itcloudarchitect.com - amazon aws cloud overview

ITCloudArchitect.comCreated by Tracey Flanders

Amazon AWS Cloud

8/23/14

http://www.ITCloudArchitect.com/


Amazon AWS Logical Cloud Design

West Coast Cloud

East Coast CloudAWS

Services

ColocationDatacenter

On-PremiseDatacenter

Customers

Internet

8/23/14


Amazon AWS Services8/23/14


Amazon AWS Cloud Overview AWS Infrastructure

RegionsAvailability Zones (AZ)Virtual Private Cloud (VPC)Public & Private SubnetsApplication Tiers

AWS ServicesEC2 (Elastic Compute Cloud)S3 (Simple Storage Service)Glacier (Storage Archive)EBS (Elastic Block Storage)ELB (Elastic Load Balancer)RDS (Relational Database Service)Redshift (Cloud Data Warehouse)EMR (Elastic Map Reduce, Hadoop)Route53 (DNS)CloudFront (CDN)CloudWatch (Monitoring)AWS Market Place (AMI Store)

AutomationTagsBoot-StrappingAmazon Machine Image (AMI)CloudFormation (Cloud Automation)Auto-ScalingOpsWork, Chef, Puppet

SecuritySecurity Groups (Distributed Firewalls) Identity & Access Management (IAM)Direct Connect (DC <-> VPC connectivity)

SummaryRecommendationsQuestions?

8/23/14


A region is a independent geographic location that consists of multiple availability zones.

Regions

Region Code Region Nameap-northeast-1 Asia Pacific (Tokyo)ap-southeast-1 Asia Pacific (Singapore)ap-southeast-2 Asia Pacific (Sydney)eu-west-1 EU (Ireland)sa-east-1 South America (Sao Paulo)us-east-1 US East (Northern Virginia)us-west-1 US West (Northern California) us-west-2 US West (Oregon)

Regions are self-contained and independent of each other.

us-west-2 (Oregon)

8/23/14


Availability Zones (AZ)An availability zone consists of multiple datacenters that are isolated from each other inside a region.

Typically there are 3 logical Availability Zones per AWS region.

One availability zone could consist of multiple datacenters.

Availability Zones are failure domains.

Build for failure. Spread your application across multiple Availability Zones.

Multiple IP Subnets are assigned to an Availability Zone.

us-west-2 (Oregon)

Availability Zoneus-west-2a

Availability Zoneus-west-2b

Availability Zoneus-west-2c

8/23/14


Virtual Private Cloud (VPC)A virtual private cloud represents a logical container to isolate your cloud resources.

VPC’s can and should span multiple AZ’s.

VPC’s will consist of multiple private or public IP subnets.

By default, VPC’s cannot talk to other VPC’s. VPC Peering solves that.

Each VPC will have one logical VPC router and VPC gateway. Both are consider SDN.

us-west-2 (Oregon)




8/23/14


Public & Private IP subnetsThere are 2 types of IP Subnets available inside a VPC.

Public subnets Internet accessible, egress and ingress,

Security Groups (firewall rules) permitting AWS assigned “public” IP addresses Elastic IPs are used to provide persistent

public IPs The VPC internet gateway provides public

access

Private subnets Accessible only from within the VPC VPC assigned “private” IP addresses Statically assigned IPs provide persistency Access to the internet requires a NAT or

proxy server us-west-2 (Oregon)




IPSubne

t (Public)

IPSubne

t (Private)

IPSubne

t (Private)

VPC route

r

Internet gatewayHA NAT

8/23/14


Application TiersAn application tier represents a logical security isolation from other tiers. Access is permitted using Security Groups

(i.e. distributed firewall rules)

Tiers Internet (DMZ) Web Application Database

Tiers will span multiple IP Subnets and AZ’s providing application redundancy

us-west-2 (Oregon)




IPSubne

t #1(Public)

IPSubne

t #1(Private)

IPSubne

t #1(Private)

IPSubne

t #2(Public)

IPSubne

t #3(Public)

IPSubne

t #2(Private)

IPSubne

t #2(Private)

IPSubne

t #3(Private)

IPSubne

t #3(Private)

Internet Web App-DB

8/23/14


Amazon AWS Cloud Terminology AWS Infrastructure



8/23/14


Amazon EC2 What is EC2?

Elastic Compute Cloud Virtual Servers called “Instances” Infinitely scalable, compute on demand Hosts run an opensource Xen-like hypervisor, AWS customized Multiple “instance types” from “Micro” to “Extra Large” instances, scale compute vertically “Instance types” can be changed, requires reboot. On-Demand instances can be used anytime, but cost the most. Reserved instances can be used when you know that you will need a certain amount of capacity. 1-3yrs

commitments (Best cost option) Spot instances offer an auction like request for EC2 instances, based on a bid price. Instances are

terminated once you loose your bid.

Use Cases Standard servers Memory optimized servers, caching Compute intensive servers, HPC GPU optimized servers, graphics

Note: No automatic option to move instances between AZ’s You must redeploy with automation, bootstrapping or cloning

(i.e. No VMware vmotion)

8/23/14


Amazon S3 What is S3?

Simple Storage Service Object based shared storage Infinitely scalable, storage on demand Available from anywhere via http or https (SSL)

Use Cases Code Release Repository Shared storage, it’s not NFS Input or Output data Static Web content Backup & Recovery And many more…

8/23/14


Amazon Glacier What is Glacier?

Archive shared storage Infinitely scalable, policy driven storage Requires a 3-5 hour window for data restores to be available from Amazon

Glacier Best used for one time archiving of data you may never access again

Use Cases Backup & Recovery Archiving

Legal retention of data Dormant or historical data

8/23/14


Amazon EBS What is EBS?

Elastic Block Storage Persistent, low latency storage for EC2 instances Automatically replicated by AWS Provisioned IOPS (Optional, additional cost) Snapshots

Use Cases Local EC2 instance storage for persistent data Local volumes used to provide CIFS or NFS

8/23/14


Amazon ELB What is ELB?

Elastic Load Balancing Infinitely Scalable Load Balancing Distribute application traffic across multiple EC2 instances Health check EC2 instances

Use Cases Load Balancing of Web & App Tier, ingress & egress network traffic

Customer traffic to applications Load Balancing of outbound, egress network traffic, NAT, Squid Servers

Used for updates and AWS services access

8/23/14


Amazon RDS What is RDS?

Relational Database Service Managed databases Multi-AZ support for redundancy Automated backups and upgrades Read-Only database replicas, offload reads

Use Cases MySQL Oracle Microsoft SQL

8/23/14


Amazon Redshift What is Redshift?

Cloud-based and cost effective Data Warehouse Scalable clusters into the PBs No tuning to maintain speed Backup to S3 Fastest growing Amazon Service to date No hardware to buy

Use Cases Analyze data with existing Business Intelligence (BI) tools Store analytic data output from Hadoop, BigData Clone Redshift clusters for testing or development Spin clusters up or down storing offline data on S3

8/23/14


Amazon EMR What is EMR?

Elastic Map Reduce Cloud-based Hadoop Scalable clusters that can process PBs of data No tuning or maintenance Add or remove capacity Pulls in data from S3 and outputs data to S3, also Redshift, Dynamo DB No hardware to buy, fail faster

Use Cases Always on Clusters, Data-lakes utilizing Hadoop HDFS Computational short term clusters, store output results on S3

Typically use spot instances for a subset of the workload

8/23/14


Amazon Route 53 What is Route 53?

Domain Name System (DNS) Latency and Keyword based health checks Integrates with other AWS services

Use Cases DNS Hosted Zones for applications Region based latency detection and DNS failovers

8/23/14


Amazon CloudFront What is CloudFront?

Content Delivery Network (CDN) Caches content, similar to an Akamai Uses AWS Edge locations all over the world

Use Cases Caching of Web and S3 content Global content caching for lower latency access to customer

applications

8/23/14


Amazon CloudWatch What is CloudWatch?

AWS Monitoring and Performance Basic CloudWatch is free

Use Cases Enable detailed CloudWatch for critical resource monitoring Enable and disable for performance baselines on less critical

systems during troubleshooting

8/23/14





AutomationTagsBoot-StrappingAmazon Machine Image (AMI)CloudFormation (Cloud Automation)Auto-ScalingOpsWork, Chef, Puppet

8/23/14


Automation: Tags What are Tags?

Used as attributes to identify AWS resources Almost every AWS service offers Tags Automate your auditing Accountability, track resource abuse Can be used to key off of for scripts Forecasting and Cost control, find the big $$$

Use Cases TAG EVERYTHING!!!

Always use default base Tags (Limited to 9 on EC2 Instances) Environment: Dev, Test, Stage, Prod Product: Application XYZ Owner/SME: Bob Smith/Jack Rogers Costcenter: 123456 And more…

8/23/14


Automation: Boot-Strapping What is Boot-Strapping?

The process of automating an AWS resource on start-up, using scripts and/or automation tools.

Builds and customizes your server on boot-up

Use Cases EC2 Instances Auto-Scaling of EC2 Instances And more…

8/23/14


Automation: AMI What is AMI?

Amazon Machine Image Company customized Image

Use Cases Build “Gold” Image Templates for base builds of EC2 Instances Customized images for Applications with minor bootstrapping

8/23/14


Automation: CloudFormation What is CloudFormation?

Automation of entire platform deployments with JSON Some challenges with this approach…

Don’t ever make manual changes!!! No current option to build a template from existing platforms

Use Cases Build entire platforms via JSON template Reproduce entire environments from production templates for dev, test, stage

8/23/14


Automation: Auto-Scaling What is Auto-Scaling?

Automatically scale the number EC2 instances based on specified thresholds Monitors and recreates instances if they crash, self-healing Can use Spot instances

Use Cases Every platform should use this, even if there is no immediate need Helps with maintenance, code releases etc.

8/23/14


Automation: AWS OpsWork, Chef, Puppet

What is AWS OpsWork? Automated service using Chef Has some limitations, may be better to use your own chef or puppet platform Usually used for smaller organizations

What is Chef and Puppet Opensource automation and Configuration/Change management tools

Use Cases Automate “NEW” platform builds, AWS OpsWork may be limited Configuration and Change management

8/23/14





AutomationBoot-StrappingAmazon Machine Image (AMI)CloudFormation (Cloud Automation)Auto-ScalingOpsWork, Chef, Puppet

SecuritySecurity Groups (Distributed Firewalls) Identity & Access Management (IAM)Direct Connect (DC VPC connectivity)

8/23/14


Security Groups What are Security Groups?

Distributed Firewall rules to protect individual EC2 instances Used to “Whitelist” access to EC2 instances NACLS are used to “Blacklist” access to VPC’s, use sparingly

Use Cases Apply Security Groups to all EC2 instances Create Security Groups Per Application and Per Tier Use common standards Security Groups on all

EC2 instances for admin and/or monitoring purposes

security group

8/23/14


Identity and Access Management (IAM) What is IAM?

Identity and Access Management Control logical access to AWS resources Control user access to AWS resources

Use Cases Always use IAM roles with federation and integration with Microsoft Active

Directory or LDAP

8/23/14


Amazon DirectConnect What is DirectConnect?

Easier to manager VPC to VPC and VPC to On-Premise datacenter network communication

Requires one per region Bandwidth speeds from 1Gb to 10Gb

Use Cases Use in every region that requires high bandwidth Connect to multiple VPCs without complex HA VPN endpoints per VPC

8/23/14





AutomationBoot-StrappingAmazon Machine Image (AMI)CloudFormation (Cloud Automation)Auto-ScalingOpsWork, Chef, Puppet

SecuritySecurity Groups (Distributed Firewalls) Identity & Access Management (IAM)Direct Connect (DC VPC connectivity)

SummaryRecommendationsQuestions?

8/23/14


Summary: Recommendations Training

Send colleagues to AWS training Host potential boot-camps working with Developers

Automation Do the heavy lifting of automating everything, no manual hands Don’t double duty your team. If you wanted to automate, you would already be

doing it Build a small 1-2 person team to evangelize automation throughout the

organization. Others may follow. Build processes and procedures around automation

Consuming the Cloud DO NOT place traditional applications into the cloud. More $$$ Build applications that are cloud aware, SDK kits are available Plan for failures, EC2 instances will disappear, AZ’s will have intermittent issues,

regions may will go offline because of natural disasters

8/23/14


Summary

Questions?

8/23/14


Thank You!8/23/14

http://www.ITCloudArchitect.com/

itcloudarchitect.com - amazon aws cloud overview

Technology

tracey flanders

asia pacific sydneyeuwest

vpc vpc

us west oregon regions

private ip addresses

comper aws region

public private ip subnetsthere

multiple ip subnets