chicago aws user group meetup - may 2014 at cohesive

Sponsored by

Hosted by

Chicago AWS user group - May 2014 !!

“Using AWS for High Availability”

#AWSChicago

Organizer !Margaret WalkerCohesiveFT !!Tweet: @MargieWalker #AWSChicago

Sponsored by

Hosted by

#AWSChicago

Mark your calendars - next AWS user group June 24

Security in AWS

6:00 pm Introductions 6:10 pm Lightning Talks

"Mining crypto currency on AWS spot instance" - Scott VanDenPlas, Engineer at el el see @scottvdp "HA for healthcare" - Ryan Koop, Director of Products & Marketing, CohesiveFT @ryankoop "Using AWS for HA at BrightTag" - Matt Kemp, Engineer of Things™ at BrightTag @mattkemp So nice, he's talking twice. - Scott VanDenPlas, Engineer at el el see @scottvdp

6:30 pm Q & A 7:00 pm Networking, drinks and pizza

Agenda Sponsored by

Hosted by

#AWSChicago

“Mining crypto currency on AWS spot instance” !Scott VanDenPlas, Engineer at el el see !Tweet: @scottvdp#AWSChicago !

Sponsored by

Hosted by

#AWSChicago

AWS Spot Market Arbitrage

Or How I Stopped Worrying and Learned to Love the Bid

Scott VanDenPlas !

scott@ elelsee.com

awsofa.info

A (crappy) Primer to Magic Internet Money

You cannot make money doing this.

(currently.)

There was a time you could.Five months ago.

g2.2xlargeNew generation. Single GPU.!

!CPU 34.09 khash/s!

GPU 196.08 khash/s!!

230.17 khash/s!$0.650 per Hour

cg1.4xlargeOld generation. Dual GPU.!

!CPU 52.51 khash/s!GPU 311.4 khash/s!

!363.91 khash/s!$2.100 per Hour

Earning Potential.g2.2xl $0.076 hourly. cg1.4xl $0.120 hourly.

Uh… not so much.g2.2xl $0.076 hourly. cg1.4xl $0.120 hourly.

!!

On Demand!g2.2xl $0.650 hourly. cg1.4xl $2.100 hourly.

Spot Instance PricingRegion!

!Availability Zone!

!Account!

!Instance Type!

!Operating System!

!VPC

No amount of money makes it worth it to run

Windows.

AMI Defenestration.!

Yep, it is possible.

Proof.

Now I need 3000 of these.

Advice from my lawyer.

!We are not legally laundering money from!

our AWS Partner Account.!!!

I am not implying that ever occurred.

@scottvdp

/in/scottvdp

“HA for healthcare” !Ryan Koop, Director of Products & Marketing, CohesiveFT !Tweet: @ryankoop#AWSChicago

Sponsored by

Hosted by

#AWSChicago

@ryankoop

Healthcare HA in AWSAWS User Group May 29, 2014

1

@ryankoop

Oh, hello

2

During Business Hours++

Ryan Koop Director of Products & Marketing, Co-founder

@ryankoop

www.linkedin.com/in/rkoop/

After Hours NAME Ryan Koop CLUB Royal Fox CC - Men LOCAL# 2024 Assoc# 20005661 EFFECTIVE DATE 10/15/2013 SCORES POSTED 12 USGA HDC INDEX

18.9SCORE HISTORY - MOST RECENT FIRST

1 96*I 98 I 95*I 89*AI 96*AI6 95*AI 99 H 99 I 99 AI 94*I11 97 H 96*I 106 A 97 H 95 H16 97 I 94*H 91*H 96 I 94*H

Chicago District Golf Association - www.cdga.org

Ryan Koop

2013 GOLD MEMBER

@ryankoop

5/26/14 US-West-1 Single Availability Zone looses power5/17/14 US-West-2 Increased Launch Error Rates4/30/14 US-West-2 Connectivity Issues for Single Availability Zone4/22/14 EU-West-1 Connectivity Issues for Single Availability Zone4/16/14 EU-West-1 Increases API Error Rates4/1/14 US-West-1 Connectivity Issues for Single Availability Zone3/21/14 US-East-1 Increased API Error Rates3/20/14 US-East-1 Increased API Error Rates3/20/14 US-West-2 Increased API Error Rates3/9/14 US-East-1 Connectivity Issues for Single Availability Zone

3

Cloud ≠ Reliability

Source: AWS Appstream RSS

@ryankoop

AWS SLA - Five 9s?

4

99.95% = ~22min/month Downtime “Region Unavailable” | Burden of Proof | “Demarcation Point”

Yo Dawg, we heard you like SLAs

So we gave your SLA an SLA!

@ryankoop 5

AWS Data Center | Source: AWS James Hamilton

Amazon Perdix | Source: AWS James Hamilton Source: Your Nightmares

Source: Your Nightmares

You vs Them

@ryankoop

Enough of the FUDD

6

Source: Warner Bros.

@ryankoop

AWS and HA

7

RegionAvailability Zone

@ryankoop 8

The H in HA Stands for Hybrid

Public A

Public B

Public

Private

Public

Data Center

Source: Chris Swan, CTO CohesiveFT

@ryankoop

Hybrid Strategies

9

VPC 2VPC 1peer

Peered VPCs

Common Software Stack

public privatepublic private

Single Pane of Glass

public

public

Common APIs

private

Source: Chris Swan, CTO CohesiveFT

@ryankoop

Slide Sponsored by: cccccccccccc

10

US Central 1a

Customer Data CenterCustomer Remote Office

VNS3 1

VNS3 2

VNS3 3

VNS3 Overlay NetworkServer 1 Server 2 DB 1 DB 2 Server 3 DB 3

Active IPsec Tunnel

Failover IPsec TunnelFirewall / IPsec

Cisco 5505Firewall / IPsec

Cisco 5585

Data Center ServerData Center ServerUser WorkstationUser Workstation

Peered Peered

US East 1a US West 2b

@ryankoop

The future (or now) is loosely coupled

11

Load Balancers

Web Servers

Load Balancers

App Servers

Database Cluster

@ryankoop

AWS and HIPAA

!

• Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009 and the 2010 Omnibus rule

• Business Associate Agreement - June 18, 2013 • EBS Encryption - May 21, 2014

12

1996 - Privacy, Security, and Breach Notification rules for the storage & transmission of EHI

@ryankoop

Shared Responsibility

13

Layer 3

!

Layer 2

!

Layer 1

!

Layer 0

Layer 7

Layer 6

Layer 5

Layer 4

Layer 3

Application Layer

Virtual Layer

Limit of user access, control and visibility

Application O

wner

Clo

ud O

wne

r

Hardware Layer

Your HIPAA Compliant App

AWS Xen Hypervisor

It’s Intel-based but Secret

@ryankoop

HIPAA Topology

14

IPsec

Firewall / IPsec

us-east-1c us-east-1d

Multi-tenant Overlay Primary

PeeredVNS3

Manager

us-west-2a

Multi-tenant Overlay Backup

User Workstation

New York, NY

Data Center Server

Healthcare Provider 2


San Francisco, CASeattle, WA Denver, CO

Data Center Server

Boston, MA

HIPAA App Provier Data Center

Data Center Server Data Center Server


Healthcare Provider N

DR Tablet

@ryankoop

Zone Failure

15

IPsec



PeeredVNS3

Manager

us-west-2a

Multi-tenant Overlay Backup X

User Workstation

New York, NY

Data Center Server




Data Center Server

Boston, MA





DR Tablet

Firewall / IPsec

@ryankoop

Regional Failure

IPsec



PeeredVNS3

Manager

us-west-2a

Multi-tenant Overlay Backup X X

User Workstation

New York, NY

Data Center Server




Data Center Server

Boston, MA





DR Tablet

Firewall / IPsec

@ryankoop

Global Failure

17

IPsec

US Central

Multi-tenant Overlay Cold

User Workstation

New York, NY

Data Center Server




Data Center Server

Boston, MA





DR Tablet

Firewall / IPsec

@ryankoop

Three Things for HA1. Rigorous automation of virtual servers

2. Rigorous automation of boot time context

3. Overlay network that quickly, simply differentiates network location from identity

18

@ryankoop

Thank You

19

Questions?

“Using AWS for HA at BrightTag” !Matt Kemp, Engineer of Things at BrightTag !Tweet: @mattkemp#AWSChicago

Sponsored by

Hosted by

#AWSChicago

Using AWS for HA @ BrightTagMatthew Kemp

Everything Fails EventuallyNetwork splits

Instances go down

AWS Availability Zones go offline

AWS Regions go offline

Cascading FailuresKeep failures self contained

Design for FailureRun multiple instances

Run in multiple Availability Zones

Run in multiple Regions

Redundancy

Database Cluster

Data Access ServiceWeb

Availability Zone AAvailability Zone B

Region

Local, Local, Local

Web

haproxy

stats

Data Access Service

Graphite

Carbon

Region

Zero Downtime Deploys

+

++

Instances in 2011We ran in two regions with ~40 instances

One had the minimum of two instances per app

The other was only slightly larger

Instances in 2014We run in four regions with ~600 instances

Largest region is ~240 instances

Smallest region is ~70 instances

Questions?

Contact Info [email protected]

@mattkemp

/in/matthewkemp

“I’ve got 99 problems and capacity is all of them” !Scott VanDenPlas, Engineer at el el see !Tweet: @scottvdp#AWSChicago !

Sponsored by

Hosted by

#AWSChicago

Scott !VanDenPlas!!

scott@ elelsee.com

http://awsofa.info

I’ve got 99 problems and capacity is all of them.

I’ve got 98 problems and capacity is all of them.

http://alive.training

Q & A !!Pizza’s almost here! !

!

Sponsored by

Hosted by

#AWSChicago