亚马逊云科技 re:Invent 2022 - 面向关键业务的云基础设施
关键字: [亚马逊云科技 re:Invent 2022 , Aviatrix , Business Critical Applications , Intelligent Cloud Networking , SAP Integration]
本文字数: 2000, 阅读完需: 10 分钟
视频
导读
本文根据 Rod Stuhlmuller 在 2022 年 亚马逊云科技 re:Invent 大会的主题演讲 “Business-critical cloud networking” 整理而成。在这次演讲中,Rod Stuhlmuller 阐述了:“企业公司在将业务关键型应用(如SAP S4/HANA)迁移到云端时,需要业务关键的云基础设施。在这次演讲中,我们将了解Aviatrix如何满足敏捷性、可用性、性能、安全性、企业级可见性和控制等需求。这次演讲由亚马逊云科技合作伙伴Aviatrix为您呈现”。
演讲精华
以下是小编为您整理的本次演讲的精华,共500字,阅读时间大约是3分钟。如果您想进一步了解演讲内容或者观看演讲全文,请观看演讲完整视频或者下面的演讲原文。
Rod Stuhlmuller介绍了 Aviatrix,这是一个智能云网络解决方案,为云中的关键业务应用(如 SAP、Epic 和 NetSuite)提供了高级网络和安全功能。Aviatrix已在多个行业拥有了超过550家大型企业客户,其中 60% 的客户在使用多云环境。
Aviatrix填补了本地云服务提供商在高级网络功能方面的空白。它通过两个组件——嵌入在网络数据平面中的遥测和控制功能的 Aviatrix AirSpace,以及作为可视化平台的 Aviatrix Copilot,实现了跨多云的一致性网络、可见性、故障排除、安全性和自动化。
借助编程策略,可以在靠近实例的位置应用类似于防火墙的规则,从而实现随实例移动的保护。例如,可以过滤前端服务器、应用服务器和数据库服务器之间的流量。这种独特的可见性使Aviatrix能够检测到其他安全工具可能忽略的恶意挖矿、僵尸网络和DDoS等来自工作负载的威胁。
该Copilot可见性平台提供动态拓扑图,以查看连接、支持数据包捕获、跟踪路由和故障排除。它通过深入分析和热力图来分析所有网络流量,以识别异常。它生成审计报告以确保合规性,并具有App IQ功能,可以在20秒内快速解决连接问题,相比手动流程要快得多。
最近,Aviatrix推出了Cost IQ功能,可以根据实际网络流量精准地在团队之间分配共享资源成本。对于SAP,Aviatrix正在构建SAP特定的App IQ和仪表板,以查看SAP拓扑并监控延迟。
总之,Aviatrix的智能云网络解决方案为SAP等关键业务应用提供了跨多云环境下的一致高级网络、可见性、安全性和自动化。其独特的遥测和编程策略技术实现了本地云服务提供商工具难以达到的威胁检测、故障排查和成本分配。
演讲现场精彩瞬间
演示文稿的题目为“关键业务云网络”
Aviatrix 有约550家企业客户,分布于各个行业,其中60%的客户在多云环境中使用他们的解决方案,40%的客户开始是在单一云中使用,但计划随着时间的推移采用多云架构。
Aviatrix通过提供高级的网络和安全能力以及多云可操作性,来补充Datadog、Snowflake和Hashicorp等工具在云堆栈中的功能,从而实现智能云网络。
Aviatrix提供了网络可视性,可以检测到单点检查安全工具在云环境中遗漏的威胁,比如识别来自客户云的比特币挖矿,僵尸网络和DDoS攻击,这些威胁之前未被检测到。
Aviatrix正在开发SAP特定的功能,如SAP端口和延迟的可视化,应用拓扑映射,以及用来排除性能故障问题的仪表盘。
总结
演示介绍了Aviatrix及其智能云网络平台,该平台在多云环境中提供先进的网络和安全功能,以支持像SAP、Epic和NetSuite这样的关键业务应用程序。特别强调了针对云中的SAP工作负载的编程策略、可见性、故障排除、审计报告和成本分析等功能。Aviatrix旨在实现跨云的持续网络连接,以支持像SAP这样的关键业务系统迁移到云端。
演讲原文
The title of the presentation Business Critical Cloud Networking.
And what I'm going to do is talk a little bit about the Aviatric solution and how it supports these business critical applications like uh SAP but also things like Epic or NetSuite and others in terms of moving to the cloud and having that network infrastructure that supports that in the cloud.
I'd like to introduce Aviatrix for those people who don't know us kind of through our customers so this gives you an idea of the kind of customers that we're working with. We have about 550 enterprise customers this is a few of them give you an idea we're in pretty much every vertical out there probably 60 percent of these customers are using us in a multi-cloud environment the other 40 percent are starting in a single cloud environment with us but have plans to move to multi-cloud over time so they want that that architecture.
Gartner says shortlist Aviatrix if you're looking for the advanced features that are missing from the cloud providers themselves and you can see over 2022 we've won a lot of accolades in the press and so forth and that's continuing.
Now to give you an idea of kind of where we fit really at every layer of this stack the cloud stack people are looking for more advanced capabilities at each layer of the stack and wanting a multi-cloud operating model. So for instance for workload management you might be using Datadog for data and analytics you might be using Snowflake for automation software you might be using Hashicorp and Terraform and where we fit we're we are that advanced feature set for networking and security and the multi-cloud operating model that goes with it. So what we call that is Intelligent Cloud Networking. I'll give you some details about what that's all about but starting it with what is it exactly.
So in the cloud you know in each one of the different clouds the way you do networking is different because the underlying constructs are different in each one of the clouds. So what we do is we upgrade the native constructs with more advanced capabilities and make it so that it's the same across all of the different clouds. So now you can have a multi-cloud environment that has consistent networking. So the way you build out the networking is the same in each one of the clouds that gives you consistent visibility and troubleshooting capability across all of the clouds and we have embedded security that I'll talk a little bit about but basically moving a lot of the security that used to be on the edge of the network now into the network itself. So that you can actually do for instance layer 4 firewalling in the network as opposed to just on the edges of the network and then finally consistent multi-cloud automation so we have a terraform provider that works across all the clouds so you can write one infrastructure as code module to spin up your network environment and it will be the same and use it the same across all of the clouds.
Now why are people doing this it's for that business critical infrastructure that they need we're finding that more and more companies uh are moving business critical applications like SAP into the cloud and they need the underlying visibility and troubleshooting capability that's missing from the Native Cloud constructs and so for instance if you have uh you know Amazon Transit Gateway you find that you don't have the visibility that you need and we give you a lot of that that I'll show you as we go through here.
So what makes us unique it's really our platform and our platform has two parts of it. So there's a what we call Aviatrix AirSpace which is actually the network data plane and this is where we embed telemetry and control capability I'll talk a little bit about more about that what what I mean by that and then the other part of it is what we call Aviatrix Copilot and that is the visibility platform that takes advantage of that telemetry and also has the programmable intent so that you can program those controls within the multi-cloud network in a way that allows you to do things like distributed firewalling.
So let's look at a couple of the pictures to give you an idea of what this looks like. Programmable intent essentially is the ability to create what seems like a firewall rule but you're not pushing it to a firewall you're pushing it into the network and then the enforcement gets applied close to the instance or the VM that you're trying to protect and if that instance moves those rules are going to move with it. So that's why we call it intent you're saying I want to protect this and in this example I'm doing something like saying okay the front-end server should be able to talk to the app servers and the app servers should talk to the database servers but the front end server shouldn't talk to the database servers directly. So now I push that into the network and I filter the traffic in a way that instantiates those rules.
Now this gives you an idea of some of the things that we can do here because we see everything now. This isn't actually a the customer but I'll give you a customer story about this all those red dots that you see on there are malicious IPs that are talking to workloads in the cloud and we had a customer who had all these red dots just like this and said what's going on none of our current security stacks sees any of this and the reason that it didn't see it was because those are all single point of inspection right. So if the traffic flow is not going through the inspection point you don't see it and in data data center architecture you had a place that everything flowed through but in cloud it can come in and go out from anywhere. So what we do because we are the data plane that everything has to go across we can compare the source and destination address to a database of malicious IPs we don't make that database made by Proofpoint which is the same thing that GuardDuty uses but now we can see anytime something starts a communication with a malicious IP. In the case of the customer I was talking about they found bitcoin mining and tour servers and botnets that were doing DDOS attacks out of their cloud and none of their security stacks saw that.
We can give dynamic topology maps to show you exactly how everything is connected throughout the network you can drill down on these and do packet capture and ping and trace route all the things that network guys are interested in doing to troubleshoot this business critical infrastructure.
We can see every flow on the network so we can search and sort on source destination port protocol drill all the way down into TCP flags to troubleshoot application issues and so for them we make it very easy to do this so you're not exporting VPC Flow Logs and creating S3 buckets for them and doing log analysis and all that it's just right here in Copilot and then we can also look at all those flows as a heat map and the security guys love this because they can look and say oh I see why we're talking to South America but what's going on there in northern China that I should be looking at and normally this is just scanning for open ports but if there's a communication established I want to be able to drill in and see that.
We give all kinds of audit reporting capabilities we work with the compliance teams that need all of this information to put the audit reports together on what has access to what and what what lists are you able what URLs are you allowed to talk to on the in the internet and so forth we provide all that data for for those guys and then troubleshooting I'm going to show you a little 45 second video but this is what we call App IQ so App IQ you're putting a a source address and a destination address basically on a application connectivity and what's going on through there and then what we do.
Run the report takes about 20 seconds we can see that source and that destination see the entire equal cost multi-path path that it might go through all the latencies all of the details about each one of the instances in the path and if it has any memory issues that's that's a problem with those. We we start then looking at things like route tables and security groups and different parts of the route tables and so forth all the way down to in this case you see the fail on the security groups. Now the interesting thing about this is that report takes 20 seconds to run but all of the information that's in that report would take about a dozen windows in the Amazon console to bring up and then do a lot of human correlation to figure out that it was a security group there's not a security group there and to be able to click on here and go exactly where I need to fix that security group. So very quick in terms of troubleshooting problems that you might run into and then most recently we've been hearing from our customers about the need to look at cost analysis and so we shipped what we call Cost IQ and what this does you know everybody has their bill and can analyze exactly what what this account has in terms of instances and so forth and how much should be charged to that particular account in engineering what they haven't had the ability to do is look at shared resources and understand how the shared resources are actually being used.
So with Cost IQ we're allowing people to define exactly their cost centers as well as their share resources and then look at actual network traffic that's going from cost centers to shared resources so you can accurately allocate those costs either for chargeback or for showback.
Now from an SAP standpoint what we're starting to do now is focus put a lens an SAP lens on top of all this stuff that I showed you. So for instance that App IQ that I showed you now this is saying okay these are only SAP ports so specific applications in SAP and I can actually look at all of that information get that end-to-end connectivity that I showed you in App IQ but now this has got a SAP lens on it so I'm looking specifically at that and then taking it one step further we're building dashboards that allow you to then take topology for instance and show your SAP application the topology of it whether that's multi-cloud or even all the way out beyond the SAP application if you have other applications talking to it and then you see kind of at the bottom there the ability to look at the latencies because a lot of times you get those problems that the basis engineer gets hey it's slow today well what does that mean is it a latency thing is it a is it an application thing and this allows you to draw drill in look at trends and see is it trending up is this going to be a problem these are the kinds of things this dashboard will allow you to do.
So that's the end of my presentation happy to take a couple of questions I think about about three minutes otherwise I invite you to come by the booth booth number 2020 and we've got our solution architects there that can answer any detailed questions that you might have.
想要立即开通亚马逊云科技服务?
中国区域业务(需企业营业执照认证),请注册“中国区账户”。
海外区域业务或个人使用,请注册“海外区账户”。
如需了解账号注册的详细流程,请参照:
亚马逊云科技中国区账号注册流程 (Amazon Web Services 中国区账号注册步骤操作说明)
公司简介
亚马逊云科技是谁?
亚马逊云科技是云计算的开创者和引领者,提供超过 200 大类云服务,覆盖计算、存储、网络、安全、数据库、数据分析、人工智能、机器学习、物联网、混合云等,直至前沿的量子计算和卫星数据服务。
服务覆盖 245 个国家和地区,赋能数百万各行各业的客户。
连续 11 年位列“ Gartner 云基础设施和平台服务魔力象限的领导者”。
2022亚马逊云科技 re:Invent 全球大会
精彩Keynote主题演讲
↓↓↓点击下方链接即刻观看↓↓↓
re:Invent 2022| 亚马逊云科技CEO Adam主题演讲完整版_哔哩哔哩_bilibili
re:Invent 2022| 亚马逊云科技高级副总裁Peter DeSantis主题演讲完整版_哔哩哔哩_bilibili
