AWS Partner Network (APN) Blog

Post by Sabari Radhkrishnan, a SAP Partner Solutions Architect at AWS

Amazon Web Services (AWS) and SUSE have been working together for years to bring SUSE Linux Enterprise Server (SLES) to our joint SAP customers. Since 2012, when AWS first certified its platform for SAP workloads, including SAP HANA One, customers have been using the SLES operating system to run their SAP applications on AWS. When AWS certified its instances for SAP HANA in 2014, customers started using SLES for their SAP HANA deployments on AWS as well. In 2015, SLES for SAP was made available in AWS through SUSE’s bring-your-own-subscription program; and in 2016, SLES for SAP became available in AWS Marketplace as an on-demand image, so our existing and new customers could easily get started with their mission-critical SAP workloads.

As part of our continuing efforts to provide our joint SAP customers with the best experience, we are pleased to announce today that SLES for SAP will become available in AWS Marketplace as an AWS offering in Q4 2017. This will be the second joint listing from AWS and SUSE after SLES, which was launched almost seven years ago. With the release of X1 and X1e instances, which are purpose-built for in-memory workloads such as SAP HANA, we are seeing that more customers are choosing to run SAP workloads in development, test, and production on AWS.

The new SLES for SAP listing will make it easier for customers to run SAP workloads on AWS, because they will receive joint support from AWS and SUSE, and the new offering will be priced competitively. SUSE and AWS will continue to work together to enhance and optimize the OS for SAP workloads on AWS.

SLES for SAP includes the High Availability Extension (HAE), which allows SAP HANA instances to seamlessly fail over between Availability Zones. The software also includes other enhancements such as page cache management and kernel settings that are optimized for SAP workloads. In addition, SLES for SAP images carry extended service pack support so customers can run the next-to-last service pack for up to 18 months. You can find more details about the benefits of using SLES for SAP on the SUSE website.

Customers can easily get started with SLES for SAP for their SAP HANA workloads by using the AWS Quick Start for SAP HANA. This Quick Start helps provision and configure the infrastructure required to deploy SAP HANA in less than an hour, following best practices from AWS, SAP, and SUSE.

Customers can continue to leverage SUSE’s bring-your-own-subscription program to use their existing subscriptions to run their SAP workloads on AWS; see aws.amazon.com/suse for details. To learn more about running SAP on AWS, check out http://aws.amazon.com/sap.

To learn more about this announcement, see the SUSE blog.

If you’re at SUSECON, be sure to check out these SUSE and AWS sessions:

• BOV117851 – SUSE on Amazon Web Services: Join this discussion about the current offerings and new product developments on the AWS platform (CaaSP, ENA, SLES for SAP). (1-hour business overview)
• CAS117855 – Running SAP on AWS: Fitch Ratings Success Story: Join us for this talk as we discuss two case studies on SLES for SAP with systems integration partner Protera.
• SPO140247 – Best practices for SLES for SAP on AWS: Managing on-premise infrastructure for SAP workloads is challenging and costly. Learn how to bring agility, elasticity, cost savings, and scalability to new and existing SAP workloads with X1 instances from AWS.
• TUT126536 – Orchestrating GPU Workloads with SUSE CaaS Platform and Amazon Web Services: With the advent of public cloud instances that support Graphics Processing Units (GPUs), the need has arisen for orchestration of workloads that can leverage these coprocessors.

Aaron Friedman is a Healthcare and Life Sciences Partner Solutions Architect at AWS

Ujjwal Ratan is a Healthcare and Life Sciences Solutions Architect at AWS

Diagnosing the medical mysteries behind acutely ill babies can be a race against time, filled with a barrage of tests and misdiagnoses. During the first few days of life, a few hours can save or seal the fate of patients admitted to the neonatal intensive care units (NICUs) and pediatric intensive care units (PICUs). Accelerating the analysis of the medical assays conducted in these hospitals can improve patient outcomes, and, in some cases, save lives.

Precision medicine relies on the aggregate of these types of tests (and others) to advance healthcare. Due to decreasing costs and faster turnaround times, genome sequencing is one such test that is gaining adoption throughout healthcare. Understanding a patient’s genetic predisposition to different diseases is fundamental to establishing a medical risk baseline. In certain cases, such as in NICUs, a patient’s genetic profile can unlock the specific cause of a disease and inform the subsequent medical interventions that might work.

Today, we’d like to tell you about two of our AWS Partner Network (APN) Partners, DNAnexus and Edico Genome, who are working together to advance the principles of precision medicine, and are already changing lives through genomics.

Introducing DNAnexus

DNAnexus, an AWS Life Sciences Competency Partner, offers data management, next-generation sequencing data analysis, and secure collaboration for large-scale life sciences enterprises. The DNAnexus platform-as-a-service (PaaS) solution provides a secure and unified system that scales to meet its clients’ unique needs, such as merging de-identified clinical data with genetic data. The API-based DNAnexus platform enables customers (e.g., pharma, researchers, hospitals) to create custom workflows to analyze genomics data as they see fit, such as to develop new drugs or diagnose rare diseases.

Naturally, the data generated by these processes is sensitive and its protection is paramount. DNAnexus has architected their platform to align with key security and compliance frameworks, such as HIPAA, 21 CFR Part 11, CLIA, and FedRAMP.

Introducing Edico Genome

Edico Genome, an APN Standard Tier Partner and Amazon EC2 F1 Instance Partner, is focused on facilitating the growth of precision medicine. By accelerating one of precision medicine’s central components, genome sequencing analysis, without sacrificing accuracy, Edico Genome enables researchers and clinicians to understand the relationships between genetic variation and disease.

Edico Genome accelerates sequencing analysis by using field-programmable gate arrays, or FPGAs, in its Dynamic Read Analysis for GENomics (DRAGEN) solution. In contrast to conventional CPU-based systems, which must execute lines of software code to perform an algorithmic function, FPGAs use logic circuits to accelerate algorithms and provide outputs almost instantaneously. By replicating these logic circuits thousands of times over, DRAGEN is able to achieve industry-leading speeds by allowing for massive parallelism—unlike CPUs, which are limited to running only one task per core. FPGAs are also fully reconfigurable, allowing users to quickly switch between different functions and pipelines

Today, Edico Genome is deployed on our FPGA-based Amazon EC2 F1 instances and can process a whole genome sequence in about 70 minutes on an f1.2xlarge instance type and about 30 minutes on an f1.16xlarge instance type. These speeds can be over 10 times faster than current state-of-the-art algorithms.

How they’re working together

Recently, DNAnexus and Edico Genome announced a joint partnership to integrate Edico Genome’s DRAGEN solution, deployed on Amazon EC2 F1 instance family, into the DNAnexus platform. This integration gives customers the ability to leverage the speed of DRAGEN to analyze genomes coming from high-throughput sequencers, while also inheriting the security and compliance controls that DNAnexus has implemented. At a high level, here’s what this collaboration looks like:

DNAnexus ingests raw data (called base calls or reads) from genome sequencers such as Illumina’s NovaSeq. These reads are fed into DRAGEN, which is running on an EC2 F1 instance, to speed up the identification of genome variations that can influence disease progression. Results are stored in Amazon Simple Storage Service (Amazon S3) using industry-standard compression algorithms. Depending on the use case, customers can then collaborate across research sites while adhering to the regulatory requirements around sensitive data by using the capabilities built into the DNAnexus platform.

Collaborating to improve clinical care

Rady Children’s Institute for Genomic Medicine is one of the global leaders in advancing precision medicine. To date, the institute has sequenced the genomes of more than 3,000 children and their family members to diagnose genetic diseases. 40% of these patients are diagnosed with a genetic disease, and 80% of these receive a change in medical management. This is a remarkable rate of change in care, considering that these are rare diseases and often involve genomic variants that have not been previously observed in other individuals.

The institute adopted the DNAnexus platform to gain a secure, flexible, and scalable environment for local and distributed sequencing and analysis. Using DNAnexus with DRAGEN provides Rady with a highly optimized, end-to-end, whole genome sequencing analysis solution. Edico Genome’s DRAGEN data analysis pipeline is central to Rady’s ultra-rapid genomic data analysis, because it significantly reduces costs and turnaround time while maintaining accuracy. (Edico and Rady also previously worked together to set a Guinness World Record for fastest genetic diagnosis.)

“Our goal is to ensure that genome-powered precision medicine is available to every child who needs it. To do this, we needed a rapid research-to-bedside pipeline and be able to scale it and make it accessible to hospitals around the world,” said Stephen Kingsmore, M.D., D.Sc., president and chief executive officer at Rady Children’s Institute for Genomic Medicine. “DNAnexus has the technology and expertise to facilitate this ambitious project, Edico Genome’s rapid testing capability allows for rapid diagnosis of critically ill newborns.”

Based on the success of this partnership, Rady Children’s Institute is expanding this integrated solution to their partners nationally, fostering a growing genomic database that healthcare providers can access to quickly diagnose rare diseases in children.

Collaborating to advance precision medicine

One of the most rewarding things about working in Healthcare and Life Sciences at AWS is seeing how our APN Partners can work together to change the lives of people. The DNAnexus and Edico Genome partnership is one such example that is making a lasting impact on the healthcare industry. We look forward to seeing the results of this partnership advance precision medicine, and deliver results like the ones experienced at Rady Children’s Institute across the clinical landscape.

To learn more about how DRAGEN on DNAnexus can securely accelerate sequencing analysis, and take advantage of a reduced rate for analysis (valid through October 31, 2017), see the DRAGEN on DNAnexus promotional offer.

To learn more about how customers and APN Partners are using genomics on AWS, check out Genomics in the Cloud on the AWS website.

Please leave your feedback and questions in our Comments area.

AWS Training and Certification offers guidance to APN Partners so you can more effectively help customers leverage the AWS Cloud. We have two new courses to help you learn more about artificial intelligence solutions using AWS: Introduction to Machine Learning web-based training and Deep Learning on AWS instructor-led training. If you are looking to learn more about how to put artificial intelligence capabilities to use, start with Introduction to Machine Learning. Developers who are looking to learn more should then then attend the 1-day instructor-led training.

Here’s a bit more about each of these new training courses:

Introduction to Machine Learning is a free 40 minute web-based training intended for developers, solution architects, and IT decision makers who already know the foundations of working with AWS. This online course will give an overview of machine learning, walk through an example use case, teach relevant terminology, and walk through the process for incorporating machine learning solutions into a business or product. The course also includes knowledge checks to help validate understanding.

Deep Learning on AWS is a one day instructor-led training for developers who are interested in learning more about AWS solutions for deep learning. This course will teach individuals about the deep learning model and give them a roadmap for understanding what challenges deep learning can solve. Solutions related to image recognition, speech recognition, and speech translation are covered.

We recommend individuals take Introduction to Machine Learning before attending Deep Learning on AWS, but it is not required. In addition, individuals who are looking to learn more about how to leverage data for Deep Learning should consider taking Big Data Technology Fundamentals and Building a Serverless Data Lake.

APN Partners are eligible for 20% off instructor-led training delivered by AWS. Click here to sign in to the AWS Training and Certification Portal using your APN Portal credentials and browse all of our training offerings

Explore the AWS Competency Program: Helping Customers Identify Top AWS Partner Network (APN) Partners on AWS across Industries, Verticals, and Solutions

Customers use AWS to meet a wide variety of their IT needs, and many customers leverage the AWS Partner Network (APN) to provide additional value. Are you looking to engage with an AWS Consulting Partner who can help you effectively migrate your applications to AWS? Are you a media firm hoping to identify an AWS Technology Partner solution that can help you render video footage in the cloud? Chances are, whatever you’re looking to do on AWS, there’s an APN Partner whose services or solutions can help you leverage all of the benefits that the AWS Cloud provides.

But how do you identify the right APN Partner with whom to engage? And what does it mean to identify the right APN Partner?

Here’s where the AWS Competency Program comes in.

The AWS Competency Program is the global APN Partner program focused on providing our customers and sellers with guidance on the most qualified APN Technology and Consulting Partners who have deep expertise and proven customer success in specific solutions areas, such as Big Data, DevOps, Migration, and IoT; in vertical markets such as Financial Services, Healthcare and Life Sciences, Government, Digital Media; and with enterprise business applications, including Microsoft Workloads and SAP. AWS Competencies help customers find APN Partners who can bring the right expertise for their specific business needs by quickly narrowing the search among the tens of thousands of partners in the APN network.

“Our AWS Healthcare Competency partners repeatedly demonstrate expertise in serving the needs of the payer and provider communities to advance human health,” says Dr. Oxana Pickeral, the Global Segment Leader for Healthcare & Life Sciences at AWS. “Healthcare customers routinely leverage their rapid pace of innovation to tackle the entire healthcare spectrum, from security and compliance to population health analytics.”

The AWS Competency Program is the vehicle by which the APN Partners with the right solution or industry expertise are identified and validated. This validation, however, does not come easily.

AWS Competency Partners go through a rigorous technical assessment and verification of their expertise specific to each AWS Competency. AWS solutions architects perform a thorough technical validation that challenges APN Partners to raise the bar on their AWS Competency-specific solutions and the use of AWS best practices for security and architecture in the AWS Cloud. Additionally, AWS Competency Partners’ case studies go through a review by an independent third-party audit firm before they are accepted into the AWS Competency Program.

Each AWS Competency is different and has a distinct set of requirements that can be easily viewed by AWS Customers. This facilitates transparency and helps customers understand the meticulous process that AWS Competency Partners go through. The requirements are designed to evolve and become more stringent over time as industry verticals and solution areas mature in the AWS Cloud, meeting a core goal of continually raising the bar for AWS Competency achievements. Additionally, AWS Competency Partners are re-evaluated every 12-24 months to ensure the program only validates APN Partners who are truly committed to enhancing and refining their expertise and leadership in their space. The AWS Competency Program’s overarching goal is to give AWS Customers the confidence that they are choosing APN Partners that are highly specialized in a specific AWS solution or industry vertical.

Raising the Bar for Customers and APN Partners

The AWS Competency status is attained by mature APN Partners who work closely with AWS business and technical teams and share a common vision and dedication to delivering top notch customer experience and meaningful success.

Here’s what some of our AWS Competency Partners are saying about the AWS Competency Program:

• Scott Udell, Vice President of IoT Solutions at Cloud Technology Partners (CTP), notes that CTP’s Security, IoT, Migration, DevOps, and Financial Services Competency achievements are a “stamp of approval”. “This is a strong recognition of our work around IoT, and it will help us gain traction in the marketplace.”
• ClearData CEO Darin Brannan says his firm’s AWS Healthcare Competency Partner is “an achievement that affirms our position in healthcare security, compliance, and managed services, while our work on AWS enables healthcare organizations to quickly deploy services and apps in a healthcare-fortified AWS environment.”
• Aaron Klien, co-founder and chief operating officer of CloudCheckr, says, “While AWS holds its APN Partners to high standards, AWS also consistently supports and works with those who meet the standards. AWS’ help through the APN and Competency Program has proven invaluable in helping CloudCheckr thrive and grow as a solution and as a company. We would not be where we are today without the benefits of being an APN Partner.”
• “The APN takes its Competency designations seriously. This gives credence to the companies that achieve these Competencies and provides a benchmark that differentiates other APN Partners in this space,” explains Robert Groat, EVP, Technology and Strategy, Smartronix. “We want our government clients to know that we are committed to delivering AWS solutions that meet their unique and demanding requirements. As an AWS Premier Partner in the AWS Government Competency Program we have benefited from being able to deliver highly secure, highly available, fault tolerant and innovative solutions that have transformed the way our government customers deliver services to its constituents.”

The AWS Competency Program currently has 17 programs under the AWS Competency umbrella, and will continue to expand as solution areas mature in the AWS Cloud. The AWS Competency Program was founded on the philosophy of quality over quantity, which is why each AWS Competency is designed with a high requirements bar.

Once the APN Partners have achieved an AWS Competency status, they qualify for a number of benefits in the APN Program designed to enable them to accomplish even greater successes. For example, AWS Competency Partners are invited to upcoming product release information sessions, gain access to AWS private betas, they are the first APN Partners to be given an opportunity to host subject-matter webinars, and gain access to AWS roadmap briefings.

AWS Competency Partners are closely engaged with APN teams and have the opportunity to leverage AWS Competency Partner exclusive events to provide feedback to the APN leadership. AWS Competency Partners receive a special designation in the APN Partner Solutions Finder directory and a listing on the AWS segment or solutions web pages, to mention a few of the program benefits.

The AWS Competency Program offers an enormous value to AWS Competency Partners who choose to continuously raise the bar together with AWS and share our customer obsession, but for AWS Customers, this value is potentially greater! It gives our customers a high degree of confidence in choosing a company that is aligned with AWS rapid innovation and dedication to deliver the best possible results.

Explore AWS Competency Partners by Solution, Industry Vertical, or Business Applications

• All Solution Area Competencies: Migration, IoT, Storage, Security, DevOps, Mobile, Big Data.
• Industry Vertical Competencies: Financial Services, Government, Education, Healthcare, Life Sciences, Digital Media, Marketing & Commerce
• Business Application Competencies: Microsoft Workloads, SAP, Oracle.

The AWS Partner Webinar Series is a selection of live and recorded online presentations that cover a broad range of topics at varying technical levels and scale. Each webinar is hosted by an AWS Solutions Architect and an AWS Competency Partner who has successfully helped customers evaluate and implement the tools, techniques, and technologies of AWS.

These webinars feature technical sessions with AWS solutions architects and engineers, live demonstrations, customer examples, and expert Q&A sessions.

See the upcoming webinars below:

Salesforce Webinars

Salesforce IoT: Monetize your IOT Investment with Salesforce and AWS

Register for Upcoming Webinar: October 3, 2017 | 10am-11am PDT

Salesforce Heroku: Build Engaging Applications with Salesforce Heroku and AWS

Register for Upcoming Webinar: October 10, 2017 | 10am-11am PDT

SAP Migration Webinars

Accenture: Reduce Operating Costs and Accelerate Efficiency by Migrating Your SAP Applications to AWS with Accenture

Register for Upcoming Webinar: September 20, 2017 | 10am-11am PDT

Capgemini: Accelerate your SAP HANA Migration with Capgemini & AWS FAST

Register for Upcoming Webinar: September 21, 2017 | 10am-11am PDT

Windows Migration Webinars

Cascadeo: How a National Transportation Software Provider Migrated a Mission-Critical Test Infrastructure to AWS with Cascadeo

Register for Upcoming Webinar: September 26, 2017 | 10am-11am PDT

Datapipe: Optimize App Performance and Security by Managing Microsoft Workloads on AWS with Datapipe

Register for Upcoming Webinar: September 27, 2017 | 10am-11am PDT

Datavail: Datavail Accelerates AWS Adoption for Sony DADC New Media Solutions

Register for Upcoming Webinar: September 28, 2017 | 10am-11am PDT

Life Sciences Webinars

SAP, Deloitte & Turbot: Life Sciences Compliance on AWS

Register for Upcoming Webinar: October 4, 2017 | 10am-11am PDT

Healthcare Webinars

AWS, ClearData & Cloudticity: Healthcare Compliance on AWS

Register for Upcoming Webinar: October 5, 2017 | 10am-11am PDT

Storage Webinars

N2WS: Learn How Goodwill Industries Ensures 24/7 Data Availability on AWS

Register for Upcoming Webinar: October 10, 2017 | 8am-9am PDT

Big Data Webinars

Zoomdata: Build an On-Demand Data Science Workstation with Zoomdata

Register for Upcoming Webinar: October 10, 2017 | 10am-11am PDT

Attunity: Cardinal Health: Moving Data to AWS in Real-Time with Attunity

Register for Upcoming Webinar: October 11, 2017 | 11am-12pm PDT

Splunk: How TrueCar Gains Actionable Insights with Splunk Cloud

Register for Upcoming Webinar: October 18. 2017 | 9am-10am PDT

To see all upcoming AWS Partner Webinars, click here.

Bridgewater Associates, based in Westport, CT, is a major investment management firm with more than $150 billion in assets that it manages for a global customer base of pension funds, endowments, foundations, central banks, and national governments. It is also an Amazon Web Services (AWS) customer that we’ve worked closely with over the past year and half, developing a partnership that helps Bridgewater leverage the tools—and benefits—of the AWS Cloud.

Last December, Bridgewater Systems Engineer Joel Thompson approached us with questions around the features and future roadmap of the GetCallerIdentity API call. He also mentioned work that he was doing with APN Technology Partner HashiCorp to solve the challenge of HashiCorp Vault authentication in scalable and serverless environments.

In their own words, here’s how Joel and HashiCorp Product Manager Andy Manoske describe what happened next.

Joel Thompson, Bridgewater Systems Engineer

Our business requires us to be highly focused on security. For that reason, we’ve been big fans of HashiCorp’s Vault since it was first released. However, we faced the challenge of how to securely authenticate to Vault from various AWS services, such as from Amazon Elastic Compute Cloud (Amazon EC2) instances in an autoscaling group, code running in AWS Lambda (Lambda), and other environments. We were not alone in this either. Many in the financial services industry have long been asking for a solution to this problem.

 

One of my coworkers proposed a solution that, to work properly, required AWS to add a new API method – the WhoAmI method that is a feature we requested from our AWS Enterprise Support team. Last year, AWS added what was needed — sts:GetCallerIdentity. So, collaborating with the Vault engineering team and consulting with AWS support, the AWS authentication backend in Vault was born, making it easier for AWS customers to secure their cloud-native applications.

Andy Manoske, HashiCorp Product Manager

HashiCorp has created six open-source projects to enable organizations to provision, secure, connect, and run any infrastructure for any application. This is particularly important for organizations that are migrating their workloads to cloud services such as AWS. HashiCorp Vault is one of those projects, providing a focus on securing any infrastructure for any application. Vault provides secrets management, encryption as a service, and a way to enforce privilege and access management.

Vault is an open-source project, with a growing community of contributors, users, and HashiCorp employees collaborating on the features that go into Vault. One example of this was a major enhancement in Vault 0.7.1 to the AWS-Amazon EC2 authentication backend. The enhancement now makes it easy for many different AWS resource types to securely authenticate with Vault.  Given the broadened scope of what this backend can now do it has been  renamed to the AWS authentication backend.  This backend solved a series of challenges we were seeing within the open-source community and our customer base around securely enabling access to secrets from an AWS-based infrastructure. AWS resources can then access and use the secrets managed by Vault. This includes resources such as Lambda functions, Amazon EC2 Container Services jobs, Amazon EC2 instances, or any other client with access to AWS Identity and Access Management credentials can use those credentials to securely authenticate to Vault to retrieve their secrets.

 

The AWS authentication backend is an enhancement that was contributed and collaborated on by Joel Thompson at Bridgewater. Through Bridgewater’s use of Vault, Joel recognized a more specific enhancement to the authentication backend and then worked with the HashiCorp Vault engineers to make it a reality.

 

Through this engagement, which included assistance from AWS Enterprise Support to help them plan and build the solution using best practices and guidance from the AWS Identity service team, Bridgewater and HashiCorp were able to quickly and confidently collaborate on an important Vault feature.

To learn more about the collaboration, read Joel’s post on the HashiCorp blog. And go here to learn more about how AWS Enterprise Support can help your organization.

Building on the strategic alliance between Amazon Web Services and Salesforce, we are excited to announce the first release of the Amazon Connect Computer Telephony Integration (CTI) Adapter for Salesforce.

Amazon Connect is designed as a highly scalable, self-service, cloud-based contact center service that makes it easy for any business to deliver better customer service at lower cost. Salesforce Service Cloud empowers agents on the path to customer success with smarter and faster service tools. Now, the Amazon Connect contact center service and Salesforce’s customer relationship management (CRM) work together to provide the essential foundation for your organization’s customer service experience. This helps support integrated customer workflows between interactive voice response (IVR), automatic call distributor (ACD), and CRM – all critical to contact center strategies.

The Amazon Connect CTI Adapter is the first release of the package that is designed to provide complete cloud-based integration and workflow capabilities between Amazon Connect, Salesforce Service Cloud and Sales Cloud.

The Amazon Connect CTI Adapter provides a WebRTC browser-based contact control panel (CCP) within the Salesforce Lightning, Console, and Classic CRM experience. This CTI integration gives your agents the ability to leverage both inbound caller ID screen pop-ups and outbound click to call/transfer/conferencing.

Agent logging a screen pop call from the Amazon Connect Contact Control Panel (CCP) within the Salesforce Service Cloud Lightning experience

Getting Started

If you have not spun up an Amazon Connect instance, take a look at our Getting Started Guide. The Amazon Connect CTI Adapter integration leverages both the Amazon Connect Streams API and the Salesforce Open CTI API. In this blog post, we’re going to focus on setting up the Amazon Connect CTI Adapter for Lightning experience. You can follow the setup instructions for enabling the CTI Adapter for the Salesforce Classic and Console experience.

Step 1: Install the Amazon Connect CTI Adapter

Once you have your Amazon Connect and Salesforce CRM instances running, the first step will be to install the Amazon Connect CTI Adapter from the Salesforce AppExchange:

We recommend you initially install the package into your Salesforce sandbox.

Step 2: Configure your Salesforce Call Center

After the package has been installed, the next step is to set up your Salesforce call center configuration. This configuration is a XML file you import into your call center, which provides all the details required to enable the Amazon Connect CTI Adapter. First, download the call center XML configuration and import it into your Lightning call center configuration:

Edit the call center configuration and verify the following:

1. The suffix for the Amazon Connect CTI Adapter URL is set to Lightning. If you were configuring the Amazon Connect CTI Adapter for Classic or Console, those suffixes would be used instead.
2. Salesforce Compatibility Mode is set for Lightning. This would be set to Classic if you were configuring for Classic or Console.
3. The Amazon Connect CCP URL is set to your Amazon Connect instance name. (replace YOURINSTANCENAME with your Amazon Connect instance name).
4. If you are using this in another country (i.e. Great Britain), set the appropriate two digit ISO country code.
5. Provide access to users (i.e. admins, supervisors, agents) who will be using the CCP.

Step 3: Whitelist Your Salesforce’s Visualforce Domain

At this point, you have properly configured your Salesforce instance. The next step is to whitelist your Salesforce Visualforce domain within your Amazon Connect’s Application integration. This is required from a security perspective to ensure you are allowing cross-domain access to your Amazon Connect instance. More information about whitelisting can be found on the Amazon Connect Streams documentation.

If you’re unsure of the Salesforce Visualforce domain, or if it is getting blocked by Amazon Connect, you can find it by previewing the URL of the Amazon Connect Visualforce page within your Salesforce instance.

Testing the Amazon Connect CTI Adapter

Now that you have everything configured, let’s give this a go. Open your Chrome or Firefox browser and login to your Amazon Connect instance (https://YOURINSTANCENAME.awsapps.com/connect/login). Open another tab and log into your Salesforce CRM instance and go to your Sales or Service Console Lightning application.

If you are not seeing the phone icon or an empty pop-up, take a look at our troubleshooting guide in the setup instructions. You should notice that all numbers have a phone icon next to them. At this point, you can leverage the click-to-call capability when you press the icon or number.

It will make an outbound call via the Amazon Connect CCP and connect to the customer when they answer the call.

Once you complete the call, the Amazon Connect CCP will go into AfterCallWork status where the agent can perform any follow up activities (e.g. logging a call). After these activities are completed, they can make themselves available to take more calls.

If the agent is in an available state and they receive a call, the inbound call will screen pop the Amazon Connect CCP and any matching records for the caller ID.

You can also configure the screen pop behavior in the Softphone layouts under your Salesforce call center configuration.

What’s next

This is the first release of the Amazon Connect CTI Adapter for Salesforce. More features are coming soon as AWS determines how to best provide more integrated capabilities with Salesforce Service and Sales Cloud. Please try out the Amazon Connect CTI Adapter and open a case with your feedback. We value your input because it will help us define our next set of features.

For more information also refer to last March press release.

This month, we have three Partner Solutions Architects who will be highlighting four APN Partners they’ve been working with.  We will hear from David Potes, Chris Hein, and Pratap Ramamurthy, who will dive deeper into offerings from JFrog, Linkerd, Solodev, and Sparkpost!

JFrog, by David Potes

 A few months ago, I had the opportunity to attend the JFrog Swampup conference in Napa, California. Not only do they have an impressive list of customers, including Amazon, but they also have a few interesting products. The energy and enthusiasm that I felt from the community there really piqued my interest, so I took some time to dive into one of their key offerings. JFrog is all about open source, and the product I’m focusing on today, JFrog Artifactory, has a free open source version. They also offer enhanced versions with enterprise features and a SaaS-delivered version, for customers that would rather leave operations to someone else.

As companies of all sizes have embraced open source technology, their development processes have evolved from primarily using proprietary in-house coding to an amalgamation of free open source libraries, commercial libraries, as well as their own code. Just as in modern manufacturing, code is often assembled from components rather than developed from scratch. The benefits of this approach are well-documented, but using open source or commercial libraries introduces a few new challenges, too.

The biggest challenge is managing complexity. Often companies have a polyglot of languages they support, packages of various types and system artifacts such as Docker and Vagrant images. Each of these can have its own upstream and downstream dependencies, versions, licenses, and traceability data. The aim of a universal package manager, such as JFrog Artifactory, is to standardize the way that organizations manage all package types used in the software development process.

Just as teams adopted version control systems for source control, many companies are now adopting package management systems for binary artifacts. Below are a few key things to look for as you are evaluating an artifact repository.

Highly available access to remote artifacts. A package control system can act as an intermediate cache for remote repositories. This is known as a remote repository, though the parlance is a bit confusing. By acting as a proxy and a caching system, the tool is designed to provide faster access to binaries, as well as limit the blast radius, when an external repository is temporarily unavailable (or even permanently).

Full integration with your DevOps toolchain. Just as with source control, an artifact repository is at the center of your toolchain processes, so it’s critical for it to integrate with the tools that you use (or ones that you may use in the future). JFrog has a staggering number of integrations; everything from CI servers like Jenkins and Bamboo, remote repositories like Nuget and Github, to provisioning tools like Chef and Puppet and familiar names like Maven, Gradle, and Ivy.

Security and Access Control. Controlling access to entire repositories down to individual artifacts is a key feature, but also look for the ability to integrate existing access controls via LDAP or SAML. JFrog supports this functionality, as well limiting what can be downloaded to the virtual repository via blacklisting/whitelisting.

License governance. With a tool like JFrog Artifactory, you can scan the licensing requirements for any packages you download to the repository and provide immediate feedback on the package and its dependencies. This allows you to make sure you’re compliant early on in the development cycle, and prevent unnecessary delays when it’s time to go to production.

I’ve only scratched the surface on what you can do with JFrog Artifactory, and I plan to revisit this for a deeper dive in the future. In the meantime, if you’d like to give it a try yourself, JFrog offers a free trial for the Pro and SaaS versions, or you can just grab the open source version and see for yourself.

Linkerd, by Chris Hein

When building a distributed system, you have to deal with the challenges of making reliable/resilient requests from one service to another. While the underlying Transmission Control Protocol (TCP) layer can take care of packet-level reliability, request-level reliability–retries, timeouts, load balancing, circuit breaking, discovery, and so on–is relegated to application code. The advent of containers and automated container orchestration has only amplified these issues by making microservices easier to adopt than ever.

In the past, large scale companies developed OSS toolchains like SmartStack and Prana to offload this logic from the application and into a dedicated network proxy which handles requests going from one service to another. Although these solutions work, they’re tied to specific technology choices such as ZooKeeper or Eureka.

Enter Linkerd by APN Partner Buoyant. Linkerd is an open source, transparent layer 5/7 network proxy that is deployed as a “service mesh” to automatically add reliability and instrumentation to service requests. Linkerd integrates with a wide variety of environments including Consul, Kubernetes, and DC/OS. In Amazon EC2 Container Service (Amazon ECS), Linkerd only requires you to run a service discovery framework to be effective.

Buoyant has recently been working with various ECS customers to document the best practices from the field. With these best practices, ECS customers can deploy Linkerd as a service mesh using Consul by Hashicorp for service discovery, allowing you to monitor all internal request traffic (including top-line service metrics such as success rates and latency distributions), automatically retry requests when a service fails, or even dynamically route requests. For more information check out their blog post: A Service Mesh for ECS

Solodev Web Experience Platform, by Pratap Ramamurthy

When OneBlood, a non-profit organization that provides blood donation services, experienced a sudden 2700% increase in traffic on their website in one hour, the website did not go down. This is because they run on the Web Experience Platform, which was created and is managed by Solodev, an APN Advanced Technology Partner.

The Solodev Web Experience Platform is an advanced Web Content Management System (CMS) that helps customers deploy, host and manage enterprise-level websites as well as integrate their web content. It is architected based on best practices for security, high availability, and scalability as defined by the AWS Well-Architected Framework. Solodev uses the Elastic Load Balancing service to distribute traffic to application servers that reside in multiple Availability Zones, to provide high availability. When there are spikes in traffic, Solodev scales horizontally by using AWS OpsWorks to provision more instances.

The platform comes with several features that set it apart from a simple CMS. When you create new web content, A/B testing is arguably the most important tool you can use to find out what is working and what is not, especially before you release changes to production. With the Solodev platform, users can conduct A/B testing using Solodev Experiments, rapidly iterate through changes in their web content, and make informed decisions based on experimentation and testing.

Web content is a key part of an enterprise’s marketing effort. When web content, mobile content, CRM, and other marketing campaigns come together, the user gets a seamless experience. Solodev integrates with popular CRM software like Salesforce and SugarCRM, so you can import new leads from web forms into your CRM system. When you run an email campaign, having a web content manager that is aware of the campaign helps increase its success by making it seamless for the recipients. With this goal, Solodev has integrated with popular marketing automation tools like Pardot, Marketo, Eloqua and many more. These features and integration points turn the platform into a truly advanced Web Content Management System.

About the Solodev solution running on the AWS platform, OneBlood states, “While we were happy to have an uptime of 95% previously, we now see an uptime of 99.97%.” You can read about the OneBlood customer case study and try out the platform, which is available as a SaaS subscription.

SparkPost, by Pratap Ramamurthy

 In my first job, I was tasked to send out a newsletter to around 10,000 recipients. I wrote a quick test program using open source libraries, and successfully tested by sending a few emails. Later, when I started sending all 10,000 emails, everything started to fall apart. In hindsight, I should have used an email delivery service like SparkPost. Sending email at scale is a very specialized function that requires domain expertise. SparkPost abstracts this complexity by providing a managed service that customers can integrate with.

There are two kinds of emails that enterprises usually send. The first is called “bulk email”, this usually includes announcements about new product launches, newsletters, and other similar items. Sending bulk email is an inherently “bursty” workload that could lead to scaling problems if self-managed. This need for elastic scalability is one of the problems that SparkPost solves by running on AWS.

The second kind of email is called “triggered email,” and it’s the kind that app developers most often want to send. Emails of this kind usually are API-driven and include common service and app use cases such as password changes and other security notifications, new registration and onboarding emails, and transactional receipts.

Relying on an email delivery service to send both bulk and triggered email is an effective way to reduce operational overhead and increase the success of email delivery. As a SparkPost customer you can leverage the SparkPost libraries to trigger emails from your application. See the figure below for a code sample in Python:

Image used with permission

An email delivery system cannot be a fire-and-forget system because the senders will not be able to measure success. SparkPost provides a near real time monitoring dashboard for the emails that were sent. This helps the sender measure the success, as well as fine tune the email strategy in future. The way email works today, the sender has no control or visibility beyond the first hop, so how does SparkPost measure success? SparkPost includes tracking info in the email that is triggered when the user opens a message or clicks on a link. This is combined with other relevant data and shown to the sender in a dashboard. Additionally, SparkPost takes it further by optionally enabling Webhooks to call your own endpoints for further analysis.

When you start measuring your email marketing campaigns, one of the first challenges you will notice is the delivery to success ratio. You may be sending emails, but your Internet Service Provider (ISP) might not be delivering them because of low email sender reputation. The email sender reputation is a score assigned by the ISP, and if it’s low, the ISP might be sending your emails to a Junk folder or even reject the emails outright. Several factors determine the score, like the number of emails sent by the organization, how often emails hit the spam trap, number of email bounces and so on. SparkPost helps you improve your email reputation by warming the IP address, managing feedback loops, and by following to best practices listed here.

Inbox delivery success criteria, security and many more aspects of email delivery are detailed in SparkPost documentation. Once you are ready, you can get started with a range of cost-effective plans. SparkPost also offers a free developer account that provides access to all SparkPost features and up to 15,000 free emails per month.

Amazon Web Services (AWS) offers training resources at no cost designed for AWS Partner Network (APN) Partners so you can more effectively help customers leverage the AWS cloud. We regularly update and release new Solutions Training for Partners content so you can be sure you are learning the latest about AWS. We are expanding our online training availability to give you more flexibility for completing training.

Solutions Training for Partners: Foundations: New Web-Based Training and Updated Instructor-Led Training

We now have a web-based training version of our popular Solutions Training for Partners: Foundations course. We’ve also updated the instructor-led training version of the course to include interactive role play sessions and information about recently released and updated AWS services. This training is recommended for APN Consulting Partner business professionals who want to learn more about AWS best practices to build their business and better meet customer business challenges.

Solutions Training for Partners: Windows Technical: New Instructor-Led and Web-Based Training

Our newest course, Solutions Training for Partners: AWS for Windows Technical, is available in both instructor-led and web-based training modalities. This course trains APN Consulting Partners on the technical foundations for running Windows-based workloads on AWS. You will learn about the technical advantages and positioning for Windows on AWS, and learn how to provide guidance to customers on architecting common Microsoft workloads for AWS. We recommend you achieve the AWS Technical Professional accreditation before registering for this class.

You can explore more training resources for APN Partners here, and you can search for classes near you by logging into the AWS Training and Certification Portal with your APN Portal credentials. APN Partners have access to partner-specific training at no cost and are eligible for a 20% discount on customer-facing public AWS training delivered by AWS. You can also request a private onsite training for your team by contacting us.

Software as a service (SaaS) solutions often present architects with a diverse mix of scaling and optimization requirements. With SaaS, your application’s architecture must accommodate a continually shifting landscape of customers and load profiles. The number of customers in the system and their usage patterns can change dramatically on a daily—or even hourly—basis. These dynamics make it challenging for SaaS architects to identify a model that can efficiently anticipate and respond to these variations.

Dynamically scaling servers and containers have certainly given SaaS architects a range of tools to accommodate these scaling patterns. And now, with the advent of serverless computing and AWS Lamba functions, architects have a computing and consumption model that aligns more precisely with the demands of SaaS environments.

In this blog post, we’ll discuss how serverless computing and AWS Lambda influence the compute, deployment, management, and operational profiles of your SaaS solution.

It’s All About Managed Functions

Adopting a serverless model requires developers to adopt a new mindset. Serverless touches nearly every dimension of how developers decompose application domains, build and package code, deploy services, version releases, and manage environments. The key contributor to this shift is the notion that serverless computing relies on a much more granular decomposition of your system, requiring each function of a service to be built, deployed, and managed independently. In many respects, serverless takes the spirit of microservices to the extreme.

While making this move make requires a paradigm shift, the payoff is significant—especially for SaaS solutions. This more granular model provides us with a much richer set of opportunities to align tenant activity with resource consumption. It is at the core of enabling your ability to tackle many of the challenges associated with SaaS cost and performance optimization.

The impact of serverless reaches beyond your code and services. It completely removes the notion of servers from your view. Gone is the need to provision, configure, patch, and manage instances or containers. In fact, as a developer of serverless applications, you are intentionally shielded from the details of how and where your application’s functions are executed. Instead, you must rely on the managed service—AWS Lambda—to control and scale the execution of your functions.

This notion of moving away from the awareness of any specific instance or container sets the stage for all the goodness we are looking for in our SaaS environments. It also frees you up to  focus more of your attention on the functionality of your system.

Escaping the Policy Challenge

The ability to dynamically scale environments is essential to SaaS. Being able to respond quickly to changes in tenant load is key to maximizing a customer experience while still optimizing the cost footprint of your solution. Achieving these scaling goals with server-based environments can be challenging. With instances and containers, the responsibility for defining effective and efficient scaling policies lands squarely on your shoulders. The diagram below illustrates the complexity that is often associated with configuring the policies in traditional server-based SaaS environments.

In this example, we have decomposed an e-commerce application into a set of services. This decomposition was partly motivated by the desire to have each service scale independently. This is illustrated by the specific policies that are attached to each service. Here, for example, the search service might be scaling on memory, while the checkout service might be scaling on CPU.

This is a perfectly valid model. However, it puts significant pressure on the SaaS architect to continually refine and tune these policies to align them with the evolving usage patterns of your multi-tenant environment. The policies that are valid today might not be valid tomorrow. As new tenants come on board, the profile and behavior of the system can change. Ultimately, you might end up over-allocating resources to accommodate these variations in load. The end result is often higher per-tenant costs.

Now, as you move beyond thinking about instances and start implementing your solutions as a series of serverless methods, you can imagine how this influences your approach to managing scale. With AWS Lambda, you can mostly remove yourself from the policy management equation. Instead, scaling and responding effectively to load becomes the job of the managed service.

The Power of Granularity

The sections above outlined the value and impact of decomposing your system into a series of independent functions. Let’s dig a bit deeper into a real world example that provides a more detailed view of how a serverless model influences the profile of an application service that is implemented with Lambda.

The image below provides and example of an order management service that might be deployed as a REST service hosted on an instance or container. This service supports a collection of methods that encapsulate the basic operations needed to store, retrieve, and control the state of orders in an e-commerce system.

This service includes a range of straightforward capabilities. In a typical scenario, the service would likely support a more detailed set of operations. Still, as you look at the scope of this service, it seems to meet most of the reasonable criteria. It’s relatively focused and is likely loosely coupled to other services.

While the service seems fine, it could present problems when it comes to scaling in a SaaS environment. Suppose, for example, that the DELETE operation of this service is very CPU-intensive while the PUT operation tends to be more memory-intensive.  And, from our profiling, we see that some tenants are pushing the GET operation hard while others are using PUT operations more heavily. This creates a challenge when figuring out how to scale this service effectively without over-allocating resources. Essentially, with this more coarse-grained surface, your options for scaling the service can be somewhat limited. Without more control over your scaling granularity, you’ll be unable to match usage of the service to potential variations in tenant activity. Instead, you’re left with a best guess approach to picking a scaling model with the hope that it might represent an efficient consumption of resources.

Now, let’s see what it would mean to deliver this order management service in a serverless model. The following diagram illustrates how scale would be achieved in an environment where each of the service’s operations (functions) is implemented as a separate Lambda function.

As load is placed on an operation, that operation can scale out independently of the others. More calls to GetOrders(), for example, force the scale out of that function. Meanwhile, DeleteOrder() consumes almost no resources. The beauty of this model is that you no longer need to think about how best to decompose your services to find the right balance of consumption and scale. Instead, by representing your service as a series of separately deployed functions, you directly align the consumption of each function with the real-time activity of tenants. If there’s tremendous demand for order searches right now, the system will scale that specific method to meet the demands of that load. Meanwhile, if other functions are going untouched, these functions will not generate any compute costs.

You can imagine the value this model brings to SaaS environments where the activity of existing and new tenants is constantly changing. With traditional SaaS implementations, it would not be uncommon to have idle services that are rarely exercised or only pushed during specific windows of the day. Now, with a serverless architecture, this is no longer an issue. You can simply deploy your functions and let them to respond actual tenant load. If a group of functions are not called for a day they will incur no costs for remaining idle. Then, if a new tenant suddenly pushes these same functions, Lambda will be responsible for providing the required scale.

Serverless Management and Monitoring

The more granular nature of serverless applications also adds value to the SaaS management and monitoring experience. With SaaS applications, it’s essential to proactively detect—with precision—any anomalies that may exist in your system. Imagine the dashboard and operational view that could show you the health of your system at the function level. The following image provides a conceptual view of how a serverless system could help you analyze your system’s health and activity more effectively:

The heat map on the left provides a coarse-grained representation of the services. The health of each service is represented by a range of colors that convey the current status of a service. In this example, you’ll notice that the order management service is red, indicating that there is some kind of issue with the health of that service. However, we won’t know which aspect of this service is actually failing without drilling into logs and other metrics.

The view on the right represents the health of the system in a serverless model. Here, each square in the grid corresponds to a Lambda function. Now, when the health of any aspect of the system starts to diminish, you get a more granular view of what may be failing. This makes it easier to develop proactive policies and streamlines the troubleshooting process, both of which are essential in SaaS environments where an outage could impact all your customers.

More Chances to Impact Availability

With SaaS applications, you’re always looking for opportunities to improve the availability profile of your application. Most SaaS solutions lean heavily on building in fault tolerance mechanisms that allow an application to continue to function, even when some portions of the system could be failing.

Imagine, for example, that your e-commerce application has a ratings service that provides customer reviews about products. Although this feature is valuable to customers, the system could continue to function when this service is down. In this scenario, your system could either temporarily remove the display of the ratings or use a cached copy of the latest ratings data during the failure.

This approach to fault tolerance is a common technique that is used in many SaaS architectures. However, more coarse-grained services often undermine your ability to introduce effective fault tolerance strategies. The outage of an entire service can be more difficult to overcome. This is an area where the serverless model shines. The decomposition of your system into independently executable functions now gives you a much more diverse set of options for introducing fault tolerant policies.

Supporting Siloed Tenants

SaaS providers are often required to deliver some or all of their system in a siloed model where each tenant has its own unique set of infrastructure resources. This may be driven by any number of factors, including compliance, regulatory, or legacy architecture requirements. There are a number of downsides to operating a SaaS product in this model. Cost often rises to the top of this list, because the overhead associated with provisioning, operating, and managing separate tenant infrastructure can be substantial.

Serverless computing often represents a compelling alternative for these siloed solutions. With this model, the execution of each tenant’s functions can be completely isolated from other tenants. In fact, you can leverage AWS Identity and Access Management (IAM) policies to ensure that a Lambda function is executed in the context of a specific tenant, which helps address any concerns customers may have about cross-tenant access.

The other key upside of using serverless computing in a siloed SaaS model is its impact on costs. If you’ve used virtual machine or containers as your underlying infrastructure, this will require each tenant to have some idle footprint—even if the tenant isn’t exercising any of the system’s functionality. Meanwhile, with serverless computing, your tenant costs will be directly correlated to their consumption of the functions you’ve deployed. And, if there are areas of the system that tenants aren’t using, there will be no compute costs associated with these unused features. This can amount to a significant savings in a siloed environment.

The API Gateway and SaaS Agility

The Amazon API Gateway is a key piece of the AWS serverless model. It provides a managed REST entry point to the functions of your application. It also offloads issues like metering, DDoS, and throttling, allowing your services to focus more on their implementation and less on managing and routing requests.

In addition to providing API fundamentals, API Gateway also includes mechanisms to manage the deployment of functions to one or more environments. API Gateway includes support for stage variables that allow you to associate functions with a specific environment. So, for example, you could define separate DEV and PROD stages in the gateway and point these stage at specific versions of your functions. This can simplify both deployment and rollback of releases. It can also simplify the tooling you’ll need to build for your deployment pipeline.

As you move into a serverless model, you’ll also find that the function-based model aligns nicely with your SaaS agility goals. The following diagram illustrates how the move to more granular functions impacts your continuous delivery pipeline. Since each function is executed in isolation, they can also be deployed separately.

This smaller unit of deployment is especially helpful in SaaS environments where there is an even higher premium on maximizing up time. It also narrows the scope of potential impact for each item you deploy, promoting more frequent releases of product features and fixes.

Focus on What Matters

While there are a number of technical, agility, and economic advantages to building a SaaS solution with a serverless architecture, the biggest advantage of serverless is that frees you up to focus more of your energy on your application’s features and functionality. Serverless computing takes the entire notion of managing servers off your plate, allowing you to create applications that can continually change their scaling profile based on the real-time activity of your tenants.

For many teams, the real challenge of serverless computing is making the shift to a function-based application decomposition. This transition represents a fairly fundamental change in the mental model for building solutions. It may also have you reconsidering your choice of languages and tooling.

Challenges aside, the natural alignment between the values of SaaS and the principles of the serverless model are very compelling. The upsides of cost, fault tolerance, deployment agility, and managed scale make serverless computing an attractive model for SaaS providers