aws networking competency - amazon s3 · provides virtual private network ... technology partner...

AWS Networking Competency Technology Partner Validation Checklist Consulting Partner Validation Checklist July 2017 Version 1.0

AWS Networking Competency:

Technology Partner Validation Checklist

AWS Networking Competency: Technology Partner Validation Checklist, v1.0 pg. 2

Table of Contents

Introduction .............................................................................................................................. 3

Competency Application and Audit Process ........................................................................ 3

Program Policies ..................................................................................................................... 3

AWS Networking Technology Competency Categories ....................................................... 4

AWS Networking Competency Program Prerequisites ........................................................ 5

AWS Networking Technology Partner Validation Checklist ................................................ 6

Technology for Network Connectivity ................................................................................... 6

1.0 AWS Customer References – Technology for Network Connectivity ............................................ 6 2.0 Technology Components – Technology for Networking Connectivity ........................................... 7

Direct Connect Integrated and Infrastructure Partners ........................................................ 7

Direct Connect Integrated Partners ....................................................................................... 7

1.0 AWS Customer References – Direct Connect Integrated Partners ............................................... 8 2.0 Technology Components – Direct Connect Integrated Partners ................................................... 8

Direct Connect Infrastructure Partners ................................................................................. 9

1.0 AWS Customer References – Direct Connect Infrastructure Partners .......................................... 9 2.0 Technology Components – Direct Connect Infrastructure Partners .............................................. 9

Technology for Load Balancers ........................................................................................... 10

1.0 AWS Customer References – Technology for Load Balancers .................................................. 10 2.0 Technology Components – Technology for Load Balancers ....................................................... 10

Technology for Network Management ................................................................................. 11

1.0 AWS Customer References – Technology for Network Management ........................................ 11 2.0 Technology Components – Technology for Network Management ............................................. 11

Appendix A – General Requirements ................................................................................... 13




Introduction

The Competency Partner Validation Checklist is intended for APN Partners who are interested in applying for AWS Competency. This checklist provides the criteria necessary to achieve the designation under the AWS Competency Program. The goal of the AWS Competency Program is to recognize APN Partners who demonstrate technical proficiency and proven customer success in specialized solution areas. APN Partners undergo a validation of their capabilities upon applying for the specific Competency, and every 12 months thereafter. AWS leverages in-house expertise to facilitate the review. AWS reserves the right to make changes to this document at any time. It is expected that APN Partners will review this document in detail before submitting a Competency application, even if all of the pre-requisites are met. If items in this document are unclear and require further explanation, please contact your AWS Partner Development Representative (PDR) or Partner Development Manager (PDM) as the first step. Your PDR/PDM will contact the Competency Program Team if further assistance is required.

Competency Application and Audit Process

In order to begin the validation process, please follow the steps outlined below: ▪ Step #1: Review the Partner Validation Checklist

▪ Step #2: Submit a Competency Application through the APN Portal

• Login to the APN Portal

• Click “View My APN Account” in left navigation

• Scroll to AWS Competencies and select the appropriate Competency

• Complete the Competency Application

Incomplete applications will not be considered and will be rejected.

Once your firm’s application has been submitted through the APN Portal, the APN Team will review for compliance. AWS recommends that APN Partners have individuals who are able to provide evidence of compliance and to speak in-depth to the requirements available during the validation process. Upon completion of the review, a recommendation is given to the APN Team regarding APN Partner acceptance into the Competency. The final decision regarding acceptance is made by the APN Team; APN Partners will be notified of their status by AWS.

Program Policies

An APN Partner's application to the Competency may be rejected at the discretion of the Global Segment Business or Technical Lead. Rejections may be made due to estimated ability to consistently implement technical solutions, lack of current required APN Partner certifications, judgment of the technical or business merit of the proposed solution, perceived lack of solution delivery capabilities, or any other business or technical criteria deemed critical.

http://aws.amazon.com/partners/competencies

https://www.apn-portal.com/




Competency status can be revoked at the discretion of the Global Segment Business or Technical Lead. Revocations may be issued due to loss of required APN Partner certifications, lack of progress toward billing or win goals, repeated violations of AWS PR guidelines, evidence of poor customer experience, including cost vectors, when using the solution, or any other business/technical factors that would indicate that the practice or solution may not meet current requirements, or is projected not to meet future requirements. Competency status must be renewed annually on a calendar year basis. Requirements for renewal may change from year to year, subject to the business and technical needs of AWS and its customers.

AWS Networking Technology Competency Categories

Networking Competency Partners provide network solutions that assist enterprises adopt, develop and deploy networks in AWS. Networking Partners provide a set of specialized solutions for making connectivity easier and extending customer capabilities. Deep working knowledge architecting networking solutions and applications leveraging AWS services is mandatory. APN Partner must select a distinct Networking category based on the AWS-provided category definitions below. Please note that an APN Partner may apply for more than one category, however each submission must be processed separately. APN Partner must provide unique customer references for each category submission.

Category Characteristics

Technology for Network Connectivity

Technology that:

▪ Provides network connectivity to AWS

▪ Is capable of acting as a router and intelligently forward packets

▪ Manages routing and availability between different network paths

▪ Provides Virtual Private Network (VPN) or Software-Defined Wide Area Networking

(SDWAN) capabilities

Direct Connect Integrated Partners

Partners that provide AWS Direct Connect connectivity to customers. The partner provides hosted connections as well as connectivity. The partner also includes greater integration and interaction with AWS services.

Direct Connect Infrastructure Partners

Partners that provides AWS Direct Connect connectivity to customers. The partner provides network connectivity and infrastructure such as fiber or Direct Connect interconnections.

Technology for Load Balancers

Technology that:

▪ Spreads load across instances or IP addresses for a service

▪ Maintains health status of target services

▪ Supports security services such as SSL/TLS

Technology for Network Management

Technology that provides:

• Network health information

• Network visualization

• Capability to alert and notify on network issues




AWS Networking Competency Program Prerequisites

AWS Networking Competency – Technology Partner Prerequisites

APN Membership APN Partner must meet Advanced tier+ APN Technology Partner (view requirements)

AWS Support APN Partner must have Business level+ Support plan (view Support plans) for product development environments or AWS environments customers will interact with.

AWS Customer References

APN Partner must provide customer references specific to completed Networking projects:

▪ The reference requirements vary by category.

▪ 2 of AWS customer references must be public (i.e., documented in a case study, white paper, or blog post). Public references must mention AWS, the end customer, and the APN Partner.

▪ References must be for projects started within the past 12 months, and must be for projects that are in production, rather than in pilot or proof of concept stage.

▪ All customer references submitted must have supporting documentation providing evidence of compliance to the requirements of this checklist.

AWS Networking Product or Solution

APN Partner must have a Networking product or solution on AWS, including:

▪ Availability of product or solution in 2 or more AWS regions

▪ Qualifying for and posting an AWS public support statement on APN Partner’s website detailing the APN Partner’s Networking practice on AWS and including public reference to the APN Partner’s solution, practice, or guidance on Networking. For example, an acceptable public support statement is a landing page on the APN Partner’s website that contains various elements, including the AWS solutions and competency use cases, reference architecture, technology partnerships, customer references, sample TCO pricing, and any other relevant information supporting the APN Partner’s expertise related to Networking and highlighting the partnership with AWS through the APN.

▪ All software, tools, and scripts must be officially supported and generally available by the partner.

https://aws.amazon.com/partners/technology/

http://aws.amazon.com/premiumsupport/pricing/




AWS Networking Technology Partner Validation Checklist

In preparation for the validation process, APN Partners should become familiar with the requirements of this checklist. Supporting documentation (e.g., design and architectural documents) related to Partner solution(s) for the submitted customer references must be provided, in order to demonstrate compliance to the below requirements. If any of the below requirements are not applicable to the APN Partner solution(s), APN Partner must specify with written documentation as to why it is not covered by the APN Partner solution.

Please review the Networking category/categories your firm wishes to apply for: Networking Connectivity, Direct Connect Integrated Partner, Direct Connect Infrastructure Partner, Load Balancers, or Network Management. For Networking Connectivity, Load Balancing, and Network Management a single product is limited to one category. Direct Connect partners may apply to both categories if they meet the requirements of both the Direct Connect Integrated and Direct Connect Infrastructure categories. If you are listed in another Competency such as Security, your references and business requirements must be unique and not shared. In preparation for the validation process, APN Partners should familiarize themselves with the items outlined in this document, and prepare objective evidence, including but not limited to: prepared demonstration to show capabilities, process documentation, and/or actual customer examples.

Technology for Network Connectivity This classification includes APN Partners providing routers and VPN technologies customers use to provide network connectivity in AWS. This includes use cases from on-premises to AWS as well as between AWS Virtual Private Clouds (VPCs). This includes technologies like Routers, site-to-site VPN, client-to-site VPN, and orchestration that controls routing within or between VPCs.

1.0 AWS Customer References – Technology for Network Connectivity Met Not Met

1.1 Customer References

APN Partner has four (4) AWS customer references of completed Networking projects mid-market or Enterprise customers. APN Partner must provide for each reference: ▪ Name of the customer ▪ Problem statement/definition ▪ What you proposed ▪ How AWS services were used as part of the solution ▪ Third party applications or solutions used ▪ Start and end dates of project ▪ Outcome(s)/results

▪ Lessons learned

1.2 Public References

2 of the above 4 references are publicly endorsed by the customer. Evidence must be in the form of a publicly available case study, white paper, blog post, or equivalent that includes, as a minimum: ▪ Reference to customer name, APN Partner name, and AWS ▪ Customer problem that was solved ▪ How AWS was used as part of the solution ▪ Outcome(s)/results Public references must be easily discoverable on the APN Partner’s website.




1.3 Auto Scaling Reference

For each of the four (4) customer references provided in Section 1, APN Partner must demonstrate a successful integration of their software into a customer deployment. ▪ At least one (1) customer reference must be utilizing an auto-scaling design

where the routing instances are in an auto-scaling group. Referenced projects must be reviewed by a Partner Solutions Architect and must follow General Requirements in Appendix A.

1.4 Security Best Practices

References must show how the solution was deployed in accordance with AWS Security Best Practices.

2.0 Technology Components – Technology for Networking Connectivity Met Not Met

2.1 General Requirements

General Requirements listed in Appendix A must be met.

2.2 Auto Scaling

The solution must be support Auto Scaling for handling additional network connectivity. This design can include Route 53 or Elastic Load Balancing. The design must be able to auto-scale horizontally without manual intervention.

2.3 Documented Use Case

The Auto Scaling use case must: ▪ Include a CloudFormation template of the deployment, including any load balancing

or monitoring dependencies. This can be for a new or existing VPC. ▪ Public documentation must provide all steps for deploying the environment,

focusing on simplicity whenever possible.

2.4 AWS Integration

The routing solution must have these AWS capabilities: ▪ The solution must support being load balanced behind Elastic Load Balancing ▪ The solution must support at least one Multi-AZ solution, including monitoring or

management components ▪ The solution must provide managed high availability and fault tolerance. This

includes monitoring or worker instances. The design must be highly available without manual intervention. Examples:

▪ Moving a Elastic Network Interface on failure ▪ Altering a Route Table Entry or Subnet association on failure

▪ Native support for the Virtual Private Gateway and providing an up to date VPN template download for the AWS console

▪ Must support BGP with the Virtual Private Gateway ▪ Native bootstrapping using the user data field

▪ May involve secondary data sources such as S3

▪ Support for enhanced networking with the ixgbevf driver and Elastic Network Adapter (ENA) driver.

Direct Connect Integrated and Infrastructure Partners There are two categories for Direct Partners. Eligible partners are listed on the Direct Connect partner page: https://aws.amazon.com/directconnect/partners. There are many approaches and models for providing Direct Connect connectivity to customers, and these categories are designed to inform customers of our partner’s capabilities. Partners can apply to only Infrastructure, only Integrated, or both. Integrated Partners highlights our partners who have built managed services, portals, and deeper integration with AWS services. Infrastructure Partners highlights our partners who provide networking infrastructure such as fiber circuits, network backbones, and interconnect circuits to our Direct Connect locations.

Direct Connect Integrated Partners This classification includes APN Partners that provide Direct Connect services for customers. Integrated Partners highlights our partners who have built managed services, portals, and deeper integration with AWS services.

https://d0.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf


https://aws.amazon.com/directconnect/partners




1.0 AWS Customer References – Direct Connect Integrated Partners Met Not Met


APN Partner has six (6) AWS customer references of completed Networking projects mid-market or Enterprise customers. APN Partner must provide for each reference: ▪ Name of the customer ▪ Problem statement/definition ▪ What you proposed ▪ How AWS services were used as part of the solution ▪ Third party applications or solutions used ▪ Start and end dates of project ▪ Outcome(s)/results

▪ Lessons learned





2.0 Technology Components – Direct Connect Integrated Partners Met Not Met



2.2 Business Data

APN Partner must provide regular (monthly or quarterly) business data for their Direct Connect business to AWS. This will enable AWS to provide better services to AWS customers. It should include: ▪ Quantity of unique customers

▪ Quantity of ports and interface speeds

▪ Data should be broken out by geography

▪ Packet loss percentages peaks and averages per port or location.

▪ Other AWS revenue, e.g. reseller revenue

2.3 Project Evidence

For each of the six (6) customer references provided in Section 1, APN Partner must demonstrate a successful integration of their offering with a customer deployment. Referenced projects must be reviewed by a Partner Solutions Architect and must follow General Requirements in Appendix A.

2.4 User portal

APN Partner must have a user portal accessible to users. This portal must be able to: ▪ Allow customers to provision circuits and/or Virtual Interfaces

▪ Adjust bandwidth and port speeds, if the capability exists

▪ Provide user-facing visibility of network health. This should involve real-time

metrics.

2.5 Network Automation

APN Partner must support significant network automation as part of the provisioning and operating process of Direct Connect ports and Virtual Interfaces. This review will be done with an AWS Solution Architect.

2.6 Offering Details

APN Partner must detail what network infrastructure and services they offer to customers on an AWS landing page (e.g. www.awspartner.com/aws). This landing page should state: ▪ If they provide Interconnects for Direct Connect ▪ Who owns the responsibility for request the interconnect and LOA/CFA ▪ What circuit types are available (e.g. Layer 2 - VPLS, Dedicated Fiber, Layer 3 -



http://www.awspartner.com/aws




MPLS, etc) ▪ Which Direct Connect locations are available ▪ If redundancy is included in the offering

Direct Connect Infrastructure Partners This classification includes APN Partners that provide Direct Connect services for customers. Eligible partners are listed on the Direct Connect partner page: https://aws.amazon.com/directconnect/partners. Infrastructure Partners highlights our partners who provide networking infrastructure such as fiber circuits, network backbones, and interconnect circuits to our Direct Connect locations.

1.0 AWS Customer References – Direct Connect Infrastructure Partners Met Not Met


APN Partner has six (6) AWS customer references of completed Networking projects mid-market or Enterprise customers. APN Partner must provide for each reference: ▪ Name of the customer ▪ Problem statement/definition ▪ What you proposed ▪ How AWS services were used as part of the solution ▪ Third party applications or solutions used ▪ Start and end dates of project ▪ Outcome(s)/results

▪ Lessons learned





2.0 Technology Components – Direct Connect Infrastructure Partners Met Not Met



2.2 Business Data

APN Partner must provide regular (monthly or quarterly) business data for their Direct Connect business to AWS. This will enable AWS to provide better services to AWS customers. It should include: ▪ Quantity of unique customers

▪ Quantity of ports and interface speeds

▪ Data should be broken out by geography

▪ The time to provision the circuit when requested by the customer, the SLA time,

and SLA breaches.

▪ Other AWS revenue, e.g. reseller revenue


For each of the six (6) customer references provided in Section 1, APN Partner must demonstrate a successful integration of their offering with a customer deployment. Referenced projects must be reviewed by a Partner Solutions Architect and must follow General Requirements in Appendix A.

2.4 APN Partner must detail what network infrastructure they offer to customers on an

https://aws.amazon.com/directconnect/partners






Infrastructure Provisioning

AWS landing page (e.g. www.awspartner.com/aws). This landing page should state: ▪ If they provide Interconnects for Direct Connect ▪ Who owns the responsibility for request the interconnect and LOA/CFA ▪ What circuit types are available (e.g. Layer 2 - VPLS, Dedicated Fiber, Layer 3 -

MPLS, etc) ▪ Which Direct Connect locations are available

Technology for Load Balancers This classification includes services than distribute incoming or outgoing requests across many target destinations. The solution must be able to provide health checks and direct traffic to healthy instances.

1.0 AWS Customer References – Technology for Load Balancers Met Not Met



▪ Lessons learned





2.0 Technology Components – Technology for Load Balancers Met Not Met




For each of the four (4) customer references provided in Section 1, APN Partner must demonstrate a successful integration of their software into a customer deployment. ▪ At least one (1) customer reference must be utilizing an auto-scaling design

where the load balancer instances are in an auto-scaling group Referenced projects must be reviewed by a Partner Solutions Architect and must follow General Requirements in Appendix A.

2.3 Auto Scaling The solution must be able to auto scale for handling additional network connectivity. This design can include Route 53 or Elastic Load Balancing. The design must be able to auto-scale horizontally without manual intervention. Auto Scaling must be supported without on-premises components.

2.4 AWS Integration

The load balancing solution must have these AWS capabilities: ▪ Perform load balancing behind Elastic Load Balancing

http://www.awspartner.com/aws






▪ Perform load balancing in front of Elastic Load Balancing

▪ Native bootstrapping using the user data field ▪ May involve secondary data sources such as S3

▪ Support for at least 3 custom CloudWatch metrics, such as 3/4/5xx error messages, connections per second, and open sessions

▪ Support for enhanced networking with the ixgbevf driver and Elastic Network Adapter (ENA) driver

Technology for Network Management This classification includes APN Partners that provide network management tools to customers to assist with the operation of their VPC networking. This includes network visualization, traffic visualization, configuration assistance and validation, monitoring, and alerting solutions that support VPC networking features.

1.0 AWS Customer References – Technology for Network Management Met Not Met



▪ Lessons learned





2.0 Technology Components – Technology for Network Management Met Not Met




For each of the four (4) customer references provided in Section 1, APN Partner must demonstrate a successful integration of their software into a customer deployment. Referenced projects must be reviewed by a Partner Solutions Architect and must follow General Requirements in Appendix A.

2.3 AWS Integration

The network management solution must have these AWS capabilities:

▪ Support for ingesting Flow Logs. The solution must provide visualization or

reporting on the Flow Logs data. ▪ Provide visualization of customer’s VPCs ▪ Support for ingesting CloudWatch metrics ▪ Provide alerts on Cloudwatch metrics, traffic patterns, usage, or events such






as VPCs created with overlapping addresses OR 2.4 Alternate AWS Integration

The network management solution must have these AWS capabilities:

▪ Ability to provide raw network packets to another AWS location or instance ▪ Ability to account for the performance of packet replication ▪ Support for Amazon Linux ▪ Ability to automatically audit the instances or resources in the AWS account

that are running the relevant software ▪ Publicly available automation (e.g. CloudFormation template) to deploy the

solution.

2.4 Management Portal

If the management portal runs in the user’s account, it must have a public reference designs or automation to maintain high availability in multiple Availability Zones.




Appendix A – General Requirements

Requirements applicable to all solutions

▪ Must only use cross-account roles when accessing AWS data/services in another account. Shared IAM credentials are not allowed.

▪ Must have one clearly defined use case it is best suited for (shared with customers)

▪ Must have a clearly defined, differentiated, value proposition (shared with customers)

▪ Capabilities/compliance to be validated yearly by third party auditors

▪ All solutions must go through a technical assessment by an AWS SA

▪ Some requirements may alter based on the deployment model. Ex: a SaaS deployment versus an AMI deployment in the account.

▪ For a complex solution such as auto-scaling, there must be a CloudFormation template and accompanying document on how to easily deploy the solution.

▪ All systems must be deployable in at least two regions

▪ All systems must be multi-AZ and demonstrate how they remain highly available in the event of AZ failure

▪ For systems that durably store data they must do so in an AWS managed service (Amazon S3, Amazon RDS, Amazon DynamoDB, Amazon Redshift)

▪ For systems that durably store data with S3 they must enable versioning. For highly secure/critical data use MFA delete by default to prevent accidental deletion of critical data

▪ Partner must be able to explain to customers their scaling requirements and limits. This may include VPN sessions, bandwidth, BGP peering sessions, or IPsec throughput.

▪ The product must provide customers with networking solutions that are aligned with AWS architecture best practices and reference architectures.

▪ If Partner leverages AWS services, the Partner must be able to demonstrate integration/usage of AWS services following best practices. Acceptable evidence is listed below, and includes but is not limited to:

• Amazon S3

o Use of multi-part uploads for upload large objects on Amazon S3

o Capability to process large data sets in parallel

o Support for access control measure either by IAM or a custom integration

o Use of S3 endpoints for private connectivity

• Amazon EC2

o Use of network isolation via Amazon VPC, Subnet and Security groups

• Amazon RDS

o Use a Read-replica for offloading analytical workloads

• Amazon EMR

o Use of transient and permanent clusters as necessary for the workload

o Use of IAM roles for launching clusters and for access to AWS resources like Amazon Kinesis, Amazon S3

and Amazon DynamoDB.

• Amazon Kinesis

o Best practices around building real-time application in general with focus on data delivery at low latency with

a reliable data backup strategy independent from the processing.

• Amazon DynamoDB

▪ Usage pattern aligned with the best practices outline here - http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/BestPractices.html

aws networking competency - amazon s3 · provides virtual private network ... technology partner...

Documents