Architecting Enterprise Applications In The Cloud

Uploaded on

Architecting Enterprise Applications in the Cloud presentation by Matt Tavis, AWS Solutions Architect, and the Cloud for the Enterprise Event in NY on October 19, 2009

Architecting Enterprise Applications in the Cloud presentation by Matt Tavis, AWS Solutions Architect, and the Cloud for the Enterprise Event in NY on October 19, 2009

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide
  • This slide discusses the corresponding AWS functionality that we will support at limited public beta launch. Please note that the items under "Launch ++" are other AWS capabilities that we are currently evaluating for operability within VPC, but do not have a date as yet. Direct Internet/AWS access is our most important feature.
  • As you can recall, we’ve setup Amazon VPC in the AWS cloud. We’ve also configured a secure connection between our existing network and Amazon VPC. All of our activity inside our VPC and all traffic to and from our existing network and Amazon VPC can be monitored, managed, and secured by all of our existing security apparatus and procedures/policies.We will deploy our web server and full application platform stack on Amazon EC2 instances that are spawned within Amazon VPC.
  • Benefits of using Amazon EC2 to host your web application.
  • We will host all of our static and large files over on Amazon S3. Things like images, music, PDFs, and the like are best suited for Amazon S3. Amazon S3 provides a low-cost, highly reliable and scalable storage environment for your web applications. We will encrypt this data for security reasons.
  • You can host your relational database on top of Amazon EBS. Companies like IBM and Oracle have even enabled license portability so that you can bring your existing database licenses into the AWS cloud.
  • As you’ll recall, we want our application to be able to kickoff workflows with a bunch of systems we’re already running internally. While it may make sense, both economically and technically, to eventually migrate these systems into AWS as well, as of right now that isn’t the case. So, we’ll need to be able to have our Employee Provisioning application that is hosted in AWS be able to communicate with our internal systems. With Amazon VPC, this is easy.
  • These are some additional AWS features that we could use as part of our application.


  • 1. Architecting Enterprise Applications in the Cloud
    Matt Tavis
    Solutions Architect
  • 2. What Does the Enterprise Application Demand?
    High Availability
  • 3. T
    S3 Replicas
    EC2 Regions
    Availability Zone A
    Availability Zone B
    Availability Zone C
    Auto Scaling
    Amazon CloudWatch
    Elastic Load Balancing
    Note: Conceptual drawing only. The number of Availability Zones may vary. S3 guarantees 3 or more copies across 2 or more AZs.
    AWS has the Tools for Enterprise Demands
  • 4. Achieving Enterprise Needs is an Agreement between Architecture and Infrastructure
    Leveraging a scalable, on-demand infrastructure requires an application that can take advantage of it.
    Corollary: Fork-lifting a broken architecture into the AWS cloud will not make it any better
    Architecture and Infrastructure Must Work Together
  • 5. There are Many Paths into the Cloud
    Move to the Cloud
    Build for the Cloud
  • 6. Design for Failure and Nothing Fails
    Loose Coupling Sets You Free
    Design for Dynamism
    Security is Everywhere
    Don’t Fear Constraints
    Leverage a Variety of Storage Services
    Cloud Architecture Lessons Learned
  • 7. Never expect your systems to be stable
    Everything fails
    Hard disks
    Power supplies
    Network ports
    Ethernet chips
    IO controllers
    Even software fails
    If you can add it, it can fail
    Design for Failure and Nothing Fails
  • 8. Elastic IPs enable consistent endpoints and a re-mappable
    Leverage multiple Amazon EC2 Availability Zones (AZs)
    Replicate databases and persistence layers across AZs
    Use real-time monitoring across key access points
    Use Elastic Block Store (EBS) for persistent file systems
    Snapshot EBS for disaster recovery and increased persistence
    Auto Scaling and Elastic Load Balancing can automatically provision new resources
    Use Amazon CloudWatch to monitor instance health
    Designing for Failure with AWS
  • 9. Components should not make no assumptions about the inner workings of other components
    Design for a jumble of black boxes
    Loosely coupled systems and AWS
    De-coupling systems allows for hybrid models (in-cloud + in-physical data center)
    Balancing between clusters enables easier scaling
    Using queues (Amazon SQS) buffers against failures
    Loose Coupling Sets You Free
  • 10. Components should not assume the health or location of other components
    Bootstrapping and dynamic configuration helps you scale dynamically
    Add or build management components to enable scale-out and scale-in on-demand
    Design for Dynamism
  • 11. With AWS, physical security is free, network security is easy, and other security can be added
    Building secure systems with AWS
    Create distinct Security Groups for each Amazon EC2 cluster
    Use group-based rules for controlling access between layers
    Restrict external access to specific IP ranges and ports
    Use strong passwords and certificate-based authentication
    Encrypt data stored in Amazon S3
    Encrypt information transmitted across the wire
    Use encrypted file systems for sensitive data
    Security is Everywhere
  • 12. Having a flexible, on-demand pool of resources allows for different architectures that remove constraints
    Don’t Fear Constraints
    I need more than xxGB of RAM per instance
    Distribute load across multiple instances; use a shared distributed cache
    I need more than xxK IOPS on my database
    Run multiple read-only copies; sharding; database clustering software
    My current server specs are better than the EC2 instances
    Run more Amazon EC2 instances but only when you need them
    I need static IPs for my servers
    Boot scripts that re-configure software from configuration database
  • 13. AWS offers a wide variety of storage services designed for reliability, low latency, ease of access, indexing and throughput.
    Amazon S3 is optimized for easy access to highly durable and available storage of objects
    Store persistent data needing durability and easy access
    Amazon CloudFront for performance
    Push popular objects to worldwide edge locations
    Amazon SimpleDB for indexing, speed, scale, and simplicity
    Store small bits of data that have no dependencies, such as metadata
    Amazon EBS acts like a disk drive for persistent storage with high throughput and basic durability
    Store dynamic content or a traditional RDBMS
    Amazon EC2 local disk space for transient data
    Leverage a Variety of Storage Services
  • 14. Deploy internal applications for greater cost savings
    Development, test, staging and training environments
    Hosting of quick and effective marketing campaign (micro-sites)
    Faster time to market for new business opportunities
    Recurring or on-demand batch data processing jobs
    Large scale analytics (Hadoop)
    Disaster recovery
    Load testing applications on your own infrastructure
    What Can an Enterprise Do on AWS?
  • 15. Sample Architecture:Migrating Your Internal IT Applications
  • 16. A typical enterprise application could need:
    A secure environment that is part of the enterprises’ existing network (Amazon VPC)
    Computing power (Amazon EC2)
    Storage capacity for images, videos, backups, files, etc. (Amazon S3)
    Indexed storage (Amazon SimpleDB)
    Relational Database (Your favorite on EBS)
    Messaging between components (Amazon SQS)
    Load balancing for optimal performance
    Enterprise Application Design on AWS
  • 17. Create a secure connection between assets and applications within your corporate network and assets and applications that reside in AWS
    Users and applications within your existing infrastructure securely interact with assets in AWS as if they were local
    Amazon VPC Extends Your Datacenter
    Your existing infrastructure
    Amazon VPC
  • 18. Customer’s isolated AWS resources
    Amazon VPC Architecture
    VPN Gateway
    AmazonWeb Services
    Secure VPN Connection over the Internet
  • 19. Establish subnets to control who and what can access your resources
    Connect your isolated AWS resources and your IT infrastructure via a VPN connection
    Launch AWS resources within the isolated network
    Use your existing security and networking technologies to examine traffic to/from your isolated resources
    Extend your existing security and management policies within your IT infrastructure to your isolated AWS resources as if they were running within your infrastructure
    Amazon VPC Creates an isolated environment within AWS
  • 20. Advantages of your on-premises infrastructure
    Ensure network isolation
    Works with your security tools
    Employ your existing identity and authentication infrastructure
    Integrates seamlessly with the rest of your infrastructure via VPN
    Plus, the benefits of a cloud-based infrastructure
    Don’t get trapped by CapEx
    True company-level elasticity
    Lower operational responsibilities and costs
    Super-fast provisioning of on-demand resources
    Realize the Best of Both Worlds
  • 21. Available now
    Amazon EBS
    Single AZ in us-east-1
    Amazon CloudWatch
    On-Demand and Reserved Instances
    Linux/UNIX and Windows
    Upcoming features
    Direct Internet access
    Multiple AZs
    Elastic IPs
    Security groups
    Amazon DevPay
    Auto Scaling
    Elastic Load Balancing
    Amazon VPC: Supported AWS Features
  • 22. Internal new employee provisioning application
    A hiring manager visits an internal website
    Enters employee information, including start date, office location, computer type, and so on
    The website kicks off a series of workflows on existing systems already deployed within the company
    Facilities: setup the office space
    IT: setup the new computer
    Hiring manager: email with forms for employee to fill out
    …and so on…
    Spiky usage around Summer (new interns)
    No internal resources available for the application, so the organization has chosen to deploy in AWS
    Our Sample Enterprise Application (Old Way)
  • 23. Setup the Web Server in Amazon VPC
    AWS Cloud
    Amazon VPC
    Existing Network
  • 24. Flexible
    Choose your programming model, application platform, databases, and operating system stack
    Cost-effective, pay only for what you use
    Automatically add and delete resources as they are needed
    Built on the world-class Amazon infrastructure
    Connection with Amazon VPC ensures that only users within your organization can see your AWS resources
    Web Server Running on Amazon EC2
  • 25. Use Amazon S3 for Raw Storage
    AWS Cloud
    Store persistent files in Amazon S3 for lower costs, higher reliability
    Encrypt sensitive data
  • 26. Use Amazon EBS to Host Databases
    AWS Cloud
    Configure an Amazon EBS device to host your existing relational database. Snapshots can be automatically backed up to Amazon S3.
  • 27. Interact With Existing Corporate Systems
    Amazon VPC provides a two-way secure connection so that applications hosted in AWS can communicate with systems hosted in our existing network.
  • 28. Amazon SimpleDB can be used as a cost-effective, zero-administration indexed store for your application
    Amazon CloudWatch, Elastic Load Balancing, and Auto-Scaling services enable greater fault-tolerance and scalability
    Amazon Elastic MapReduce can be used to crunch and analyze large amounts of data
    Amazon Flexible Payments Service can handle checkout pipelines and payment methods
    Amazon Mechanical Turk can be used for tasks best suited for human intervention (e.g., image upload and content approval, database cleansing, etc.)
    Additional Capabilities
  • 29. AWS Management Console
    Numerous cloud-based third-party providers
    BMC, RightScale, others
    API-based control enables existing workflow applications to manage AWS resources
    Existing IT management systems can extend to cloud
    Amazon VPC enables existing management and operations systems, security policies, etc. to extend to cloud resources
    Amazon CloudWatch provides easy to use monitoring
    Management and Operations
  • 30.
    AWS Management Console
  • 31. But What if You Have What you Have?
    But can I use Package X
    in the AWS Cloud?
  • 32.
  • 33.
  • 34. Thank You