Building Enterprise Cloud Apps

BUILDING ENTERPRISE CLOUD APPS Mike Culver, Strategic Alliances Team

WE THINK OF THE CLOUD AS A SET OF BUILDING BLOCK SERVICES

Infrastructure As a Service

Amazon Simple Storage Service

Amazon CloudFront

Amazon Elastic Compute Cloud

Amazon Elastic Block Storage

Amazon Simple Queue Service

Amazon SimpleDB

Amazon Elastic MapReduce

People As a Service

Amazon Mechanical Turk

Payments As a Service

Amazon Flexible Payments Service

Amazon DevPay

Fulfillment and Associates

Amazon Fulfillment Web Service

Amazon Associates Web Service

AMAZON ELASTIC COMPUTE CLOUD (AMAZON EC2)

Resizable compute capacity in the cloud

Obtain and boot new server instances in minutes

Quickly scale capacity, up or down, as your computing requirements change

Full root/Administrator access to a Linux/Windows virtual machine

Simple Web service management interface

Changes the economics of computing

CONSERVE CAPITAL Infrastructure Cost $ time Large Capital Expenditure You just lost customers Predicted Demand Traditional Hardware Actual Demand Automated Virtualization

EC2 HAS AN UNPRECEDENTED DURABILITY MODEL Note: Conceptual drawing only. The number of Availability Zones may vary Amazon CloudWatch Auto Scaling Elastic Load Balancing

CLOUD COMPUTING ATTRIBUTES Abstract Resources Not tied to physical hardware and can be flexible as your needs demand. On-Demand Provisioning Ask for what you need, exactly when you need it. Pay only for what you use. Scalability Scale up or down depending on usage needs. No Up-Front Costs No contracts or long-term commitments. Pay only for what you use. Efficiency of Experts Utilize the skills, knowledge and resources of experts.

Scalability means scaling up and scaling down

If we increase the resources in a system, it results in increased performance in a manner proportional to resources added. Increasing performance in general means serving more units of work, but it can also be to handle larger units of work, such as when datasets grow

A scalable service is capable of handling heterogeneity

A scalable service is operationally efficient

A scalable service is resilient

A scalable service becomes more cost effective when it grows

WHAT DO WE MEAN BY SCALABILITY?

Move to the Cloud Build for the Cloud

Design for failure and nothing fails

Loose coupling sets you free

Design for elasticity

Security is everywhere

Don’t fear constraints

Take advantage of a variety of storage options

CLOUD ARCHITECTURE LESSONS

Never expect your systems to be stable

Everything fails

Hard disks

Power supplies

Cabling

Network ports

Switches

Load-balancers

Ethernet chips

IO controllers

Fans

If you can add it, it can fail

DESIGN FOR FAILURE

Use Elastic IP addresses for consistent and re-mappable endpoints

Use multiple Amazon EC2 Availability Zones (AZs)

Create multiple database slaves across AZs

Use real-time monitoring across key access points

Use Amazon Elastic Block Store (EBS) for persistent file systems

Use Amazon EBS Snapshots for disaster recovery and increased persistence

Use Auto Scaling and Elastic Load Balancing to automatically provision new resources

Use Amazon CloudWatch to monitor instance health

HOW TO DESIGN FOR FAILURE WITH AWS

Make no assumptions about the inner workings of your components

Design for a jumble of black boxes

Loosely coupled systems and AWS

De-coupling systems allows for hybrid models (in-cloud + in-physical data center)

Balancing between clusters enables easier scaling

Using queues (Amazon SQS) buffers against failures

BUILD LOOSELY COUPLED SYSTEMS

SOA OFTEN HAS A BUS Service Bus Order Entry Credit Check Inventory Allocation Pick Ticket Generated Send Confirmation Email

ARCHITECT FOR EVERYTHING FAILS AND THEN NOTHING DOES Bus Order Entry Credit Check Bus Amazon Simple Queue Service

Components should not assume the health or location of other components

Bootstrapping and dynamic configuration helps you scale dynamically

Build management components to enable scale-out and scale-in on-demand

DESIGN FOR ELASTICITY

With AWS, physical security is free, network security is easy, and other security can be added

Building secure systems with AWS

Create distinct Security Groups for each Amazon EC2 cluster

Use group-based rules for controlling access between layers

Restrict external access to specific IP ranges and ports

Use strong passwords and certificate-based authentication

Encrypt data stored in Amazon S3

Encrypt all information transmitted across the wire

Consider encrypted file systems for sensitive data

UTILIZE SECURITY MECHANISMS

Having a flexible, on-demand pool of resources allows for different architectures that remove constraints

I need more than xxGB of RAM per instance / Distribute load across multiple instances; use a shared distributed cache

I need more than xxK IOPS on my database / Run multiple read-only copies; sharding; database clustering software

My current server specs are better than an Amazon EC2 instance / Run more Amazon EC2 instances but only when you need them

I need static IPs for my servers / Boot scripts that re-configure software from configuration database

ARCHITECTURAL CONSTRAINTS CAN BE BROKEN

Amazon S3 is optimized for storing large objects

Store persistent data

Amazon CloudFront for performance

Push popular objects to worldwide edge locations

Amazon SimpleDB for speed, scale, and simplicity

Store small bits of data that have no dependencies, such as metadata

Amazon EC2 local disk space for transient data

Amazon EBS acts like a disk drive for persistent storage

Store dynamic content or a traditional RDBMS

EMPLOY MANY STORAGE OPTIONS

Deploy internal applications for greater cost savings

Host a quick and effective marketing campaign

Take advantage of new business opportunities without time consuming procurement processes

Batch data processing

Large scale analytics

Disaster recovery

Development and test environments

Load testing applications on your own infrastructure

DIVERSE ENTERPRISE USE CASES

SAMPLE ARCHITECTURE: MIGRATING YOUR INTERNAL IT APPLICATIONS

A typical enterprise application could need:

A secure environment that is part of the enterprises’ existing network ( Amazon VPC )

Computing power ( Amazon EC2 )

Storage capacity for images, videos, backups, files, etc. ( Amazon S3 )

Indexed storage ( Amazon SimpleDB )

Relational Database ( Your favorite on EBS)

Messaging between components ( Amazon SQS )

Load balancing for optimal performance

ENTERPRISE APPLICATION DESIGN ON AWS

Create a secure connection between assets and applications within your corporate network and assets and applications that reside in AWS

Users and applications within your existing infrastructure securely interact with assets in AWS as if they were local

AMAZON VPC EXTENDS YOUR DATACENTER Your existing infrastructure Amazon VPC

AMAZON VPC ARCHITECTURE Your Network Amazon Web Services Cloud Secure VPN Connection over the Internet Subnets Customer’s isolated AWS resources VPN Gateway

Establish subnets to control who and what can access your resources

Connect your isolated AWS resources and your IT infrastructure via a VPN connection

Launch AWS resources within the isolated network

Use your existing security and networking technologies to examine traffic to/from your isolated resources

Extend your existing security and management policies within your IT infrastructure to your isolated AWS resources as if they were running within your infrastructure

AMAZON VPC CREATES AN ISOLATED ENVIRONMENT WITHIN AWS

Advantages of your on-premises infrastructure

Ensure network isolation

Works with your security tools

Employ your existing identity and authentication infrastructure

Integrates seamlessly with the rest of your infrastructure via VPN

Plus, the benefits of a cloud-based infrastructure

Don’t get trapped by CapEx

True company-level elasticity

Lower operational responsibilities and costs

Super-fast provisioning of on-demand resources

REALIZE THE BEST OF BOTH WORLDS

Available now

Amazon EBS

Single AZ in us-east-1

Amazon CloudWatch

On-Demand and Reserved Instances

Linux/UNIX and Windows

Upcoming features

Direct Internet access

Multiple AZs

Elastic IPs

Security groups

Amazon DevPay

Auto Scaling

Elastic Load Balancing

AMAZON VPC: SUPPORTED AWS FEATURES

Internal new employee provisioning application

A hiring manager visits an internal website

Enters employee information, including start date, office location, computer type, and so on

The website kicks off a series of workflows on existing systems already deployed within the company

Facilities: setup the office space

IT: setup the new computer

Hiring manager: email with forms for employee to fill out

… and so on…

Spiky usage around Summer (new interns)

No internal resources available for the application, so the organization has chosen to deploy in AWS

OUR SAMPLE ENTERPRISE APPLICATION (OLD WAY)

SETUP THE WEB SERVER IN AMAZON VPC Amazon VPC Existing Network AWS Cloud

Flexible

Choose your programming model, application platform, databases, and operating system stack

Cost-effective, pay only for what you use

Scalable

Automatically add and delete resources as they are needed

Reliable

Built on the world-class Amazon infrastructure

Secure

Connection with Amazon VPC ensures that only users within your organization can see your AWS resources

WEB SERVER RUNNING ON AMAZON EC2

USE AMAZON S3 FOR RAW STORAGE Store persistent files in Amazon S3 for lower costs, higher reliability Encrypt sensitive data AWS Cloud

USE AMAZON EBS TO HOST DATABASES AWS Cloud Configure an Amazon EBS device to host your existing relational database. Snapshots can be automatically backed up to Amazon S3.

INTERACT WITH EXISTING CORPORATE SYSTEMS Amazon VPC provides a two-way secure connection so that applications hosted in AWS can communicate with systems hosted in our existing network.