Within Amazon, we often use the phrase "drinking our own champagne" to describe our practice of using our own products and services to prove them out under actual working conditions. We build products that we can use ourselves. We believe in them.
Amazon's Corporate IT recently wrapped up an important project and they have just documented the entire project in a new technical whitepaper.
Amazon's Corporate IT team deployed its corporate intranet to Amazon EC2 instances running Microsoft SharePoint 2010 and SQL Server 2008, all within a Virtual Private Cloud (Amazon VPC). This is a mission-critical internal corporate application that must deal with a large amount of very sensitive data.
The whitepaper describes the entire deployment process in step by step fashion: initial requirements analysis, security review, deployment success criteria, proof of concept, application architecture, configuration of SharePoint 2010 and SQL Server, and final production deployment.
There are a number of reasons why I am so excited about this project:
- During the deployment process our Corporate IT team treated AWS as they would treat any other vendor. They leveraged the same products that our other customers use. They paid for the AWS Premium Support service and received pre-implementation advice from our AWS Solution Architects the same way we give to other enterprise customers. They conducted a thorough security review and decided to encrypt all data at rest and in flight.They used EBS snapshots to reduce the risk of losing data, and also implemented a failover mechanism that can attach an existing EBS volume to a fresh EC2 instance when necessary.
- This project involved commercial software licenses and demonstrates that the flexibility of AWS allows our customers to run commercial enterprise-grade software (like Microsoft SharePoint and SQL Server Enterprise) in the cloud. The whitepaper not only discusses the technical architecture and implementation details but also how you can leverage key security features (like Windows DPAPI for Key management) to further enhance the security and reliability of your applications. Today, with Microsoft License Mobility with Software Assurance, you can bring your existing licenses of several Microsoft Windows server applications to the cloud.
- Real benefits emerged:
- Infrastructure procurement time was reduced from over four to six weeks to minutes.
- Server image build process that had previously taken a half day is now automated.
- Annual infrastructure costs were cut by 22 percent when on-premise hardware was replaced with equivalent cloud resources.
- Operational overhead of server lease returns were eliminated, freeing up approximately 2 weeks of engineering overhead per year by replacing servers with equivalent cloud resources.
Today, you can run enterprise software from Microsoft, Oracle, SAP, IBM and several other vendors in the AWS Cloud. If you are an ISV and you'd like to move your products to the cloud, we're ready to help. The AWS ISV program offers a wide variety of sales, technical, marketing, PR, and alliance benefits to qualified ISVs and solution providers.
The paper is a great example of how a complex mission-critical application can be deployed to the cloud in a way that makes it more reliable, more flexible, and less expensive to operate. Read it now and let me know what you think.
Update: We are checking with our team-mates to see if we can release some of the documentation and scripts described in the whitepaper. It appears that encryption of EBS volumes is a topic of interest to many people!