5. What we will explore todayâŚ
Migrating &
Platforming
Building &
Modernizing
Optimizing &
Delivering
6. Monolith
Identity
On Premesis
Monolithic
Elastic Beanstalk Cognito
Lift&Shift
IAM
How to get there with AWS
RDS / Aurora
CustomerExperience
CodePipeline
CodeCommit
CodeStar
CodeBuild
DevOps
Provisioning
ECS
CloudFormation
Optimizing & DeliveringBuilding & ModernizingMigrating & Platforming
Microservices
Lambda
API Gateway
CloudWatch
Full Cloud
SaaS
11. Tenant Isolation
⢠Define differences and relationship between User Identity & Tenant
Identity models
⢠Consider how Personally Identifiable Information (PII) be managed
12. Preventing Cross Tenant Access
In Multi-tenant systems, need to consider how identity the model will
grant or constrain access to resources
13. Access to Landing Zone
Selection Consideration
based on
⢠Cost
⢠Data Transfer Size
⢠Reliability
⢠Security
⢠Timeline
Access defines more than ease of use of the customer exeprince
14. Other Landing Zone Considerations
TENANCY
LANDING
ZONE
OPTION
AWS Fully
Managed
Service
SILO
SECURITY:
q Network: Security Groups, NACLs and subnet isolation
q Data at Rest: Elastic Block Storage,S3 and Relation Database
Service (RDS) encryption.
q Data at Transit: HTTPS for web traffic and database connection.
q Access Management : Identity Access Management (IAM).
GOVERNANCE:
q Licensing : BYOL (GPL and Oracle JAVA).
q Regulatory: Mitigated by using silo tenancy.
OPERATIONS:
q Deployment : CI/CD AWS Deployment Service + Elastic Beanstalk
q Monitoring: Cloud Watch + Elastic Beanstalk enhanced health
q Provisioning: Elastic Beanstalk / Cloud Formation
q Auto-Scaling: Elastic Beanstalk
15. Application Migration
PandaCRM is 3 tier Java Application:
⢠Migration strategy : Lift and shift (Re-Host)
⢠Two options for the Landing Zone Design:-
⢠OPTION 1: Migrate to SELF managed services.
⢠OPTION 2: Migrate to AWS managed services.
⢠Both options doesnât vary much in the security and
governance part
⢠Varies in code packaging, operation and platform.
16. Option 1 - Migrate to SELF managed services
AWS Services: Only Elastic Compute (EC2) or EC2 and Relation
Database Service (RDS).
Design:
Only EC2 Architecture EC2 and RDS Architecture
17. Option 1 - Migrate to SELF managed services
When to use Option 1 :
⢠Want to leverage existing Java platform expertise and standards.
⢠Need to integrate AWS environment into existing on-premises
development and deployment processes.
⢠Require flexibility in Operating System and Java platform selection,
version, and configuration.
⢠Plan to deploy third-party Java applications with sophisticated
installers, manual license configuration, or extensive external
dependencies.
20. Option 2 - Migrate to AWS managed services
Required information to build a stack on Elastic Beanstalk
21. Option 2 - Migrate to AWS managed services
When to use Option 2 :
⢠Require minimal OS changes.
⢠Either run on Apache Tomcat 7 or 8, or are packaged with your own web
container.
⢠Elastic Beanstalk supports the following packaging and deployment
mechanisms:
qCustom applications developed and deployed directly to Elastic Beanstalk
using Eclipse and the AWS Toolkit for Eclipse
qApplications packaged into a JAR, WAR, or ZIP file, then deployed with
the Elastic Beanstalk console, EB CLI, or Elastic Beanstalk API calls.
qTo deploy multiple applications to one Elastic Beanstalk environment,
customers can bundle multiple WAR files into a single ZIP file.
22. Database Migration
Use Database Migration Service (DMS) to migrate the database (data) for Panda CRM.
VPN
Target
RDS Database
Source
Database
Replication Server
DMS
Replication
Replication
STEP BY STEP GUIDE
1. Set the pre-requisite settings for DMS on the source DB.
2. Create DMS Replication Instance.
3. Add the Connection Information for the source and target database.
4. Test the database connection for source and target through the wizard.
5. Create task (Set the task settings and table mapping)
6. Start the replication.
7. Plan cutover.
23. Database Migration â What about changes?
DMS Change Data Capture (CDC) :-
⢠Performs continuous data capture from the source.
⢠The copy of the target database (RDS) is up-to-date with small
delta differences from the source.
⢠DMS simplifies database migration and cutover.
Database
Migration
Service
24. Before going Live: Integration & Validation
Integration
⢠Automatically ensures integration
within the stack. (Load balancer,
Web/App and Database ).
⢠You must ensure security group,
NACLs and connection string are
configured correctly.
Validation
⢠Automatically performs connectivity
validation within the stack. (Load
balancer, Web/App and DB ).
⢠Application health check can be
enable through Enhanced Health
check.
⢠Load Test and Pen test should be
performed on the application.
⢠There are ISV tools and marketplace
tools to help the partner on this.
Elastic
Beanstalk
25. Why Elastic Beanstalk?
Elastic Beanstalk provides the ability to achieve all the SaaS reference
architecture requirements with combination of other AWS services.
26. In Summary
⢠Identity and Isolation need to planned for up front
⢠Elastic Beanstalk should be highly considered to host a
monolithic application as a SaaS platform in the cloud.
⢠Other AWS managed services help with the heavy lifting of
management and operation in the cloud so you can focus
on development.
⢠Follow the migration practice diligently to achieve similar
success results.
⢠Leverage the AWS migration tools to accelerate the
migration phases of the application.