ITCloudArchitect.com Amazon AWS Cloud 8/23/14 Created by Tracey Flanders
Jun 21, 2015
ITCloudArchitect.comCreated by Tracey Flanders
Amazon AWS Cloud
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Amazon AWS Logical Cloud Design
West Coast Cloud
East Coast CloudAWS
Services
ColocationDatacenter
On-PremiseDatacenter
Customers
Internet
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Amazon AWS Services8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Amazon AWS Cloud Overview AWS Infrastructure
RegionsAvailability Zones (AZ)Virtual Private Cloud (VPC)Public & Private SubnetsApplication Tiers
AWS ServicesEC2 (Elastic Compute Cloud)S3 (Simple Storage Service)Glacier (Storage Archive)EBS (Elastic Block Storage)ELB (Elastic Load Balancer)RDS (Relational Database Service)Redshift (Cloud Data Warehouse)EMR (Elastic Map Reduce, Hadoop)Route53 (DNS)CloudFront (CDN)CloudWatch (Monitoring)AWS Market Place (AMI Store)
AutomationTagsBoot-StrappingAmazon Machine Image (AMI)CloudFormation (Cloud Automation)Auto-ScalingOpsWork, Chef, Puppet
SecuritySecurity Groups (Distributed Firewalls) Identity & Access Management (IAM)Direct Connect (DC <-> VPC connectivity)
SummaryRecommendationsQuestions?
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
A region is a independent geographic location that consists of multiple availability zones.
Regions
Region Code Region Nameap-northeast-1 Asia Pacific (Tokyo)ap-southeast-1 Asia Pacific (Singapore)ap-southeast-2 Asia Pacific (Sydney)eu-west-1 EU (Ireland)sa-east-1 South America (Sao Paulo)us-east-1 US East (Northern Virginia)us-west-1 US West (Northern California) us-west-2 US West (Oregon)
Regions are self-contained and independent of each other.
us-west-2 (Oregon)
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Availability Zones (AZ)An availability zone consists of multiple datacenters that are isolated from each other inside a region.
Typically there are 3 logical Availability Zones per AWS region.
One availability zone could consist of multiple datacenters.
Availability Zones are failure domains.
Build for failure. Spread your application across multiple Availability Zones.
Multiple IP Subnets are assigned to an Availability Zone.
us-west-2 (Oregon)
Availability Zoneus-west-2a
Availability Zoneus-west-2b
Availability Zoneus-west-2c
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Virtual Private Cloud (VPC)A virtual private cloud represents a logical container to isolate your cloud resources.
VPC’s can and should span multiple AZ’s.
VPC’s will consist of multiple private or public IP subnets.
By default, VPC’s cannot talk to other VPC’s. VPC Peering solves that.
Each VPC will have one logical VPC router and VPC gateway. Both are consider SDN.
us-west-2 (Oregon)
Availability Zoneus-west-2a
Availability Zoneus-west-2b
Availability Zoneus-west-2c
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Public & Private IP subnetsThere are 2 types of IP Subnets available inside a VPC.
Public subnets Internet accessible, egress and ingress,
Security Groups (firewall rules) permitting AWS assigned “public” IP addresses Elastic IPs are used to provide persistent
public IPs The VPC internet gateway provides public
access
Private subnets Accessible only from within the VPC VPC assigned “private” IP addresses Statically assigned IPs provide persistency Access to the internet requires a NAT or
proxy server us-west-2 (Oregon)
Availability Zoneus-west-2a
Availability Zoneus-west-2b
Availability Zoneus-west-2c
IPSubne
t (Public)
IPSubne
t (Private)
IPSubne
t (Private)
VPC route
r
Internet gatewayHA NAT
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Application TiersAn application tier represents a logical security isolation from other tiers. Access is permitted using Security Groups
(i.e. distributed firewall rules)
Tiers Internet (DMZ) Web Application Database
Tiers will span multiple IP Subnets and AZ’s providing application redundancy
us-west-2 (Oregon)
Availability Zoneus-west-2a
Availability Zoneus-west-2b
Availability Zoneus-west-2c
IPSubne
t #1(Public)
IPSubne
t #1(Private)
IPSubne
t #1(Private)
IPSubne
t #2(Public)
IPSubne
t #3(Public)
IPSubne
t #2(Private)
IPSubne
t #2(Private)
IPSubne
t #3(Private)
IPSubne
t #3(Private)
Internet Web App-DB
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Amazon AWS Cloud Terminology AWS Infrastructure
RegionsAvailability Zones (AZ)Virtual Private Cloud (VPC)Public & Private SubnetsApplication Tiers
AWS ServicesEC2 (Elastic Compute Cloud)S3 (Simple Storage Service)Glacier (Storage Archive)EBS (Elastic Block Storage)ELB (Elastic Load Balancer)RDS (Relational Database Service)Redshift (Cloud Data Warehouse)EMR (Elastic Map Reduce, Hadoop)Route53 (DNS)CloudFront (CDN)CloudWatch (Monitoring)AWS Market Place (AMI Store)
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Amazon EC2 What is EC2?
Elastic Compute Cloud Virtual Servers called “Instances” Infinitely scalable, compute on demand Hosts run an opensource Xen-like hypervisor, AWS customized Multiple “instance types” from “Micro” to “Extra Large” instances, scale compute vertically “Instance types” can be changed, requires reboot. On-Demand instances can be used anytime, but cost the most. Reserved instances can be used when you know that you will need a certain amount of capacity. 1-3yrs
commitments (Best cost option) Spot instances offer an auction like request for EC2 instances, based on a bid price. Instances are
terminated once you loose your bid.
Use Cases Standard servers Memory optimized servers, caching Compute intensive servers, HPC GPU optimized servers, graphics
Note: No automatic option to move instances between AZ’s You must redeploy with automation, bootstrapping or cloning
(i.e. No VMware vmotion)
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Amazon S3 What is S3?
Simple Storage Service Object based shared storage Infinitely scalable, storage on demand Available from anywhere via http or https (SSL)
Use Cases Code Release Repository Shared storage, it’s not NFS Input or Output data Static Web content Backup & Recovery And many more…
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Amazon Glacier What is Glacier?
Archive shared storage Infinitely scalable, policy driven storage Requires a 3-5 hour window for data restores to be available from Amazon
Glacier Best used for one time archiving of data you may never access again
Use Cases Backup & Recovery Archiving
Legal retention of data Dormant or historical data
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Amazon EBS What is EBS?
Elastic Block Storage Persistent, low latency storage for EC2 instances Automatically replicated by AWS Provisioned IOPS (Optional, additional cost) Snapshots
Use Cases Local EC2 instance storage for persistent data Local volumes used to provide CIFS or NFS
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Amazon ELB What is ELB?
Elastic Load Balancing Infinitely Scalable Load Balancing Distribute application traffic across multiple EC2 instances Health check EC2 instances
Use Cases Load Balancing of Web & App Tier, ingress & egress network traffic
Customer traffic to applications Load Balancing of outbound, egress network traffic, NAT, Squid Servers
Used for updates and AWS services access
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Amazon RDS What is RDS?
Relational Database Service Managed databases Multi-AZ support for redundancy Automated backups and upgrades Read-Only database replicas, offload reads
Use Cases MySQL Oracle Microsoft SQL
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Amazon Redshift What is Redshift?
Cloud-based and cost effective Data Warehouse Scalable clusters into the PBs No tuning to maintain speed Backup to S3 Fastest growing Amazon Service to date No hardware to buy
Use Cases Analyze data with existing Business Intelligence (BI) tools Store analytic data output from Hadoop, BigData Clone Redshift clusters for testing or development Spin clusters up or down storing offline data on S3
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Amazon EMR What is EMR?
Elastic Map Reduce Cloud-based Hadoop Scalable clusters that can process PBs of data No tuning or maintenance Add or remove capacity Pulls in data from S3 and outputs data to S3, also Redshift, Dynamo DB No hardware to buy, fail faster
Use Cases Always on Clusters, Data-lakes utilizing Hadoop HDFS Computational short term clusters, store output results on S3
Typically use spot instances for a subset of the workload
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Amazon Route 53 What is Route 53?
Domain Name System (DNS) Latency and Keyword based health checks Integrates with other AWS services
Use Cases DNS Hosted Zones for applications Region based latency detection and DNS failovers
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Amazon CloudFront What is CloudFront?
Content Delivery Network (CDN) Caches content, similar to an Akamai Uses AWS Edge locations all over the world
Use Cases Caching of Web and S3 content Global content caching for lower latency access to customer
applications
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Amazon CloudWatch What is CloudWatch?
AWS Monitoring and Performance Basic CloudWatch is free
Use Cases Enable detailed CloudWatch for critical resource monitoring Enable and disable for performance baselines on less critical
systems during troubleshooting
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Amazon AWS Cloud Terminology AWS Infrastructure
RegionsAvailability Zones (AZ)Virtual Private Cloud (VPC)Public & Private SubnetsApplication Tiers
AWS ServicesEC2 (Elastic Compute Cloud)S3 (Simple Storage Service)Glacier (Storage Archive)EBS (Elastic Block Storage)ELB (Elastic Load Balancer)RDS (Relational Database Service)Redshift (Cloud Data Warehouse)EMR (Elastic Map Reduce, Hadoop)Route53 (DNS)CloudFront (CDN)CloudWatch (Monitoring)AWS Market Place (AMI Store)
AutomationTagsBoot-StrappingAmazon Machine Image (AMI)CloudFormation (Cloud Automation)Auto-ScalingOpsWork, Chef, Puppet
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Automation: Tags What are Tags?
Used as attributes to identify AWS resources Almost every AWS service offers Tags Automate your auditing Accountability, track resource abuse Can be used to key off of for scripts Forecasting and Cost control, find the big $$$
Use Cases TAG EVERYTHING!!!
Always use default base Tags (Limited to 9 on EC2 Instances) Environment: Dev, Test, Stage, Prod Product: Application XYZ Owner/SME: Bob Smith/Jack Rogers Costcenter: 123456 And more…
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Automation: Boot-Strapping What is Boot-Strapping?
The process of automating an AWS resource on start-up, using scripts and/or automation tools.
Builds and customizes your server on boot-up
Use Cases EC2 Instances Auto-Scaling of EC2 Instances And more…
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Automation: AMI What is AMI?
Amazon Machine Image Company customized Image
Use Cases Build “Gold” Image Templates for base builds of EC2 Instances Customized images for Applications with minor bootstrapping
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Automation: CloudFormation What is CloudFormation?
Automation of entire platform deployments with JSON Some challenges with this approach…
Don’t ever make manual changes!!! No current option to build a template from existing platforms
Use Cases Build entire platforms via JSON template Reproduce entire environments from production templates for dev, test, stage
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Automation: Auto-Scaling What is Auto-Scaling?
Automatically scale the number EC2 instances based on specified thresholds Monitors and recreates instances if they crash, self-healing Can use Spot instances
Use Cases Every platform should use this, even if there is no immediate need Helps with maintenance, code releases etc.
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Automation: AWS OpsWork, Chef, Puppet
What is AWS OpsWork? Automated service using Chef Has some limitations, may be better to use your own chef or puppet platform Usually used for smaller organizations
What is Chef and Puppet Opensource automation and Configuration/Change management tools
Use Cases Automate “NEW” platform builds, AWS OpsWork may be limited Configuration and Change management
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Amazon AWS Cloud Terminology AWS Infrastructure
RegionsAvailability Zones (AZ)Virtual Private Cloud (VPC)Public & Private SubnetsApplication Tiers
AWS ServicesEC2 (Elastic Compute Cloud)S3 (Simple Storage Service)Glacier (Storage Archive)EBS (Elastic Block Storage)ELB (Elastic Load Balancer)RDS (Relational Database Service)Redshift (Cloud Data Warehouse)EMR (Elastic Map Reduce, Hadoop)Route53 (DNS)CloudFront (CDN)CloudWatch (Monitoring)AWS Market Place (AMI Store)
AutomationBoot-StrappingAmazon Machine Image (AMI)CloudFormation (Cloud Automation)Auto-ScalingOpsWork, Chef, Puppet
SecuritySecurity Groups (Distributed Firewalls) Identity & Access Management (IAM)Direct Connect (DC VPC connectivity)
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Security Groups What are Security Groups?
Distributed Firewall rules to protect individual EC2 instances Used to “Whitelist” access to EC2 instances NACLS are used to “Blacklist” access to VPC’s, use sparingly
Use Cases Apply Security Groups to all EC2 instances Create Security Groups Per Application and Per Tier Use common standards Security Groups on all
EC2 instances for admin and/or monitoring purposes
security group
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Identity and Access Management (IAM) What is IAM?
Identity and Access Management Control logical access to AWS resources Control user access to AWS resources
Use Cases Always use IAM roles with federation and integration with Microsoft Active
Directory or LDAP
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Amazon DirectConnect What is DirectConnect?
Easier to manager VPC to VPC and VPC to On-Premise datacenter network communication
Requires one per region Bandwidth speeds from 1Gb to 10Gb
Use Cases Use in every region that requires high bandwidth Connect to multiple VPCs without complex HA VPN endpoints per VPC
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Amazon AWS Cloud Terminology AWS Infrastructure
RegionsAvailability Zones (AZ)Virtual Private Cloud (VPC)Public & Private SubnetsApplication Tiers
AWS ServicesEC2 (Elastic Compute Cloud)S3 (Simple Storage Service)Glacier (Storage Archive)EBS (Elastic Block Storage)ELB (Elastic Load Balancer)RDS (Relational Database Service)Redshift (Cloud Data Warehouse)EMR (Elastic Map Reduce, Hadoop)Route53 (DNS)CloudFront (CDN)CloudWatch (Monitoring)AWS Market Place (AMI Store)
AutomationBoot-StrappingAmazon Machine Image (AMI)CloudFormation (Cloud Automation)Auto-ScalingOpsWork, Chef, Puppet
SecuritySecurity Groups (Distributed Firewalls) Identity & Access Management (IAM)Direct Connect (DC VPC connectivity)
SummaryRecommendationsQuestions?
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Summary: Recommendations Training
Send colleagues to AWS training Host potential boot-camps working with Developers
Automation Do the heavy lifting of automating everything, no manual hands Don’t double duty your team. If you wanted to automate, you would already be
doing it Build a small 1-2 person team to evangelize automation throughout the
organization. Others may follow. Build processes and procedures around automation
Consuming the Cloud DO NOT place traditional applications into the cloud. More $$$ Build applications that are cloud aware, SDK kits are available Plan for failures, EC2 instances will disappear, AZ’s will have intermittent issues,
regions may will go offline because of natural disasters
8/23/14
ITCloudArchitect.comCreated by Tracey Flanders
Summary
Questions?
8/23/14