280 likes | 302 Views
Learn from the experts at AWS. This course teaches you how to apply the AWS Well-Architected Framework, manage multiple AWS accounts, connect on-premises data centers to the AWS Cloud, and more.
E N D
11 Feb. 2018 Advanced Architecting on AWS A Closer Look
Learn from the experts at AWS. Training and Certification helps advance your knowledge with practical skills so you can get more out of the cloud.
Prerequisites • Attended “Architecting on AWS” or • Achieved “AWS Certified Solutions Architect – Associate” certification NB: This course assumes the student is completely familiar with the technical content of the prerequisite course, “Architecting on AWS”.
What you’ll learn - part 1 • This course teaches you how to: • Apply the AWS Well-Architected Framework. • Manage multiple AWS accounts for your organization. • Connect on-premises data centers to the AWS Cloud. • Understand billing implications of connecting multi-region VPCs. • Move large data from on-premises data centers to the AWS Cloud. • Design large datastores for the AWS Cloud.
What you’ll learn - part 2 • This course teaches you how to: • Understand different architectural designs for scaling a large website. • Protect your infrastructure from DDoS attacks. • Secure your data on AWS with encryption. • Design protection of data at rest as well as data in flight. • Enhance the performance of your solutions. • Select the most appropriate AWS deployment mechanism.
Module 1: Architecting on AWS Review This short module reviews the “10 Best Practices” and the “Well-Architected Framework” from the previous course. Note that we do not review the technical content of “Architecting on AWS”, since that is all covered by the prerequisites.
Module 2: AWS Account Management • Topics covered: • Managing multiple AWS accounts • Consolidated billing • Tagging strategy • Cost explorer, billing and forecasts, billing alerts • Security for multiple accounts • Using AWS Directory Service across multiple accounts • Multiple accounts best practices
Using AWS Directory Service (multiple accounts) VPC peering AD Connector Availability Zone Availability Zone Account3 Account 2 AD Connector VPC peering Account 1 Domain controller Corporate data center AD.Domain
Module 3: Advanced Network Architectures • A large, two-part module with a lab in the middle. • Topics covered: • Maximising network performance for HPC applications • VPN configuration in AWS: static vs dynamic, hardware vs software VPN, BGP settings, resilience, HA • Direct Connect: public and private VIFs, resilience • DNS resolution between on-prem and AWS • Building a global transit network on AWS
Fundamentals: High-Level View AWS Account 1 VLAN Y Public endpoints public virtual interface (VIF) Virtual private cloud 1 VLAN X private VIF 1 Customer Router VLAN Z AWS Account 2 AWS Direct Connect Router private VIF 2 private VIF N Virtual private cloud 2 VLAN N … Direct Connect Location Virtual private cloud N
Module 4: Deployment Management • A module comparing and contrasting various techniques for Application Lifecycle Management on AWS. • Topics covered: • CloudFormation • CodeDeploy • OpsWorks • Elastic Beanstalk • Containers and EC2 Container Service
AWS Deployment Mechanisms Based on a Scenario Runtime/ container Amazon EC2 EC2 Container Service Amazon Lambda Elastic Beanstalk Application deployment AWS CodeDeploy AWS OpsWorks Elastic Beanstalk Code management AWS CodeCommit AWS CodePipeline Elastic Beanstalk Infrastructure deployment AWS CloudFormation AWS OpsWorks Elastic Beanstalk
Module 5: Data • A large, three-part module with a lab.Topics covered: • Optimised use of S3, with a detailed case study • Caching patterns with ElastiCache • Migrating data with AWS Snowball • Migrating data with AWS Storage Gateway • Considerations for backup and archive in AWS • Multiple approaches for database migration into AWS • Overview of several AWS big data services • DynamoDB throttlingand streams
: Architectural Design users Elastic Load Balancing Amazon CloudSearch Amazon Drive service Amazon EC2 Indexing and Queries Amazon Redshift Analytics AmazonSQS AmazonDynamoDB Amazon Elastic Transcoder Amazon Kinesis Streams AmazonS3 Amazon SNS Content Processing Content Store Asynchronous Pipeline Metadata Store Notifications
Module 6: Large-Scale Applications • A module with a lab, all about making applications extremely scalable. Topics covered: • Offloading traffic to S3 and CloudFront, with related design patterns for caching and proxying. • SOA and microservices, with a serverless reference architecture. • Implementing blue-green deployment on AWS • Managing session state
Microservices Reference Architecture: Real-Time Voting Application This function tallies the votes and writes them back to a second DynamoDB table that only stores the sums for each candidate DynamoDB table has streams enabled, which triggers a second Lambda function Third party Amazon Route 53 hosted zone points a custom domain name to the bucket Users text a vote to a phone number or shortcode provided by a third party (e.g. Twilio) API Gateway forwards response to an AWS Lambda function which extracts the vote and any metadata and writes them to an Amazon DynamoDB table Third party sends content to an Amazon API Gateway endpoint Not only does this solution follow the principles of microservices, it's also serverless. Amazon S3 hosts a static website that queries the sums from the table and displays them in a dashboard
Classic DNS-Weighted Distribution for Blue-Green Deployments 20% 100% 80% Route 53 DNS Endpoint Route 53 DNS Endpoint region region (live) (live) (live) Multi-AZ Amazon RDS Multi-AZ Amazon RDS
Module 7: Resilience • A two-part module with a lab in the middle. • Topics covered: • Types of DDoS attack. • DDoS mitigation strategies, including AWS WAF. • High availability for enterprise applications, with sample architectures for Microsoft SQL Server, Microsoft SharePoint, and MongoDB. • Critical patterns for application resilience
AWS Reference Architecture for DDoS Resilience AWS WAF Amazon CloudFront ELB Web application security group ELB security group Private subnet Public subnet users Amazon Route 53 Amazon API Gateway DDoS attack
Module 8: Encryption • A module with a lab, all about encryption and security. Topics covered: • Basic encryption primer • Key Management Options: DIY vs. KMS vs. CloudHSM • Protecting data at rest • Protecting data in transit
Encryption Primer Key is used to encrypt data along with an encryption algorithm (e.g., AES). PlaintextData SymmetricData Key Hardware/Software EncryptedData ? Key is generated from either software or hardware. Master Key Encrypted Data Key SymmetricData Key EncryptedData in Storage Key Hierarchy ? Key encryption key You don’t want to store the key with the encrypted data!
Module 9: Performance • A module about measuring and monitoring performance of your AWS infrastructure. Topics covered: • Measuring EC2 and EBS performance • Fine-tuning and optimising EBS volumes • Cost control at scale
How to prepareThe best preparation for certification exams is practical experience, and AWS also offers preparation resources to help you study Take your certification exam
Thank you! Nous contacter