ITCloudArchitect.com - Amazon AWS Cloud Overview

Amazon AWS Cloud
ITCloudArchitect.com
Created by Tracey Flanders

Amazon AWS Logical Cloud Design

Amazon AWS Services

Amazon AWS Cloud Overview
 AWS Infrastructure
Regions
Availability Zones (AZ)
Virtual Private Cloud (VPC)
Public & Private Subnets
Application Tiers
 AWS Services
EC2 (Elastic Compute Cloud)
S3 (Simple Storage Service)
Glacier (Storage Archive)
EBS (Elastic Block Storage)
ELB (Elastic Load Balancer)
RDS (Relational Database Service)
Redshift (Cloud Data Warehouse)
EMR (Elastic Map Reduce, Hadoop)
Route53 (DNS)
CloudFront (CDN)
CloudWatch (Monitoring)
AWS Market Place (AMI Store)
 Automation
Tags
 Boot-Strapping
Amazon Machine Image (AMI)
CloudFormation (Cloud Automation)
 Auto-Scaling
OpsWork, Chef, Puppet
 Security
Security Groups (Distributed Firewalls)
 Identity & Access Management (IAM)
Direct Connect (DC <-> VPC connectivity)
Summary
Recommendations
Questions?

A region is a independent geographic location that consists of multiple
availability zones.
Regions
Region Code Region Name
ap-northeast-1 Asia Pacific (Tokyo)
ap-southeast-1 Asia Pacific (Singapore)
ap-southeast-2 Asia Pacific (Sydney)
eu-west-1 EU (Ireland)
sa-east-1 South America (Sao Paulo)
us-east-1 US East (Northern Virginia)
us-west-1 US West (Northern California)
us-west-2 US West (Oregon)
 Regions are self-contained and independent of
each other.
us-west-2 (Oregon)

Availability Zones (AZ)
An availability zone consists of multiple datacenters that are isolated from each
other inside a region.
 Typically there are 3 logical Availability Zones
per AWS region.
 One availability zone could consist of multiple
datacenters.
 Availability Zones are failure domains.
 Build for failure. Spread your application
across multiple Availability Zones.
 Multiple IP Subnets are assigned to an
Availability Zone.
Availability Zone
us-west-2a
Availability Zone
us-west-2b
Availability Zone
us-west-2c
us-west-2 (Oregon)

Virtual Private Cloud (VPC)
A virtual private cloud represents a logical container to isolate your cloud
resources.
 VPC’s can and should span multiple AZ’s.
 VPC’s will consist of multiple private or public
IP subnets.
 By default, VPC’s cannot talk to other VPC’s.
VPC Peering solves that.
 Each VPC will have one logical VPC router
and VPC gateway. Both are consider SDN.
Availability Zone
us-west-2a
Availability Zone
us-west-2b
Availability Zone
us-west-2c
us-west-2 (Oregon)

Public & Private IP subnets
There are 2 types of IP Subnets available inside a VPC.
 Public subnets
 Internet accessible, egress and ingress,
Security Groups (firewall rules) permitting
 AWS assigned “public” IP addresses
 Elastic IPs are used to provide persistent
public IPs
 The VPC internet gateway provides public
access
 Private subnets
 Accessible only from within the VPC
 VPC assigned “private” IP addresses
 Statically assigned IPs provide persistency
 Access to the internet requires a NAT or
proxy server
Availability Zone
us-west-2a
Subne
(Public)
Availability Zone
us-west-2b
Subne
(Private)
Availability Zone
us-west-2c
IP
t
IP
t
IP
Subne
t
(Private)
us-west-2 (Oregon)
VPC
router
Internet
HgAa tNewAaTy

Application Tiers
An application tier represents a logical security isolation from other tiers.
Access is permitted using Security Groups
(i.e. distributed firewall rules)
 Tiers
 Internet (DMZ)
 Web
 Application
 Database
 Tiers will span multiple IP Subnets and
AZ’s providing application redundancy
IP
Availability Zone
us-west-2a
Subne
t #1
(Public)
Subne
t #1
(Private)
Subne
t #1
(Private)
IP
Availability Zone
us-west-2b
Subne
t #2
(Public)
Subne
t #2
(Private)
Subne
t #2
(Private)
IP
Availability Zone
us-west-2c
IP
IP
IP
IP
Subne
t #3
(Public)
IP
Subne
t #3
(Private)
IP
Subne
t #3
(Private)
us-west-2 (Oregon)
Internet Web App-DB

Amazon AWS Cloud Terminology
Regions
 AWS Services
Route53 (DNS)
CloudFront (CDN)

Amazon EC2
 What is EC2?
 Elastic Compute Cloud
 Virtual Servers called “Instances”
 Infinitely scalable, compute on demand
 Hosts run an opensource Xen-like hypervisor, AWS customized
 Multiple “instance types” from “Micro” to “Extra Large” instances, scale compute vertically
 “Instance types” can be changed, requires reboot.
 On-Demand instances can be used anytime, but cost the most.
 Reserved instances can be used when you know that you will need a certain amount of
capacity. 1-3yrs commitments (Best cost option)
 Spot instances offer an auction like request for EC2 instances, based on a bid price.
Instances are terminated once you loose your bid.
 Use Cases
 Standard servers
 Memory optimized servers, caching
 Compute intensive servers, HPC
 GPU optimized servers, graphics
 Note: No automatic option to move instances between AZ’s
 You must redeploy with automation, bootstrapping or cloning
 (i.e. No VMware vmotion)

Amazon S3
 What is S3?
 Simple Storage Service
 Object based shared storage
 Infinitely scalable, storage on demand
 Available from anywhere via http or https (SSL)
 Use Cases
 Code Release Repository
 Shared storage, it’s not NFS
 Input or Output data
 Static Web content
 Backup & Recovery
 And many more…

Amazon Glacier
 What is Glacier?
 Archive shared storage
 Infinitely scalable, policy driven storage
 Requires a 3-5 hour window for data restores to be available from Amazon
Glacier
 Best used for one time archiving of data you may never access again
 Use Cases
 Backup & Recovery Archiving
 Legal retention of data
 Dormant or historical data

Amazon EBS
 What is EBS?
 Elastic Block Storage
 Persistent, low latency storage for EC2 instances
 Automatically replicated by AWS
 Provisioned IOPS (Optional, additional cost)
 Snapshots
 Use Cases
 Local EC2 instance storage for persistent data
 Local volumes used to provide CIFS or NFS

Amazon ELB
 What is ELB?
 Elastic Load Balancing
 Infinitely Scalable Load Balancing
 Distribute application traffic across multiple EC2 instances
 Health check EC2 instances
 Use Cases
 Load Balancing of Web & App Tier, ingress & egress network traffic
 Customer traffic to applications
 Load Balancing of outbound, egress network traffic, NAT, Squid Servers
 Used for updates and AWS services access

Amazon RDS
 What is RDS?
 Relational Database Service
 Managed databases
 Multi-AZ support for redundancy
 Automated backups and upgrades
 Read-Only database replicas, offload reads
 Use Cases
 MySQL
 Oracle
 Microsoft SQL

Amazon Redshift
 What is Redshift?
 Cloud-based and cost effective Data Warehouse
 Scalable clusters into the PBs
 No tuning to maintain speed
 Backup to S3
 Fastest growing Amazon Service to date
 No hardware to buy
 Use Cases
 Analyze data with existing Business Intelligence (BI) tools
 Store analytic data output from Hadoop, BigData
 Clone Redshift clusters for testing or development
 Spin clusters up or down storing offline data on S3

Amazon EMR
 What is EMR?
 Elastic Map Reduce
 Cloud-based Hadoop
 Scalable clusters that can process PBs of data
 No tuning or maintenance
 Add or remove capacity
 Pulls in data from S3 and outputs data to S3, also Redshift, Dynamo DB
 No hardware to buy, fail faster
 Use Cases
 Always on Clusters, Data-lakes utilizing Hadoop HDFS
 Computational short term clusters, store output results on S3
 Typically use spot instances for a subset of the workload

Amazon Route 53
 What is Route 53?
 Domain Name System (DNS)
 Latency and Keyword based health checks
 Integrates with other AWS services
 Use Cases
 DNS Hosted Zones for applications
 Region based latency detection and DNS failovers

Amazon CloudFront
 What is CloudFront?
 Content Delivery Network (CDN)
 Caches content, similar to an Akamai
 Uses AWS Edge locations all over the world
 Use Cases
 Caching of Web and S3 content
 Global content caching for lower latency access to customer
applications

Amazon CloudWatch
 What is CloudWatch?
 AWS Monitoring and Performance
 Basic CloudWatch is free
 Use Cases
 Enable detailed CloudWatch for critical resource monitoring
 Enable and disable for performance baselines on less critical
systems during troubleshooting

Regions
 AWS Services
Route53 (DNS)
CloudFront (CDN)
 Automation
Tags
 Boot-Strapping
 CloudFormation (Cloud Automation)
 Auto-Scaling

Automation: Tags
 What are Tags?
 Used as attributes to identify AWS resources
 Almost every AWS service offers Tags
 Automate your auditing
 Accountability, track resource abuse
 Can be used to key off of for scripts
 Forecasting and Cost control, find the big $$$
 Use Cases
 TAG EVERYTHING!!!
 Always use default base Tags (Limited to 9 on EC2 Instances)
 Environment: Dev, Test, Stage, Prod
 Product: Application XYZ
 Owner/SME: Bob Smith/Jack Rogers
 Costcenter: 123456
 And more…

Automation: Boot-Strapping
 What is Boot-Strapping?
 The process of automating an AWS resource on start-up, using scripts and/or
automation tools.
 Builds and customizes your server on boot-up
 Use Cases
 EC2 Instances
 Auto-Scaling of EC2 Instances
 And more…

Automation: AMI
 What is AMI?
 Amazon Machine Image
 Company customized Image
 Use Cases
 Build “Gold” Image Templates for base builds of EC2 Instances
 Customized images for Applications with minor bootstrapping

Automation: CloudFormation
 What is CloudFormation?
 Automation of entire platform deployments with JSON
 Some challenges with this approach…
 Don’t ever make manual changes!!!
 No current option to build a template from existing platforms
 Use Cases
 Build entire platforms via JSON template
 Reproduce entire environments from production templates for dev, test, stage

Automation: Auto-Scaling
 What is Auto-Scaling?
 Automatically scale the number EC2 instances based on specified thresholds
 Monitors and recreates instances if they crash, self-healing
 Can use Spot instances
 Use Cases
 Every platform should use this, even if there is no immediate need
 Helps with maintenance, code releases etc.

Automation: AWS OpsWork, Chef, Puppet
 What is AWS OpsWork?
 Automated service using Chef
 Has some limitations, may be better to use your own chef or puppet platform
 Usually used for smaller organizations
 What is Chef and Puppet
 Opensource automation and Configuration/Change management tools
 Use Cases
 Automate “NEW” platform builds, AWS OpsWork may be limited
 Configuration and Change management

Regions
 AWS Services
Route53 (DNS)
CloudFront (CDN)
 Automation
 Boot-Strapping
 Auto-Scaling
 Security
 Direct Connect (DC VPC connectivity)

Security Groups
 What are Security Groups?
 Distributed Firewall rules to protect individual EC2 instances
 Used to “Whitelist” access to EC2 instances
 NACLS are used to “Blacklist” access to VPC’s, use sparingly
 Use Cases
 Apply Security Groups to all EC2 instances
 Create Security Groups Per Application and Per Tier
 Use common standards Security Groups on all
EC2 instances for admin and/or monitoring purposes
security group

Identity and Access Management (IAM)
 What is IAM?
 Identity and Access Management
 Control logical access to AWS resources
 Control user access to AWS resources
 Use Cases
 Always use IAM roles with federation and integration with Microsoft Active
Directory or LDAP

Amazon DirectConnect
 What is DirectConnect?
 Easier to manager VPC to VPC and VPC to On-Premise datacenter network
communication
 Requires one per region
 Bandwidth speeds from 1Gb to 10Gb
 Use Cases
 Use in every region that requires high bandwidth
 Connect to multiple VPCs without complex HA VPN endpoints per VPC

Regions
 AWS Services
Route53 (DNS)
CloudFront (CDN)
 Automation
 Boot-Strapping
 Auto-Scaling
 Security
 Direct Connect (DC VPC connectivity)
Summary
Recommendations
Questions?

Summary: Recommendations
 Training
 Send colleagues to AWS training
 Host potential boot-camps working with Developers
 Automation
 Do the heavy lifting of automating everything, no manual hands
 Don’t double duty your team. If you wanted to automate, you would already be
doing it
 Build a small 1-2 person team to evangelize automation throughout the
organization. Others may follow.
 Build processes and procedures around automation
 Consuming the Cloud
 DO NOT place traditional applications into the cloud. More $$$
 Build applications that are cloud aware, SDK kits are available
 Plan for failures, EC2 instances will disappear, AZ’s will have intermittent issues,
regions may will go offline because of natural disasters

Summary
Questions?

Thank You!

ITCloudArchitect.com - Amazon AWS Cloud Overview

Recommandé

Recommandé

Contenu connexe

En vedette

En vedette (8)

Dernier

Dernier (20)

ITCloudArchitect.com - Amazon AWS Cloud Overview