SlideShare une entreprise Scribd logo
1  sur  41
P U B L I C S E C T O R
S U M M I T
Washington D.C.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
Networking Patterns and Practices:
A case study of NASA Goddard Space
Flight Center’s Cloud Journey
Kyle Hart
Sr Solutions Architect
Amazon Web Services
2 9 9 9 4 0
Joseph Foster
Cloud Computing Program Manager
NASA Goddard Space Flight Center
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
5
Who We Are
*Including off-site contractors, interns, and Emeritus
THE GODDARD COMMUNITY
Scientists & Engineers
61%
Professional &
Administrative 28%
Clerical 5%
Technicians and
Others 6%
The Nation’s largest community of
scientists, engineers, and
technologists
GSFC Employees
with Degrees
High School – 13%
Associate/Technical – 2%
Bachelors – 37%
Advanced Degrees – 48%
Number of Employees
~3,000 Civil Service
~6,000 Contractor
~1,000 Other
Total - ~10,000
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
ONE World-Class Science and Engineering Organization
SIX Distinctive Facilities & Installations
Where We Are Located
6
Greenbelt
Main Campus
1,270 Acres
Wallops Flight Facility
6,188 Acres
Goddard Institute for Space
Studies
Independent Validation &
Verification Facility
White Sands Complex
NEW YORK
Est. 1961Est. 1959
MARYLAND
Columbia
Scientific Balloon
Facility
Est. 1982
TEXAS
Executing NASA’s most complex
science missions
Est. 1993
WEST VIRGINIA
Providing Software Assurance
Est. 1963
NEW MEXICO
Communicating with Assets in
Earth’s Orbit
Est. 1945
VIRGINIA
Launching Payloads for NASA &
the Nation
Understanding our Planet Directing High Altitude
Investigations
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
Our Lines of Business
Astrophysics
Heliophysics
Earth Science
Human Exploration &
Operations
Planetary & Lunar Science
Suborbital Platforms
Cross Cutting Technology
And Capabilities Communications &
Navigation
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
GSFC: A Diverse Mission Portfolio
QuikSCAT
TRACE
ACE
SOHO
RHESSI
Wind Voyager
Geotail
TIMED
FAST
Polar
Stereo
THEMIS
IMAGE
MMS
Solar-B
ACRIMSAT
EO-1
COBE
Landsat 7
TRMM
TDRSS
Aqua
Terra
CloudSat
CALIPSO
GRACE
SORCE
ICESat-2
Messenger
Cassini
New Horizons
LRO
Aquarius
RXTE
Cluster
SDO
NPP
AIM
LDCM
GPM
TOMS
JWST
Compton
GRO
HST
Spitzer
NGSO
FUSE
GALEX
Fermi
WMAP
Mars Science
Laboratory
POES
GOES
WISE
IBEX
Aura
MAVENJuno
LADEE
RBSP
TWINS
(Instrument)
EUVE
SWAS
NuSTAR
Integral
IUE
ERBS
TOPEX
Osiris-Rex
(Sample Return)
Pioneer
Galileo
Astro-H
JPSS-1
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
Goddard’s Challenges to Cloud Adoption
Goddard has decentralized IT. CIO has minimal control.
Directorates all have their own IT staff. Mission calls the shots and assumes
the risk. No tolerance for change once a mission has launched.
Mission owners have full time jobs and cloud technology changes too fast
making it difficult to keep pace with changes.
IT Security team doesn’t understand cloud security.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
Implementation of the Cloud
Created full time Cloud Program that falls into Solutions Engineering in the
CIO’s organization with primary objective of assisting missions in Cloud
Adoption, not migrating the data center.
Goal of the Goddard Commercial Cloud Service is to streamline and
standardize the onboarding process while building shared services for
missions to consume.
Follow the Intelligence Community motto for adopting cloud from 2015: “Do
in common what’s commonly done.”
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
Goddard Cloud Future Vision
GOAL
Provide a consolidated
cloud service inside NASA
giving mission customers a
streamlined process for
implementing and using
cloud resources
BENEFITS
Saves time and money:
Lowers IT acquisition lead times
Decreases dependency on hardware
Avoids hardware lock in
Enables rapid prototype testing
Provides security more
efficiently and accurately
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
Three Principles of Governance @scale
Account Management
Procure accounts from a centralized contract, complete visibility into organization
Cost Enforcement
Ensure accounts and workloads do not exceed budget
Compliance Automation
Accelerate security authorizations by pre-approving design patterns with Security
Provide continuous monitoring and configuration management
Enforce security controls
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
Managed Cloud Environment
May span multiple Cloud Providers (CP)
Under a master System Security Plan (SSP)
Provides shared common services to
tenants (security, monitoring, etc.)
Connects to Internet and/or NASA
network(s)
Still shared responsibility model, but more
controls available to inherit
A
Project Project Project Project
Common Services
Network
Mgmt
Security
Acct
Mgmt
Common
Tools
NASA Networks
CP (FISMA
Level)
SSP
Internet
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
Types of Cloud Users and Use Cases
Mission Cloud
• Users:
• MOC
• Use Cases
• Spacecraft Telemetry,
Tracking, & Control
• Health and Safety
Monitoring
• Level 1 processing
• Scheduling
• Instrument support
Science Cloud
• Users
• SOC
• Research Teams
• Use Cases
• Science data
processing
• Data distribution
• Data visualization
• Science collaboration
• External partner
collaboration
GSCF Commercial
Cloud
• Users
• Engineers
• CM&O organization
• Use Cases
• Collaboration
• Development and
testing
• Center Management
and Operations
• MBSE
• Admin and Team
websites
)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
Every Vision is a joke until the first
man accomplishes it; once realized, it
becomes commonplace.
- Robert H. Goddard (1882 - 1945)
15
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
Requirements to Support the Mission
Interconnect VPCs and
their on-prem networks
securely and reliably
Globally scale out
connectivity across regions
and connection modalities;
Ability to security connect
with external partners
Simplify network
configuration
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
VPC – Design Considerations
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
VPC Addressing Options
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
Other VPC Options
• Load Balancers
• Need to resolve their names
• Route53 Resolver (Bi Directional)
• Endpoint Services
• Resource Shares
• Subnets
• Transit Gateways
 Networking Patterns and Practices: A Case Study of NASA Goddard Space Flight Center’s Cloud Journey
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
Endpoint Services
• Securely publish services to other
VPCs in the same region
• Can share with VPCs owned by
other unrelated AWS accounts
• Account B invites Account A; A
creates an Interface Endpoint; B
accepts the attachment request
• EC2 security groups apply on NLB
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
VPC Design Strategies and Considerations
• Useable IP
Space/Conservation
• Workload Segmentation
• Blast Radius
• Internal/External
Connectivity
• Logging – retention,
reviewing mechanisms
• Endpoints
• Costs
• Cross AZ traffic
• Log retention
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
What challenges are organizations facing?
Complex point-to-point
peering does not scale
VPN Bandwidth limitations Monitoring and
Management of routing
configurations is time
consuming
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
Introducing AWS Transit Gateway
Easily interconnect thousands of VPCs and
on-premise networks
On-Premise
Data Center
AWS VPC
AWS Transit
Gateway
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
AWS Transit Gateway: Key features
AWS Transit
Gateway
Centralized routing polices across VPCs and on-prem
Scales to support thousands of VPCs across multi-accounts
Flexible segmentation and routing rules
Horizontally scalable
Increase connectivity throughput with multi-vpn connections
Simplified management
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
• Centrally interconnect multiple VPCs across accounts
• One central connection point for VPN and Direct Connect
• Reduce or eliminate need for peer to peer networking
• Increase VPN throughput via ECMP routing (50 Gbps+)
• Peer AWS Transit Gateway across regions
• Leverage the AWS Global Network for low latency cross-region
connectivity
• Regional construct reduces blast radius
• Reduces time to configure on premise connectivity to AWS
• Easily monitor and manage from a central point
• Integrated with CloudWatch and VPC Flow Logs
• Leverage existing VPC security groups and network access
control lists
Simplified
Networking
Global Connectivity
Easy
manageability
AWS Transit Gateway: Benefits
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
Use Case – Interconnecting Geographically Dispersed On-
Premises and VPC resources
• Customer with multiple VPCs
• Build applications that span a large
number of VPCs
• Share network services (DNS, Active
Directory, FW, IDS)
• Reduce management overhead
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
Use Case – Edge Consolidation
• Share a common VPN or Direct
Connect Gateway (DXGW) across all
VPCs
• Reduce time to connect on premise
resources to multiple VPCs
• No additional customer network
changes required when adding a VPC
to AWS Transit Gateway
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
Direct Connect (DX) and DX Gateway
Direct Connect
Connection from customer
network directly to AWS at
peering facility
Public VIF provides access to all
public AWS IP space
Private VIF attaches to VPC or
Direct Connect Gateway
DX Gateway
Physical Connection in one
region can use a Private VIF to
any AWS VPC in any AWS
region
DX Gateway object shared from
Commercial and AWS GovCloud
linked account
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
AWS Direct Connect (DX) locations
US and Canada
Oregon
N. California
N. Virginia
Ohio
GovCLoud
SuperNAP
Equinix SE
CoreSite LA
CoreSite NY
Equinix DC
CoreSite SV
Equinix CH
QTS Chicago
Equinix DA
CoreSite VA
Equinix LA
Equinix SV
TierPoint
EdgeConneX
Pittock Block
Coresite DE
CyrusOne Houston
Digital Reality ATL
Equinix MI1 FL
Lightower PA
Markley MA
Cologix MIN3 MN
PhoenixNAP AZ
Cologix COL2 OH
Equinix SV5
CA
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
Use Case: Collaboration with External Partner
Org• Engineers need to collaborate
• Engineers don’t run enterprise IT
• Need access to common server environment
• “Zero Trust” model
• Data Sovereignty
• Options?
• PrivateLink to publish server from Org A’s “External Collab VPC” to Org B’s VPC
• Requires Org B to have a VPC they accept the PrivateLink service into that routes into their
infrastructure
• “Neutral VPC” that both VPN to
• AWS Client VPN
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
Client VPN Reference Architecture
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
Performance Considerations
• VPN – VGWs limited to 1.25 Gbps
• Can use ECMP (Equal Cost Multipath) to attach multiple VPNs to Transit Gateway for more
throughput
• Direct Connect – 1 and 10GB ports from AWS
• Can do Link Aggregation with up to 4 ports
• When testing bandwidth throughput, latency Matters
• Look out for Bandwidth Delay Product/TCP Window Scaling
• The greater the latency, the more concurrent streams needed for saturation
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
Related breakouts
295508 - Enterprise Network Architectures on AWS
Eric Schwenter, Sohaib Tahir
299937 - Security & Identity: the Continuous Mitigation & Diagnostic Journey
on AWS
Darren House, John Nemoto
295500 - Maximize the Performance of HPC Applications with the
Latest AWS Services and Best Practices
Linda Hedges, Jay Demmler
Thank you!
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T
Kyle Hart
awskyle@amazon.com
Joe Foster
Joseph.Foster@nasa.gov
GSFC-ITCD-Cloud@mail.nasa.gov
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R
S U M M I T

Contenu connexe

Similaire à Networking Patterns and Practices: A Case Study of NASA Goddard Space Flight Center’s Cloud Journey

Creating Serverless apps for NASA in GovCloud
Creating Serverless apps for NASA in GovCloudCreating Serverless apps for NASA in GovCloud
Creating Serverless apps for NASA in GovCloudChris Shenton
 
Hybrid Solutions at the Edge – Go Global Faster, Efficiently, and More Secure...
Hybrid Solutions at the Edge – Go Global Faster, Efficiently, and More Secure...Hybrid Solutions at the Edge – Go Global Faster, Efficiently, and More Secure...
Hybrid Solutions at the Edge – Go Global Faster, Efficiently, and More Secure...Amazon Web Services
 
The AWS Playbook for Cloud Readiness & Large Scale Migrations
The AWS Playbook for Cloud Readiness & Large Scale MigrationsThe AWS Playbook for Cloud Readiness & Large Scale Migrations
The AWS Playbook for Cloud Readiness & Large Scale MigrationsAmazon Web Services
 
Introducing-AWS-Hong-Kong-Region
Introducing-AWS-Hong-Kong-RegionIntroducing-AWS-Hong-Kong-Region
Introducing-AWS-Hong-Kong-RegionAmazon Web Services
 
Modernizing Your Application Development Environment with a Move to the Cloud
 Modernizing Your Application Development Environment with a Move to the Cloud Modernizing Your Application Development Environment with a Move to the Cloud
Modernizing Your Application Development Environment with a Move to the CloudAmazon Web Services
 
Enabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICEnabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICAmazon Web Services
 
AWS Summit Singapore 2019 | Operating Microservices at Hyperscale
AWS Summit Singapore 2019 | Operating Microservices at HyperscaleAWS Summit Singapore 2019 | Operating Microservices at Hyperscale
AWS Summit Singapore 2019 | Operating Microservices at HyperscaleAWS Summits
 
Securely deliver applications with AWS - SVC305 - Atlanta AWS Summit
Securely deliver applications with AWS - SVC305 - Atlanta AWS SummitSecurely deliver applications with AWS - SVC305 - Atlanta AWS Summit
Securely deliver applications with AWS - SVC305 - Atlanta AWS SummitAmazon Web Services
 
AWS App Mesh: Manage services mesh discovery, recovery, and monitoring - MAD3...
AWS App Mesh: Manage services mesh discovery, recovery, and monitoring - MAD3...AWS App Mesh: Manage services mesh discovery, recovery, and monitoring - MAD3...
AWS App Mesh: Manage services mesh discovery, recovery, and monitoring - MAD3...Amazon Web Services
 
Enabling Resilience Through the Cloud: AWS Disaster Response Program
Enabling Resilience Through the Cloud: AWS Disaster Response ProgramEnabling Resilience Through the Cloud: AWS Disaster Response Program
Enabling Resilience Through the Cloud: AWS Disaster Response ProgramAmazon Web Services
 
Enabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICEnabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICAmazon Web Services
 
進化中的遊戲產業-以微服務架構-全球布局與現代化資料庫策略來打造高成長遊戲
進化中的遊戲產業-以微服務架構-全球布局與現代化資料庫策略來打造高成長遊戲進化中的遊戲產業-以微服務架構-全球布局與現代化資料庫策略來打造高成長遊戲
進化中的遊戲產業-以微服務架構-全球布局與現代化資料庫策略來打造高成長遊戲Amazon Web Services
 
Introduction to AWS App Mesh - MAD301 - Anaheim AWS Summit
Introduction to AWS App Mesh - MAD301 - Anaheim AWS SummitIntroduction to AWS App Mesh - MAD301 - Anaheim AWS Summit
Introduction to AWS App Mesh - MAD301 - Anaheim AWS SummitAmazon Web Services
 
Managing microservices using AWS App Mesh - MAD302 - Chicago AWS Summit
Managing microservices using AWS App Mesh - MAD302 - Chicago AWS SummitManaging microservices using AWS App Mesh - MAD302 - Chicago AWS Summit
Managing microservices using AWS App Mesh - MAD302 - Chicago AWS SummitAmazon Web Services
 
Cloud Management for Government Agencies: Enabling IT Transformation through ...
Cloud Management for Government Agencies: Enabling IT Transformation through ...Cloud Management for Government Agencies: Enabling IT Transformation through ...
Cloud Management for Government Agencies: Enabling IT Transformation through ...Amazon Web Services
 
Iowa Department of Public Health: Bringing a Data Platform Back to Life Throu...
Iowa Department of Public Health: Bringing a Data Platform Back to Life Throu...Iowa Department of Public Health: Bringing a Data Platform Back to Life Throu...
Iowa Department of Public Health: Bringing a Data Platform Back to Life Throu...Amazon Web Services
 
Introduction to AWS App Mesh - MAD303 - Atlanta AWS Summit
Introduction to AWS App Mesh - MAD303 - Atlanta AWS SummitIntroduction to AWS App Mesh - MAD303 - Atlanta AWS Summit
Introduction to AWS App Mesh - MAD303 - Atlanta AWS SummitAmazon Web Services
 
Cybersecurity: A Drive Force Behind Cloud Adoption
Cybersecurity: A Drive Force Behind Cloud AdoptionCybersecurity: A Drive Force Behind Cloud Adoption
Cybersecurity: A Drive Force Behind Cloud AdoptionAmazon Web Services
 
Failure is not an Option - Designing Highly Resilient AWS Systems
Failure is not an Option - Designing Highly Resilient AWS SystemsFailure is not an Option - Designing Highly Resilient AWS Systems
Failure is not an Option - Designing Highly Resilient AWS SystemsAmazon Web Services
 

Similaire à Networking Patterns and Practices: A Case Study of NASA Goddard Space Flight Center’s Cloud Journey (20)

Creating Serverless apps for NASA in GovCloud
Creating Serverless apps for NASA in GovCloudCreating Serverless apps for NASA in GovCloud
Creating Serverless apps for NASA in GovCloud
 
Hybrid Solutions at the Edge – Go Global Faster, Efficiently, and More Secure...
Hybrid Solutions at the Edge – Go Global Faster, Efficiently, and More Secure...Hybrid Solutions at the Edge – Go Global Faster, Efficiently, and More Secure...
Hybrid Solutions at the Edge – Go Global Faster, Efficiently, and More Secure...
 
The AWS Playbook for Cloud Readiness & Large Scale Migrations
The AWS Playbook for Cloud Readiness & Large Scale MigrationsThe AWS Playbook for Cloud Readiness & Large Scale Migrations
The AWS Playbook for Cloud Readiness & Large Scale Migrations
 
Introducing-AWS-Hong-Kong-Region
Introducing-AWS-Hong-Kong-RegionIntroducing-AWS-Hong-Kong-Region
Introducing-AWS-Hong-Kong-Region
 
Modernizing Your Application Development Environment with a Move to the Cloud
 Modernizing Your Application Development Environment with a Move to the Cloud Modernizing Your Application Development Environment with a Move to the Cloud
Modernizing Your Application Development Environment with a Move to the Cloud
 
Enabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICEnabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TIC
 
AWS Summit Singapore 2019 | Operating Microservices at Hyperscale
AWS Summit Singapore 2019 | Operating Microservices at HyperscaleAWS Summit Singapore 2019 | Operating Microservices at Hyperscale
AWS Summit Singapore 2019 | Operating Microservices at Hyperscale
 
Securely deliver applications with AWS - SVC305 - Atlanta AWS Summit
Securely deliver applications with AWS - SVC305 - Atlanta AWS SummitSecurely deliver applications with AWS - SVC305 - Atlanta AWS Summit
Securely deliver applications with AWS - SVC305 - Atlanta AWS Summit
 
AWS App Mesh: Manage services mesh discovery, recovery, and monitoring - MAD3...
AWS App Mesh: Manage services mesh discovery, recovery, and monitoring - MAD3...AWS App Mesh: Manage services mesh discovery, recovery, and monitoring - MAD3...
AWS App Mesh: Manage services mesh discovery, recovery, and monitoring - MAD3...
 
Enabling Resilience Through the Cloud: AWS Disaster Response Program
Enabling Resilience Through the Cloud: AWS Disaster Response ProgramEnabling Resilience Through the Cloud: AWS Disaster Response Program
Enabling Resilience Through the Cloud: AWS Disaster Response Program
 
Enabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICEnabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TIC
 
進化中的遊戲產業-以微服務架構-全球布局與現代化資料庫策略來打造高成長遊戲
進化中的遊戲產業-以微服務架構-全球布局與現代化資料庫策略來打造高成長遊戲進化中的遊戲產業-以微服務架構-全球布局與現代化資料庫策略來打造高成長遊戲
進化中的遊戲產業-以微服務架構-全球布局與現代化資料庫策略來打造高成長遊戲
 
Introduction to AWS App Mesh - MAD301 - Anaheim AWS Summit
Introduction to AWS App Mesh - MAD301 - Anaheim AWS SummitIntroduction to AWS App Mesh - MAD301 - Anaheim AWS Summit
Introduction to AWS App Mesh - MAD301 - Anaheim AWS Summit
 
Managing microservices using AWS App Mesh - MAD302 - Chicago AWS Summit
Managing microservices using AWS App Mesh - MAD302 - Chicago AWS SummitManaging microservices using AWS App Mesh - MAD302 - Chicago AWS Summit
Managing microservices using AWS App Mesh - MAD302 - Chicago AWS Summit
 
Cloud Management for Government Agencies: Enabling IT Transformation through ...
Cloud Management for Government Agencies: Enabling IT Transformation through ...Cloud Management for Government Agencies: Enabling IT Transformation through ...
Cloud Management for Government Agencies: Enabling IT Transformation through ...
 
Iowa Department of Public Health: Bringing a Data Platform Back to Life Throu...
Iowa Department of Public Health: Bringing a Data Platform Back to Life Throu...Iowa Department of Public Health: Bringing a Data Platform Back to Life Throu...
Iowa Department of Public Health: Bringing a Data Platform Back to Life Throu...
 
Introduction to AWS App Mesh - MAD303 - Atlanta AWS Summit
Introduction to AWS App Mesh - MAD303 - Atlanta AWS SummitIntroduction to AWS App Mesh - MAD303 - Atlanta AWS Summit
Introduction to AWS App Mesh - MAD303 - Atlanta AWS Summit
 
Cybersecurity: A Drive Force Behind Cloud Adoption
Cybersecurity: A Drive Force Behind Cloud AdoptionCybersecurity: A Drive Force Behind Cloud Adoption
Cybersecurity: A Drive Force Behind Cloud Adoption
 
Keynote: Introduction to AWS
Keynote: Introduction to AWS Keynote: Introduction to AWS
Keynote: Introduction to AWS
 
Failure is not an Option - Designing Highly Resilient AWS Systems
Failure is not an Option - Designing Highly Resilient AWS SystemsFailure is not an Option - Designing Highly Resilient AWS Systems
Failure is not an Option - Designing Highly Resilient AWS Systems
 

Plus de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Plus de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Networking Patterns and Practices: A Case Study of NASA Goddard Space Flight Center’s Cloud Journey

  • 1. P U B L I C S E C T O R S U M M I T Washington D.C.
  • 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Networking Patterns and Practices: A case study of NASA Goddard Space Flight Center’s Cloud Journey Kyle Hart Sr Solutions Architect Amazon Web Services 2 9 9 9 4 0 Joseph Foster Cloud Computing Program Manager NASA Goddard Space Flight Center
  • 3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T
  • 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T
  • 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T 5 Who We Are *Including off-site contractors, interns, and Emeritus THE GODDARD COMMUNITY Scientists & Engineers 61% Professional & Administrative 28% Clerical 5% Technicians and Others 6% The Nation’s largest community of scientists, engineers, and technologists GSFC Employees with Degrees High School – 13% Associate/Technical – 2% Bachelors – 37% Advanced Degrees – 48% Number of Employees ~3,000 Civil Service ~6,000 Contractor ~1,000 Other Total - ~10,000
  • 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T ONE World-Class Science and Engineering Organization SIX Distinctive Facilities & Installations Where We Are Located 6 Greenbelt Main Campus 1,270 Acres Wallops Flight Facility 6,188 Acres Goddard Institute for Space Studies Independent Validation & Verification Facility White Sands Complex NEW YORK Est. 1961Est. 1959 MARYLAND Columbia Scientific Balloon Facility Est. 1982 TEXAS Executing NASA’s most complex science missions Est. 1993 WEST VIRGINIA Providing Software Assurance Est. 1963 NEW MEXICO Communicating with Assets in Earth’s Orbit Est. 1945 VIRGINIA Launching Payloads for NASA & the Nation Understanding our Planet Directing High Altitude Investigations
  • 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Our Lines of Business Astrophysics Heliophysics Earth Science Human Exploration & Operations Planetary & Lunar Science Suborbital Platforms Cross Cutting Technology And Capabilities Communications & Navigation
  • 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T GSFC: A Diverse Mission Portfolio QuikSCAT TRACE ACE SOHO RHESSI Wind Voyager Geotail TIMED FAST Polar Stereo THEMIS IMAGE MMS Solar-B ACRIMSAT EO-1 COBE Landsat 7 TRMM TDRSS Aqua Terra CloudSat CALIPSO GRACE SORCE ICESat-2 Messenger Cassini New Horizons LRO Aquarius RXTE Cluster SDO NPP AIM LDCM GPM TOMS JWST Compton GRO HST Spitzer NGSO FUSE GALEX Fermi WMAP Mars Science Laboratory POES GOES WISE IBEX Aura MAVENJuno LADEE RBSP TWINS (Instrument) EUVE SWAS NuSTAR Integral IUE ERBS TOPEX Osiris-Rex (Sample Return) Pioneer Galileo Astro-H JPSS-1
  • 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Goddard’s Challenges to Cloud Adoption Goddard has decentralized IT. CIO has minimal control. Directorates all have their own IT staff. Mission calls the shots and assumes the risk. No tolerance for change once a mission has launched. Mission owners have full time jobs and cloud technology changes too fast making it difficult to keep pace with changes. IT Security team doesn’t understand cloud security.
  • 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Implementation of the Cloud Created full time Cloud Program that falls into Solutions Engineering in the CIO’s organization with primary objective of assisting missions in Cloud Adoption, not migrating the data center. Goal of the Goddard Commercial Cloud Service is to streamline and standardize the onboarding process while building shared services for missions to consume. Follow the Intelligence Community motto for adopting cloud from 2015: “Do in common what’s commonly done.”
  • 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Goddard Cloud Future Vision GOAL Provide a consolidated cloud service inside NASA giving mission customers a streamlined process for implementing and using cloud resources BENEFITS Saves time and money: Lowers IT acquisition lead times Decreases dependency on hardware Avoids hardware lock in Enables rapid prototype testing Provides security more efficiently and accurately
  • 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Three Principles of Governance @scale Account Management Procure accounts from a centralized contract, complete visibility into organization Cost Enforcement Ensure accounts and workloads do not exceed budget Compliance Automation Accelerate security authorizations by pre-approving design patterns with Security Provide continuous monitoring and configuration management Enforce security controls
  • 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Managed Cloud Environment May span multiple Cloud Providers (CP) Under a master System Security Plan (SSP) Provides shared common services to tenants (security, monitoring, etc.) Connects to Internet and/or NASA network(s) Still shared responsibility model, but more controls available to inherit A Project Project Project Project Common Services Network Mgmt Security Acct Mgmt Common Tools NASA Networks CP (FISMA Level) SSP Internet
  • 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Types of Cloud Users and Use Cases Mission Cloud • Users: • MOC • Use Cases • Spacecraft Telemetry, Tracking, & Control • Health and Safety Monitoring • Level 1 processing • Scheduling • Instrument support Science Cloud • Users • SOC • Research Teams • Use Cases • Science data processing • Data distribution • Data visualization • Science collaboration • External partner collaboration GSCF Commercial Cloud • Users • Engineers • CM&O organization • Use Cases • Collaboration • Development and testing • Center Management and Operations • MBSE • Admin and Team websites )
  • 15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Every Vision is a joke until the first man accomplishes it; once realized, it becomes commonplace. - Robert H. Goddard (1882 - 1945) 15
  • 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T
  • 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Requirements to Support the Mission Interconnect VPCs and their on-prem networks securely and reliably Globally scale out connectivity across regions and connection modalities; Ability to security connect with external partners Simplify network configuration
  • 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T
  • 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T VPC – Design Considerations
  • 20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T VPC Addressing Options
  • 21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Other VPC Options • Load Balancers • Need to resolve their names • Route53 Resolver (Bi Directional) • Endpoint Services • Resource Shares • Subnets • Transit Gateways
  • 23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Endpoint Services • Securely publish services to other VPCs in the same region • Can share with VPCs owned by other unrelated AWS accounts • Account B invites Account A; A creates an Interface Endpoint; B accepts the attachment request • EC2 security groups apply on NLB
  • 24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T VPC Design Strategies and Considerations • Useable IP Space/Conservation • Workload Segmentation • Blast Radius • Internal/External Connectivity • Logging – retention, reviewing mechanisms • Endpoints • Costs • Cross AZ traffic • Log retention
  • 25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T
  • 26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T What challenges are organizations facing? Complex point-to-point peering does not scale VPN Bandwidth limitations Monitoring and Management of routing configurations is time consuming
  • 27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Introducing AWS Transit Gateway Easily interconnect thousands of VPCs and on-premise networks On-Premise Data Center AWS VPC AWS Transit Gateway
  • 28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T AWS Transit Gateway: Key features AWS Transit Gateway Centralized routing polices across VPCs and on-prem Scales to support thousands of VPCs across multi-accounts Flexible segmentation and routing rules Horizontally scalable Increase connectivity throughput with multi-vpn connections Simplified management
  • 29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T • Centrally interconnect multiple VPCs across accounts • One central connection point for VPN and Direct Connect • Reduce or eliminate need for peer to peer networking • Increase VPN throughput via ECMP routing (50 Gbps+) • Peer AWS Transit Gateway across regions • Leverage the AWS Global Network for low latency cross-region connectivity • Regional construct reduces blast radius • Reduces time to configure on premise connectivity to AWS • Easily monitor and manage from a central point • Integrated with CloudWatch and VPC Flow Logs • Leverage existing VPC security groups and network access control lists Simplified Networking Global Connectivity Easy manageability AWS Transit Gateway: Benefits
  • 30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Use Case – Interconnecting Geographically Dispersed On- Premises and VPC resources • Customer with multiple VPCs • Build applications that span a large number of VPCs • Share network services (DNS, Active Directory, FW, IDS) • Reduce management overhead
  • 31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Use Case – Edge Consolidation • Share a common VPN or Direct Connect Gateway (DXGW) across all VPCs • Reduce time to connect on premise resources to multiple VPCs • No additional customer network changes required when adding a VPC to AWS Transit Gateway
  • 32. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T
  • 33. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Direct Connect (DX) and DX Gateway Direct Connect Connection from customer network directly to AWS at peering facility Public VIF provides access to all public AWS IP space Private VIF attaches to VPC or Direct Connect Gateway DX Gateway Physical Connection in one region can use a Private VIF to any AWS VPC in any AWS region DX Gateway object shared from Commercial and AWS GovCloud linked account
  • 34. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T AWS Direct Connect (DX) locations US and Canada Oregon N. California N. Virginia Ohio GovCLoud SuperNAP Equinix SE CoreSite LA CoreSite NY Equinix DC CoreSite SV Equinix CH QTS Chicago Equinix DA CoreSite VA Equinix LA Equinix SV TierPoint EdgeConneX Pittock Block Coresite DE CyrusOne Houston Digital Reality ATL Equinix MI1 FL Lightower PA Markley MA Cologix MIN3 MN PhoenixNAP AZ Cologix COL2 OH Equinix SV5 CA
  • 35. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Use Case: Collaboration with External Partner Org• Engineers need to collaborate • Engineers don’t run enterprise IT • Need access to common server environment • “Zero Trust” model • Data Sovereignty • Options? • PrivateLink to publish server from Org A’s “External Collab VPC” to Org B’s VPC • Requires Org B to have a VPC they accept the PrivateLink service into that routes into their infrastructure • “Neutral VPC” that both VPN to • AWS Client VPN
  • 36. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Client VPN Reference Architecture
  • 37. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T
  • 38. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Performance Considerations • VPN – VGWs limited to 1.25 Gbps • Can use ECMP (Equal Cost Multipath) to attach multiple VPNs to Transit Gateway for more throughput • Direct Connect – 1 and 10GB ports from AWS • Can do Link Aggregation with up to 4 ports • When testing bandwidth throughput, latency Matters • Look out for Bandwidth Delay Product/TCP Window Scaling • The greater the latency, the more concurrent streams needed for saturation
  • 39. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Related breakouts 295508 - Enterprise Network Architectures on AWS Eric Schwenter, Sohaib Tahir 299937 - Security & Identity: the Continuous Mitigation & Diagnostic Journey on AWS Darren House, John Nemoto 295500 - Maximize the Performance of HPC Applications with the Latest AWS Services and Best Practices Linda Hedges, Jay Demmler
  • 40. Thank you! © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Kyle Hart awskyle@amazon.com Joe Foster Joseph.Foster@nasa.gov GSFC-ITCD-Cloud@mail.nasa.gov
  • 41. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T