2013 AWS Worldwide Public Sector Summit Washington, D.C.
Architecting Mission Oriented Solutions in
AWS GovCloud (US)
CJ Moses
GM, Government Cloud Solutions
Paul Beda
AWS GovCloud (US) Solutions Architect
Ulf Schoo
Principal Partner Solutions Architect
2013 AWS Worldwide Public Sector Summit
AWS GovCloud (US)
• The AWS Government Community Cloud for vetted U.S. Government and U.S. commercial entities with direct or indirect ties to U.S. Government functions and services
• An isolated AWS Region designed to allow U.S. government agencies and customers to move more sensitive workloads into the cloud by addressing their specific regulatory and compliance requirements
• Built with U.S. government customers in mind
– Appropriate for Controlled Unclassified Information (CUI) or Unclassified data and workloads
2013 AWS Worldwide Public Sector Summit
Features
• Data stays in CONUS
• Geographically Separate Availability Zones
• Only approved AWS U.S. Persons have access to restricted areas, networks, and systems for administration
• AWS managed account provisioning; each potential customer is vetted to ensure they are a U.S. entity and not prohibited or restricted from exporting or from providing services by the U.S. government
• Mandatory virtual private cloud (VPC) segregation for all customers, which offers an additional layer of isolation and protection
2013 AWS Worldwide Public Sector Summit
Security is Job Zero!
• Meets Federal standards for security and privacy controls
• Adheres to FISMA Moderate controls
– Certifications and Compliance Programs
• FedRAMP Agency ATO awarded by HHS
• U.S. International Traffic in Arms Regulations (ITAR)
• DIACAP
• SOC 1 - 3
• ISO 27001
• PCI DSS Level 1
• HIPAA MDAA
– FIPS 140-2 Validated Hardware & Cryptographic Services for VPNs and AWS Service API End Points
• http://aws.amazon.com/security/
2013 AWS Worldwide Public Sector Summit
The AWS GovCloud (US) Region
• An isolated AWS region (in the Pacific Northwest)
– Data isolation, network isolation, machine isolation
– Separate, isolated credentials database (IAM)
– FIPS 140-2 hardware for endpoints and VPN
• Addresses specific regulatory and compliance requirements
• Appropriate for
– U.S. Government agencies – US Federal, state and local entities
– U.S. Government contractors, systems integrators, and FFRDCs
– U.S. Companies with IT regulatory requirements
• Designed for more sensitive workloads
2013 AWS Worldwide Public Sector Summit
Migrate existing apps &
data to the cloud
Build new apps, sites, &
services for the mission
Augment on-premises
resources with cloud
capacity
AWS GovCloud (US) Region Services Availability
2013 AWS Worldwide Public Sector Summit
Services to provision, scale and
manage AWS resources
AWS
AWS Management Console Web-based management interface
Amazon CloudWatch Automated monitoring & alerts
AWS Elastic Beanstalk Java & PHP App deployment & management
AWS CloudFormation Automated AWS resource provisioning
AWS IAM Identity & Access Management
Deployment & Administration
Compute Storage
AWS Global Infrastructure
Database
App Services
Networking
Deployment & Management
2013 AWS Worldwide Public Sector Summit
Feature Details
Platform support Support for AWS resources from Amazon EC2
to AWS IAM
Resource creation Creates AWS resources behind the scenes
and reports on progress
Declarative Specify stacks in JSON format and source
control your environments
Customizable Drive stack creation with parameters
Deployment & Administration
• AWS CloudFormation
– Automate creation of ‘stacks’ in a
repeatable way
Compute Storage
AWS Global Infrastructure
Database
App Services
Deployment & Administration
Networking
AWS GovCloud (US) and AWS CloudFormation
Ulf Schoo
Principal Partner Solutions Architect
(Microsoft Specialist)
2013 AWS Worldwide Public Sector Summit
Microsoft Platform on AWS Microsoft “License Mobility through Software Assurance” program provides qualifying
Microsoft Volume Licensing customers with the flexibility to deploy Windows server based
applications in the AWS cloud.
• AWS provides Windows Server, SQL
Server on AWS today
– Amazon Machine Images (AMIs) jointly
developed by Microsoft and AWS
• SharePoint Server, Exchange and other
Microsoft server products can be licensed
to run on AWS
Two licensing models:
•Windows Server
•SQL Server Standard
Pay-as-you-go – AMI pricing
includes software
•SQL Server Enterprise
•SharePoint Server
•Other Microsoft Windows Server products
BYOL – use existing licenses on
AWS
General info on AWS and License Mobility for a variety of MS server
products: http://aws.amazon.com/windows/mslicensemobility/
Detail on AWS and License Mobility with SQL Server:
http://aws.amazon.com/windows/mslicensemobility/sql/
2013 AWS Worldwide Public Sector Summit
Exchange: Solving gnarly problems in seconds
• Physical & logical separation of network traffic
2013 AWS Worldwide Public Sector Summit
Active Directory: Single Site? Multi-Site?
• One PowerShell script
Invoked by AWS CloudFormation
during automatic provisioning
2013 AWS Worldwide Public Sector Summit
Use the tools you are already familiar with…
AWS Tools for Visual Studio AWS Tools for Windows PowerShell
2013 AWS Worldwide Public Sector Summit
…to deploy complex Microsoft Windows based architectures
SharePoint Enterprise Farm Exchange Server
2013 AWS Worldwide Public Sector Summit
From a Thousand Clicks to a Single Script Launching AWS CloudFormation with Windows PowerShell
Demo Deploying a highly available Windows
Server Failover Clustering (WSFC)
Cluster with SQL AlwaysOn Availability
Groups
2013 AWS Worldwide Public Sector Summit
Get Started Today
• Request an account:
– http://aws.amazon.com/govcloud-us/contact/
• Learn more:
– AWS GovCloud (US) Users Guide:
– http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-us-ug.pdf
• Contact us: