American Commercial Lines: Migrating Oracle E-Business Suite to AWS Case Study Michael McGrath, VP Information Technology, American Commercial Lines Abdul Sathar Sait, Principal Cloud Solutions Architect, Amazon Web Services Thiru Sadagopan, VP Cloud Services, Apps Associates LLC March 05, 2015
Today s Speakers Michael McGrath VP Information Technology American Commercial Lines Thiru Sadagopan VP Cloud Services Apps Associates LLC Abdul Sathar Sait Principal Cloud Solutions Architect Amazon Web Services
American Commercial Lines
Prior to AWS Migration ERP 12.1.3 implementation completed Feb. 2013 Core financials, purchasing, inventory, asset management Mission-critical application governing various aspects of ACL operations User base spread across multiple locations in North America Integrated with other business apps such as Single Sign On with AD
Drivers for Considering AWS Platform flexibility Grow or shrink footprint and environments Rapidly launch, archive, re-launch entire environments Pay as you go Not just a OpEx vs. CapEx argument Pay for what you use Desire to limit additional investment in on-premises data center Future AWS-based applications in our plans
Journey to AWS Chose an AWS Partner offering Oracle solutions Apps Associates, AWS Partner with experiences deploying Oracle solutions to AWS Cloud hosted solution for Oracle E-Business Suite Oracle competency recognized by AWS Partner program 3 month migration cycle 2 passes of migration and integration testing Prod migration over a weekend 4 hour downtime and smooth transition SSO integration hiccups ironed out within the hour
AWS Overview Abdul Sathar Sait, Principal Cloud Solutions Architect Amazon Web Services
Journey to AWS [Enterprise customers are] skipping the years of early getting-theirfeet-wet, and immediately jumping in with more significant projects, with more ambitious goals
Journey to AWS Increasingly, organizations are asking what can t go to the cloud, rather than what can
11 regions 28 availability zones 46 edge locations
Connected By a World-Class Network Slow Fast High packets-persecond performance Low jitter EBS-optimized instances Virtual network interfaces High throughput, low latency Physical placement optimization
AWS Private Network Capabilities Software-defined private network Dedicated private network connection to AWS All services AWS Virtual Private Cloud (VPC) AWS Direct Connect
AWS Governance Fine-grained access control over data and resources Geographic data locality Fine-grained access control In-depth audits Control over regional replication Policies, resource level permissions, temporary credentials AWS CloudTrail
Certifications and Accreditations for Workloads That Matter
Integration with On-Premises Resources Integrated networking Integrated access control Integrated cloud backups Single pane of glass # 192.168.1.11 # 192.168.1.10 Microsoft Active Directory Custom LDAP App 1 AWS Storage Gateway
Elastic Compute Cloud (EC2) Basic unit of compute capacity Range of CPU, memory & local disk options 17 Instance types available, from micro through cluster compute to SSD backed Feature Details Flexible Run windows or Linux distributions Scalable Wide range of instance types from micro to cluster compute Machine Images Configurations can be saved as machine images (AMIs) from which new instances can be created Full control Full root or administrator rights Secure Full firewall control via Security Groups Monitoring Publishes metrics to Cloud Watch Inexpensive On-demand, Reserved and Spot instance types VM Import/Export Import and export VM images to transfer configurations in and out of EC2
Storage Options Elastic Block Store High performance block storage device 1GB to 1TB in size Mount as drives to instances with snapshot/cloning functionalities Simple Storage Service Highly scalable object storage 1 byte to 5TB in size 99.999999999% durability Glacier Long term object archive Extremely low cost per gigabyte 99.999999999% durability
Oracle on AWS AWS simplifies Oracle implementation Makes management easy Could reduce implementation cost and time by half
A Few Oracle Products Our Customers Use on AWS Oracle Database, GoldenGate, Data Guard Oracle E-Business Suite, PeopleSoft, Siebel, JD Edwards Fusion Middleware, SOA Suite, WebCenter, Weblogic OBIEE, Hyperion, ATG Web Commerce
Oracle License Portability to AWS All Oracle licenses are fully portable to Amazon Web Services Enterprise license agreement (ELA) Unlimited license agreement (ULA) Business process outsourcing (BPO) Oracle Partner Network (OPN) Processor and socket licensing: 0.25 core multiplier for standard licenses (sockets) 0.5 core multiplier for enterprise licenses (processor)
Solution Description Thiru Sadagopan, VP Cloud Services Apps Associates LLC
Operational Considerations Oracle ERP Network access Instance types, AMI, Oracle DB and Applications tier Storage considerations Security and controls Housekeeping functions Cloning, patching specific to Oracle ERP Backups, monitoring configurations Migration approach to AWS
Network Access Amazon Virtual Private Cloud (VPC) Private subnet for DB and Apps tiers Public subnet if public facing modules such as isupplier Reverse proxy often leveraged Security groups for data firewalls IPSEC tunnels commonly leveraged AWS Direct Connect an option depending on other workloads Internet
Instance Types and AMI High memory instances 32 bit for Version of 11i of Oracle E-Business Suite is a challenge Oracle maps to AWS cores for licensing options Oracle or Red Hat Linux AMIs Apply prerequisite rpms, kernel updates Create custom AMI for future deployments PV and HVM considerations
Database and Application Tiers Same versions of OS is best practice Shared file systems common for load balanced deployments Single Database tier (non-rac) Single or multiple Applications tier Cluster file systems NFS is an option as well Amazon Elastic Load Balancing
AWS Storage Options Summary Storage Option General Database Applications Speed Durability Instance Store Swap Temporary files Reports cache, web server cache Very low latency Very low; volatile EBS PIOPS / SSD Data files, redo logs Low latency Highly Durable but always backup EBS Boot volume Binaries, archive logs Binaries Moderate latency Highly Durable but always backup Amazon S3 Backups Backups Backups Longer latency Very high durability Amazon Glacier Long-term backups Long-term backups Long-term backups Restore times of 3 5 hours Very high durability
Typical Storage Configuration for Oracle Database Binaries Data Files Redo Log Files Archive Log Files Backup Files Storage Type EBS volume PIOPS EBS / SSD volumes PIOPS EBS / SSD volumes EBS volumes EBS volumes / Amazon S3 Comments Standard volume; EBS snapshots enabled Striped across multiple volumes using ASM or any other technology PIOPS of 1000 or above Use separate EBS volumes for each group Preferable to use ASM disk groups Standard volumes for normal database workloads PIOPS for highly transactional environments Standard EBS volumes for local backups Use OSB / other technology to push to Amazon S3
Storage Options for Oracle Sample disk layout for Oracle Database using ASM PROD DEV TEST Amazon S3 Bucket +PROD_DATA +PROD_FRA +DEV_DATA Life Cycle Policies Striping Striping 4 EBS Volumes 4 EBS Volumes 4000 PIOPS 1000 PIOPS ASM instance with 16,000+ IOPS Striping 4 EBS Volumes 500 PIOPS Amazon Glacier
Database Backup Best Practices PROD +PROD_DATA +PROD_FRA RMAN Local Backup /backupfs EBS Snapshot Striping Striping 4 EBS Volumes 4 EBS Volumes 4000 PIOPS 1000 PIOPS ASM instance with 16,000+ IOPS OSB Cloud Module Using RMAN Amazon S3 Bucket
Security
It s a Shared Responsibility You and/or Your Service Provider IaaS Provider (AWS)
Comprehensive Security Capabilities Access Control Encryption Networking Other Identity and Access Management (IAM) Multi-factor Authentication (MFA) Security Groups and Network ACL Dedicated instances Amazon Key Management Service Amazon S3 Server- Side Encryption (SSE) Amazon RDS Oracle Transparent Data Encryption (TDE) AWS CloudHSM Client-Side SDK Data Encryption AWS Virtual Private Cloud (VPC) SSL Certificate Management AWS Direct Connect VPN Service Health Dashboard Cloudtrail Trusted Advisor Security Bulletins Signed API Access Amazon S3 Access Logs AWS Marketplace Security Products Best Practices GovCloud
Security Attestations, Reports and Certifications
Housekeeping Functions Cloning for Oracle E-Business Suite AMIs and snapshots can be leveraged with AWS CloudFormation scripts and bootstrapping to automate cloning Monitoring Easy to extend monitoring agents Amazon CloudWatch metrics can be useful Cloud based OEM 12c (optional) Rapid deployment Fully managed service
Migration Approach EBS Suite Understanding present Infrastructure Resource requirements Design & Build EBS Architecture Security design for EBS Suite Infrastructure build Servers & Storage Production Migration Test/UAT Migration, UAT, Stress Testing, Regression Test Backup Infrastructure, Monitoring & Restore Validation EBS DEV Applications build Clone form PROD
Sample AWS Infrastructure for Oracle Apps Internet Internet App App App Production Test/Dev CRP Private Subnet Snapshot Replication or Data Guard Ap p Backup Snapshots VPC Private Subnet AZ-1 Backup Snapshots NMS NA T Public Subnet Public Subnet US East VPN Tunnel US West Corporate WAN
American Commercial Lines
Post-AWS Observations Lower infrastructure costs Costs easily tracked on AWS invoices Uptime equivalent to private third-party data center Reconsidered our disaster recovery needs and capabilities Still learning how connectivity affects performance, real and perceived
Future Plans Relative to AWS EBS-driven identity management migration Currently on-premises Oracle Access Manager protects EBS and OBIEE Evaluation of Oracle BI migration Continued general migration to AWS instead of on-premises hardware replacements Keeping an eye on Amazon WorkSpaces
Questions? ACL Michael McGrath mike.mcgrath@aclines.com www.aclines.com Apps Associates Thiru Sadagopan thiru.sadagopan@appsassociates.com www.appsassociates.com AWS Abdul Sathar Sait asait@amazon.com www.aws.amazon.com
Thank You