Download - AWS Summit Paris - Keynote Slides
AWS Summit 2013Navigating the Cloud
AWS Summit, June 25th
Adam Selipsky, Vice-President, AWS
Networking Reception and Partner Expo
Breakout Tracks
9:00 - 11:00
Lunch and Partner Expo12:00 - 13:30
13:30 - 17:30
17:30 - 19:00
Bill Murray, General Manager, Security, AWS11:00 - 12:00
Gold Sponsors
Silver Sponsors
Visit our Partner & Solution Expo
Announcing: AWS French User Group
#awssummit
Join the Conversation
AWS Summit 2013Innovation Powered by the AWS Cloud
Adam SelipskyVice-President, AWS
7 Years YoungAmazon S3 launched: March 14th 2006
Broad & Deep Services to Support Virtually Any Cloud Workload
Compute NetworkingStorage &
CDNDatabase App Services Management
Amazon EC2
Amazon EMR
Amazon ELB
Amazon Route 53
Amazon VPC
AWS Direct Connect
Amazon S3
Amazon Glacier
Amazon EBS
AWS Import/Exp
Amazon RDS
Amazon DynamoDB
Amazon Elasticache
Amazon RedShift
Amazon CloudSearch
Amazon SWF
Amazon SQS
Amazon SNS
Amazon SES
Amazon Elastic Transcoder
AWS IAM
Amazon CloudWatch
AWS Elastic Beanstalk
AWS Cloudformation
AWS Data Pipeline
AWS OpsWorks
AWS CloudHSM
AWS Trusted Advisor
AWS Marketplace
AWS Premium Support
AWS Professional Services
AWS Training
2007 2008 2009 2010 2011 2012
159
82
6148
249
Including:
AWS Oregon Region
Elastic Beanstalk (Beta)
Amazon SES (Beta)
AWS CloudFormation
Amazon RDS for Oracle
AWS Direct Connect
AWS GovCloud (US)
Including:
Amazon SNS
Amazon CloudFront
Amazon Route 53
S3 Bucket Policies
RDS Multi-AZ Support
RDS Reserved Databases
AWS Import/Export
Including:
Amazon RDS
Amazon VPC
Amazon EMR
EC2 Auto Scaling
Including:
6 new Direct Connect Sites
DynamoDB
RDS in VPC
AWS Trusted Advisor
CloudFormation in VPC
AWS Storage Gateway
Amazon Glacier
Cost Allocation Tagging
CloudFront Live Streaming
Amazon CloudSearch
AWS Marketplace
Red Hat Reserved Instances
New EC2 Instance Types
Multi-AZ Oracle RDS
RDS SQL Server
EC2 RI Marketplace
AWS Service Launches & Feature Updates
January February March
2118
14Including:
AWS Management Console Tablet and Mobile Support
Elastic Transcoder
Price reduction for Amazon EC2, global expansion of M3 Standard
Instances, and reduced data transfer pricing.
Including:
Amazon Redshift Available to All Customers
AWS OpsWorks
IAM Role and Auto Scaling Support for Amazon CloudWatch Monitoring
Scripts for Linux
Amazon SQS and SNS Announce Lower Prices and Expanded Free Tiers - 50% price drop for SQS
Including:
New Lower Pricing for Amazon EC2 Reserved Instances
AWS Free Usage Tier Now Includes Amazon ElastiCache
Amazon DynamoDB Reduces Prices
AWS Elastic Beanstalk for Node.js
Amazon RDS now supports 3TB and 30,000 Provisioned IOPS per database
instance
Announcing EBS-Optimized Support for Additional Instance Types
53 AWS Service Launches & Feature Updates this year
AWS Global Infrastructure
9 regions
25 availability zones
38 edge locations
$5.2B retail business
7,800 employees
A whole lot of servers
2003
2012
Every day, AWS adds
enough server capacity to power this
$5B enterprise
$5.2B retail business
7,800 employees
A whole lot of servers
2003
Hundreds of Thousands of Customers in 190 Countries
Free steak campaign
Facebook page
Mars exploration ops
Consumer social app
Ticket pricing optimization
SAP & Sharepoint
Securities Trading Data Archiving
Gene sequencing
Marketing web site
Interactive TV apps
Financial markets analytics
R&D data analysis
Consumer social app
Big data analytics
Web site & media sharing
Disaster recovery
Media streaming
Web and mobile apps
Streaming webcasts
Facebook app
Consumer social app
Every Imaginable Use Case
Comprehensive Security Capabilities to Support Virtually Any Workload
VPC
Direct connect
Dedicated instances
Identity & Access Management
S3 Encryption
Security groups for EC2 and VPC
Network ACL
Multi-Factor Authentication
CloudHSM
RDS Oracle transparent encryption
Certifications & Accreditations for Workloads that Matter
“Amazon Virtual Private
Cloud offers an additional
level of security and an
ability to integrate with
other aspects of our
infrastructure.”
Dr. Michael Miller, Head of HPC for R&D
35 Price
Reductions
Since 2006
The AWS Price Reduction Philosophy
Ecosystem
Global Footprint
New Features
New ServicesInfrastructure Innovation
More AWS Usage
More Infrastructure
Economies of Scale
Lower Infrastructure
Costs
Reduced Prices
More Customers
AWS Trusted Advisor
Cost optimizations
Security & Availability checks
Performance
recommendations
329,000 recommendations
$22M in annualized savings
To: AWS Customer
From: Amazon Web Services
Subject: Potential Cost Savings
Dear Customer,We have identified $49,000 of potential savings in your current AWS deployment.
-Amazon Web Services
To: AWS Customer
From: Amazon Web Services
Subject: Potential Cost Savings
Dear Customer,We have identified $49,000 of potential savings in your current AWS deployment.
-Amazon Web Services
To: AWS Customer
From: Amazon Web Services
Subject: Potential Cost Savings
Dear Customer,We have identified $49,000 of potential savings in your current AWS deployment.
-Amazon Web Services
Obsessed with Helping Customers Save Money
Thriving Partner Ecosystem
Consulting Partners Technology Partners
AWS Marketplace: Buy Software Pre-Configured to Run on AWS
Growth since Jan 1, 2013
25 categories
778 product listings
Active customers
Usage per customer
102%
53%
Why are customers adopting cloud computing?
1. Trade Capital Expense for Variable Expense
On-Premises
$0 to get started
Pay as you goSource: IDC Whitepaper, sponsored by
Amazon, “The Business Value of Amazon Web Services Accelerates Over Time.”
July 2012
Average of 400 servers replaced
per customer
2. Lower Variable Expense Than Companies Can Do Themselves
Source: IDC Whitepaper, sponsored by Amazon, “The Business Value of Amazon Web Services Accelerates Over Time.” July 2012
70% lower 5 year TCO per app
AWS
On-premises
$3.01M
$0.90M
50% reduction in analytics costs
Saved $34M on SmartHub app
$3M reduction in hosting costs
3. You Don’t Need to Guess Capacity
Self Hosting
Waste
Customer
Dissatisfactio
n
Actual demand
Predicted Demand
Rigid
Actual demand
Elastic
The Cloud
4. Dramatically Increase Speed & Agility
Old World: Infrastructure in Weeks
4. Dramatically Increase Speed & Agility
Add New Dev Environment
Add New Production Environment
Add New Environment in Japan
Add 1,000 Servers
Remove 1,000 servers
Number of Instances 1,000
Instance Type M3 Extra Large
Availability Zone US-West-2b
Launch
aws.amazon.com/managementconsole
AWS: Infrastructure in MinutesOld World: Infrastructure in Weeks
“We reduced application deployment times from 2
months to 3 days.”
“Time to deploy went from weeks to hours.”
Source: IDC Whitepaper, sponsored by Amazon, “The Business Value of Amazon Web Services Accelerates Over Time.” July 2012
Overall
Deployment
Integration
Testing
Development
0
100%
200%
300%
400%
500%
600%
Imp
roved
Eff
icie
ncy
Comparison of developer efficiency with AWS and in-house alternatives
5X Faster
Increase Innovation When Experimentation Is Fast and Low Risk
Old world: AWS:
Experiment infrequently
Failure is expensive
Less innovation
Near $0 Experiment often
Fail quickly at a low cost
More innovation
Thierry de ValloisDirector of Technology
/ Utilisations du Cloud Computing dans le cadre du Réseau Ferré National
Sujets de la présentation
Faciliter la connaissance par le grand public de nos projets ferroviaires grâce à la cartographie
Réaliser ponctuellement un grand nombre de calculs à un coût accessible dans un temps raisonnable
Utilisations du Cloud Computing dans le cadre du Réseau Ferré National
La naissancedu projet
Chapitre 1
/ Utilisations du Cloud Computing dans le cadre du Réseau Ferré National
Une idée chemine au sein de nos équipes
Une mission de RFFnFaciliter l’accès aux propositions de tracés d’un grand projet ferroviaire aux différentes étapes de la
consultation
Une ciblenLe Grand Public
Les contributeurs internesnL’équipe métier en charge du projetnLe géomaticien régionalnL’équipe SI en charge de l’offre cartographiquenL’équipe SI en charge de l’innovation
Des échanges à l’origine d’une idéenOffrir sur le site internet du projet la possibilité
de naviguer dans nos données cartographiques
/ Utilisations du Cloud Computing dans le cadre du Réseau Ferré National
La déclinaison du besoin
Les données à présenternLes données décrivant l’environnement :
⎯carte de la France entière : routes et photosnLes données RFF
⎯Le réseau existant⎯Le projet : tracés, photos aériennes le long du tracé
Les fonctions à offrirnSe localiser nSe déplacer sur la cartenZoomernAfficher, masquer des données
Utilisations du Cloud Computing dans le cadre du Réseau Ferré National
D’une idéeà
Un service
Chapitre 2
/ Utilisations du Cloud Computing dans le cadre du Réseau Ferré National
Une proposition d’expérimentation
L’équipe innovation SI propose l’essai du Cloud
Le service de fourniture de données d’arrière-plan
Offre de services BingMap
Le service de recherche d’une localisation Offre de services BingMap
Le service de fourniture des données RFF de type vecteur
Offre IAAS de AWS supportant une solution ARCGIS SERVER de l’éditeur ESRI
Le service de fourniture des données RFF de type image
Offre de stockage d’AWS
Le service de restitution à l’utilisateur final Solution 1 : Développement sur la base du client javascript de la société ESRI
Solution 2 (retenue): Développement sur la base du client javascript de la société Microsoft
/ Utilisations du Cloud Computing dans le cadre du Réseau Ferré National
Convaincre en interne pour lancer le projet
Le DSI
Le RSSI L’architecte
Le responsable de la production
/ Utilisations du Cloud Computing dans le cadre du Réseau Ferré National
Des exigences inhabituelles
Le publicnLes internautes et non des utilisateurs identifiés de notre SI
disponibiliténLe service fonctionne en mode 24h/24 et 7j/7nUne sensibilité très forte dans la semaine qui suit la publication de nouvelles données
La sollicitationnLa capacité à absorber de forts pics de charge sur de courtes périodes
L’ergonomienIntuitive et fluide (similaire à notre expérience sur Internet)
Le déploiementnLa capacité de déployer rapidement le service pour tous les projets RFF qui en ont besoin
/ Utilisations du Cloud Computing dans le cadre du Réseau Ferré National
Situation deux ans après l’expérimentation
LES SITES EN PRODUCTIONnNotre site institutionnelnUn site projet
LES SITES PREVUSnMise en production d’un site projet pour juillet 2013 avec orthophotos
nDéploiement d’une carte interactive analogue sur 7 autres sites de grands projets d’ici fin 2013
Utilisations du Cloud Computing dans le cadre du Réseau Ferré National
Développementen cours
d’un nouvelusage
Chapitre 3
/ Utilisations du Cloud Computing dans le cadre du Réseau Ferré National
Besoins de capacités de calculs
Le problèmenEffectuer un calcul d’itinéraire sur le réseau ferré pour tous les trains prévus sur un an environ
4 fois par an
Les dimensions du problèmes nConnaître le descriptif de l’infrastructure ferroviaire et ses évolutions jour par jour sur la
période de calculnEffectuer environ 6 000 000 de calculs d’itinéraires
/ Utilisations du Cloud Computing dans le cadre du Réseau Ferré National
Plus vite, sans investir
Le recours au Cloud :nLa disponibilité de n serveurs pour distribuer les calculsnUn coût fonction juste du temps de calcul nPas d’investissements pour une infrastructure temporaire
Situation des résultats obtenus :n12 heures sur 10 serveurs au lieu de 4 jours sur un seulnUne facture de 100 $ pour 6 000 000 de calculs
Retour d’expérience :nAdapter non seulement sa gestion de production informatique, mais aussi ses techniques de
développement
Utilisations du Cloud Computing dans le cadre du Réseau Ferré National
A bientôtSur nos lignes
/ Titre de la présentation
Merci!
5. Stop Spending Money on Undifferentiated Heavy Lifting
buy and install new hardware
set up and configure new software
build new data centers
so you don’t have to...
Data Centers
Power
Cooling
Cabling
Networking
Racks
Servers
Storage
Labor
We take care of...
6. Go Global in Minutes
The Benefits of Cloud Computing
✔ ✔ ✔ ✔ ✔
Replace CapEx with
OpEx
Lower Overall Costs
No More Guessing Capacity
Agility / Speed /
InnovationShift Focus to Differentiation
Go Global in Minutes
✔
Pierre-Alexandre StanislasChief Technology Officer
Présenta)on de Millésima•Négociant en vin fondé en 1983, basé à Bordeaux• 2 500 000 bouteilles en stock• 70 000 clients par)culiers livrés dans 120 pays• CA 40 M€•Mul)canal• Panier moyen de 2000€• Premier site e-‐commerce en 1999
Oops! My Mistake...• Lancement d'un site Magento USA fin 2009•DIY• Trés bon ROI• Rm -‐rf /•Get a team
Let's get serious• Bascule de nos 14 sites sous Magento début 2010•Hébergeur physique "spécialisé"• Contrat de 3 ans• Catastrophe: Don't get Married in Vegas!
Efficiency•Hébergeur de renommée interna)onale• Trés gros Hardware & equipes qualifiées• Tenta)ve de Hack et choix Cornélien!• Toujours pas adapté à nos besoins
Test and Learn•Début 2012 le web fait 60% du CA et 80% des nouveaux clients• Et le Cloud? Pourquoi pas mes lequel?• Test de 2 "grands" Cloud• Test de l'infogérance•And the Winners are...
AWS + eNovance• Scalabilité : Hardware à la demande• Préproduc)on === Produc)on• Facture plus légère• Support devops 24/7 en Français• Plus de sueurs froide aux annonces du Marke)ng •Don’t Worry be Happy!
Merci!
AWS Adoption in the Enterprise
Enterprises are Adopting AWS to Achieve the Benefits of the Cloud
✔ ✔ ✔ ✔ ✔ ✔
Replace CapEx with
OpEx
Lower Overall Costs
No More Guessing Capacity
Agility / Speed /
InnovationShift Focus to Differentiation
Go Global in Minutes
The Benefits Of The Cloud Are Only Possible IN THE CLOUD
“Private” Cloud x x x xx x
✔ ✔ ✔ ✔ ✔ ✔
Replace CapEx with
OpEx
Lower Overall Costs
No More Guessing Capacity
Agility / Speed /
InnovationShift Focus to Differentiation
Go Global in Minutes
Forrester Foresights Survey Data , Q3 2012
Self-service Portals
24%
Resource Automation
27%
Resource Tracking
29%
Cost Chargeback
14%
Customers are Struggling to Deliver on Promises of the “Private Cloud” Vendors
Have you implemented these cloud features?
Many Enterprises Worry that These are the Only Two Choices
Build a “private” cloud
Rip and replace with AWS
#1 #2
The Good News is that the Cloud isn’t an ‘All or Nothing’ Choice
Corporate
Data Centers
On-Premises Resources
Cloud Resources
Seamless Integration
Active Directory
Network Configuration
Encryption
Back-up Appliances
Users & Access Rules
Your Private Network
HSM Appliance
Cloud back-ups
AWS Direct Connect
Your On-
Premise AppsYour Cloud
Apps
Integrating AWS with Your Existing On-Premises Infrastructure
Corporate Data Centers
Schneider Electric Delivers Apps Globally with AWS
Our Ecosystem Allows You to Use Your Existing Management Tools
Single Pane of Glass
On-Premises Datacenters
Management Tool Partners
How Enterprises Are Using AWS
Strategy 1: Cloud for Development & Test Environments
SAP
Reduced deployment time from weeks to days
Oracle Enterprise Applications
Reduced dev & test environment costs
SAP
70% reduction in operational costs
Strategy 2: Build New Apps for the Cloud
Faster to build
Facebook App
Global Web Sites
Mobile Streaming
Social Games
Consumer apps
Genetic Sequencing
Marketing Campaigns
Less expensive to run
Distributed architectures for high availability
Easier to manage
Financial record archiving
Canal+ Runs Key Customer Apps on AWS
Le Grand Journal iPad App
Analytics
Backup
Storage Gateway
Elastic Map Reduce
RedShift
Amazon S3
Strategy 3: Use Cloud to Make Existing On-Premises Apps Better
...
Corporate Data Centers
App 1
App 2
App N
Strategy 4: New Apps Powered by Both Cloud & On-Premises Resources
AWS serves up application content
& data
Integration back to Samsung data
centers for financial transactions
Corporate Data Centers
Hybrid App
Le Figaro Powers its iOS & Android Apps with AWS
Strategy 5: Migrate Existing Enterprise Apps to the Cloud
1/3 of servers migrated to AWS
Customer payments, content delivery & web sites
1 - 1.5M GBP saved in last 2 years
Expects to save additional 3M GBP in the next 3 years as they move to 75% AWS
App
Corporate Data Centers
Sean BurkeChief Technology Officer
Profile 2012
World leader in building materials
Major player in the cement, aggregates and concrete industries
We contribute to the construction of cities throughout the world with innovative solutions, providing cities with more housing, and make them more compact, more durable, more beautiful and better connected
Operating in 64 countries
65,000 employees
€15.8 billion of annual sales
1,570 production sites
Listed on the Paris Stock Exchange
74
Presentation name or chapter Date |
A well-balanced geographical portfolio
75
North America
€3,375m 8,821
Latin America
€961m 2,609
Middle East and Africa
€4,283m 19,644
Western Europe
€3,181m 11,448
Central and Eastern Europe
€1,270m 7,041
Asia
€2,746m 14,774
Annual sales Employees
|Building Better Cities| |May 2013|
Our markets
76
HOUSING ROADS
RAILWAYS BRIDGES
INFRASTRUCTURE PRIVATE/PUBLIC BUILDINGS
On all these markets, we provide innovative and environmentally-friendly solutions.
§The State of Global Economy§Long Term Stagnation in the Developed World§Rapid Growth in the Developing World (BRICs, etc)
§Lafarge’s Financial Position§High Level of Indebtedness post ORASCOM in 2008 ( €17 bn in 2008) §Share Price Collapse and down grading to “Junk” status
Economic Context
Architectural Context
Technology Debt§Hardware…..Long term under-investment§Software….Too many legacy versions in production
Lack of consistent architecture§Data Centres…. Too many§Software…. Too much
Lack of business confidence §Failure of services during critical business periods
Strategic Directions
§Consolidate and decommission where we can ( Create critical mass )
§Lease don’t buy (CAPEX to OPEX)
§Move to the cloud ( Pay for use )
§Partner ( Share risk )
79
CTO Vision Simplified
Physical Infrastructure (Data Centres, Networks)
Logical Infrastructure (Middleware, Identity and Access Management, DB’s)
Application Bricks
Security
Governance
CTO Vision
Security
Governance
Physical Infrastructure
Middleware ( OS’s, DB’s, etc)
Identity Management and Access Rights Management Service ( Employee Provisioning )
Employee ID
In House DC Public Cloud Private
( On / Off Premise)
ERP (Test)
ERP (Dev)
ERP (Prod)
HRIS
Email Social Net-
working
Content Manage-
ment
CRM Internet,
Intranet (Portals,
etc)
Consistent Management Tools
Consistent User Experience
Lafarge’s AWS Experience§ Initiative driven by:§ stability problems created by ageing hardware platforms § lack of bandwidth during the DC consolidation
§Group Institutional Sites migrated during 2010 and 2011§ ROI under 3 months§ Mirroring in place for key sites
§Group Internet Sites migrated during 2012§ ROI under 12 months§ Permanent VPN in place betz
§Circa 50 VMs in production
§Key Success Factors § Partnership and technical support from Edifixio§ Clarity of Roles and Responsibilities
§Future Plans§ Platform modernisation with migration from Websphere to Drupal
82
Thank You!
83
Strategy 6: All-in
10,000s of EC2 instances in multiple regions & zones
100s of middle tier services & applications
~70 billion events per day
At peak consumes 1/3 of US Internet bandwidth
What have we been working on?
Compute Services
Amazon EC2
Auto Scaling
Amazon Elastic Load Balancing
Actual
EC2
Linux
Windows
Hi I/O instances
Reserved Instance
Marketplace
Next gen standard
instances
EC2
EC2
EC2
EC2 A
EC2 B
EC2 CElastic load
balancer
Total Amazon Elastic Map Reduce (EMR) Clusters Launched by Customers
0
1,500,000
3,000,000
4,500,000
6,000,000
5/22/2010
7/3/2010
8/14/2010
9/25/2010
11/6/2010
12/18/2010
1/29/2011
3/12/2011
4/23/2011
6/4/2011
7/16/2011
8/27/2011
10/8/2011
11/19/2011
12/31/2011
2/11/2012
3/24/2012
5/5/2012
6/16/2012
7/28/2012
9/8/2012
10/20/2012
12/01/2012
1/12/2013
2/23/2013
4/6/2013
5.5 M clusters launched since May 2010
Amazon VPC
EC2 EC2
EC2EC2
Amazon Route 53
Availability Zone B
Availability Zone A
AWS Direct Connect
Los AngelesSingapore
JapanLondon
Sao PaoloNew YorkSydney
AWS Networking Services
Amazon S3 AWS Storage Gateway Amazon EBS
images
videosfiles
binariessnapshots
S3EC2
EBS
Your datacenter
compute
storage
Provisioned IOPS
images
videosfiles
binariessnapshots
Amazon Glacier
Storage Services
Easily archive files from on-premises or directly from Amazon S3
$0.01 per GB per month
Designed for 11 9s of durability, just like Amazon S3Amazon Glacier
images
videosfiles
binariessnapshots
S3
NAS
Amazon Glacier
Q4 2006
Q1 2007
Q2 2007
Q3 2007
Q4 2007
Q1 2008
Q2 2008
Q3 2008
Q4 2008
Q1 2009
Q2 2009
Q3 2009
Q4 2009
Q1 2010
Q2 2010
Q3 2010
Q4 2010
Q1 2011
Q2 2011
Q3 2011
Q4 2011
Q1 2012
Q2 2012
Q3 2012
Q4 2012
Q1 2013
1,100,000 Million peak requests/sec
Amazon S3: Over 2 Trillion Total Objects
Database Services
Amazon DynamoDB
Amazon RDS
AWS ElastiCache
NoSQLSQL
MySQL
Oracle
MS SQL Server
0 0 0 0 0 0 0
IOPS0 0 0 0 0 0 0
IOPS
EC2web server
memcached cluster
database
Amazon RedShift
BI Tools
S3
Node
Node
Node
Data warehouse as a service
Scale from hundreds of gigabytes to a petabyte or more
Use your existing SQL-based tools
Pay as you go
$999/TB/Year
10GigE (HPC)
Amazon S3
Ingestion Backup Restore
Node Node
Node
Node
Standard BI Tools
JDBC/ODBC
Amazon RedShift
Amazon CloudFront
Amazon CloudSearch
Amazon SES
Amazon Simple Workflow
Amazon SQS
Amazon SNS
HTTP
SMS
ABCDEF
Amazon Elastic MapReduce
AWS Application Services
AWS Management Console
Amazon CloudWatch
AWS IAM
EC2 EBS
RDS ELBUsers
Roles
Access
Permissions
AWS Elastic Beanstalk
AWS CloudFormation
Java
PHP
Python
.NET
Ruby
Web App
SharePoint
SAP
Deployment & Administration
Integrated application management solution for ops-minded developers and IT admins
Model, control and automate applications of nearly any scale and complexity
Management Console, SDKs, or CLI
No additional cost
AWS OpsWorks
AWS CloudHSM
Dedicated access to HSM appliances managed & monitored by AWS, but you control the keys
Increase performance for applications that use HSMs for key storage or encryption
Comply with stringent regulatory and contractual requirements for key protection
EC2 Instance
AWS CloudHSM
AWS CloudHSM
How to choose a cloud vendor
Thank You!
Gold Sponsors
Silver Sponsors
Visit our Partner & Solution Expo
AWS Summit 2013Innovation Powered by the AWS Cloud
Bill MurrayGeneral Manager, Security, AWS
Cloud Security is:
•Universal
•Visible
•Auditable
•Transparent
•Shared
•Familiar
Universal Cloud Security
Every Customer Has Access to the Same Security Capabilities, and
Gets to Choose What’s Right for Their Business
•Governments
•Financial Sector
•Pharmaceuticals
•Entertainment
•Start-Ups
•Social Media
•Home Users
AWS allows you to see your entire infrastructure at the click of a mouse. Can you map your current network?
Visible Cloud Security
ThisOr
This?
Auditable Cloud Security
How do you know AWS is right for your business?
3rd Party Audits•Independent auditors
Artifacts•Plans, Policies and Procedures
Logs•Obtained•Retained•Analyzed
Transparent Cloud Security
Choose the audit/certification that’s right for you:
•ISO-27001
•SOC-1, SOC-2
•FedRAMP
•PCI
Control Objective 1: Security Organization
•Who we are
•Proper control & access within the organization
Control Objective 2: Amazon User Access
•How we vet our staff
•Minimization of access
Security & Compliance Control Objectives
Control Objective 3: Logical Security
•Our staff start with no systems access
•Need-based access grants
•Rigorous systems separation
•Systems access grants regularly re-evaluated & automatically revoked
Security & Compliance Control Objectives
Control Objective 4: Secure Data Handling
•Storage media destroyed before being permitted outside our datacenters
•Media destruction consistent with US Dept. of Defense Directive 5220.22
Control Objective 5: Physical Security and Environmental Safeguards
•Keeping our facilities safe
•Maintaining the physical operating parameters of our datacenters
Security & Compliance Control Objectives
Control Objective 6: Change Management
•Continuous Operation
Control Objective 7: Data Integrity, Availability and Redundancy
•Ensuring your data remains safe, intact & available
Control Objective 8: Incident Handling
•Processes & procedures for mitigating and managing potential issues
Security & Compliance Control Objectives
•Let AWS do the heavy lifting
•This is what we do – and we do it all the time
•As the AWS customer you can focus on your business and not be distracted by the muck
Shared Responsibility
AWS
•Facilities
•Physical Security
•Physical Infrastructure
•Network Infrastructure
•Virtualization Infrastructure
Customer
•Choice of Guest OS
•Application Configuration Options
•Account Management flexibility
•Security Groups
•Network ACLs
•Large non-descript facilities
•Robust perimeter controls
•2 factor authentication for entry
•Controlled, need-based access for AWS employees
•All access is logged and reviewed
Physical Security
Asia%Pacific%(Sydney)%
Physical Security
Distributed Regions – Multiple Availability Zones
Network Security
•DDoS attacks defended at the border
•Man in the Middle attacks
•SSL endpoints
•IP Spoofing prohibited
•Port scanning prohibited
•Packet Sniffing prevented
Amazon EC2 Security
Host operating system•Individual SSH keyed logins via bastion host for AWS admins•All accesses logged and audited
Guest operating system•Customer controlled at root level•AWS admins cannot log in•Customer-generated keypairs
Stateful firewall•Mandatory inbound firewall, default deny mode
Signed API calls•Require X.509 certificate or customer’s secret AWS key
Amazon Virtual Private Cloud (VPC)
•Create a logically isolated environment in Amazon’s highly scalable infrastructure
•Specify your private IP address range into one or more public or private subnets
•Control inbound and outbound access to and from individual subnets using
stateless Network Access Control Lists
•Protect your Instances with stateful filters for inbound and outbound traffic using
Security Groups
•Bridge your VPC and your onsite IT infrastructure with an industry standard
encrypted VPN connection and/or AWS Direct Connect
Amazon Virtual Private Cloud (VPC)
Customer’s*Network*
Amazon*Web*Services*Cloud*
Secure&VPN&Connec-on&over&the&Internet&
Subnets(
Customer’s*isolated*AWS*resources*
Amazon VPC Architecture
Router(
VPN(Gateway(!Internet!
NAT(
AWS&Direct&Connect&–&Dedicated&Path/Bandwidth&
Amazon VPC - Dedicated Instances
•Option to ensure physical hosts are not shared with other customers
•$10/hr flat fee per Region + small hourly charge
•Can identify specific Instances as dedicated
•Optionally configure entire VPC as dedicated
Customers have requirements that require them to use specific encryption key management procedures not previously possible on AWS
•Requirements are based on contractual or regulatory mandates for keeping encryption keys stored in a specific manner or with specific access controls
•Good key management is critical
Customers want to run applications and store data in AWS but previously had to retain keys in HSMs in on-premises datacenters
•Applications may slow down due to network latency
•Requires several DCs to provide high availability, disaster recovery and durability of keys
Customer Challenge: Encryption
•AWS offers several data protection mechanisms including access control,
encryption, etc.
•AWS CloudHSM complements existing AWS data protection and encryption
solutions
•With AWS CloudHSM customers can:
•Encrypt data inside AWS
•Store keys in AWS within a Hardware Security Module
•Decide how to encrypt data – the AWS CloudHSM implements cryptographic functions
and key storage for customer applications
•Use third party validated hardware for key storage
AWS Data Protection Solutions
What is AWS CloudHSM?
•Customers receive dedicated access to HSM appliances
•HSMs are physically located in AWS datacenters – in close network
proximity to Amazon EC2 instances
•Physically managed and monitored by AWS, but customers control their
own keys
•HSMs are inside customer’s VPC – dedicated to the customer and isolated
from the rest of the network
AWS CloudHSM
AWS CloudHSM Service Highlights
•Secure Key Storage – customers retain control of their own keys and
cryptographic operations on the HSM
•Contractual and Regulatory Compliance – helps customers comply with the
most stringent regulatory and contractual requirements for key protection
•Reliable and Durable Key Storage – AWS CloudHSMs are located in multiple
Availability Zones and Regions to help customers build highly available
applications that require secure key storage
•Simple and Secure Connectivity – AWS CloudHSMs are in the customer’s VPC
•Better Application Performance – reduce network latency and increase the
performance of AWS applications that use HSMs
AWS Deployment Models
Logical Server and Application Isolation
Granular Information Access Policy
Logical Network Isolation
Physical server Isolation
Government Only Physical Network and Facility Isolation
ITAR Compliant(US Persons Only)
Sample Workloads
Commercial Cloud ü ü Public facing apps. Web sites, Dev test etc.
Virtual Private Cloud (VPC)
ü ü ü ü Data Center extension, TIC environment, email, FISMA low and Moderate
AWS GovCloud (US) ü ü ü ü ü ü US Persons Compliant and Government Specific Apps.
Everything You Do Now Can Be Done in the Cloud
•Intrusion Detection
•Intrusion Prevention
•Packet Capture
•Firewalls
•Access Control Lists
•Multi-Factor Authentication
•Identity and Access Management
Familiar Cloud Security
AWS Security Resources
•http://aws.amazon.com/security/
•Security Whitepaper
•Risk and Compliance Whitepaper
•Regularly Updated
•Feedback is welcome
Thank You!
Gold Sponsors
Silver Sponsors
Visit our Partner & Solution Expo