Effective and Efficient Computing for the Government

1. Effective and Efficient Computing for the Government Sri Vasireddy, Federal Solutions Architect

3. Elastic and Pay-Per-Use Infrastructure Infrastructure Cost $ time Large Capital Expenditure Unable to serve constituents Predicted Demand Traditional Hardware Actual Demand Automated Virtualization

4. On-Demand Pricing

5. Business Agility / Innovation

7. Building Blocks

8. AWS Computing Platform

9. AWS Pace of Innovation » AWS Services in N. California » AWS Multi-Factor Authentication » AWS Management Console » AWS Economics Center » AWS in Education » AWS Security Center » SAS70 Type II Audit » More services in EU » Lower EC2 Pricing » Lower S3 Pricing » Lower pricing for Outbound Data Transfer » AWS Solution Provider Program » Amazon EC2 » Amazon S3 » Developer Portal & Forums » Amazon SQS » Amazon Mechanical Turk » Amazon SimpleDB » Amazon Flexible Payments Service » S3 in Europe » EC2 new instance types » AWS Start-Up Challenge » Amazon Simple Notification Service » RDS Multi-Availability Zone Support » S3 Reduced Redundancy Storage » New Locations and Features for CloudFront » S3 Bucket Policies » Cluster Instances for EC2 » Premium Support » Amazon CloudFront » EC2 Elastic IP addresses & Availability Zones » Windows Server, MySQL, Oracle, & JBoss on EC2 » Lower Data Transfer Costs » EC2 Reserved Instances » New SimpleDB Features » IBM on EC2 » Windows Server 2008 on EC2 » Amazon RDS » Amazon Virtual Private Cloud » Amazon Elastic MapReduce » EBS Shared Snapshots » Monitoring, Auto Scaling & Elastic Load Balancing for EC2 » AWS Import/Export » AWS Services in Singapore » RDS Reserved Database Instances » RDS Read Replicas & Lower Pricing » Lower Outbound Transfer Pricing » Data Transfer Usage Tiers » Consolidated Billing for AWS » Amazon S3 Versioning Feature » EC2 High Memory Instances » Micro Instances » Lower Pricing for EC2 High Mem Instances » Identity & Access Management » Amazon Linux AMI » Oracle on EC2 » New EC2 Features » SUSE Linux on EC2 » Public Data Sets » Elastic Block Store » EC2 SLA » EC2 in EU » S3 Tiered Pricing

10. CUSTOMER USE CASES

12. Animoto and Amazon EC2 Number of EC2 Instances 4/12/2008 Launch of Facebook modification. Amazon EC2 easily scaled to handle additional traffic Peak of 5000 instances 4/14/2008 4/15/2008 4/16/2008 4/18/2008 4/19/2008 4/20/2008 4/17/2008 4/13/2008 Steady state of ~40 instances

18. SECURITY

21. Amazon EC2 Instance Isolation Physical Interfaces Customer 1 Hypervisor Customer 2 Customer n … … Virtual Interfaces Firewall Customer 1 Security Groups Customer 2 Security Groups Customer n Security Groups

22. Multi-tier Security Architecture Web Tier Application Tier Database Tier EBS Volume Ports 80 and 443 only open to the Internet Engineering staff have ssh access to the App Tier, which acts as Bastion All other Internet ports blocked by default Authorized 3 rd parties can be granted ssh access to select AWS resources, such as the Database Tier Amazon EC2 Security Group Firewall AWS employs a private network with ssh support for secure access between tiers and is configurable to limit access between tiers

23. Amazon VPC Architecture Customer’s Network Amazon Web Services Cloud Secure VPN Connection over the Internet Subnets Customer’s isolated AWS resources Router VPN Gateway

24. Amazon EC2 Regions and Availability Zones Amazon EC2 Regions: US East (Northern Virginia) / US West (Northern California) / EU (Dublin) / Asia Pacific (Singapore) US West (Northern California) Availability Zone A Availability Zone B US East (Northern Virginia) Availability Zone A Availability Zone B Availability Zone C Availability Zone D

26. Designing Applications for Reliability Region Availability Zone Availability Zone Amazon CloudWatch Provides monitoring for AWS cloud resources. Elastic Load Balancing Automatically distributes incoming application traffic across multiple Amazon EC2 instances. Auto Scaling Automatically scales Amazon EC2 capacity up or down according to pre-defined conditions.