Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Modernizing your AWS Deployment
Similar to Modernizing your AWS Deployment (20)
More from CloudHesive
More from CloudHesive (20)
Recently uploaded
Recently uploaded (20)
Modernizing your AWS Deployment
- 1. Modernizing Your AWS Deployment Presented by Patrick Hannah VP of Engineering, CloudHesive
- 2. Introduction • Who am I? • What’s my background?
- 3. What are we going to talk about? • Overview • Characteristics of older AWS deployments • Enhancements to existing AWS services • New AWS services • Commonly overlooked AWS services • Conclusion
- 4. EC2 Classic • EC2-Classic – Original Network configuration available on AWS – Has since been augmented by VPC • With VPC you get the ability to: – Assign static private IP addresses to your instances that persist across starts and stops – Assign multiple IP addresses to your instances – Define network interfaces, and attach one or more network interfaces to your instances – Change security group membership for your instances while they're running – Control the outbound traffic from your instances (egress filtering) in addition to controlling the inbound traffic to them (ingress filtering) – Add an additional layer of access control to your instances in the form of network access control lists (ACL) – Run your instances on single-tenant hardware – Launch newer instance types – Better integrate with Abstracted/Managed services (RDS, for example) – More performant network capabilities
- 5. First Generation Instance Types • First Generation Instance Types – Original Instance Types offered on AWS – Have since been augmented by Newer Generation Instance Types • With newer generation instances you get: – Support in all AWS Regions – Lower price point (cost per CPU, cost per GB RAM) – Specific, known processor families (and direct access to their features) – More performant network capabilities
- 6. Magnetic Storage • Magnetic Storage – Original persistent Block Storage offered on AWS – Has since been augmented by General Purpose SSD or Provisioned IOPS SSD – Variable IOPS (40-200) at half the cost – good for cheap but slow block storage – Consider replacing in favor of General Purpose SSD – good for all around block storage
- 7. Para-Virtualized, Instance-Store and 32 Bit Instances • Para-virtualized Instances – Original virtualization option offered on AWS – Has since been augmented by Hardware Virtualized Instances – Not supported in all AWS Regions – Does not offer SR-IOV (network performance) capabilities • Instance-Store Instances – Source is S3, runs from local instance (ephemeral) storage • 32 Bit AMIs – Newer AWS Regions no longer offer support for 32 Bit AMIs
- 8. Are you using the full stack of AWS services? • Route53 (DNS) – feature rich • CloudFront (Content Delivery Network) • S3 (Object Storage, ideal for Static Content) – 3 flavors • ELB (Load Balancing) • ASG (Auto Scaling) • EC2 (Virtual Servers) • RDS (Managed Database) – numerous flavors • ElastiCache (Managed Cache) • SES (SMTP Gateway)
- 9. What are you doing for automation? • CloudFormation – Automation of AWS components – Reference Architectures/Marketplace are a great place to start • Elastic Beanstalk – Automation of application deployments • OpsWorks – Automation of AWS components and Configuration Management on the OS layer and above
- 10. What are you doing for high availability/disaster recovery? • Consider how people and things connect to you? – IP Address • Is it an Elastic IP? – DNS • Pointing towards an instance? • Pointing (incorrectly) towards an IP Address of an ELB? • Using Route53? • What happens if an instance dies? – Prevent user error: enable termination protection – Recover from the failure of host hardware with CloudWatch Actions – Auto Scaling Group + ELB
- 11. What are you doing for security? • IAM – By now you are using IAM (right?) – What about instance roles? – Problems with a policy? Use the Policy Simulator – Is someone over permissioned? Use Access Advisor – Is someone actually using the user/role? Use the Credential Report • CloudTrail – Previously you had to enable one region at a time – now you can enable all regions at once – Probably want to check this • Workspaces – Easy Bastion (if you are a Windows shop) • Active Directory – Directory service comes in three flavors now • AD Connector • Lightweight Directory Service • Full Active Directory • Tenancy options have expanded – Dedicated instances – Dedicated hosts
- 12. What are you doing for Operations? • Account/Billing Management – Alerts – alerts when a predefined threshold has been met – Reports – granular reporting + forecasting – Contacts – granular contacts for security, operations and billing • Tagging – Manage your tags from one place using the Tag Editor – Billing Tags for cross charging • Trusted Advisor • CloudWatch – In addition to metrics and alarms now supports logs, dashboards, events and actions • VPC – Peering between VPCs (in the same region) without deploying an EC2 based solution – NAT Gateway without deploying an EC2 based solution – Multiple CGWs with the same Peer IP Address + NAT + Stronger Encryption/Hashing – VPC Logs • EC2 Run Command – Remote commands to Windows or Linux instances
- 13. Conclusion and Some Advice • Assess your environment – Legacy? – New Services? – Underused Services? – Enhanced Services? – Roll your own versus managed/abstracted? • Prioritize your findings – Improve Scalability? – Improve Reliability? – Enhance Security? – Lower Costs? • Implement them – Model in a sandbox, implement in production • Review your environment on a periodic basis – New services and features come out weekly!
- 14. Further Learning • Getting Started: https://aws.amazon.com/getting-started • General Reference: http://docs.aws.amazon.com/general/latest/gr • Global Infrastructure: https://aws.amazon.com/about-aws/global- infrastructure/ • FAQs: https://aws.amazon.com/faqs • Documentation: https://aws.amazon.com/documentation/ • Architecture: https://aws.amazon.com/architecture • Whitepapers: https://aws.amazon.com/whitepapers • Security: https://aws.amazon.com/security • Blog: https://aws.amazon.com/blogs • Service Specific Pages: https://aws.amazon.com/service • SlideShare: http://www.slideshare.net/AmazonWebServices • Github: https://github.com/aws and https://github.com/awslabs
- 15. Florida Meetups • http://www.meetup.com/aws-user-group-miami/ • http://www.meetup.com/Miami-AWS-Users-Group/ • http://www.meetup.com/South-Florida-Amazon- Web-Services-Meetup/ • http://www.meetup.com/awsflorida/ • http://www.meetup.com/AWS-User-Groups-of- Florida-Jacksonville/
- 16. Q&A • Questions?
Editor's Notes
- Who are you? Patrick Hannah, CloudHesive (where I’m a co-founder and the VP of Engineering) What’s your background? Architecture, Security and Operations on AWS for 5 years, prior to that Contact Center Architecture and Operations for over 8 years (SaaS but we didn’t call it that). I’ve drawn on experience in both spaces in this presentation. What do you hope to get out of the presentation? I want to help folks get as the same out of AWS as I have. I’d also like to see how others are using AWS – as with just about any thing in technology there are multiple ways to do something right (or wrong). How are you using cloud services? At CloudHesive, we provide consulting services to customers who wish to, or who are, leveraging AWS and we also use a number of AWS services to host our managed services customers (and the back-office systems supporting them). Why did you pick the cloud services that you are using? AWS is at the forefront of Cloud; their service catalog can support most traditional on-premise software use cases (infrastructure) but they also offer more abstracted services for software built on the cloud (such as SQS, which is one of my favorite) that negate the need to manage server infrastructure – on premise or on cloud. What about you?
- This is not a complete list and I’ve categorized certain services to suit my needs. A key point to note is when I refer to infrastructure I refer to building blocks and when I refer to abstracted I refer to a managed service to solve a specific requirement (like SES, SQS, etc.)
- How to do it With ClassicLink you can enable communication between EC2-Classic and VPC using Private IP Addresses – great for a staggered migration You’ll need to either relaunch your instances or migrate them to VPC (by way of AMI) If you have services using Elastic IP Addresses that you cannot update you can move EC2-Classic EIPs to VPC (one way only)
- How to do it If it’s EBS backed you just need to stop/start the instance If it’s not EBS backed – see the following slide
- How to do it You can move between each tier with EBS Snapshots Create a Snapshot ahead of time and again at cutover to save time
- How to do it Most of these migrations will involve launching from a new AMI and copying data/customizing accordingly
- Older AWS deployments may be leveraging their own solutions, running on EC2 to handle a number of services that are now offered as managed or abstracted services
- Three options available, each geared towards a different audience
- Multiple solutions to handle recovery of single instance and up
- Each service has it’s own site and set of documentation The SlideShare presentations can be an invaluable resource when it comes to diving into the details The GitHub repositories have excellent examples of applications you can build on AWS
- CloudHesive sponsors 5 Meetups in Florida; 4 in the South Florida-Tri-County Area and one in North Florida We are always looking for ideas on topics, as well as attendees and speakers (especially Jacksonville)