Building Enterprise Cloud Apps


Published on

Building Enterprise Applications in the Cloud - presentation by Mike Culver at the AWS Cloud for the Enterprise Event in LA on October 15, 2009

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Services Oriented Architecture is a significant step forward in terms of building scaleable and resilient applications. A typical SOA application might look something like whis, where each step in a workflow is connected to a pipeline, or Service Bus.
  • Under the hood the bus actually uses Amazon Simple Queue between steps.
  • Point of Slide: to explain VPC's high-level architecture, walking them through the discrete elements of a VPC, and a specific data flow to exemplify 1) data-in-transit security and continued 1) AAA control by the enterprise. AWS (”orange cloud"): What everybody knows of AWS today. Customer’s Network (“blue square”) : The customer’s internal IT infrastructure. VPC (”blue square on top of orange cloud"): Secure container for other object types; includes Border Router for external connectivity. The isolated resources that customers have in the AWS cloud. Cloud Router (“orange router surrounded by clouds”) : Lives within a VPC; anchors an AZ; presents stateful filtering. Cloud Subnet (“blue squares” inside VPC): connects instances to a Cloud Router. VPN Connection: Customer Gateway and VPN Gateway anchor both sides of the VPN Connection, and enables secure connectivity; implemented using industry standard mechanisms. Please note that we currently require whatever customer gateway device is used supports BGP. We actually terminate two (2) tunnels - one tunnel per VPN Gateway - on our side. Besides providing high availability, we can service one device while maintaining service. As such, we can either connect to one of the customer's BGP-supporting devices (preferably running JunOS or IOS).
  • This slide discusses the corresponding AWS functionality that we will support at limited public beta launch. Please note that the items under "Launch ++" are other AWS capabilities that we are currently evaluating for operability within VPC, but do not have a date as yet. Direct Internet/AWS access is our most important feature.
  • As you can recall, we’ve setup Amazon VPC in the AWS cloud. We’ve also configured a secure connection between our existing network and Amazon VPC. All of our activity inside our VPC and all traffic to and from our existing network and Amazon VPC can be monitored, managed, and secured by all of our existing security apparatus and procedures/policies. We will deploy our web server and full application platform stack on Amazon EC2 instances that are spawned within Amazon VPC.
  • Benefits of using Amazon EC2 to host your web application.
  • We will host all of our static and large files over on Amazon S3. Things like images, music, PDFs, and the like are best suited for Amazon S3. Amazon S3 provides a low-cost, highly reliable and scalable storage environment for your web applications. We will encrypt this data for security reasons.
  • You can host your relational database on top of Amazon EBS. Companies like IBM and Oracle have even enabled license portability so that you can bring your existing database licenses into the AWS cloud.
  • As you’ll recall, we want our application to be able to kickoff workflows with a bunch of systems we’re already running internally. While it may make sense, both economically and technically, to eventually migrate these systems into AWS as well, as of right now that isn’t the case. So, we’ll need to be able to have our Employee Provisioning application that is hosted in AWS be able to communicate with our internal systems. With Amazon VPC, this is easy.
  • These are some additional AWS features that we could use as part of our application.
  • Building Enterprise Cloud Apps

    1. 1. BUILDING ENTERPRISE CLOUD APPS Mike Culver, Strategic Alliances Team
    2. 2. WE THINK OF THE CLOUD AS A SET OF BUILDING BLOCK SERVICES <ul><li>Infrastructure As a Service </li></ul><ul><ul><li>Amazon Simple Storage Service </li></ul></ul><ul><ul><li>Amazon CloudFront </li></ul></ul><ul><ul><li>Amazon Elastic Compute Cloud </li></ul></ul><ul><ul><li>Amazon Elastic Block Storage </li></ul></ul><ul><ul><li>Amazon Simple Queue Service </li></ul></ul><ul><ul><li>Amazon SimpleDB </li></ul></ul><ul><ul><li>Amazon Elastic MapReduce </li></ul></ul><ul><li>People As a Service </li></ul><ul><ul><li>Amazon Mechanical Turk </li></ul></ul><ul><li>Payments As a Service </li></ul><ul><ul><li>Amazon Flexible Payments Service </li></ul></ul><ul><ul><li>Amazon DevPay </li></ul></ul><ul><li>Fulfillment and Associates </li></ul><ul><ul><li>Amazon Fulfillment Web Service </li></ul></ul><ul><ul><li>Amazon Associates Web Service </li></ul></ul>
    3. 3. AMAZON ELASTIC COMPUTE CLOUD (AMAZON EC2) <ul><li>Resizable compute capacity in the cloud </li></ul><ul><ul><li>Obtain and boot new server instances in minutes </li></ul></ul><ul><ul><li>Quickly scale capacity, up or down, as your computing requirements change </li></ul></ul><ul><li>Full root/Administrator access to a Linux/Windows virtual machine </li></ul><ul><li>Simple Web service management interface </li></ul><ul><li>Changes the economics of computing </li></ul>
    4. 4. CONSERVE CAPITAL Infrastructure Cost $ time Large Capital Expenditure You just lost customers Predicted Demand Traditional Hardware Actual Demand Automated Virtualization
    5. 5. EC2 HAS AN UNPRECEDENTED DURABILITY MODEL Note: Conceptual drawing only. The number of Availability Zones may vary Amazon CloudWatch Auto Scaling Elastic Load Balancing
    6. 6. CLOUD COMPUTING ATTRIBUTES Abstract Resources Not tied to physical hardware and can be flexible as your needs demand. On-Demand Provisioning Ask for what you need, exactly when you need it. Pay only for what you use. Scalability Scale up or down depending on usage needs. No Up-Front Costs No contracts or long-term commitments. Pay only for what you use. Efficiency of Experts Utilize the skills, knowledge and resources of experts.
    7. 7. <ul><li>Scalability means scaling up and scaling down </li></ul><ul><li>If we increase the resources in a system, it results in increased performance in a manner proportional to resources added. Increasing performance in general means serving more units of work, but it can also be to handle larger units of work, such as when datasets grow </li></ul><ul><li>A scalable service is capable of handling heterogeneity </li></ul><ul><li>A scalable service is operationally efficient </li></ul><ul><li>A scalable service is resilient </li></ul><ul><li>A scalable service becomes more cost effective when it grows </li></ul>WHAT DO WE MEAN BY SCALABILITY?
    8. 8. Move to the Cloud Build for the Cloud
    9. 9. <ul><li>Design for failure and nothing fails </li></ul><ul><li>Loose coupling sets you free </li></ul><ul><li>Design for elasticity </li></ul><ul><li>Security is everywhere </li></ul><ul><li>Don’t fear constraints </li></ul><ul><li>Take advantage of a variety of storage options </li></ul>CLOUD ARCHITECTURE LESSONS
    10. 10. <ul><li>Never expect your systems to be stable </li></ul><ul><li>Everything fails </li></ul><ul><ul><li>Hard disks </li></ul></ul><ul><ul><li>Power supplies </li></ul></ul><ul><ul><li>Cabling </li></ul></ul><ul><ul><li>Network ports </li></ul></ul><ul><ul><li>Switches </li></ul></ul><ul><ul><li>Load-balancers </li></ul></ul><ul><ul><li>Ethernet chips </li></ul></ul><ul><ul><li>IO controllers </li></ul></ul><ul><ul><li>Fans </li></ul></ul><ul><li>If you can add it, it can fail </li></ul>DESIGN FOR FAILURE
    11. 11. <ul><li>Use Elastic IP addresses for consistent and re-mappable endpoints </li></ul><ul><li>Use multiple Amazon EC2 Availability Zones (AZs) </li></ul><ul><li>Create multiple database slaves across AZs </li></ul><ul><li>Use real-time monitoring across key access points </li></ul><ul><li>Use Amazon Elastic Block Store (EBS) for persistent file systems </li></ul><ul><li>Use Amazon EBS Snapshots for disaster recovery and increased persistence </li></ul><ul><li>Use Auto Scaling and Elastic Load Balancing to automatically provision new resources </li></ul><ul><li>Use Amazon CloudWatch to monitor instance health </li></ul>HOW TO DESIGN FOR FAILURE WITH AWS
    12. 12. <ul><li>Make no assumptions about the inner workings of your components </li></ul><ul><li>Design for a jumble of black boxes </li></ul><ul><li>Loosely coupled systems and AWS </li></ul><ul><ul><li>De-coupling systems allows for hybrid models (in-cloud + in-physical data center) </li></ul></ul><ul><ul><li>Balancing between clusters enables easier scaling </li></ul></ul><ul><ul><li>Using queues (Amazon SQS) buffers against failures </li></ul></ul>BUILD LOOSELY COUPLED SYSTEMS
    13. 13. SOA OFTEN HAS A BUS Service Bus Order Entry Credit Check Inventory Allocation Pick Ticket Generated Send Confirmation Email
    14. 14. ARCHITECT FOR EVERYTHING FAILS AND THEN NOTHING DOES Bus Order Entry Credit Check Bus Amazon Simple Queue Service
    15. 15. <ul><li>Components should not assume the health or location of other components </li></ul><ul><li>Bootstrapping and dynamic configuration helps you scale dynamically </li></ul><ul><li>Build management components to enable scale-out and scale-in on-demand </li></ul>DESIGN FOR ELASTICITY
    16. 16. <ul><li>With AWS, physical security is free, network security is easy, and other security can be added </li></ul><ul><li>Building secure systems with AWS </li></ul><ul><ul><li>Create distinct Security Groups for each Amazon EC2 cluster </li></ul></ul><ul><ul><li>Use group-based rules for controlling access between layers </li></ul></ul><ul><ul><li>Restrict external access to specific IP ranges and ports </li></ul></ul><ul><ul><li>Use strong passwords and certificate-based authentication </li></ul></ul><ul><ul><li>Encrypt data stored in Amazon S3 </li></ul></ul><ul><ul><li>Encrypt all information transmitted across the wire </li></ul></ul><ul><ul><li>Consider encrypted file systems for sensitive data </li></ul></ul>UTILIZE SECURITY MECHANISMS
    17. 17. <ul><li>Having a flexible, on-demand pool of resources allows for different architectures that remove constraints </li></ul><ul><li>I need more than xxGB of RAM per instance / Distribute load across multiple instances; use a shared distributed cache </li></ul><ul><li>I need more than xxK IOPS on my database / Run multiple read-only copies; sharding; database clustering software </li></ul><ul><li>My current server specs are better than an Amazon EC2 instance / Run more Amazon EC2 instances but only when you need them </li></ul><ul><li>I need static IPs for my servers / Boot scripts that re-configure software from configuration database </li></ul>ARCHITECTURAL CONSTRAINTS CAN BE BROKEN
    18. 18. <ul><li>Amazon S3 is optimized for storing large objects </li></ul><ul><ul><li>Store persistent data </li></ul></ul><ul><li>Amazon CloudFront for performance </li></ul><ul><ul><li>Push popular objects to worldwide edge locations </li></ul></ul><ul><li>Amazon SimpleDB for speed, scale, and simplicity </li></ul><ul><ul><li>Store small bits of data that have no dependencies, such as metadata </li></ul></ul><ul><li>Amazon EC2 local disk space for transient data </li></ul><ul><li>Amazon EBS acts like a disk drive for persistent storage </li></ul><ul><ul><li>Store dynamic content or a traditional RDBMS </li></ul></ul>EMPLOY MANY STORAGE OPTIONS
    19. 19. <ul><li>Deploy internal applications for greater cost savings </li></ul><ul><li>Host a quick and effective marketing campaign </li></ul><ul><li>Take advantage of new business opportunities without time consuming procurement processes </li></ul><ul><li>Batch data processing </li></ul><ul><li>Large scale analytics </li></ul><ul><li>Disaster recovery </li></ul><ul><li>Development and test environments </li></ul><ul><li>Load testing applications on your own infrastructure </li></ul>DIVERSE ENTERPRISE USE CASES
    21. 21. <ul><li>A typical enterprise application could need: </li></ul><ul><ul><li>A secure environment that is part of the enterprises’ existing network ( Amazon VPC ) </li></ul></ul><ul><ul><li>Computing power ( Amazon EC2 ) </li></ul></ul><ul><ul><li>Storage capacity for images, videos, backups, files, etc. ( Amazon S3 ) </li></ul></ul><ul><ul><li>Indexed storage ( Amazon SimpleDB ) </li></ul></ul><ul><ul><li>Relational Database ( Your favorite on EBS) </li></ul></ul><ul><ul><li>Messaging between components ( Amazon SQS ) </li></ul></ul><ul><ul><li>Load balancing for optimal performance </li></ul></ul>ENTERPRISE APPLICATION DESIGN ON AWS
    22. 22. <ul><li>Create a secure connection between assets and applications within your corporate network and assets and applications that reside in AWS </li></ul><ul><li>Users and applications within your existing infrastructure securely interact with assets in AWS as if they were local </li></ul>AMAZON VPC EXTENDS YOUR DATACENTER Your existing infrastructure Amazon VPC
    23. 23. AMAZON VPC ARCHITECTURE Your Network Amazon Web Services Cloud Secure VPN Connection over the Internet Subnets Customer’s isolated AWS resources VPN Gateway
    24. 24. <ul><li>Establish subnets to control who and what can access your resources </li></ul><ul><li>Connect your isolated AWS resources and your IT infrastructure via a VPN connection </li></ul><ul><li>Launch AWS resources within the isolated network </li></ul><ul><li>Use your existing security and networking technologies to examine traffic to/from your isolated resources </li></ul><ul><li>Extend your existing security and management policies within your IT infrastructure to your isolated AWS resources as if they were running within your infrastructure </li></ul>AMAZON VPC CREATES AN ISOLATED ENVIRONMENT WITHIN AWS
    25. 25. <ul><li>Advantages of your on-premises infrastructure </li></ul><ul><ul><li>Ensure network isolation </li></ul></ul><ul><ul><li>Works with your security tools </li></ul></ul><ul><ul><li>Employ your existing identity and authentication infrastructure </li></ul></ul><ul><ul><li>Integrates seamlessly with the rest of your infrastructure via VPN </li></ul></ul><ul><li>Plus, the benefits of a cloud-based infrastructure </li></ul><ul><ul><li>Don’t get trapped by CapEx </li></ul></ul><ul><ul><li>True company-level elasticity </li></ul></ul><ul><ul><li>Lower operational responsibilities and costs </li></ul></ul><ul><ul><li>Super-fast provisioning of on-demand resources </li></ul></ul>REALIZE THE BEST OF BOTH WORLDS
    26. 26. <ul><li>Available now </li></ul><ul><ul><li>Amazon EBS </li></ul></ul><ul><ul><li>Single AZ in us-east-1 </li></ul></ul><ul><ul><li>Amazon CloudWatch </li></ul></ul><ul><ul><li>On-Demand and Reserved Instances </li></ul></ul><ul><ul><li>Linux/UNIX and Windows </li></ul></ul><ul><li>Upcoming features </li></ul><ul><ul><li>Direct Internet access </li></ul></ul><ul><ul><li>Multiple AZs </li></ul></ul><ul><ul><li>Elastic IPs </li></ul></ul><ul><ul><li>Security groups </li></ul></ul><ul><ul><li>Amazon DevPay </li></ul></ul><ul><ul><li>Auto Scaling </li></ul></ul><ul><ul><li>Elastic Load Balancing </li></ul></ul>AMAZON VPC: SUPPORTED AWS FEATURES
    27. 27. <ul><li>Internal new employee provisioning application </li></ul><ul><ul><li>A hiring manager visits an internal website </li></ul></ul><ul><ul><li>Enters employee information, including start date, office location, computer type, and so on </li></ul></ul><ul><ul><li>The website kicks off a series of workflows on existing systems already deployed within the company </li></ul></ul><ul><ul><ul><li>Facilities: setup the office space </li></ul></ul></ul><ul><ul><ul><li>IT: setup the new computer </li></ul></ul></ul><ul><ul><ul><li>Hiring manager: email with forms for employee to fill out </li></ul></ul></ul><ul><ul><ul><li>… and so on… </li></ul></ul></ul><ul><ul><li>Spiky usage around Summer (new interns) </li></ul></ul><ul><ul><li>No internal resources available for the application, so the organization has chosen to deploy in AWS </li></ul></ul>OUR SAMPLE ENTERPRISE APPLICATION (OLD WAY)
    28. 28. SETUP THE WEB SERVER IN AMAZON VPC Amazon VPC Existing Network AWS Cloud
    29. 29. <ul><li>Flexible </li></ul><ul><ul><li>Choose your programming model, application platform, databases, and operating system stack </li></ul></ul><ul><li>Cost-effective, pay only for what you use </li></ul><ul><li>Scalable </li></ul><ul><ul><li>Automatically add and delete resources as they are needed </li></ul></ul><ul><li>Reliable </li></ul><ul><ul><li>Built on the world-class Amazon infrastructure </li></ul></ul><ul><li>Secure </li></ul><ul><ul><li>Connection with Amazon VPC ensures that only users within your organization can see your AWS resources </li></ul></ul>WEB SERVER RUNNING ON AMAZON EC2
    30. 30. USE AMAZON S3 FOR RAW STORAGE Store persistent files in Amazon S3 for lower costs, higher reliability Encrypt sensitive data AWS Cloud
    31. 31. USE AMAZON EBS TO HOST DATABASES AWS Cloud Configure an Amazon EBS device to host your existing relational database. Snapshots can be automatically backed up to Amazon S3.
    32. 32. INTERACT WITH EXISTING CORPORATE SYSTEMS Amazon VPC provides a two-way secure connection so that applications hosted in AWS can communicate with systems hosted in our existing network.
    33. 33. <ul><li>Amazon SimpleDB can be used as a cost-effective, zero-administration indexed store for your application </li></ul><ul><li>Amazon CloudWatch, Elastic Load Balancing, and Auto-Scaling services enable greater fault-tolerance and scalability </li></ul><ul><li>Amazon Elastic MapReduce can be used to crunch and analyze large amounts of data </li></ul><ul><li>Amazon Flexible Payments Service can handle checkout pipelines and payment methods </li></ul><ul><li>Amazon Mechanical Turk can be used for tasks best suited for human intervention (e.g., image upload and content approval, database cleansing, etc.) </li></ul>ADDITIONAL FEATURES
    34. 34. <ul><li>AWS Management Console </li></ul><ul><li>Numerous cloud-based third-party providers </li></ul><ul><ul><li>RightScale, CA, others </li></ul></ul><ul><li>API-based control enables existing workflow applications to manage AWS resources </li></ul><ul><li>Existing IT management systems can extend to cloud </li></ul><ul><ul><li>Amazon VPC enables existing management and operations systems, security policies, etc. to extend to cloud resources </li></ul></ul><ul><li>Amazon CloudWatch provides easy to use monitoring </li></ul>MANAGEMENT AND OPERATIONS
    37. 39. THANK YOU <ul><li> </li></ul>