Your SlideShare is downloading. ×
Architecting Enterprise Applications In The Cloud
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Architecting Enterprise Applications In The Cloud


Published on

Architecting Enterprise Applications in the Cloud presentation by Matt Tavis, AWS Solutions Architect, and the Cloud for the Enterprise Event in NY on October 19, 2009

Architecting Enterprise Applications in the Cloud presentation by Matt Tavis, AWS Solutions Architect, and the Cloud for the Enterprise Event in NY on October 19, 2009

Published in: Technology
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide
  • This slide discusses the corresponding AWS functionality that we will support at limited public beta launch. Please note that the items under "Launch ++" are other AWS capabilities that we are currently evaluating for operability within VPC, but do not have a date as yet. Direct Internet/AWS access is our most important feature.
  • As you can recall, we’ve setup Amazon VPC in the AWS cloud. We’ve also configured a secure connection between our existing network and Amazon VPC. All of our activity inside our VPC and all traffic to and from our existing network and Amazon VPC can be monitored, managed, and secured by all of our existing security apparatus and procedures/policies.We will deploy our web server and full application platform stack on Amazon EC2 instances that are spawned within Amazon VPC.
  • Benefits of using Amazon EC2 to host your web application.
  • We will host all of our static and large files over on Amazon S3. Things like images, music, PDFs, and the like are best suited for Amazon S3. Amazon S3 provides a low-cost, highly reliable and scalable storage environment for your web applications. We will encrypt this data for security reasons.
  • You can host your relational database on top of Amazon EBS. Companies like IBM and Oracle have even enabled license portability so that you can bring your existing database licenses into the AWS cloud.
  • As you’ll recall, we want our application to be able to kickoff workflows with a bunch of systems we’re already running internally. While it may make sense, both economically and technically, to eventually migrate these systems into AWS as well, as of right now that isn’t the case. So, we’ll need to be able to have our Employee Provisioning application that is hosted in AWS be able to communicate with our internal systems. With Amazon VPC, this is easy.
  • These are some additional AWS features that we could use as part of our application.
  • Transcript

    • 1. Architecting Enterprise Applications in the Cloud
      Matt Tavis
      Solutions Architect
    • 2. What Does the Enterprise Application Demand?
      High Availability
    • 3. T
      S3 Replicas
      EC2 Regions
      Availability Zone A
      Availability Zone B
      Availability Zone C
      Auto Scaling
      Amazon CloudWatch
      Elastic Load Balancing
      Note: Conceptual drawing only. The number of Availability Zones may vary. S3 guarantees 3 or more copies across 2 or more AZs.
      AWS has the Tools for Enterprise Demands
    • 4. Achieving Enterprise Needs is an Agreement between Architecture and Infrastructure
      Leveraging a scalable, on-demand infrastructure requires an application that can take advantage of it.
      Corollary: Fork-lifting a broken architecture into the AWS cloud will not make it any better
      Architecture and Infrastructure Must Work Together
    • 5. There are Many Paths into the Cloud
      Move to the Cloud
      Build for the Cloud
    • 6. Design for Failure and Nothing Fails
      Loose Coupling Sets You Free
      Design for Dynamism
      Security is Everywhere
      Don’t Fear Constraints
      Leverage a Variety of Storage Services
      Cloud Architecture Lessons Learned
    • 7. Never expect your systems to be stable
      Everything fails
      Hard disks
      Power supplies
      Network ports
      Ethernet chips
      IO controllers
      Even software fails
      If you can add it, it can fail
      Design for Failure and Nothing Fails
    • 8. Elastic IPs enable consistent endpoints and a re-mappable
      Leverage multiple Amazon EC2 Availability Zones (AZs)
      Replicate databases and persistence layers across AZs
      Use real-time monitoring across key access points
      Use Elastic Block Store (EBS) for persistent file systems
      Snapshot EBS for disaster recovery and increased persistence
      Auto Scaling and Elastic Load Balancing can automatically provision new resources
      Use Amazon CloudWatch to monitor instance health
      Designing for Failure with AWS
    • 9. Components should not make no assumptions about the inner workings of other components
      Design for a jumble of black boxes
      Loosely coupled systems and AWS
      De-coupling systems allows for hybrid models (in-cloud + in-physical data center)
      Balancing between clusters enables easier scaling
      Using queues (Amazon SQS) buffers against failures
      Loose Coupling Sets You Free
    • 10. Components should not assume the health or location of other components
      Bootstrapping and dynamic configuration helps you scale dynamically
      Add or build management components to enable scale-out and scale-in on-demand
      Design for Dynamism
    • 11. With AWS, physical security is free, network security is easy, and other security can be added
      Building secure systems with AWS
      Create distinct Security Groups for each Amazon EC2 cluster
      Use group-based rules for controlling access between layers
      Restrict external access to specific IP ranges and ports
      Use strong passwords and certificate-based authentication
      Encrypt data stored in Amazon S3
      Encrypt information transmitted across the wire
      Use encrypted file systems for sensitive data
      Security is Everywhere
    • 12. Having a flexible, on-demand pool of resources allows for different architectures that remove constraints
      Don’t Fear Constraints
      I need more than xxGB of RAM per instance
      Distribute load across multiple instances; use a shared distributed cache
      I need more than xxK IOPS on my database
      Run multiple read-only copies; sharding; database clustering software
      My current server specs are better than the EC2 instances
      Run more Amazon EC2 instances but only when you need them
      I need static IPs for my servers
      Boot scripts that re-configure software from configuration database
    • 13. AWS offers a wide variety of storage services designed for reliability, low latency, ease of access, indexing and throughput.
      Amazon S3 is optimized for easy access to highly durable and available storage of objects
      Store persistent data needing durability and easy access
      Amazon CloudFront for performance
      Push popular objects to worldwide edge locations
      Amazon SimpleDB for indexing, speed, scale, and simplicity
      Store small bits of data that have no dependencies, such as metadata
      Amazon EBS acts like a disk drive for persistent storage with high throughput and basic durability
      Store dynamic content or a traditional RDBMS
      Amazon EC2 local disk space for transient data
      Leverage a Variety of Storage Services
    • 14. Deploy internal applications for greater cost savings
      Development, test, staging and training environments
      Hosting of quick and effective marketing campaign (micro-sites)
      Faster time to market for new business opportunities
      Recurring or on-demand batch data processing jobs
      Large scale analytics (Hadoop)
      Disaster recovery
      Load testing applications on your own infrastructure
      What Can an Enterprise Do on AWS?
    • 15. Sample Architecture:Migrating Your Internal IT Applications
    • 16. A typical enterprise application could need:
      A secure environment that is part of the enterprises’ existing network (Amazon VPC)
      Computing power (Amazon EC2)
      Storage capacity for images, videos, backups, files, etc. (Amazon S3)
      Indexed storage (Amazon SimpleDB)
      Relational Database (Your favorite on EBS)
      Messaging between components (Amazon SQS)
      Load balancing for optimal performance
      Enterprise Application Design on AWS
    • 17. Create a secure connection between assets and applications within your corporate network and assets and applications that reside in AWS
      Users and applications within your existing infrastructure securely interact with assets in AWS as if they were local
      Amazon VPC Extends Your Datacenter
      Your existing infrastructure
      Amazon VPC
    • 18. Customer’s isolated AWS resources
      Amazon VPC Architecture
      VPN Gateway
      AmazonWeb Services
      Secure VPN Connection over the Internet
    • 19. Establish subnets to control who and what can access your resources
      Connect your isolated AWS resources and your IT infrastructure via a VPN connection
      Launch AWS resources within the isolated network
      Use your existing security and networking technologies to examine traffic to/from your isolated resources
      Extend your existing security and management policies within your IT infrastructure to your isolated AWS resources as if they were running within your infrastructure
      Amazon VPC Creates an isolated environment within AWS
    • 20. Advantages of your on-premises infrastructure
      Ensure network isolation
      Works with your security tools
      Employ your existing identity and authentication infrastructure
      Integrates seamlessly with the rest of your infrastructure via VPN
      Plus, the benefits of a cloud-based infrastructure
      Don’t get trapped by CapEx
      True company-level elasticity
      Lower operational responsibilities and costs
      Super-fast provisioning of on-demand resources
      Realize the Best of Both Worlds
    • 21. Available now
      Amazon EBS
      Single AZ in us-east-1
      Amazon CloudWatch
      On-Demand and Reserved Instances
      Linux/UNIX and Windows
      Upcoming features
      Direct Internet access
      Multiple AZs
      Elastic IPs
      Security groups
      Amazon DevPay
      Auto Scaling
      Elastic Load Balancing
      Amazon VPC: Supported AWS Features
    • 22. Internal new employee provisioning application
      A hiring manager visits an internal website
      Enters employee information, including start date, office location, computer type, and so on
      The website kicks off a series of workflows on existing systems already deployed within the company
      Facilities: setup the office space
      IT: setup the new computer
      Hiring manager: email with forms for employee to fill out
      …and so on…
      Spiky usage around Summer (new interns)
      No internal resources available for the application, so the organization has chosen to deploy in AWS
      Our Sample Enterprise Application (Old Way)
    • 23. Setup the Web Server in Amazon VPC
      AWS Cloud
      Amazon VPC
      Existing Network
    • 24. Flexible
      Choose your programming model, application platform, databases, and operating system stack
      Cost-effective, pay only for what you use
      Automatically add and delete resources as they are needed
      Built on the world-class Amazon infrastructure
      Connection with Amazon VPC ensures that only users within your organization can see your AWS resources
      Web Server Running on Amazon EC2
    • 25. Use Amazon S3 for Raw Storage
      AWS Cloud
      Store persistent files in Amazon S3 for lower costs, higher reliability
      Encrypt sensitive data
    • 26. Use Amazon EBS to Host Databases
      AWS Cloud
      Configure an Amazon EBS device to host your existing relational database. Snapshots can be automatically backed up to Amazon S3.
    • 27. Interact With Existing Corporate Systems
      Amazon VPC provides a two-way secure connection so that applications hosted in AWS can communicate with systems hosted in our existing network.
    • 28. Amazon SimpleDB can be used as a cost-effective, zero-administration indexed store for your application
      Amazon CloudWatch, Elastic Load Balancing, and Auto-Scaling services enable greater fault-tolerance and scalability
      Amazon Elastic MapReduce can be used to crunch and analyze large amounts of data
      Amazon Flexible Payments Service can handle checkout pipelines and payment methods
      Amazon Mechanical Turk can be used for tasks best suited for human intervention (e.g., image upload and content approval, database cleansing, etc.)
      Additional Capabilities
    • 29. AWS Management Console
      Numerous cloud-based third-party providers
      BMC, RightScale, others
      API-based control enables existing workflow applications to manage AWS resources
      Existing IT management systems can extend to cloud
      Amazon VPC enables existing management and operations systems, security policies, etc. to extend to cloud resources
      Amazon CloudWatch provides easy to use monitoring
      Management and Operations
    • 30.
      AWS Management Console
    • 31. But What if You Have What you Have?
      But can I use Package X
      in the AWS Cloud?
    • 32.
    • 33.
    • 34. Thank You