© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Jeremy Oakey, Director CloudCenter Technical Marketing, Cisco Systems

December 2016

DEV211

Automated DevOps

and Continuous Delivery

What to Expect from the Session

• Challenges that necessitate automation

• Benefits to model-based approach for application

automation

• Automating image management

• Other features and services needed in an application-

centric future

Request Infrastructure

Verification

Hardware

Setup

Build VMs – New

or Clone

DNS EntriesInstall, Setup,

Configure

Workload Database

Refresh

Latest Code

Deployment

Load Balancer

Entries

Web Server

Configuration

Firewall

Changes

External Interface &

Integration

PPM TasksWorkload

Monitoring Setup

Security – VM

access controlTesting

1- 2 days 3- 5 days 2 – 4 weeks 3 – 5 days

1 – 2 days 4 – 7 days 2 – 3 days 2 – 5 days

2 – 5 days 1 -2 days 2 – 4 days 1 – 2 days

3 – 7 days 2 – 3 days 1 day 5 – 6 days

Task timeWait time

Deploying an Enterprise Application Without Automation

Request Infrastructure

Verification

Hardware

Setup

Build VMs – New

or Clone

DNS EntriesInstall, Setup,

Configure

Workload Database

Refresh

Latest Code

Deployment

Load Balancer

Entries

Web Server

Configuration

Firewall

Changes

External Interface &

Integration

PPM TasksWorkload

Monitoring Setup

Security – VM

access controlTesting

VM Automation Only – A Partial Solution

1 - 2 days

1 - 2 days 4 - 7 days 2 - 3 days 2 - 5 days

2 - 5 days 1 - 2 days 2 - 4 days 1 - 1 days

3 - 7 days 2 - 3 days 1 day 5 - 6 days

Request Infrastructure

Verification

Hardware

Setup

Build VMs – New

or Clone

DNS EntriesInstall, Setup,

Configure

Workload Database

Refresh

Latest Code

Deployment

Load Balancer

Entries

Web Server

Configuration

External Interface &

Integration

PPM TasksWorkload

Monitoring SetupTesting

Network Automation Only – A Partial Solution

1 - 2 days

4 - 7 days 2 - 3 days 2 - 5 days

2 - 5 days 1 - 2 days 1 - 1 days

3 - 7 days 2 - 3 days 5 - 6 days

Firewall

Changes

Security – VM

access control

Infrastructure

Verification

Hardware

Setup

Build VMs –

New or Clone

Application Orchestration and Infrastructure

Automation – Still No Guaranteed Outcome

Latest Code

Deployment

External Interface &

Integration

Testing

2 - 5 days

1 - 1 days

5 - 6 days

Request

1 - 2 days

DNS EntriesInstall, Setup,

Configure

Workload Database

Refresh

Load Balancer

Entries

Web Server

Configuration

Firewall

Changes

PPM TasksWorkload

Monitoring Setup

Security – VM

access control

Why Migrate from On-premises Environments?

• Capacity limitations such as

resources, power or performance

• Pay for what you use

• Self-managed

• App runs best close to the “edge”

• It’s ready for you!On-premises

Environment

Migrate Back? Hybrid Deployments?

• Multi-use database in an on-

premises environment is used

• Interact with other applications not

externally reachable

• Compliance requirements

• “Free” resources On-premises

Environment

Application Profile (Represented as Cube)

nginx_...

apache_...

mysql_...

2CPU

4GBMemory

20GBStorage

Containers

Recipes

Scripts

Jar

War

Binaries

Application Profile (Represented as Cube)

Build

Environment

Infrastructure Compute, Network,

Storage

Cloud ServicesLoad Balance, Storage

Images, Services, ContainersApp and Web Servers

Cluster and Caching

Middleware

Database

OS and VM Images or Containers

Packages and

FilesScripts Data

Build Automation is Generally Mature

Source

Repository

GitHub

Artifact

Repository

Artifactory

Build

Automation

Jenkins

Deployment Automation is Not…

Source

Repository

GitHub

Artifact

Repository

Artifactory

Build

Automation

Jenkins

??

On-premises

On-premises

Hardwired automation

doesn’t scale…AWS US East

App V.1

AWS US West

App V.1

AWS US East

App V.2 AWS US West

App V.2

Hardwired Automation?

resource "aws_elb” "web” {

name = "terraform-example-elb”

subnets = ["${aws_subnet.default.id}"]

security_groups = ["${aws_security_group.elb.id}"]

instances = ["${aws_instance.web.id}"]

listener {

instance_port = 80

instance_protocol = "http”

lb_port = 80

lb_protocol = "http”

}

}

resource "aws_key_pair" "auth" {

key_name = "${var.key_name}”

public_key = "${file(var.public_key_path)}"}

resource "aws_instance" "web”

connection {

user = "ubuntu}

instance_type = "m1.small”

ami = "${lookup(var.aws_amis, var.aws_region)}”

key_name = "${aws_key_pair.auth.id}”

accessvpc_security_group_ids = ["${aws_security_group.default.id}"]

..

}

Deployment Automation is Not…Hard-Coded

Example – Jenkins Plugin for AWS

Cisco CloudCenter

On-premisesOn-premises

Source

Repository

GitHub

Artifact

Repository

Artifactory

Build

Automation

Jenkins

What is Cisco CloudCenter?

Demos include, so what should you know about it?

• Cloud management and brokerage platform

• Uses Application Profile - model once, deploy anywhere

• Provides guardrails to automation

- Governance to any environment

- Policy and financial controls

- Multi-tenant and multi-account

• Benchmarking of applications

Enterprise Class

UI

CLI

API

ORCHESTRATORMANAGER PROFILE

Extendable

Multi-tenant

Secure

Scalable

What are Options for Managing Images?

Images still need to be maintained and now at scale

Options

• Transform ”Gold” images to AWS

• Rebuild images dynamically

• Consume OS vendor-provided

images

Challenges

• Multiple virtualization formats

• Storage costs (not thin)

• Region-specific requirement

• Pace of patches increasing

• New deployments with old images

= exploitable until patched

Demo - Automate Image

Management

Networking – Simplify the Complex thru APIs

• Consistent implementation between on-premises

environments and AWS needs a management strategy

• Multi Availability Zones required for uptime guarantee

• Different best practices from the firewalling we grew up with

Availability Zoneregion

Availability Zone

web svr

web svr

web svr

web svr

web svr

web svr

web svrweb svr

web svr

web svr

web svr

web svr

web svr

web svr

web svr

web svr

web svr

web svr

web svr

web svr

Demo – Network Segmentation

Demo – Automatically Scaling

Across Availability Zones

Demo – Adopting AWS

Services Like RDS and Elastic

Load Balancing

Amazon

RDS

Elastic Load

Balancing

What About Your Crypto Keys?

AWS CloudHSM provides:

• Hardware – the H in HSM

(dedicated appliance)

• Storage of cryptographic keys

• Use AWS for sensitive data without

direct access to encryption keys

• AWS operations personnel do not have

access to your cryptographic domain

virtual private cloud

AWS

CloudHSM

AWS – manages

the appliance

You – control keys

and crypto operations

Demo – Using CloudHSM

AWS

CloudHSM

Demo – Application

Benchmarking

Thank you!

Remember to complete

your evaluations!