets.
• Why team with a partner?
– Lessons learned
– Virtualization example – cost decline with
experience
• Select a workload for AWS
• Measure success
44. Thank You!
To learn more contact info@2ndwatch.com
or visit on the web @ www.2ndwatch.com
Notes de l'éditeur
Cloud computing is a better way to run your business. The cloud helps companies of all sizesbecome moreagile. Instead of running your applications yourself you can run them on the cloud where IT infrastructure is offered as a service like a utility. With the cloud, your company saves money: there are no up-front capital expenses as you don’t have to buy hardware for your projects. The massive scale and fast pace of innovation of the cloud drive the costs down for you. In the cloud, you pay only for what you use just like electricity.The cloud can also help your company save time and improve agility – it’s faster to get started: you can build new environments in minutes as you don’t need to wait for new servers to arrive. The elastic nature of the cloud makes it easy to scale up and down as needed. At the end of the day you have more resources left for innovation which allows you to focus on projects that can really impact your businesses like building and deploying more applications. “With the high growth nature of our business, we were looking for a cloud solution to enable us to scale fast. Think twice before buying your next server. Cloud computing is the way forward.” - Sami Lababidi, CTO, Playfish
The Amazon Web Services platform of technology infrastructure services has grown rapidly since the first service launch in March 2006. One of the reasons we believe companies are adopting these services so quickly is because of our rapid innovation based on customer feedback. We’re constantly adding features and services, and if you look back at AWS launches over the years, you’ll notice our pace of innovation is quick. “I think one reason that Amazon addresses the developer market so well is that they are developers themselves, while most hosting companies are data center operators. Thus, even with respect to core infrastructure automation technologies, Amazon hasn't waited for a known vendor to solve all of their problems, but have attacked solutions themselves head on. This, in turn, allows them to focus on priorities as determined by their customers, as well as innovate new services that customers didn't even know they wanted. If the technologies exist, they will explore them, and maybe use one. However, for a systems software shop like AWS, often the faster, cheaper route is to create the service themselves, the way they want it. – James Urquhart – CNET http://news.cnet.com/8301-19413_3-20098812-240/can-any-cloud-catch-amazon-web-services-part-1/?tag=mncol;txt
Amazon Web Services is steadily expanding its global infrastructure to help customers achieve lower latency and higher throughput. As our customers grow their businesses, AWS will continue to provide infrastructure that meets their global requirements.
You can choose to deploy and run your applications in multiple physical locations within the AWS cloud. Amazon Web Services are available in geographic Regions. When you use AWS, you canspecify the Region in which your data will be stored, instances run, queues started, and databases instantiated.For most AWS infrastructure services, including Amazon EC2, there are eight regions: US East (Northern Virginia), US West (Northern California), EU (Ireland), Asia Pacific (Singapore) and Asia Pacific (Tokyo), AWS GovCloud (US), US West (Oregon), and South America (Sao Paulo).Within each Region are Availability Zones (AZs). Availability Zones are distinct locations that are engineered to be insulated from failures in other Availability Zones and provide inexpensive, low latency network connectivity to other Availability Zones in the same Region. By launching instances in separate Availability Zones, you can protect yourapplications from a failure (unlikely as it might be) that affects an entire zone. Regions consist of one or more Availability Zones, are geographically dispersed, and are in separate geographic areas or countries. The Amazon EC2 service level agreement commitment is 99.95% availability for each Amazon EC2 Region.
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud. It is designed to make web-scale computing easier for developers. Amazon EC2’s simple web service interface allows you to obtain and configure capacity with minimal friction. It provides you with control of your computing resources and lets you run on Amazon’s proven computing environment. Amazon EC2 reduces the time required to obtain and boot new server instances to minutes, allowing you to quickly scale capacity, both up and down, as your computing requirements change. Amazon EC2 changes the economics of computing by allowing you to pay only for capacity that you actually use. Amazon EC2 provides developers the tools to build failure resilient applications and isolate themselves from common failure scenarios.http://aws.amazon.com/ec2/“AWS provided a reliable hosting platform capable of supporting any degree of scalability, and a platform that allowed the development team to focus on the software solution rather than the infrastructure.” – US Department of StateAmazon Elastic Block Store (EBS) provides block level storage volumes for use with Amazon EC2 instances. Amazon EBS volumes are off-instance storage that persists independently from the life of an instance. Amazon Elastic Block Store provides highly available, highly reliable storage volumes that can be attached to a running Amazon EC2 instance and exposed as a device within the instance. Amazon EBS is particularly suited for applications that require a database, file system, or access to raw block level storage. http://aws.amazon.com/ebs/Amazon S3 is storage for the Internet. It is designed to make web-scale computing easier for developers. Amazon S3 provides a simple web services interface that can be used to store and retrieve any amount of data, at any time, from anywhere on the web. It gives any developer access to the same highly scalable, reliable, secure, fast, inexpensive infrastructure that Amazon uses to run its own global network of web sites. The service aims to maximize benefits of scale and to pass those benefits on to developers. http://aws.amazon.com/s3/. “We looked at Amazon S3’s pricing, design and ease-of-use and were blown away. Amazon designed the service so well—it’s simple and elegant, so much so that it was basically a drop-in addition to our current infrastructure. It’s an incredible improvement on everything else out there. At the end of the day, it comes down to cost and performance, and Amazon S3 is the best on both accounts.” - Don MacAskill, CEO, SmugMug
Talking PointsSeveral choices for cloud storage: S3 and EBSNarrativeAWS provides several services for storing of all types of data in the cloud. These services include Amazon S3 (Simple Storage Service) and Amazon EBS (Elastic Block Store). A third service, AWS Import/Export, provides a technique for the initial forklift of very large amounts of data into Amazon S3.Amazon S3 and Amazon EBS each fit different needs, and we will discuss each in detail on the next two slides.
Amazon EC2 enables our partners and customers to build and customize Amazon Machine Images (AMIs) with software based on your needs. These are the database servers available for use today within Amazon EC2: Oracle Database 11g,Microsoft SQL Server Standard,MySQL Enterprise,IBM DB2,IBM Informix Dynamic Server. http://aws.amazon.com/ec2/Amazon Relational Database Service (Amazon RDS) is a web service that makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while managing time-consuming database administration tasks, freeing you up to focus on your applications and business. Amazon RDS gives you access to the capabilities of a familiar MySQL or Oracle database. This means that the code, applications, and tools you already use today with your existing databases can be used with Amazon RDS. Amazon RDS automatically patches the database software and backs up your database, storing the backups for a user-defined retention period and enabling point-in-time recovery. You benefit from the flexibility of being able to scale the compute resources or storage capacity associated with your relational database instance via a single API call. In addition, Amazon RDS for MySQL makes it easy to use replication to enhance availability and reliability for production databases and to scale out beyond the capacity of a single database deployment for read-heavy database workloads. As with all Amazon Web Services, there are no up-front investments required, and you pay only for the resources you use. http://aws.amazon.com/rds/Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. With a few clicks in the AWS Management Console, customers can launch a new Amazon DynamoDB database table, scale up or down their request capacity for the table without downtime or performance degradation, and gain visibility into resource utilization and performance metrics. Amazon DynamoDB enables customers to offload the administrative burdens of operating and scaling distributed databases to AWS, so they don’t have to worry about hardware provisioning, setup and configuration, replication, software patching, or cluster scaling. http://aws.amazon.com/dynamodb/
Examining AWS, you’ll see that the same security isolations are employed as would be found in a traditional datacenter. These include physical datacentre security, separation of the network, isolation of the server hardware, and isolation of storage. AWS customers have control over their data: they own the data, not us; they can encrypt their data at rest and in motion, just as they would in their own datacenter. Amazon Web Services provides the same, familiar approaches to security that companies have been using for decades. Importantly, it does this while also allowing the flexibility and low cost of cloud computing. There is nothing inherently at odds about providing on-demand infrastructure while also providing the security isolation companies have become accustomed to in their existing, privately-owned environments.AWS is a secure, durable technology platform with industry-recognized certifications and audits: PCI DSS Level 1, ISO 27001, FISMA Moderate, HIPAA, SAS 70 Type II. Our services and data centers have multiple layers of operational and physical security designed to protect the integrity and safety of your data. Visit our Security Center to learn more http://aws.amazon.com/security/.Certifications and Accreditations: AWS has successfully completed a SAS70 Type II Audit, and will continue to obtain the appropriate security certifications and accreditations to demonstrate the security of our infrastructure and services. PCI DSS: We finalized our 2011 PCI compliance audit, publishing our extensive Report on Controls (ROC) with an expanded scope. Our new November 30, 2011 PCI Attestation of Compliance, a document from our auditor stating we are compliant with all 12 PCI security standard domains, is available now for customers considering or working on moving PCI systems to AWS. The new Attestation of Compliance document includes some key changes this year: This year we’ve added RDS, ELB, and IAM as in-scope services. The addition of these services is fantastic news for PCI customers since they can now leverage RDS to store cardholder and transaction data, use ELB to manage card transaction traffic, and rely on IAM features as validated control mechanisms that satisfy PCI security standard requirements. Consistent with last year, EC2, S3, EBS, and VPC continue to be in scope. Physical Security: Amazon has many years of experience in designing, constructing, and operating large scale data centers. AWS infrastructure is housed in Amazon-controlled data centers throughout the world. Only those within Amazon who have a legitimate business need to have such information know the actual location of these data centers, and the data centers themselves are secured with a variety of physical barriers to prevent unauthorized access.Secure Services: Each of the services within the AWS cloud is architected to be secure and contains a number of capabilities that restrict unauthorized access or usage without sacrificing the flexibility that customers demand. Data Privacy: AWS enables users to encrypt their personal or business data within the AWS cloud and publishes backup and redundancy procedures for services so that customers can gain greater understanding of how their data flows throughout AWS.“In essence, the security system of AWS’s platform has been added to our existing security systems. We now have a security posture consistent with that of a multi-billion dollar company.” - Jim Warren, CIO, Recovery Accountability and Transparency Board (RATB)
Security and Operational Excellence is the Top most priority. Its Priority 0. No exceptions allowed. We understand that Security and governance are often the top issues identified when we talk to our customers. Instead of tossing this over the fence, we really advice and highly recommend our customers to invest in security review early in the process. Get your security folks talk to our security folks and understand security and compliance. Security is really not on or off. It’s a spectrum of options that you can choose from that is right for your application.
AWS Direct Connect makes it easy to establish a dedicated network connection from your premise to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your datacenter, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections. AWS Direct Connect lets you establish a dedicated network connection between your network and one of the AWS Direct Connect locations. Using industry standard 802.1q VLANs, this dedicated connection can be partitioned into multiple logical connections. This allows you to use the same connection to access public resources such as objects stored in Amazon S3 using public IP address space, and private resources such as Amazon EC2 instances running within an Amazon Virtual Private Cloud (VPC) using private IP space, while maintaining network separation between the public and private environments. Logical connections can be reconfigured at any time to meet your changing needs. http://aws.amazon.com/directconnect/Amazon Virtual Private Cloud (Amazon VPC) lets you provision a private, isolated section of the Amazon Web Services (AWS) Cloud where you can launch AWS resources in a virtual network that you define. With Amazon VPC, you can define a virtual network topology that closely resembles a traditional network that you might operate in your own datacenter. You have control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can easily customize the network configuration for your Amazon VPC. For example, you can create a public-facing subnet for your webservers that has access to the Internet, and place your backend systems such as databases or application servers in a private-facing subnet with no Internet access. You can leverage multiple layers of security, including security groups and network access control lists, to help control access to Amazon EC2 instances in each subnet. Additionally, you can create a Hardware Virtual Private Network (VPN) connection between your corporate datacenter and your VPC and leverage the AWS cloud as an extension of your corporate datacenter. http://aws.amazon.com/vpc/Dedicated Instances are Amazon EC2 instances launched within your Amazon VPC that run hardware dedicated to a single customer. Dedicated Instances let you take full advantage of the benefits of Amazon VPC and the AWS cloud – on-demand elastic provisioning, pay only for what you use, and a private, isolated virtual network, all while ensuring that your Amazon EC2 compute instances will be isolated at the hardware level. You can easily create a VPC that contains dedicated instances only, providing physical isolation for all Amazon EC2 compute instances launched into that VPC, or you can choose to mix both dedicated instances and non-dedicated instances within the same VPC based on application-specific requirements. http://aws.amazon.com/dedicated-instances/
The AWS Cloud powers hundreds of thousands of businesses in 190 countries around the world. Large enterprises are using AWS for the following use cases:Running enterprise applications such as Oracle, SAP and Microsoft Applications (Windows Server, Sharepoint Server and SQL Server).Creating custom business applications to support the needs of internal functions such as HR, finance and sales.Developing customer-facing web applications that power ecommerce, mobile, gaming, social media and marketing websites.Processing Big Data and High Performance Computing workloads in the medical, imaging, genome sequencing, web analytics and business intelligence fields. Disaster Recovery, Backup or Archive of business critical data to the Amazon Web Services cloud.
Authentication and AuthorizationMonitoring and Management ToolsAudit/Logging
AWS Direct Connect makes it easy to establish a dedicated network connection from your premise to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your datacenter, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections. AWS Direct Connect lets you establish a dedicated network connection between your network and one of the AWS Direct Connect locations. Using industry standard 802.1q VLANs, this dedicated connection can be partitioned into multiple logical connections. This allows you to use the same connection to access public resources such as objects stored in Amazon S3 using public IP address space, and private resources such as Amazon EC2 instances running within an Amazon Virtual Private Cloud (VPC) using private IP space, while maintaining network separation between the public and private environments. Logical connections can be reconfigured at any time to meet your changing needs. http://aws.amazon.com/directconnect/Amazon Virtual Private Cloud (Amazon VPC) lets you provision a private, isolated section of the Amazon Web Services (AWS) Cloud where you can launch AWS resources in a virtual network that you define. With Amazon VPC, you can define a virtual network topology that closely resembles a traditional network that you might operate in your own datacenter. You have control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can easily customize the network configuration for your Amazon VPC. For example, you can create a public-facing subnet for your webservers that has access to the Internet, and place your backend systems such as databases or application servers in a private-facing subnet with no Internet access. You can leverage multiple layers of security, including security groups and network access control lists, to help control access to Amazon EC2 instances in each subnet. Additionally, you can create a Hardware Virtual Private Network (VPN) connection between your corporate datacenter and your VPC and leverage the AWS cloud as an extension of your corporate datacenter. http://aws.amazon.com/vpc/Dedicated Instances are Amazon EC2 instances launched within your Amazon VPC that run hardware dedicated to a single customer. Dedicated Instances let you take full advantage of the benefits of Amazon VPC and the AWS cloud – on-demand elastic provisioning, pay only for what you use, and a private, isolated virtual network, all while ensuring that your Amazon EC2 compute instances will be isolated at the hardware level. You can easily create a VPC that contains dedicated instances only, providing physical isolation for all Amazon EC2 compute instances launched into that VPC, or you can choose to mix both dedicated instances and non-dedicated instances within the same VPC based on application-specific requirements. http://aws.amazon.com/dedicated-instances/
Working with AWS solutions provider 2nd Watch to create hyper-local web and mobile platforms for travelersMigrating from co-location facility with limited flexibility, inadequate performance, and high operating expensesUtilizing Amazon EC2 with Elastic Load Balancing, Amazon S3, Amazon VPC, and Amazon CloudFront.