enterprise infrastructure in the amazon web services aws
play

Enterprise Infrastructure in the Amazon Web Services (AWS) Cloud - PowerPoint PPT Presentation

Oct 20, 2022 •1.07k likes •1.44k views

Enterprise Infrastructure in the Amazon Web Services (AWS) Cloud David Zych, Erik Coleman, Phil Winans got AWS? http://aws.illinois.edu Lets go! But IT services have dependencies Active Directory private resources on

  1. Enterprise Infrastructure in the Amazon Web Services (AWS) Cloud David Zych, Erik Coleman, Phil Winans

  2. got AWS? • http://aws.illinois.edu • Let’s go! But… • IT services have dependencies • Active Directory • private resources on campus network • private resources in other AWS accounts • packets need roads (routes)

  3. Where we’re going… Ø VPC Networking Concepts • Fantastic Enterprise VPCs and How to Build Them • Using Active Directory in the Cloud • There And Back Again: a Packet’s Journey from UIUC to AWS

  4. VPC Basics • Virtual Private Cloud (VPC) : a logically isolated virtual network in the AWS cloud which is dedicated to your AWS account • an AWS account may have multiple VPCs • each VPC may contain multiple Subnets

  5. Location, Location, Location • a VPC belongs to a single Region (us-east-2: Ohio) • a Subnet belongs to a single Availability Zone (us-east-2a)

  6. Public-facing Subnets • bi-directional communication with any host on the public Internet • if permitted by Security Groups • private IPv4 addresses internally • 1:1 Network Address Translation (NAT) maps each private IP to an Elastic IP or transient public IP

  7. Network Address Translation (Example) DNS: example.com IN A 52.15.99.99

  8. Campus-facing Subnets • bi-directional to campus, without NAT • using Technology Services VPN connection • outbound-only to Internet (optional)

  9. Where we’re going… • VPC Networking Concepts Ø Fantastic Enterprise VPCs and How to Build Them • Using Active Directory in the Cloud • There And Back Again: a Packet’s Journey from UIUC to AWS

  10. Enterprise VPC (vs Independent VPC) • Enterprise networking features • Campus-facing subnets • VPC Peering to other Enterprise VPCs • including Core Services VPCs • Restrictions • Private IPv4 space centrally allocated by Technology Services • us-east-2 (Ohio) only

  11. Recursive DNS Resolution • AmazonProvidedDNS: default, preferred • Cannot resolve University-restricted DNS zones • ad.uillinois.edu • reverse-mapping zones for RFC1918 private IPv4 space • on campus • in AWS Enterprise VPCs (if managed in IPAM)

  12. Recursive DNS Resolution (Options)

  13. Recursive DNS Resolution (Options)

  14. Building Your Enterprise VPC 1. Plan your requirements • Which features? • What subnets? (types, sizes, Availability Zones) • How much private IPv4 space? 2. Request allocation from Technology Services 3. Deploy using Infrastructure-as-Code (IaC) • Download, customize, run! • Terraform See Knowledgebase for details.

  15. Eye Test

  16. Where we’re going… • VPC Networking Concepts • Fantastic Enterprise VPCs and How to Build Them Ø Using Active Directory in the Cloud • There And Back Again: a Packet’s Journey from UIUC to AWS

  17. Active Directory Hybrid Architecture US-East-2 (Ohio) Region DCL RRB Core Services VPC Zone Zone EC2 EC2 “Radius” AD Site “AWS” AD Site 900s 360s PPSB Node 9 RRB HAB DCL 30s “Chicago” AD Site “Urbana” AD Site

  18. AD Extended to AWS Core Services VPC Enterprise Services VPC Availability Zone Availability Zone AWSDC1 EC2 EC2 Campus-facing subnet Public-facing subnet 10.224.n.64/27 10.x.y.0/27 VPC Peer Connection Campus-facing subnet Availability Zone 10.x.y.64/27 LDAP (389) AWSDC2 Campus-facing subnet LDAPS (636) EC2 10.x.y.128/27 Keberos (88 ) ELB Campus-facing subnet 10.224.n.96/27 ldap-ad-aws.ldap.illinois.edu:389 krb-ad-aws.kerberos.illinois.edu:88

  19. Support for Domain-Join • Previously unsupported • Announcing full support today! June 8 th , 2017 • AD Site Boundaries for AWS IP space • Preferred for AWS campus-facing subnets • Reduced functionality for private-facing and public- facing subnets

  20. Support for Domain-Join for Enterprise VPCs Private Campus-facing Public-facing subnet subnet subnet Password ü 15 min delay 15 min delay Synchronization AD Site Failover û ü û Global Catalog û ü û Lookup Dynamic DNS ü * ü ü * DDNS registers private IP only. Best practice is to always use campus-published DNS (IPAM) for application use. Never publicize the AD-registered IP or DNS hostname.

  21. What’s next? • Evaluate need for LDAP over SSL (port 636) • Exploring Amazon IAM Integration • Evaluate AWS-hosted AD options • AWS Directory Services for Microsoft AD • Simple AD • AD Connector • What else do you need?

  22. Where we’re going… • VPC Networking Concepts • Fantastic Enterprise VPCs and How to Build Them • Using Active Directory in the Cloud Ø There And Back Again: a Packet’s Journey from UIUC to AWS

  23. AWS US Regions

  24. To AWS From Campus

  25. Different Ways Networks Connect to AWS

  26. UofI to Internet2 to us-east-2

  27. UofI to WiscNet to us-east-2

  28. Resources • http://aws.illinois.edu • Knowledgebase: search for “AWS” • aws-support@illinois.edu • David Zych <dmrz@illinois.edu> • Erik Coleman <ecc@illinois.edu> • Phil Winans <pwinans@illinois.edu>

Recommend

Chapter 3 Cloud Infrastructure Cloud Computing: Theory and Practice. 1 Dan C. Marinescu

Chapter 3 Cloud Infrastructure Cloud Computing: Theory and Practice. 1 Dan C. Marinescu

Chapter 3 Cloud Infrastructure Cloud Computing: Theory and Practice. 1 Dan C. Marinescu Chapter 3 Contents IaaS services from Amazon. Regions and availability zones for Amazon Web Services. Instances attributes and cost.

3.37k views • 45 slides
Red Hat Enterprise Virtualization - KVM-based infrastructure services at BNL Presented at NLIT,

Red Hat Enterprise Virtualization - KVM-based infrastructure services at BNL Presented at NLIT,

BNL-95296-2011-CP Red Hat Enterprise Virtualization - KVM-based infrastructure services at BNL Presented at NLIT, June 16, 2011 Vail, Colorado David Cortijo Brookhaven National Laboratory dcortijo@bnl.gov Notice: This presentation was

649 views • 35 slides
Amazon Web Services Amazon Web Services Thilina Gunarathne Salsa Group, Indiana University.

Amazon Web Services Amazon Web Services Thilina Gunarathne Salsa Group, Indiana University.

Introduction to Amazon Web Services Amazon Web Services Thilina Gunarathne Salsa Group, Indiana University. With contributions from Saliya Ekanayake. Introduction Fourth Paradigm Data intensive scientific discovery DNA Sequencing

649 views • 47 slides
Introduction to Amazon Web Services Rob Amos - rob@salsadigital.com.au r.bok.im/5 @bok_

Introduction to Amazon Web Services Rob Amos - rob@salsadigital.com.au r.bok.im/5 @bok_

Introduction to Amazon Web Services Rob Amos - rob@salsadigital.com.au r.bok.im/5 @bok_ Owning the Stack Amazon Web Services Overview AWS SDK for iOS Alternative SDK The strategy today is simple: In order to move fast, build

821 views • 50 slides
Relational Document Time Series Amazon Aurora Amazon DocumentDB Amazon Timestream Graph

Relational Document Time Series Amazon Aurora Amazon DocumentDB Amazon Timestream Graph

Relational Document Time Series Amazon Aurora Amazon DocumentDB Amazon Timestream Graph Key-value Amazon RedShi Amazon Neptune Amazon DynamoDB Amazon RDS Ledger In-memory Amazon Quantum AWS Database Migration Amazon ElastiCache

612 views • 6 slides
VMD &amp; NAMD on Elastic Compute Cloud (EC2) instance of Amazon Web Services (AWS) Start VMD

VMD &amp; NAMD on Elastic Compute Cloud (EC2) instance of Amazon Web Services (AWS) Start VMD

VMD &amp; NAMD on Elastic Compute Cloud (EC2) instance of Amazon Web Services (AWS) Start VMD &amp; NAMD AMI (once you have created your AWS account) AMI - Amazon Machine Image Amazon Marketplace - https://aws.amazon.com/marketplace/ Search for

709 views • 36 slides
Infrastructure as a Service Am Beispiel von Amazon EC2 und Eucalyptus Jrg Brendel

Infrastructure as a Service Am Beispiel von Amazon EC2 und Eucalyptus Jrg Brendel

Infrastructure as a Service Am Beispiel von Amazon EC2 und Eucalyptus Jrg Brendel Joerg.Brendel@informatik.stud.uni-erlangen.de Hauptseminar Ausgewhlte Kapitel der Systemsoftware (AKSS): Cloud Computing, Sommersemester 2010 Betreuung:

893 views • 40 slides
Defense Enterprise Computing Alfred J. Rivera Director, Computing Services DISA 24 May 2011

Defense Enterprise Computing Alfred J. Rivera Director, Computing Services DISA 24 May 2011

Defense Enterprise Computing Alfred J. Rivera Director, Computing Services DISA 24 May 2011 Agenda Enterprise Infrastructure DISA Computing Environment DoD Focused Computing Service Opportunities Summary 2 DISA Enterprise

341 views • 11 slides
Developing enterprise level infrastructure and governance for data sharing Jessie Tenenbaum, PhD

Developing enterprise level infrastructure and governance for data sharing Jessie Tenenbaum, PhD

Developing enterprise level infrastructure and governance for data sharing Jessie Tenenbaum, PhD NC Health &amp; Human Services Amy Hawn Nelson, PhD Actionable Intelligence for Social Policy, UPenn August 2020 Department Overview Led by

309 views • 15 slides
Developing Checkpointing and Recovery Procedures with the Storage Services of Amazon Web Services

Developing Checkpointing and Recovery Procedures with the Storage Services of Amazon Web Services

Developing Checkpointing and Recovery Procedures with the Storage Services of Amazon Web Services Luan Teylo 1 , Rafaela C. Brum 1 , Luciana Arantes 2 , Pierre Sens 2 and Lcia M. A. Drummond 1 1 Federal Fluminense University - IC/UFF 2 Sorbonne

861 views • 28 slides
Filesystems for Cloud Services Amazon Holiday Traf fi c

Filesystems for Cloud Services Amazon Holiday Traf fi c

Filesystems for Cloud Services Amazon Holiday Traf fi c https://www.mediapost.com/publications/article/312409/from-cyber-monday-to-cyber-month-the-broadening-o.html Amazon Holiday Traf fi c This is only a 12-day outlook! The peak is likely much

695 views • 38 slides
LEEP: A New Measure to Evaluate Transferability of Learned Representations Cuong V. Nguyen Tal

LEEP: A New Measure to Evaluate Transferability of Learned Representations Cuong V. Nguyen Tal

LEEP: A New Measure to Evaluate Transferability of Learned Representations Cuong V. Nguyen Tal Hassner Amazon Web Services Facebook AI Matthias Seeger Cedric Archambeau Amazon Web Services Amazon Web Services Work done prior to

388 views • 14 slides
Amazon Web Services: Building Blocks for True Internet Applications Jeff Barr Senior Web

Amazon Web Services: Building Blocks for True Internet Applications Jeff Barr Senior Web

Amazon Web Services: Building Blocks for True Internet Applications Jeff Barr Senior Web Services Evangelist jbarr@amazon.com Who am I? Software development background Early RSS: Headline Viewer &amp; Syndic8.com Programmable applications

605 views • 41 slides
amazon.coms Journey to the Cloud John Rauser - @jrauser

amazon.coms Journey to the Cloud John Rauser - @jrauser

amazon.coms Journey to the Cloud John Rauser - @jrauser QConSF - November 2011 Amazon Retail != Amazon Web Services Amazon Retail is a

2k views • 163 slides
Tourism Infrastructure and Enterprise Zone Authority Tourism Enterprise Zone (TEZ) Fiscal and

Tourism Infrastructure and Enterprise Zone Authority Tourism Enterprise Zone (TEZ) Fiscal and

Manager, TEZ Regulation Department Tourism Infrastructure and Enterprise Zone Authority Tourism Enterprise Zone (TEZ) Fiscal and Non-Fiscal Incentives Incentives for Enterprises Outside TEZs TOURISM ENTERPRISE ZONE A vast tract of land with

639 views • 47 slides
Designing Apps for Amazon Web Services Mathias Meyer, GOTO Aarhus 2011 Montag, 10. Oktober 11

Designing Apps for Amazon Web Services Mathias Meyer, GOTO Aarhus 2011 Montag, 10. Oktober 11

Designing Apps for Amazon Web Services Mathias Meyer, GOTO Aarhus 2011 Montag, 10. Oktober 11 Montag, 10. Oktober 11 Me infrastructure code databases @roidrage www.paperplanes.de Montag, 10. Oktober 11 The Cloud Montag, 10.

1.5k views • 112 slides
Adit Enterprise. Adit Enterprise. Adit Enterprise. Adit Enterprise. ADIT Enterprise is a

Adit Enterprise. Adit Enterprise. Adit Enterprise. Adit Enterprise. ADIT Enterprise is a

Adit Enterprise. Adit Enterprise. Adit Enterprise. Adit Enterprise. ADIT Enterprise is a wholesale distribution business providing complete range of Electronic Security Systems Kamlesh 093232 51184 Adit Enterprise Adit Enterprise Adit

619 views • 29 slides
Road Infrastructure and Enterprise Development in Ethiopia Admasu Shiferaw (The College of

Road Infrastructure and Enterprise Development in Ethiopia Admasu Shiferaw (The College of

Road Infrastructure and Enterprise Development in Ethiopia Admasu Shiferaw (The College of William and Mary) With Mans Sderbom, Eyerusalem Siba and Getnet Alemu Introduction Poor infrastructure and high transport costs pose a major

785 views • 30 slides
Instance Support Elastic Load Balancing Amazon EC2 AWS Elastic Beanstalk Amazon EC2 Container

Instance Support Elastic Load Balancing Amazon EC2 AWS Elastic Beanstalk Amazon EC2 Container

Instance Support Elastic Load Balancing Amazon EC2 AWS Elastic Beanstalk Amazon EC2 Container Amazon ECS VMWare Cloud on AWS Registry Amazon Lightsail AWS Outposts AWS Batch Container Functions (Serverless Compute) Amazon ECS* AWS

347 views • 15 slides
Enterprise Services Enterprise Services for Defense Transformation for Defense Transformation

Enterprise Services Enterprise Services for Defense Transformation for Defense Transformation

Enterprise Services Enterprise Services for Defense Transformation for Defense Transformation Prof. Paul A. Strassmann George Mason University, February 19, 2007 1 Prof. Strassmann, GMU, February 2007 Lecture, REPRODUCED BY PERMISSION Case

405 views • 39 slides
ISTA 6-Amazon Packaging Solutions 1 Table of Contents o Introduction to E-Commerce &amp; Amazon

ISTA 6-Amazon Packaging Solutions 1 Table of Contents o Introduction to E-Commerce &amp; Amazon

ISTA 6-Amazon Packaging Solutions 1 Table of Contents o Introduction to E-Commerce &amp; Amazon o Amazon Fulfillment Process &amp; Requirements o Amazon Tier Certification Types o About the APASS Network o ISTA-6 Testing Information o Common

747 views • 35 slides
Infrastructure Enterprise Systems George Dranes, Assistant Director of the Computer Center

Infrastructure Enterprise Systems George Dranes, Assistant Director of the Computer Center

Infrastructure Enterprise Systems George Dranes, Assistant Director of the Computer Center Zach Pratt, Systems Programmer ENTERPRISE SYSTEMS Current Mainframe Configuration Separated into four logical partitions Production

392 views • 14 slides
Town of Burlington Network Infrastructure/Enterprise Security Solutions Fiscal Year 2021 MIS

Town of Burlington Network Infrastructure/Enterprise Security Solutions Fiscal Year 2021 MIS

Town of Burlington Network Infrastructure/Enterprise Security Solutions Fiscal Year 2021 MIS Department Capital Improvements to be funded Project #1 Project #2 5-Year Network Infrastructure plan 5-Year Enterprise Security Solution Total

399 views • 13 slides
SSE Enterprise E-Mobility Infrastructure Overview and Capabilities Introduction to SSE Were

SSE Enterprise E-Mobility Infrastructure Overview and Capabilities Introduction to SSE Were

SSE Enterprise E-Mobility Infrastructure Overview and Capabilities Introduction to SSE Were part of the SSE Group Supporting the low-carbon transition Our vision SSEN Transmission To be a leading energy provider in a low carbon world SSE

956 views • 37 slides

More recommend