enterprise infrastructure in the amazon web services aws
play

Enterprise Infrastructure in the Amazon Web Services (AWS) Cloud - PowerPoint PPT Presentation

Oct 20, 2022 •1.07k likes •1.44k views

Enterprise Infrastructure in the Amazon Web Services (AWS) Cloud David Zych, Erik Coleman, Phil Winans got AWS? http://aws.illinois.edu Lets go! But IT services have dependencies Active Directory private resources on

  1. Enterprise Infrastructure in the Amazon Web Services (AWS) Cloud David Zych, Erik Coleman, Phil Winans

  2. got AWS? • http://aws.illinois.edu • Let’s go! But… • IT services have dependencies • Active Directory • private resources on campus network • private resources in other AWS accounts • packets need roads (routes)

  3. Where we’re going… Ø VPC Networking Concepts • Fantastic Enterprise VPCs and How to Build Them • Using Active Directory in the Cloud • There And Back Again: a Packet’s Journey from UIUC to AWS

  4. VPC Basics • Virtual Private Cloud (VPC) : a logically isolated virtual network in the AWS cloud which is dedicated to your AWS account • an AWS account may have multiple VPCs • each VPC may contain multiple Subnets

  5. Location, Location, Location • a VPC belongs to a single Region (us-east-2: Ohio) • a Subnet belongs to a single Availability Zone (us-east-2a)

  6. Public-facing Subnets • bi-directional communication with any host on the public Internet • if permitted by Security Groups • private IPv4 addresses internally • 1:1 Network Address Translation (NAT) maps each private IP to an Elastic IP or transient public IP

  7. Network Address Translation (Example) DNS: example.com IN A 52.15.99.99

  8. Campus-facing Subnets • bi-directional to campus, without NAT • using Technology Services VPN connection • outbound-only to Internet (optional)

  9. Where we’re going… • VPC Networking Concepts Ø Fantastic Enterprise VPCs and How to Build Them • Using Active Directory in the Cloud • There And Back Again: a Packet’s Journey from UIUC to AWS

  10. Enterprise VPC (vs Independent VPC) • Enterprise networking features • Campus-facing subnets • VPC Peering to other Enterprise VPCs • including Core Services VPCs • Restrictions • Private IPv4 space centrally allocated by Technology Services • us-east-2 (Ohio) only

  11. Recursive DNS Resolution • AmazonProvidedDNS: default, preferred • Cannot resolve University-restricted DNS zones • ad.uillinois.edu • reverse-mapping zones for RFC1918 private IPv4 space • on campus • in AWS Enterprise VPCs (if managed in IPAM)

  12. Recursive DNS Resolution (Options)

  13. Recursive DNS Resolution (Options)

  14. Building Your Enterprise VPC 1. Plan your requirements • Which features? • What subnets? (types, sizes, Availability Zones) • How much private IPv4 space? 2. Request allocation from Technology Services 3. Deploy using Infrastructure-as-Code (IaC) • Download, customize, run! • Terraform See Knowledgebase for details.

  15. Eye Test

  16. Where we’re going… • VPC Networking Concepts • Fantastic Enterprise VPCs and How to Build Them Ø Using Active Directory in the Cloud • There And Back Again: a Packet’s Journey from UIUC to AWS

  17. Active Directory Hybrid Architecture US-East-2 (Ohio) Region DCL RRB Core Services VPC Zone Zone EC2 EC2 “Radius” AD Site “AWS” AD Site 900s 360s PPSB Node 9 RRB HAB DCL 30s “Chicago” AD Site “Urbana” AD Site

  18. AD Extended to AWS Core Services VPC Enterprise Services VPC Availability Zone Availability Zone AWSDC1 EC2 EC2 Campus-facing subnet Public-facing subnet 10.224.n.64/27 10.x.y.0/27 VPC Peer Connection Campus-facing subnet Availability Zone 10.x.y.64/27 LDAP (389) AWSDC2 Campus-facing subnet LDAPS (636) EC2 10.x.y.128/27 Keberos (88 ) ELB Campus-facing subnet 10.224.n.96/27 ldap-ad-aws.ldap.illinois.edu:389 krb-ad-aws.kerberos.illinois.edu:88

  19. Support for Domain-Join • Previously unsupported • Announcing full support today! June 8 th , 2017 • AD Site Boundaries for AWS IP space • Preferred for AWS campus-facing subnets • Reduced functionality for private-facing and public- facing subnets

  20. Support for Domain-Join for Enterprise VPCs Private Campus-facing Public-facing subnet subnet subnet Password ü 15 min delay 15 min delay Synchronization AD Site Failover û ü û Global Catalog û ü û Lookup Dynamic DNS ü * ü ü * DDNS registers private IP only. Best practice is to always use campus-published DNS (IPAM) for application use. Never publicize the AD-registered IP or DNS hostname.

  21. What’s next? • Evaluate need for LDAP over SSL (port 636) • Exploring Amazon IAM Integration • Evaluate AWS-hosted AD options • AWS Directory Services for Microsoft AD • Simple AD • AD Connector • What else do you need?

  22. Where we’re going… • VPC Networking Concepts • Fantastic Enterprise VPCs and How to Build Them • Using Active Directory in the Cloud Ø There And Back Again: a Packet’s Journey from UIUC to AWS

  23. AWS US Regions

  24. To AWS From Campus

  25. Different Ways Networks Connect to AWS

  26. UofI to Internet2 to us-east-2

  27. UofI to WiscNet to us-east-2

  28. Resources • http://aws.illinois.edu • Knowledgebase: search for “AWS” • aws-support@illinois.edu • David Zych <dmrz@illinois.edu> • Erik Coleman <ecc@illinois.edu> • Phil Winans <pwinans@illinois.edu>

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Chapter 3 Cloud Infrastructure Cloud Computing: Theory and Practice. 1 Dan C. Marinescu

Chapter 3 Cloud Infrastructure Cloud Computing: Theory and Practice. 1 Dan C. Marinescu

Chapter 3 Cloud Infrastructure Cloud Computing: Theory and Practice. 1 Dan C. Marinescu Chapter 3 Contents IaaS services from Amazon. Regions and availability zones for Amazon Web Services. Instances attributes and cost.

3.37k views • 45 slides
Red Hat Enterprise Virtualization - KVM-based infrastructure services at BNL Presented at NLIT,

Red Hat Enterprise Virtualization - KVM-based infrastructure services at BNL Presented at NLIT,

BNL-95296-2011-CP Red Hat Enterprise Virtualization - KVM-based infrastructure services at BNL Presented at NLIT, June 16, 2011 Vail, Colorado David Cortijo Brookhaven National Laboratory dcortijo@bnl.gov Notice: This presentation was

649 views • 35 slides
Amazon Web Services Amazon Web Services Thilina Gunarathne Salsa Group, Indiana University.

Amazon Web Services Amazon Web Services Thilina Gunarathne Salsa Group, Indiana University.

Introduction to Amazon Web Services Amazon Web Services Thilina Gunarathne Salsa Group, Indiana University. With contributions from Saliya Ekanayake. Introduction Fourth Paradigm Data intensive scientific discovery DNA Sequencing

649 views • 47 slides
Introduction to Amazon Web Services Rob Amos - rob@salsadigital.com.au r.bok.im/5 @bok_

Introduction to Amazon Web Services Rob Amos - rob@salsadigital.com.au r.bok.im/5 @bok_

Introduction to Amazon Web Services Rob Amos - rob@salsadigital.com.au r.bok.im/5 @bok_ Owning the Stack Amazon Web Services Overview AWS SDK for iOS Alternative SDK The strategy today is simple: In order to move fast, build

821 views • 50 slides
Relational Document Time Series Amazon Aurora Amazon DocumentDB Amazon Timestream Graph

Relational Document Time Series Amazon Aurora Amazon DocumentDB Amazon Timestream Graph

Relational Document Time Series Amazon Aurora Amazon DocumentDB Amazon Timestream Graph Key-value Amazon RedShi Amazon Neptune Amazon DynamoDB Amazon RDS Ledger In-memory Amazon Quantum AWS Database Migration Amazon ElastiCache

612 views • 6 slides
VMD &amp; NAMD on Elastic Compute Cloud (EC2) instance of Amazon Web Services (AWS) Start VMD

VMD &amp; NAMD on Elastic Compute Cloud (EC2) instance of Amazon Web Services (AWS) Start VMD

VMD &amp; NAMD on Elastic Compute Cloud (EC2) instance of Amazon Web Services (AWS) Start VMD &amp; NAMD AMI (once you have created your AWS account) AMI - Amazon Machine Image Amazon Marketplace - https://aws.amazon.com/marketplace/ Search for

709 views • 36 slides
Infrastructure as a Service Am Beispiel von Amazon EC2 und Eucalyptus Jrg Brendel

Infrastructure as a Service Am Beispiel von Amazon EC2 und Eucalyptus Jrg Brendel

Infrastructure as a Service Am Beispiel von Amazon EC2 und Eucalyptus Jrg Brendel Joerg.Brendel@informatik.stud.uni-erlangen.de Hauptseminar Ausgewhlte Kapitel der Systemsoftware (AKSS): Cloud Computing, Sommersemester 2010 Betreuung:

893 views • 40 slides
Defense Enterprise Computing Alfred J. Rivera Director, Computing Services DISA 24 May 2011

Defense Enterprise Computing Alfred J. Rivera Director, Computing Services DISA 24 May 2011

Defense Enterprise Computing Alfred J. Rivera Director, Computing Services DISA 24 May 2011 Agenda Enterprise Infrastructure DISA Computing Environment DoD Focused Computing Service Opportunities Summary 2 DISA Enterprise

341 views • 11 slides
Developing enterprise level infrastructure and governance for data sharing Jessie Tenenbaum, PhD

Developing enterprise level infrastructure and governance for data sharing Jessie Tenenbaum, PhD

Developing enterprise level infrastructure and governance for data sharing Jessie Tenenbaum, PhD NC Health &amp; Human Services Amy Hawn Nelson, PhD Actionable Intelligence for Social Policy, UPenn August 2020 Department Overview Led by

309 views • 15 slides
Developing Checkpointing and Recovery Procedures with the Storage Services of Amazon Web Services

Developing Checkpointing and Recovery Procedures with the Storage Services of Amazon Web Services

Developing Checkpointing and Recovery Procedures with the Storage Services of Amazon Web Services Luan Teylo 1 , Rafaela C. Brum 1 , Luciana Arantes 2 , Pierre Sens 2 and Lcia M. A. Drummond 1 1 Federal Fluminense University - IC/UFF 2 Sorbonne

861 views • 28 slides
Filesystems for Cloud Services Amazon Holiday Traf fi c

Filesystems for Cloud Services Amazon Holiday Traf fi c

Filesystems for Cloud Services Amazon Holiday Traf fi c https://www.mediapost.com/publications/article/312409/from-cyber-monday-to-cyber-month-the-broadening-o.html Amazon Holiday Traf fi c This is only a 12-day outlook! The peak is likely much

695 views • 38 slides
LEEP: A New Measure to Evaluate Transferability of Learned Representations Cuong V. Nguyen Tal

LEEP: A New Measure to Evaluate Transferability of Learned Representations Cuong V. Nguyen Tal

LEEP: A New Measure to Evaluate Transferability of Learned Representations Cuong V. Nguyen Tal Hassner Amazon Web Services Facebook AI Matthias Seeger Cedric Archambeau Amazon Web Services Amazon Web Services Work done prior to

388 views • 14 slides
Amazon Web Services: Building Blocks for True Internet Applications Jeff Barr Senior Web

Amazon Web Services: Building Blocks for True Internet Applications Jeff Barr Senior Web

Amazon Web Services: Building Blocks for True Internet Applications Jeff Barr Senior Web Services Evangelist jbarr@amazon.com Who am I? Software development background Early RSS: Headline Viewer &amp; Syndic8.com Programmable applications

605 views • 41 slides
amazon.coms Journey to the Cloud John Rauser - @jrauser

amazon.coms Journey to the Cloud John Rauser - @jrauser

amazon.coms Journey to the Cloud John Rauser - @jrauser QConSF - November 2011 Amazon Retail != Amazon Web Services Amazon Retail is a

2k views • 163 slides
Tourism Infrastructure and Enterprise Zone Authority Tourism Enterprise Zone (TEZ) Fiscal and

Tourism Infrastructure and Enterprise Zone Authority Tourism Enterprise Zone (TEZ) Fiscal and

Manager, TEZ Regulation Department Tourism Infrastructure and Enterprise Zone Authority Tourism Enterprise Zone (TEZ) Fiscal and Non-Fiscal Incentives Incentives for Enterprises Outside TEZs TOURISM ENTERPRISE ZONE A vast tract of land with

639 views • 47 slides
Designing Apps for Amazon Web Services Mathias Meyer, GOTO Aarhus 2011 Montag, 10. Oktober 11

Designing Apps for Amazon Web Services Mathias Meyer, GOTO Aarhus 2011 Montag, 10. Oktober 11

Designing Apps for Amazon Web Services Mathias Meyer, GOTO Aarhus 2011 Montag, 10. Oktober 11 Montag, 10. Oktober 11 Me infrastructure code databases @roidrage www.paperplanes.de Montag, 10. Oktober 11 The Cloud Montag, 10.

1.5k views • 112 slides
Hybrid Wireless Network on Chip: A New Paradigm in Multi-Core Design Partha Pratim Pande and

Hybrid Wireless Network on Chip: A New Paradigm in Multi-Core Design Partha Pratim Pande and

Hybrid Wireless Network on Chip: A New Paradigm in Multi-Core Design Partha Pratim Pande and Colleagues Outline Introduction Multi-core &amp; Network-on-Chip paradigm Performance limitations of conventional planar NoCs Some

660 views • 32 slides
INFINIBAND NETWORK ANALYSIS AND MONITORING USING OPENSM N. Dandapanthula 1 , H. Subramoni 1 , J.

INFINIBAND NETWORK ANALYSIS AND MONITORING USING OPENSM N. Dandapanthula 1 , H. Subramoni 1 , J.

INFINIBAND NETWORK ANALYSIS AND MONITORING USING OPENSM N. Dandapanthula 1 , H. Subramoni 1 , J. Vienne 1 , K. Kandalla 1 , S. Sur 1 , D. K. Panda 1 , and R. Brightwell 2 Presented By Xavier Besseron 1 Date: 08/30/2011 1 Network-Based Computing

878 views • 26 slides
Mininet 3+4 and Wireshark Running GUI Apps through Mininet VM Can you SSH into your VM?

Mininet 3+4 and Wireshark Running GUI Apps through Mininet VM Can you SSH into your VM?

Mininet 3+4 and Wireshark Running GUI Apps through Mininet VM Can you SSH into your VM? Yes, I can SSH into my Mininet VM Install and run X11 Server Mac users: XQuartz: https://www.xquartz.org/ Windows users: Use

560 views • 15 slides
Mobile Communications Original design motivation was not so much mobility support Mobility

Mobile Communications Original design motivation was not so much mobility support Mobility

Motivation Mobility support needed to be able to use mobile devices in the Internet Mobile devices need IP address for their communication Applications would like to communicate while being on the move DHCP Mobile Communications

217 views • 8 slides
Network Layer: outline 1 introduction 5 routing algorithms link state 2 virtual circuit and

Network Layer: outline 1 introduction 5 routing algorithms link state 2 virtual circuit and

Network Layer: outline 1 introduction 5 routing algorithms link state 2 virtual circuit and datagram networks distance vector hierarchical routing 3 what s inside a router 6 routing in the Internet 4 IP: Internet Protocol

2.32k views • 199 slides
Inter SDN Controller Communication (SDNi) Rafat Jahan, R&amp;D Lead(SDN), Tata Consultancy

Inter SDN Controller Communication (SDNi) Rafat Jahan, R&amp;D Lead(SDN), Tata Consultancy

Inter SDN Controller Communication (SDNi) Rafat Jahan, R&amp;D Lead(SDN), Tata Consultancy Services #ODSummit Introduction #ODSummit Need for SDNi SDN will be deployed in large-scale networks, where it is divided into multiple connected

456 views • 17 slides
Multicast- -Enabled Landmark Enabled Landmark Multicast (M- -LANMAR) : LANMAR) : (M

Multicast- -Enabled Landmark Enabled Landmark Multicast (M- -LANMAR) : LANMAR) : (M

Multicast- -Enabled Landmark Enabled Landmark Multicast (M- -LANMAR) : LANMAR) : (M Implementation and scalability Implementation and scalability YunJung Yi, Mario Gerla, JS Park, Yi, Mario Gerla, JS Park, Yeng Yeng Lee, SW Lee Lee, SW

400 views • 25 slides
Cheleby: An Internet Topology Mapping System Hakan Karde Talha z, David Shelly, and Mehmet H.

Cheleby: An Internet Topology Mapping System Hakan Karde Talha z, David Shelly, and Mehmet H.

Cheleby: An Internet Topology Mapping System Hakan Karde Talha z, David Shelly, and Mehmet H. Gne ISMA 2011 AIMS 3 Workshop on Active Internet Measurements La Jolla, CA 10 Feb 2011 Outline Introduction Issues &amp; Related

613 views • 33 slides

More recommend