About a month ago I got my AWS Solutions Architect certification. Sense then I have been working on a few projects with customers and their AWS deployments. One thing that I have noticed is the lack of understand of what AWS is, and what it can offer the enterprise customer.
By now I am sure most of us have heard of Amazon’s AWS, or Amazon Web Services, but how many of us know of its full potential. The biggest myth around AWS is that it is a cloud service for developers and doesn’t have a place for the enterprise environment however, while AWS offers a lot of platform services aimed at the developer, at its core, it offers a set of rich infrastructure services. Let’s look at these core services and how they relate to the enterprise customer.
The three big services that make up the core of AWS’s infrastructure as-a-service are EC2, S3, and VPC; these are the basic building blocks that make up what ultimately becomes another datacenter for your enterprise. We will go over each of them while relating it to the traditional on-premise model.
EC2 stands for Elastic Cloud Compute, and represents the computational aspect of AWS; in simple terms these are your servers. I like to compare this to VMWare VCenter as this is where you can manage your virtual servers, snapshots, and datastores. The EC2 service in AWS makes it easy to spin up your favorite flavor of Windows or Linux, take snapshots of those systems, and manage the storage volumes that are attached to those systems.
Amazon makes it easy to take a snapshot of an existing system, create what they call an Amazon Machine Image (AMI) and spin up a duplicate machine. Amazon has a rich marketplace of AMI’s that both Amazon and third parties have made public for the enterprise to use. In this way, the marketplace makes it easy for vendors to sell their products as an AWS virtual appliance.
S3 stands for Simple Storage Service, and represents the object storage aspect of AWS. While this service is in the storage realm, it is different than the block storage volumes described above in the EC2 service. S3 hosts static files and is perfectly suited to store data such as static web pages and snapshots. S3 is highly durable and able to keep Petabytes worth of data.
One service that is built along side of S3 is Amazon Glacier which offers the enterprise backup services and uses the retention settings in S3 to move snapshots from S3 to Glacier for long-term storage and back to S3 when a snapshot needs to be retrieved. Think of this as your traditional tape backups with enough “tapes” to store years worth of data, however just like retrieving a tape, it takes a longer time to get the data back from Glacier than from data stored in S3, but at a fraction of the cost.
VPC stands for Virtual Private Cloud, and represents the networking aspect of AWS. This service is where subnets are created that your EC2 servers live and is how you connect your AWS datacenter to your campus using VPN. Your network administrator should feel right at home as separate subnets can be created to segment your network, VPN’s can be enabled to link back to your on-premise network, and routing tables can be modified to pass traffic in the way you desire. The VPC service is where public IP addresses can be purchased and used by EC2 instances for any of your public facing servers.
Beyond basic connectivity the VPC and EC2 services offers access control lists and security groups to lock down the traffic entering and leaving your Virtual Private Cloud. For enterprise customers who have an existing DMVPN cloud Cisco offers a CSR router that can be deployed in AWS to provide access to your DMVPN network.
At this point we have talked about the main three services that the enterprise can use to carve out their own private datacenter in AWS, but these three services are not the only services that the enterprise can use. AWS provides everything from public DNS, directory, and database services, to monitoring and alerting services. Each of these services is designed to reduce costs and complexity for the enterprise.
Now that we know what Amazon offers for the enterprise, let’s ask why. Why should the enterprise move some or all their workloads into AWS? The simple answer is to reduce cost, and move what traditionally was a capital expense to an operational expense. Traditional on-premise datacenters require huge amounts of initial investments to buy rack space, power, and data services at a traditional co-location, then the networking and server equipment needs to be purchased, and finally the staff to maintain said equipment. By going with AWS, you forgo any of these initial costs and any ongoing maintenance costs, and only pay for what services you consume.
AWS has a shared security model where they are responsible for securing a patching their networking equipment, physical storage, and hypervisor hosts. The enterprise is only responsible for the guest OS of an EC2 instance and the data in any of the amazon services, this decreases administrative costs and allows the business to focus on the applications and not the underlying hardware.