View
1.267
Download
0
Category
Preview:
Citation preview
Migra&on eines physikalischen Datacenters
zu AWS
Heterogene Herausforderung für den Übergang eines firmeneigenen physikalischen Datacenters in ein kompleA virtualisiertes Datacenter bei AWS Marcus.Fritsche@informa.com
Euroforum Deutschland SE und die Informa plc.
Überführung eines phys. Datacenters zu AWS Eine kleine Revolu&on?
Zeit Zeit Zeit
König Ludwig 2
1500
Public Cloud
2012
Mein Serverraum
1996 2006
Private Cloud Server Virtual.
1900
Instustrial Age
1980
Global Economy
WirtschaQlichkeit & Flexibilität
Server-‐Performance
Sicherheit
Datenschutz
Rechtliche Anforderungen
Technologie
Project-‐management (Planung ist vieles ...)
Business-‐
Recovery WirtschaQs-‐Zyklen (Flexibilität)
Accoun&ng Cash-‐flow und Absc
hreibungen
Cost Center Management
Kosten-‐Transparenz (Kostenstellen)
durch Server Tagging
Nutzen Sie CloudVer&cal Reports
www.cloudver&cal.com
Daily reported info
Monthly Report
Encryp&on (Server-‐Volumes, Storage, Networks)
=> Got some experience and daily improvements
Roll based Administra&on “IAM”
(e.g. terminate a server)
Mul&factor Authen&ca&on (HW-‐Token take Mme, ..)
Datenschutz:
Encryp&on
ProtectV Master
ProtectV Secondary
KeySec App Master
KeySec App Secondary
WAN
AWS Informa (DE / UK)
089 32 16 8
Mul&factor Authen&ca&on
Datacenter located in Europe (Ireland and in ???) Audi&ng AuQragsdatenverarbeitung: AWS act as
Data Processor as defined in SecMon 11 (§11 BDSG)
Legal Requirements – Bundesdatenschutzgesetz & European Data Protec&on Law
Legal Requirements – AuQragsdatenverarbeitung:
Develope number of AMIs, Storage Types, NICs,
Load-‐Balancer, …
Backup Rollout of a dynamic XenApp-‐Farm
…
Technology :
System Redundancy: Mirroring producMon files to a dedicated server in another Availability Zone (AZ) Backup (on OS-‐Level) Daily EBS snapshot in regional storage area (held in all AZ) using the “Volume Shadow Service” from AWS
AZ 1 (prod) AZ 2 (BRC) AZ 3 Subnet 1 (LAN) Subnet 11 (LAN) Subnet 9 (Test) Subnet 2 (DMZ1) Subnet 12 (DMZ1) Subnet 3 (DMZ2) Subnet 13 (DMZ2)
Backup:
The backup process produces …
Naming Conven&on!
Citrix Access Supported Citrix Access Gateway (available now)
Licensing
Web
Mobile Client
Corp. Client
Up&me Management
Suspend instances
Up&me Management
Suspend Citrix instances
Long-‐term File-‐Archive in AWS S3 ...
hap://corporate-‐archive.s3-‐website-‐eu-‐west-‐1.amazonaws.com/html/ A script is generaMng a browse-‐able link structure out of the S3 flat file system [Graphic from AWS]
To protect this “publicly available data”; a policy for the bucket “corporate-‐archive” is blocks all IPs apart of the own Proxy-‐IPs
Repor&ng: Data selected directly from AWS!
Cost and Performance Op&miza&on
AWS-‐Trusted Advisor!
• AWS: EC2, VPC, Route 53, RDS, S3, Glacier, Direct Connect, IAM, ..
• Citrix: XenApp, NetScaler, • Sophos: Astaro/UTM9, • SafeNet: ProtectV • CloudVerMcal • CloudOpMmizer
Our current AWS and Partner Services
What are our next steps!
• AutomaMon of AdministraMve Processes • Cost-‐ and Performance Tuning • Increase Security • Test and Verify Business Recovery FuncMon
… und bei Fragen wenden Sie sich gerne an fritsche@4security.de
Recommended