Hybrid cloud architecture is the integration of on-premises resources with cloud resources.
For most organizations with on-premises technology investments, operating in a hybrid architecture is a necessary part of cloud adoption. Migrating legacy IT systems takes time. Therefore, selecting a cloud provider who can help you implement a thoughtful hybrid strategy, without requiring costly new investments in on-premises hardware and software, is important to simplify operations and more easily achieve your business goals.
By working closely with enterprises, AWS has developed the industry’s broadest set of hybrid capabilities across storage, networking, security, application deployment, and management tools to make it easy for you to integrate the cloud as a seamless and secure extension of your existing investments. We have also created strategic partnerships with long time leaders in on-premises platform providers such as VMware, Intel, Microsoft, SAP, and others to allow you to run your existing enterprise applications on AWS with full support and high performance.
Johnson & Johnson deployed a seamless network architecture between AWS and their on premises data centers.
Comcast built a hybrid app for their Xfinity service that runs across AWS and their on premises data centers.
MLBAM built a hybrid app for real time player tracking statistics that runs across AWS and on premises data centers.
AON built a hybrid architecture to support their risk mitigation forecasts that simulate millions of potential scenarios.
Hess migrated IT infrastructure to the AWS Cloud for divestiture, while staying hybrid for core businesses.
Pacific Life Insurance looked to AWS to help control its IT costs as part of a hybrid computing environment.
At the most fundamental level, hybrid computing can be viewed as having data that resides both on-premises and in the cloud. This is often done to economically store large data sets, utilize new cloud-native databases, move data closer to customers, or to create a backup and archive solution with cost-effective high availability. In all cases, AWS offers a range of storage and database services that can work together with your on-premises applications to store data reliably and securely. Using these services on AWS can allow you to achieve the same or better control, reliability, and availability that you enjoy in your data centers today with a design for 99.999999999% durability and secure encryption, so that you can feel confident that your data is protected.
The AWS Storage Gateway service seamlessly enables hybrid cloud storage between on-premises environments and the AWS Cloud. It combines a multi-protocol storage appliance with highly efficient network connectivity to deliver local performance with virtually unlimited scale.
Customers use it in remote offices and datacenters for hybrid cloud workloads involving migration, bursting and storage tiering. The Storage Gateway virtual appliance connects directly to your local infrastructure as a file server, as a local disk volume, or as a virtual tape library (VTL). This seamless connection makes it simple for organizations to augment existing on-premises storage investments with the high scalability, extreme durability and low cost of AWS cloud storage.
Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while managing time-consuming database administration tasks, freeing you up to focus on your applications and business. Amazon RDS provides you six familiar database engines to choose from, including Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle, and Microsoft SQL Server.
Amazon Simple Storage Service (Amazon S3), provides developers and IT teams with secure, durable, highly-scalable cloud storage. Amazon S3 is easy to use object storage, with a simple web service interface to store and retrieve any amount of data from anywhere on the web. Amazon S3 offers a range of storage classes designed for different use cases including Amazon S3 Standard for general-purpose storage of frequently accessed data, Amazon S3 Standard - Infrequent Access (Standard - IA) for long-lived, but less frequently accessed data, and Amazon Glacier for long-term archive. Amazon S3 also offers configurable lifecycle policies for managing your data throughout its lifecycle.
AWS Snowball is a petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS Cloud. Moving terabytes or petabytes of data into the cloud to support hybrid operations has common challenges including high network costs, long transfer times, and security concerns. Snowball provides a simple, fast, secure, solution to these challenges and can be as little as one-fifth the cost of high-speed Internet.
The next layer of hybrid architecture involves connecting on-premises and cloud resources through a common network to facilitate the creation of a single enterprise environment. AWS can extend your on-premises network configuration into your virtual private networks on the AWS Cloud so that AWS resources operate as if they are part of your existing corporate network. You can also extend your physical connectivity to provide dedicated, consistent, private networking between your data centers and the AWS regions of your choice.
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. Additionally, you can create a Hardware VPN connection between your corporate data center and your VPC to leverage the AWS Cloud as an extension of your corporate datacenter.
AWS Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your data center, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections. This dedicated connection can be partitioned into multiple virtual interfaces to maintain network separation between public and private environments.
Establishing a single identity and access strategy often goes hand-in-hand with integrating networks. You can create and manage AWS users, groups, and permissions to allow and deny access to AWS resources at extremely fine level of detail. Additionally, AWS offers managed services that allow you to connect your AWS resources with an existing on-premises Microsoft Active Directory and manage policies with existing tools.
AWS Identity and Access Management (IAM) can grant your employees and applications access to the AWS Management Console and AWS service APIs using your existing identity systems. AWS IAM supports federation from corporate systems like Microsoft Active Directory, as well as external Web Identity Providers like Google and Facebook. Offered as a free service to AWS customers, the fine-grained access control inherent in AWS IAM policies is a cornerstone in AWS’ security story.
AWS Directory Service for Microsoft Active Directory (Enterprise Edition) enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud. The Microsoft AD service is built on Microsoft Active Directory and does not require you to synchronize or replicate data from your existing Active Directory to the cloud. You can use standard administration tools and take advantage of built-in Active Directory features such as Group Policy, trusts, and single sign-on.
The most robust form of hybrid architecture involves integrating application deployment and management across on-premises and cloud environments. AWS and VMware have developed a deep, unique relationship to enable VMware-based workloads to be run on the AWS Cloud.
Additionally, all AWS services are driven by robust APIs that allow for a wide variety of monitoring and management tools to integrate easily with your AWS Cloud resources. Common tools from vendors such as Microsoft, VMware, BMC Software, Okta, RightScale, Eucalyptus, CA, Xceedium, Symantec, Racemi, and Dell already support AWS, and that’s just naming a few.
VMware on AWS is a native, fully managed VMware environment on the AWS Cloud that can be accessed on an hourly, on-demand basis or by subscription. It includes the same core VMware technologies that customers run in their data centers today including vSphere Hypervisor (ESXi), Virtual SAN (vSAN), and the NSX network virtualization platform to allow you to continue to leverage your investments in VMware without continuing to buy and maintain hardware. VMware Cloud on AWS runs directly on the physical hardware to avoid nested virtualization, while still taking advantage of a host of network and hardware features designed to support our security-first design model. Also, the entire roster of AWS compute, storage, database, analytics, mobile, and IoT services can be directly accessed from your applications. Finally, because your VMware applications will be running in the same data centers as the AWS services, you’ll be able to benefit from fast, low-latency connectivity when you use these services to enhance or extend your applications.
AWS OpsWorks is a configuration management service that helps you configure and operate applications, both on-premises and in the AWS Cloud, of all shapes and sizes using Chef. You can define the application’s architecture and the specification of each component including package installation, software configuration, and resources such as storage. Start from templates for common technologies like application servers and databases or build your own to perform any task that can be scripted. AWS OpsWorks includes automation to scale your application based on time or load and dynamic configuration to orchestrate changes as your environment scales.
AWS CodeDeploy automates code deployments to any instance, including Amazon EC2 instances and instances running on-premises. AWS CodeDeploy makes it easier for you to rapidly release new features, helps you avoid downtime during application deployment, and handles the complexity of updating your applications. You can use AWS CodeDeploy to automate software deployments, eliminating the need for error-prone manual operations, and the service scales with your infrastructure so you can easily deploy to one instance or thousands.
Amazon EC2 Run Command lets you remotely and securely manage servers or virtual machines running in your data center or on a cloud platform. Amazon EC2 Run Command provides a simple way of automating common administrative tasks such as executing Shell scripts and commands on Linux, running PowerShell commands on Windows, installing software or patches across multiple instances and provides visibility into the results, making it easy to manage configuration change across large fleets of instances.