440 likes | 963 Views
Amazon AWS Cloud. Colocation Datacenter. East Coast Cloud. AWS Services. Amazon AWS Logical Cloud Design. Customers Internet. West Coast Cloud. On-Premise Datacenter. Amazon AWS Services. Automation Tags Boot-Strapping Amazon Machine Image (AMI)
E N D
Amazon AWS Cloud Created by Tracey Flanders
Colocation Datacenter East Coast Cloud AWS Services Amazon AWS Logical Cloud Design Customers Internet West Coast Cloud On-Premise Datacenter Created by Tracey Flanders
Amazon AWS Services Created by Tracey Flanders
Automation • Tags • Boot-Strapping • Amazon Machine Image (AMI) • CloudFormation (Cloud Automation) • Auto-Scaling • OpsWork, Chef, Puppet • Security • Security Groups (Distributed Firewalls) • Identity & Access Management (IAM) • Direct Connect (DC <-> VPC connectivity) • Summary • Recommendations • Questions? Amazon AWS Cloud Overview • AWS Infrastructure • Regions • Availability Zones (AZ) • Virtual Private Cloud (VPC) • Public & Private Subnets • Application Tiers • AWS Services • EC2 (Elastic Compute Cloud) • S3 (Simple Storage Service) • Glacier (Storage Archive) • EBS (Elastic Block Storage) • ELB (Elastic Load Balancer) • RDS (Relational Database Service) • Redshift (Cloud Data Warehouse) • EMR (Elastic Map Reduce, Hadoop) • Route53 (DNS) • CloudFront (CDN) • CloudWatch (Monitoring) • AWS Market Place (AMI Store) Created by Tracey Flanders
Regions • Region Code Region Name • ap-northeast-1 Asia Pacific (Tokyo) • ap-southeast-1 Asia Pacific (Singapore) • ap-southeast-2 Asia Pacific (Sydney) • eu-west-1 EU (Ireland) • sa-east-1 South America (Sao Paulo) • us-east-1 US East (Northern Virginia) • us-west-1 US West (Northern California) • us-west-2 US West (Oregon) • Regions are self-contained and independent of each other. A region is a independent geographic location that consists of multiple availability zones. us-west-2 (Oregon) Created by Tracey Flanders
Availability Zones (AZ) • Typically there are 3 logical Availability Zones per AWS region. • One availability zone could consist of multiple datacenters. • Availability Zones are failure domains. • Build for failure. Spread your application across multiple Availability Zones. • Multiple IP Subnets are assigned to an Availability Zone. Availability Zone us-west-2a An availability zone consists of multiple datacenters that are isolated from each other inside a region. Availability Zone us-west-2b Availability Zone us-west-2c us-west-2 (Oregon) Created by Tracey Flanders
Virtual Private Cloud (VPC) • VPC’s can and should span multiple AZ’s. • VPC’s will consist of multiple private or public IP subnets. • By default, VPC’s cannot talk to other VPC’s. VPC Peering solves that. • Each VPC will have one logical VPC router and VPC gateway. Both are consider SDN. Availability Zone us-west-2a A virtual private cloud represents a logical container to isolate your cloud resources. Availability Zone us-west-2b Availability Zone us-west-2c us-west-2 (Oregon) Created by Tracey Flanders
Public & Private IP subnets Internet gateway HA NAT • Public subnets • Internet accessible, egress and ingress, Security Groups (firewall rules) permitting • AWS assigned “public” IP addresses • Elastic IPs are used to provide persistent public IPs • The VPC internet gateway provides public access • Private subnets • Accessible only from within the VPC • VPC assigned “private” IP addresses • Statically assigned IPs provide persistency • Access to the internet requires a NAT or proxy server Availability Zone us-west-2a IP Subnet (Public) There are 2 types of IP Subnets available inside a VPC. Availability Zone us-west-2b IP Subnet (Private) VPC router Availability Zone us-west-2c IP Subnet (Private) us-west-2 (Oregon) Created by Tracey Flanders
Application Tiers • Tiers • Internet (DMZ) • Web • Application • Database • Tiers will span multiple IP Subnets and AZ’s providing application redundancy Availability Zone us-west-2a IP Subnet #1 (Public) An application tier represents a logical security isolation from other tiers. Access is permitted using Security Groups (i.e. distributed firewall rules) App-DB Internet Web Availability Zone us-west-2b IP Subnet #1 (Private) IP Subnet #3 (Private) IP Subnet #3 (Private) IP Subnet #2 (Private) IP Subnet #2 (Private) IP Subnet #2 (Public) Availability Zone us-west-2c IP Subnet #3 (Public) IP Subnet #1 (Private) us-west-2 (Oregon) Created by Tracey Flanders
Amazon AWS Cloud Terminology • AWS Infrastructure • Regions • Availability Zones (AZ) • Virtual Private Cloud (VPC) • Public & Private Subnets • Application Tiers • AWS Services • EC2 (Elastic Compute Cloud) • S3 (Simple Storage Service) • Glacier (Storage Archive) • EBS (Elastic Block Storage) • ELB (Elastic Load Balancer) • RDS (Relational Database Service) • Redshift (Cloud Data Warehouse) • EMR (Elastic Map Reduce, Hadoop) • Route53 (DNS) • CloudFront (CDN) • CloudWatch (Monitoring) • AWS Market Place (AMI Store) Created by Tracey Flanders
Amazon EC2 • What is EC2? • Elastic Compute Cloud • Virtual Servers called “Instances” • Infinitely scalable, compute on demand • Hosts run an opensource Xen-like hypervisor, AWS customized • Multiple “instance types” from “Micro” to “Extra Large” instances, scale compute vertically • “Instance types” can be changed, requires reboot. • On-Demand instances can be used anytime, but cost the most. • Reserved instances can be used when you know that you will need a certain amount of capacity. 1-3yrs commitments (Best cost option) • Spot instances offer an auction like request for EC2 instances, based on a bid price. Instances are terminated once you loose your bid. • Use Cases • Standard servers • Memory optimized servers, caching • Compute intensive servers, HPC • GPU optimized servers, graphics • Note: No automatic option to move instances between AZ’s • You must redeploy with automation, bootstrapping or cloning • (i.e. No VMware vmotion) Created by Tracey Flanders
Amazon S3 • What is S3? • Simple Storage Service • Object based shared storage • Infinitely scalable, storage on demand • Available from anywhere via http or https (SSL) • Use Cases • Code Release Repository • Shared storage, it’s not NFS • Input or Output data • Static Web content • Backup & Recovery • And many more… Created by Tracey Flanders
Amazon Glacier • What is Glacier? • Archive shared storage • Infinitely scalable, policy driven storage • Requires a 3-5 hour window for data restores to be available from Amazon Glacier • Best used for one time archiving of data you may never access again • Use Cases • Backup & Recovery Archiving • Legal retention of data • Dormant or historical data Created by Tracey Flanders
Amazon EBS • What is EBS? • Elastic Block Storage • Persistent, low latency storage for EC2 instances • Automatically replicated by AWS • Provisioned IOPS (Optional, additional cost) • Snapshots • Use Cases • Local EC2 instance storage for persistent data • Local volumes used to provide CIFS or NFS Created by Tracey Flanders
Amazon ELB • What is ELB? • Elastic Load Balancing • Infinitely Scalable Load Balancing • Distribute application traffic across multiple EC2 instances • Health check EC2 instances • Use Cases • Load Balancing of Web & App Tier, ingress & egress network traffic • Customer traffic to applications • Load Balancing of outbound, egress network traffic, NAT, Squid Servers • Used for updates and AWS services access Created by Tracey Flanders
Amazon RDS • What is RDS? • Relational Database Service • Managed databases • Multi-AZ support for redundancy • Automated backups and upgrades • Read-Only database replicas, offload reads • Use Cases • MySQL • Oracle • Microsoft SQL Created by Tracey Flanders
Amazon Redshift • What is Redshift? • Cloud-based and cost effective Data Warehouse • Scalable clusters into the PBs • No tuning to maintain speed • Backup to S3 • Fastest growing Amazon Service to date • No hardware to buy • Use Cases • Analyze data with existing Business Intelligence (BI) tools • Store analytic data output from Hadoop, BigData • Clone Redshift clusters for testing or development • Spin clusters up or down storing offline data on S3 Created by Tracey Flanders
Amazon EMR • What is EMR? • Elastic Map Reduce • Cloud-based Hadoop • Scalable clusters that can process PBs of data • No tuning or maintenance • Add or remove capacity • Pulls in data from S3 and outputs data to S3, also Redshift, Dynamo DB • No hardware to buy, fail faster • Use Cases • Always on Clusters, Data-lakes utilizing Hadoop HDFS • Computational short term clusters, store output results on S3 • Typically use spot instances for a subset of the workload Created by Tracey Flanders
Amazon Route 53 • What is Route 53? • Domain Name System (DNS) • Latency and Keyword based health checks • Integrates with other AWS services • Use Cases • DNS Hosted Zones for applications • Region based latency detection and DNS failovers Created by Tracey Flanders
Amazon CloudFront • What is CloudFront? • Content Delivery Network (CDN) • Caches content, similar to an Akamai • Uses AWS Edge locations all over the world • Use Cases • Caching of Web and S3 content • Global content caching for lower latency access to customerapplications Created by Tracey Flanders
Amazon CloudWatch • What is CloudWatch? • AWS Monitoring and Performance • Basic CloudWatch is free • Use Cases • Enable detailed CloudWatch for critical resource monitoring • Enable and disable for performance baselines on less critical systems during troubleshooting Created by Tracey Flanders
Automation • Tags • Boot-Strapping • Amazon Machine Image (AMI) • CloudFormation (Cloud Automation) • Auto-Scaling • OpsWork, Chef, Puppet Amazon AWS Cloud Terminology • AWS Infrastructure • Regions • Availability Zones (AZ) • Virtual Private Cloud (VPC) • Public & Private Subnets • Application Tiers • AWS Services • EC2 (Elastic Compute Cloud) • S3 (Simple Storage Service) • Glacier (Storage Archive) • EBS (Elastic Block Storage) • ELB (Elastic Load Balancer) • RDS (Relational Database Service) • Redshift (Cloud Data Warehouse) • EMR (Elastic Map Reduce, Hadoop) • Route53 (DNS) • CloudFront (CDN) • CloudWatch (Monitoring) • AWS Market Place (AMI Store) Created by Tracey Flanders
Automation: Tags • What are Tags? • Used as attributes to identify AWS resources • Almost every AWS service offers Tags • Automate your auditing • Accountability, track resource abuse • Can be used to key off of for scripts • Forecasting and Cost control, find the big $$$ • Use Cases • TAG EVERYTHING!!! • Always use default base Tags (Limited to 9 on EC2 Instances) • Environment: Dev, Test, Stage, Prod • Product: Application XYZ • Owner/SME: Bob Smith/Jack Rogers • Costcenter: 123456 • And more… Created by Tracey Flanders
Automation: Boot-Strapping • What is Boot-Strapping? • The process of automating an AWS resource on start-up, using scripts and/or automation tools. • Builds and customizes your server on boot-up • Use Cases • EC2 Instances • Auto-Scaling of EC2 Instances • And more… Created by Tracey Flanders
Automation: AMI • What is AMI? • Amazon Machine Image • Company customized Image • Use Cases • Build “Gold” Image Templates for base builds of EC2 Instances • Customized images for Applications with minor bootstrapping Created by Tracey Flanders
Automation: CloudFormation • What is CloudFormation? • Automation of entire platform deployments with JSON • Some challenges with this approach… • Don’t ever make manual changes!!! • No current option to build a template from existing platforms • Use Cases • Build entire platforms via JSON template • Reproduce entire environments from production templates for dev, test, stage Created by Tracey Flanders
Automation: Auto-Scaling • What is Auto-Scaling? • Automatically scale the number EC2 instances based on specified thresholds • Monitors and recreates instances if they crash, self-healing • Can use Spot instances • Use Cases • Every platform should use this, even if there is no immediate need • Helps with maintenance, code releases etc. Created by Tracey Flanders
Automation: AWS OpsWork, Chef, Puppet • What is AWS OpsWork? • Automated service using Chef • Has some limitations, may be better to use your own chef or puppet platform • Usually used for smaller organizations • What is Chef and Puppet • Opensource automation and Configuration/Change management tools • Use Cases • Automate “NEW” platform builds, AWS OpsWork may be limited • Configuration and Change management Created by Tracey Flanders
Automation • Boot-Strapping • Amazon Machine Image (AMI) • CloudFormation (Cloud Automation) • Auto-Scaling • OpsWork, Chef, Puppet • Security • Security Groups (Distributed Firewalls) • Identity & Access Management (IAM) • Direct Connect (DC VPC connectivity) Amazon AWS Cloud Terminology • AWS Infrastructure • Regions • Availability Zones (AZ) • Virtual Private Cloud (VPC) • Public & Private Subnets • Application Tiers • AWS Services • EC2 (Elastic Compute Cloud) • S3 (Simple Storage Service) • Glacier (Storage Archive) • EBS (Elastic Block Storage) • ELB (Elastic Load Balancer) • RDS (Relational Database Service) • Redshift (Cloud Data Warehouse) • EMR (Elastic Map Reduce, Hadoop) • Route53 (DNS) • CloudFront (CDN) • CloudWatch (Monitoring) • AWS Market Place (AMI Store) Created by Tracey Flanders
Security Groups security group • What are Security Groups? • Distributed Firewall rules to protect individual EC2 instances • Used to “Whitelist” access to EC2 instances • NACLS are used to “Blacklist” access to VPC’s, use sparingly • Use Cases • Apply Security Groups to all EC2 instances • Create Security Groups Per Application and Per Tier • Use common standards Security Groups on all EC2 instances for admin and/or monitoring purposes Created by Tracey Flanders
Identity and Access Management (IAM) • What is IAM? • Identity and Access Management • Control logical access to AWS resources • Control user access to AWS resources • Use Cases • Always use IAM roles with federation and integration with Microsoft Active Directory or LDAP Created by Tracey Flanders
Amazon DirectConnect • What is DirectConnect? • Easier to manager VPC to VPC and VPC to On-Premise datacenter network communication • Requires one per region • Bandwidth speeds from 1Gb to 10Gb • Use Cases • Use in every region that requires high bandwidth • Connect to multiple VPCs without complex HA VPN endpoints per VPC Created by Tracey Flanders
Automation • Boot-Strapping • Amazon Machine Image (AMI) • CloudFormation (Cloud Automation) • Auto-Scaling • OpsWork, Chef, Puppet • Security • Security Groups (Distributed Firewalls) • Identity & Access Management (IAM) • Direct Connect (DC VPC connectivity) • Summary • Recommendations • Questions? Amazon AWS Cloud Terminology • AWS Infrastructure • Regions • Availability Zones (AZ) • Virtual Private Cloud (VPC) • Public & Private Subnets • Application Tiers • AWS Services • EC2 (Elastic Compute Cloud) • S3 (Simple Storage Service) • Glacier (Storage Archive) • EBS (Elastic Block Storage) • ELB (Elastic Load Balancer) • RDS (Relational Database Service) • Redshift (Cloud Data Warehouse) • EMR (Elastic Map Reduce, Hadoop) • Route53 (DNS) • CloudFront (CDN) • CloudWatch (Monitoring) • AWS Market Place (AMI Store) Created by Tracey Flanders
Summary: Recommendations • Training • Send colleagues to AWS training • Host potential boot-camps working with Developers • Automation • Do the heavy lifting of automating everything, no manual hands • Don’t double duty your team. If you wanted to automate, you would already be doing it • Build a small 1-2 person team to evangelize automation throughout the organization. Others may follow. • Build processes and procedures around automation • Consuming the Cloud • DO NOT place traditional applications into the cloud. More $$$ • Build applications that are cloud aware, SDK kits are available • Plan for failures, EC2 instances will disappear, AZ’s will haveintermittent issues, regions may will go offline because of natural disasters Created by Tracey Flanders
Summary Questions? Created by Tracey Flanders
Thank You! Created by Tracey Flanders