Contenu connexe
Similaire à 如何成功的完成混合雲遷移專案 (20)
Plus de Amazon Web Services (20)
如何成功的完成混合雲遷移專案
- 1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
如何成功的完成混合雲遷移專案及
快速反應大型活動對系統帶來的挑戰
Retro Kuo
Cloud Support
Engineer, AWS
Simon Wang
Enterprise Support
Lead, AWS
Rianol Jou
Head of Site Reliability
Engineering, KKBOX
- 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
• Hybrid connectivity solutions
• Overview of AWS China Regions
• Hybrid connectivity with AWS China Regions
• Enterprise Support for Large Enterprises
• Case Study – DB Migration to AWS
• Case Study – How KKTIX Survived JJ Lin Event
- 3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
- 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
It’s critical to provide a seamless networking
experience between
on-premises networks and the AWS cloud
- 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Hybrid Connectivity Solutions
- 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Private Connectivity with AWS VPN (1/2)
customer
gateway
virtual
private
gateway
2 IPSec tunnels192.168.0.0/16 172.31.0.0/16
192.168/16
Your networking device
VPN connection
- 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Private Connectivity with AWS VPN (2/2)
• Fully managed and highly available VPN termination
endpoints at AWS end
• 1 connection, 2 VPN tunnels per VPC
• IPsec site-to-site tunnel with AES-256, SHA-2, and latest DH
groups
• Support for NAT-T
• Pay $0.05 per hour per VPN connection
• Static or dynamic (BGP)
- 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Connectivity with AWS Direct Connect (1/3)
192.168/16
AWS Direct Connect location
Customer or
partner cage AWS cage
Customer network
192.168.0.0/16
AWS services
virtual
private
gateway
172.31.0.0/16
Private virtual interface
Public virtual interface
- 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Connectivity with AWS Direct Connect (2/3)
Customer
Router
Colocation
DX Location
AWS Direct
Connect
Devices
AWS Cloud
VPC
VPC
VPC
Switch Equinix SG2, Singapore
Region – U.S West (Oregon)
Region – Asia Pacific (Singapore)
virtual private
gateway
virtual private
gateway
virtual private
gateway
AWSglobalBackbone
Direct Connect
Gateway
- 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Connectivity with AWS Direct Connect (3/3)
• Dedicated, private connection into AWS
• Create private (VPC) or public virtual interfaces to AWS
• Reduced data-out rates (data-in is free)
• Consistent network performance
• Option for redundant connections
• Work with Multiple AWS Regions
• Multiple AWS accounts can share a connection
• Uses BGP to exchange routing information over a VLAN
- 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
97 Direct Connect
Locations
- 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS VPN and AWS Direct Connect
• Both allow secure connections between your network and your VPC
• VPN is a pair of IPsec tunnels over the Internet
• AWS Direct Connect is a dedicated line with lower per-GB data transfer
rates
• For highest availability: Use multiple, dynamically routed AWS Direct
Connect connections at multiple locations
- 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Transit Gateway
- 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VPN connectionCustomer gateway Amazon VPC Amazon VPC
AWS Direct Connect Gateway
VPC peering
VPC peering VPC peering
Amazon VPC Amazon VPCVPC peering
VPN connection
VPN connection
VPC peering
Before Transit Gateway …
- 15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
With Transit Gateway …
Transit
Gateway
Amazon VPCAmazon VPC
Amazon VPCAmazon VPC
Customer
gateway
VPN
connection
AWS Direct
Connect Gateway
- 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
- 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS in China
AWS provides its
industry-leading
technology,
guidance, and
expertise to NWCD
and Sinnet
NWCD and Sinnet operate
and provide AWS Cloud
Services to China customers
NWCD/Sinnet-specific
• Accounts system
• Billing
• VAT invoice
(fapiao)
• Support charges
- 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS China Regions
• Worldwide standards: Redundancy and high availability
• Connecting with major Tier 1 carriers and small ISPs by BGP
• 2 Availability Zones (AZs) on AWS China (Beijing) Region operated by Sinnet
• 3 Availability Zones (AZs) on AWS China (Ningxia) Region operated by NWCD
AWS China (Ningxia)
Region operated by
NWCD launched in 2017
AWS China (Beijing)
Region operated by
Sinnet launched in 2014
Availability
Zone B
Availability
Zone A
Beijing Region
Availability
Zone C
Availability
Zone B
Ningxia Region
Availability
Zone A
- 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Available Services in AWS China Regions
• Consistent GUI with other
AWS global regions
• All core services, including
compute, storage, and
network, are available from
both AWS China Regions
• AWS makes migrating from
global AWS regions to AWS
China Regions simple
- 20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Customers – Internet Companies
- 21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Customers – Traditional Enterprise
- 22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Customers – Public Sector
- 23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Partners
- 24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
- 25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Direct Peering with China ISPs
Optimized Internet routes between
Beijing/Ningxia Regions and global regions (US/Singapore/Tokyo)
AWS Cloud AWS Cloud
- 26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Dedicated Links via AWS Direct Connect
VPC in
Ningxia/Beijing
Regions
MPLS/
SD-WAN
VPC in
Oregon Region
VPC in
Singapore Region
AWS Direct Connect
gateway
AWS Direct Connect
location in HK
VPC in
Tokyo Region
Customer’s own private WAN
provided by SPs
Example:
China Mobile International
can provision the link in 1 week
VPC
VPC
VPC
VPC
- 27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
混合雲遷移專案管理所需要知道
的十件事
Case Study - DB Migration to AWS
Simon Wang
Enterprise Support Lead, AWS
- 28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
A Comparison of AWS Support Plans
- 29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Enterprise Support (ES) Key Features
SUPPORT
CONCIERGE
Dedicated team of enterprise account specialists
to help with billing and account subjects
TAM
Technical Account Manager: designated technical
point of contact to all necessary AWS expertise
SMEs
Subject Matter Experts: Cloud Support Engineers,
Solutions Architects, and product teams are
available for guidance
Key Features
Infrastructure Event Management
(IEM)
Architecture Review and
Consultative Support
Operating Review and Optimization
Knowledge Transfer
Feature Request, Roadmap and
PREVIEW/BETA
Fast Response Time and Incident
Management
Monthly Review & Cost Optimization
INFRASTRUCTURE EVENT
MANAGEMENT (IEM)
Focused planning and support
business-critical events
WELL-ARCHITECTED
REVIEW
Detailed review of your architecture
guidance on how to best design
your systems
ARCHITECTURE
SUPPORT
Consultative reviews of your application
architecture and how to align it with AWS
OPERATIONS
SUPPORT
Consultative reviews of your cloud
operations and advice for optimization
- 30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Real Case Background
Challenges
• First time to migrate an
on-premise external
service
• DB platform will be
changed from Oracle to
Aurora MySQL
• Need a solid Migration and
cut-over Plan
- 31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
To-Be Architecture
- 32. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
-Mikhail Chigorin-
Key #1
- 33. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Week 1 ~ 2 Delivery
> Workbook
> Readiness check
> Scenario planning
> Architecture review
> Load testing
Plan Execute Review
Begin
Readiness process
Initiate
Event Description
> DB migrate to AWS
Event Times
> Migrate to AWS from 12 pm to
6 pm in June, 2019.
Major Services
> EC2, Aurora MySQL, DMS
Enterprise Support Helps Planning the Migration
Planning Executing
Architecture review & Load Testing review
Week 3 ~ 8 Delivery
> Load testing result review
> Identify risks and critical path items, develop
mitigation plans
> Regular on-site review meeting action items
follow-up
Critical Event handling
Delivery
> Technical cases support
> Escalation management for critical issue cases
FinalReview
Delivery
> TAM on-site support
> CSE remote support
> Hosts support WAR
room
> Dashboard monitoring
Review
> Review meeting
> Performance Metrics
Review
> Lesson Learned
Reset
> Reset service limits
> Revert unnecessary
architectural changes
W0
03/13
W1
03/18
W2
03/25
W3
04/01
W4
04/08
W5
04/15
W6
04/22
W7
04/29
W8
05/06
2 week6~8 weeks 1 day3 day
Launch
June
Review
Launch Date+2W
Current
- 34. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
#3 Cloud Infra Readiness Check #5 ~Take Actions~
#7 Playbook & Cut-over Plan
Other Keys …
Plan Execute ReviewInitiate
#8 Cloud WAR Room
#4 Load Test Result Review#2 IEM Workbook
Onsite Support
#9 Post-event Review
#6 Be Prepared for Blocker Issues
> Migrated data became NULL when using TDE
encrypted DMS source columns
> CDC task failed with uncoverable error “archived Redo
log for the sequence XX does not exist”
Review
Do
Check
-Event Details
-Architecture Review
-Scenario Planning
-Checklist
-Reliability
-Availability
-Scalability
-Security
-Monitoring
- 35. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Today’s Takeways
#10 Enjoy AWS Enterprise Support
#1 Must Have a Plan
#2 IEM Workbook
#3 Cloud Infrastructure Readiness Check
#4 Load Test Result Review
#5 Actions for Recommendations
#6 Be prepared for Blocker Issues
#7 Playbook and Cut-over Plan
#8 Physical + Cloud WAR Rooms
#9 Post-Event Review
Reference
• Infra Event Readiness
White Paper
• Enterprise Support
Plan
• Compare Support
Plans
- 36. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Case Study – How KKTIX Survived
JJ Lin Event
Rianol Jou
Head of Site Reliability Engineering,
KKBOX
- 46. MONITORING
• Concurrent user
• Access log
• Order & Payment status
• Application metrics
• CloudFront requests, error rate
• ELB requests, error rate, latency
• ASG CPU, network IO
• ElastiCache & RDS CPU, Memory,
Connections, Commands