For lots of organizations, on-premises infrastructure has to seamlessly integrate with resources deployed on the cloud - hence the need for Hybrid Cloud Architecutre.

For these organizations, along with on-premises resources, cloud resources could be deployed for various reasons such as backup and disaster recovery, expansion of on-premises data center capacity or to utlize new technical capabailities available on the cloud.

Here are the AWS Tools and Services for setting up and managing a Hybrid Cloud.

Networking

Amazon VPC

Amazon VPC (Virtual Private Cloud) is the basic building block of a network on AWS. With VPC, you have complete control over the IP address range, subnets, route tables, network gateways and security.

You can connect your VPCs to an on-premises network using an encrypted IPSec hardware VPN connection over the internet with a maximum throughput of 1.25 Gbps. VPC Peering or AWS Transit Gateway can be used to connect your VPCs to on-premises networks or to VPCs in other AWS accounts. The VPCs you create on AWS can be hosted behind your corporate firewall and they become your extended network resources on the cloud.

AWS Direct Connect

AWS Direct Connect is a better alternative to a IPSec VPN connection from your on-premises network to AWS. With Direct Connect, your traffic stays within the AWS network through a private network between AWS and your data center. To connect your data center to a Direct Connect location you will have to work with a AWS Network Partner. 1Gbps and 10 Gbps connections are available using industry standard 802.1q VLANs. A Direct Connect connection can be partitioned into multiple virtual interfaces to connect to public resources such as S3 using the public IP address space or to private resources such as EC2 instances in your VPC (Virtual Private Cloud) using private IP space.

Identity, Authentication, Authorization

AWS IAM - Identity and Access Management

AWS IAM (Identity and Access Management) is a fundamental building block of AWS services that grants users secure access to AWS resources through the console and APIs. Your on-premises network AD domain users can gain IAM role based access to AWS resources after setting up federation with your on-premises Microsoft Active Directory systems. Users can also gain access through federation with external Identity providers like Google or Facebook.

AWS Managed Microsoft AD

AWS provides a fully managed Microsoft Active Directory domain based on Windows Server. It comes in two versions: Standard Edition for small to medium sized businesses and Enterprise Edition for large businesses. Since this is a managed service deployed across multiple availabililty zones, you have less management tasks to worry about.

AWS AD Connector

AWS AD Connector is a service that can be configured through the AWS Active Directory console to connect to your on-premises Microsoft Active Directory. This service behaves as a proxy to redirect directory requests to your on-premises Microsoft Active Directory without caching information on AWS. AD Connectors can support upto 5000 users. With this scheme, you can use your existing corporate credentials to use and administer AWS resources via AWS IAM roles.

Data

AWS Storage Gateway

AWS Storage Gateway is a service that facilitates seamless connection to AWS Storage resources from your on-premises network. This service works well for backup and archiving, disaster recovery, migration and data processing on the cloud. The gateway can be downloaded as a virtual machine and installed on your on-premises network or you could purchase a physical hardware applicance from AWS and install it locally. Three storage interfaces are supported.

File gateway stores objects in S3 and provides access to clients using NFS protocol for Linux clients and SMB protocol for Windows clients. The files can also be accessed directly in S3. Volume gateway stores objects in S3 using the iSCSI protocol. You can take snapshots of the data and create EBS volumes. Tape gateway stores objects in S3 using the iSCSI virtual tape library interface. Can also use AWS Glacier for cheaper long term storage.

Other features include, local caching for low latency, encryption for data security and optimized data transfer and bandwidth management.

Resource and Deployment Management

AWS OpsWorks

AWS OpsWorks provides server and application configuration management using managed instances of industry standard automation platforms, Chef or Puppet. AWS OpsWorks comes in three flavors. AWS OpsWorks for Chef Automate, AWS OpsWorks for Puppet Enterprise and the light-weight AWS OpsWorks Stacks which uses Chef Client in local mode.

You might ask, why would I need OpsWorks when I can use AWS CloudFormation which is the preferred platform for infrastructure as code on AWS. While CloudFormation serves as the system to configure the full breadth of AWS resources, it does not prescribe any model for development and operations. OpsWorks with Chef and Puppet, on the other hand, is a higher level service that provides System Administrators with a reliable and productive DevOps eperience using a narrower set of resources such as EC2 instances, on-premises servers, EBS volumes, Elastic IPs and CloudWatch metrics.

AWS CodeDeploy

AWS CodeDeploy is a service that can deploy your applications from content or code that is stored on S3, Github or other repositories to EC2 instances, on-premises servers, AWS Lambda or AWS ECS (Elastic Container Service). CodeDeploy can become a vital component in your CI/CD (Continuous Integration/Continuous Delivery) pipeline.

AWS System Manager EC2 Run Command

AWS Systems Manager provides a secure way to remotely manage your instances without bastion hosts or SSH or remote PowerShell. With the Run Command provided by Systems Manager, you can install patches, install software, manage users and edit configuration files on remote server instances. This service works with on-premises servers by installing the Systems Manager agent on the servers.

VMware Cloud on AWS

If you want to extend or migrate your existing VMware VSphere based on-premises environments to AWS, without changing the current operating models, VMware Cloud on AWS is the service to use. This service was developed as a joint effort between VMware and AWS and is supported by VMware. With this service, your investments in VMware infrastructure can be combined with innovative services that AWS offers, seamlessly.

Cloud in a box!

AWS Outposts

AWS Outposts is a new service that is launching in 2019. With Outposts, AWS is bringing the cloud to your data center as AWS-built compute and storage hardware racks that you can deploy in your data center.

Initially EC2 instances with EBS storage options will be available to be deployed. There will be two variants - VMWare cloud on Outposts where you will be able to use VMWare control plane and APIs or AWS native cloud where you will be able to use AWS control plane and APIs to manage the resources. Outposts will be ideal for applications that require low latency connectivity to on-premises resources.