Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

如何成功的完成混合雲遷移專案

359 views

Published on

  • Be the first to comment

  • Be the first to like this

如何成功的完成混合雲遷移專案

  1. 1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. 如何成功的完成混合雲遷移專案及 快速反應大型活動對系統帶來的挑戰 Retro Kuo Cloud Support Engineer, AWS Simon Wang Enterprise Support Lead, AWS Rianol Jou Head of Site Reliability Engineering, KKBOX
  2. 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda • Hybrid connectivity solutions • Overview of AWS China Regions • Hybrid connectivity with AWS China Regions • Enterprise Support for Large Enterprises • Case Study – DB Migration to AWS • Case Study – How KKTIX Survived JJ Lin Event
  3. 3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  4. 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. It’s critical to provide a seamless networking experience between on-premises networks and the AWS cloud
  5. 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hybrid Connectivity Solutions
  6. 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Private Connectivity with AWS VPN (1/2) customer gateway virtual private gateway 2 IPSec tunnels192.168.0.0/16 172.31.0.0/16 192.168/16 Your networking device VPN connection
  7. 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Private Connectivity with AWS VPN (2/2) • Fully managed and highly available VPN termination endpoints at AWS end • 1 connection, 2 VPN tunnels per VPC • IPsec site-to-site tunnel with AES-256, SHA-2, and latest DH groups • Support for NAT-T • Pay $0.05 per hour per VPN connection • Static or dynamic (BGP)
  8. 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Connectivity with AWS Direct Connect (1/3) 192.168/16 AWS Direct Connect location Customer or partner cage AWS cage Customer network 192.168.0.0/16 AWS services virtual private gateway 172.31.0.0/16 Private virtual interface Public virtual interface
  9. 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Connectivity with AWS Direct Connect (2/3) Customer Router Colocation DX Location AWS Direct Connect Devices AWS Cloud VPC VPC VPC Switch Equinix SG2, Singapore Region – U.S West (Oregon) Region – Asia Pacific (Singapore) virtual private gateway virtual private gateway virtual private gateway AWSglobalBackbone Direct Connect Gateway
  10. 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Connectivity with AWS Direct Connect (3/3) • Dedicated, private connection into AWS • Create private (VPC) or public virtual interfaces to AWS • Reduced data-out rates (data-in is free) • Consistent network performance • Option for redundant connections • Work with Multiple AWS Regions • Multiple AWS accounts can share a connection • Uses BGP to exchange routing information over a VLAN
  11. 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T 97 Direct Connect Locations
  12. 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS VPN and AWS Direct Connect • Both allow secure connections between your network and your VPC • VPN is a pair of IPsec tunnels over the Internet • AWS Direct Connect is a dedicated line with lower per-GB data transfer rates • For highest availability: Use multiple, dynamically routed AWS Direct Connect connections at multiple locations
  13. 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Transit Gateway
  14. 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPN connectionCustomer gateway Amazon VPC Amazon VPC AWS Direct Connect Gateway VPC peering VPC peering VPC peering Amazon VPC Amazon VPCVPC peering VPN connection VPN connection VPC peering Before Transit Gateway …
  15. 15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. With Transit Gateway … Transit Gateway Amazon VPCAmazon VPC Amazon VPCAmazon VPC Customer gateway VPN connection AWS Direct Connect Gateway
  16. 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  17. 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS in China AWS provides its industry-leading technology, guidance, and expertise to NWCD and Sinnet NWCD and Sinnet operate and provide AWS Cloud Services to China customers NWCD/Sinnet-specific • Accounts system • Billing • VAT invoice (fapiao) • Support charges
  18. 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS China Regions • Worldwide standards: Redundancy and high availability • Connecting with major Tier 1 carriers and small ISPs by BGP • 2 Availability Zones (AZs) on AWS China (Beijing) Region operated by Sinnet • 3 Availability Zones (AZs) on AWS China (Ningxia) Region operated by NWCD AWS China (Ningxia) Region operated by NWCD launched in 2017 AWS China (Beijing) Region operated by Sinnet launched in 2014 Availability Zone B Availability Zone A Beijing Region Availability Zone C Availability Zone B Ningxia Region Availability Zone A
  19. 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Available Services in AWS China Regions • Consistent GUI with other AWS global regions • All core services, including compute, storage, and network, are available from both AWS China Regions • AWS makes migrating from global AWS regions to AWS China Regions simple
  20. 20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Customers – Internet Companies
  21. 21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Customers – Traditional Enterprise
  22. 22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Customers – Public Sector
  23. 23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Partners
  24. 24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  25. 25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Direct Peering with China ISPs Optimized Internet routes between Beijing/Ningxia Regions and global regions (US/Singapore/Tokyo) AWS Cloud AWS Cloud
  26. 26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Dedicated Links via AWS Direct Connect VPC in Ningxia/Beijing Regions MPLS/ SD-WAN VPC in Oregon Region VPC in Singapore Region AWS Direct Connect gateway AWS Direct Connect location in HK VPC in Tokyo Region Customer’s own private WAN provided by SPs Example: China Mobile International can provision the link in 1 week VPC VPC VPC VPC
  27. 27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. 混合雲遷移專案管理所需要知道 的十件事 Case Study - DB Migration to AWS Simon Wang Enterprise Support Lead, AWS
  28. 28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. A Comparison of AWS Support Plans
  29. 29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Enterprise Support (ES) Key Features SUPPORT CONCIERGE Dedicated team of enterprise account specialists to help with billing and account subjects TAM Technical Account Manager: designated technical point of contact to all necessary AWS expertise SMEs Subject Matter Experts: Cloud Support Engineers, Solutions Architects, and product teams are available for guidance Key Features Infrastructure Event Management (IEM) Architecture Review and Consultative Support Operating Review and Optimization Knowledge Transfer Feature Request, Roadmap and PREVIEW/BETA Fast Response Time and Incident Management Monthly Review & Cost Optimization INFRASTRUCTURE EVENT MANAGEMENT (IEM) Focused planning and support business-critical events WELL-ARCHITECTED REVIEW Detailed review of your architecture guidance on how to best design your systems ARCHITECTURE SUPPORT Consultative reviews of your application architecture and how to align it with AWS OPERATIONS SUPPORT Consultative reviews of your cloud operations and advice for optimization
  30. 30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Real Case Background Challenges • First time to migrate an on-premise external service • DB platform will be changed from Oracle to Aurora MySQL • Need a solid Migration and cut-over Plan
  31. 31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. To-Be Architecture
  32. 32. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. -Mikhail Chigorin- Key #1
  33. 33. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Week 1 ~ 2 Delivery > Workbook > Readiness check > Scenario planning > Architecture review > Load testing Plan Execute Review Begin Readiness process Initiate Event Description > DB migrate to AWS Event Times > Migrate to AWS from 12 pm to 6 pm in June, 2019. Major Services > EC2, Aurora MySQL, DMS Enterprise Support Helps Planning the Migration Planning Executing Architecture review & Load Testing review Week 3 ~ 8 Delivery > Load testing result review > Identify risks and critical path items, develop mitigation plans > Regular on-site review meeting action items follow-up Critical Event handling Delivery > Technical cases support > Escalation management for critical issue cases FinalReview Delivery > TAM on-site support > CSE remote support > Hosts support WAR room > Dashboard monitoring Review > Review meeting > Performance Metrics Review > Lesson Learned Reset > Reset service limits > Revert unnecessary architectural changes W0 03/13 W1 03/18 W2 03/25 W3 04/01 W4 04/08 W5 04/15 W6 04/22 W7 04/29 W8 05/06 2 week6~8 weeks 1 day3 day Launch June Review Launch Date+2W Current
  34. 34. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. #3 Cloud Infra Readiness Check #5 ~Take Actions~ #7 Playbook & Cut-over Plan Other Keys … Plan Execute ReviewInitiate #8 Cloud WAR Room #4 Load Test Result Review#2 IEM Workbook Onsite Support #9 Post-event Review #6 Be Prepared for Blocker Issues > Migrated data became NULL when using TDE encrypted DMS source columns > CDC task failed with uncoverable error “archived Redo log for the sequence XX does not exist” Review Do Check -Event Details -Architecture Review -Scenario Planning -Checklist -Reliability -Availability -Scalability -Security -Monitoring
  35. 35. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Today’s Takeways #10 Enjoy AWS Enterprise Support #1 Must Have a Plan #2 IEM Workbook #3 Cloud Infrastructure Readiness Check #4 Load Test Result Review #5 Actions for Recommendations #6 Be prepared for Blocker Issues #7 Playbook and Cut-over Plan #8 Physical + Cloud WAR Rooms #9 Post-Event Review Reference • Infra Event Readiness White Paper • Enterprise Support Plan • Compare Support Plans
  36. 36. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Case Study – How KKTIX Survived JJ Lin Event Rianol Jou Head of Site Reliability Engineering, KKBOX
  37. 37. TAIWAN’S LARGEST EVENT REGISTRATION AND MOBILE TICKETING SERVICE PROVIDER
  38. 38. 2018 / 12 / 03 [D-17]
  39. 39. PREPARE FOR BATTLE
  40. 40. FACE OUR WEAKNESS 1 2 3 STRESS TEST TROUBLESHOO TING FIXING
  41. 41. DB Application Cache Log Test PROBLEM • Race condition • N+1 query • Slow query • Index mismatch • Connection pool misconfigure • Inaccurate logging • Insufficient caching • Uncovered test scenario
  42. 42. IMPROVEMENT • WAF rules • Instance type upgrade • ELB pre-warm • CDN caching strategy
  43. 43. IN THE WAR ROOM
  44. 44. MONITORING • Concurrent user • Access log • Order & Payment status • Application metrics • CloudFront requests, error rate • ELB requests, error rate, latency • ASG CPU, network IO • ElastiCache & RDS CPU, Memory, Connections, Commands
  45. 45. REVIEW
  46. 46. OBSERVATION & RECOMMENDATIONS • Metrics & Numbers • Logs • WAF rules • Instance types
  47. 47. Thank you! © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

×