SlideShare a Scribd company logo

Austin Scales - Nexus - Bazaarvoice's Cloud Infrastructure

B
bazaarvoice_engineering

Nexus is Bazaarvoice's next generation cloud infrastructure built on top of Amazon Web Services. Nexus is highly available and resilient, built with best practices on top of services such as VPC, Autoscaling, ELB, Cloudformation, and more.

1 of 45
Download to read offline
Nexus Bazaarvoice Cloud Infrastructure Victor Trac Cloud Architect, Bazaarvoice
welcome to cloud computing!!1
Bazaarvoice Not bizarre boys Austin-based company founded in 2005 Basic stats: Thousands of clients SaaS serving software that collects and displays user generated content, Hundreds of millions of pieces of crunches analytics, and extracts content data. Hundreds of millions of unique Engineering offices in Austin, NYC, visitors per month London, and San Francisco Tens of billions of page-views per month
Edge Traffic
EC2, S3, VPC, Regions, Autoscale, CloudFormation, ELB...? Does this mean anything to you?
VPC & Subnets VPC allows us to choose our internal IP space. Public: Default route via IGW Default Route for All Subnets to IGW ● Let's call these subnets all "Public" ● Requires all instances to have EIPs before talking to the internet ● EIPs are a limited resource Private: Default route via instance(s) in Public Subnets Advantage: Most instances in the private subnet can talk to the internet without dealing with an EIP.
Security Groups
Autoscaling
Elastic Load Balancing ● Only Round Robin and Sticky Sessions ● Supports HTTP Response code or basic TCP connection Health Checks
{ "AWSTemplateFormatVersion" : "2010-09-09", "Description" : "A text description for the template usage", "Parameters": { // A set of inputs used to customize the template per deployment }, "Mappings": { // Mappings match a key to a corresponding set of named values }, "Resources" : { // The set of AWS resources and relationships between them }, "Outputs" : { // A set of values to be made visible to the stack creator } }
CloudFormation Instance Example { "AWSTemplateFormatVersion" : "2010-09-09", "Description" : "Create an EC2 instance running the Amazon Linux 32 bit AMI.”, "Parameters" : { "KeyPair" : { "Description" : "The EC2 Key Pair to allow SSH access to the instance", "Type" : "String" } }, "Resources" : { "Ec2Instance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "KeyName" : { "Ref" : "KeyPair" }, "ImageId" : "ami-75g0061f", "InstanceType" : "m1.small" } } }, "Outputs" : { "InstanceId" : { "Description" : "The InstanceId of the newly created EC2 instance", "Value" : { "Ref" : "Ec2Instance" } } } }
IAM and Console Access Sign-on Credentials ● IAM Console login ○ Username, Password, and MFA Time token Access Credentials ● AWS has three API types: REST, Query, & SOAP. ● Each API uses one or more Access Credentials ○ Access Keys for REST and Query APIs ○ x.509 Certificates for SOAP API ○ EC2 KeyPairs for instance SSH authentication
In the beginning... A Java application server + a MySQL Database Scaled by adding in another application server. Then we just duplicated this entire stack, giving us two "clusters". Scaled more by adding more and more clusters.
Add in AWS
Decentralization --> Everyone goes fast!
Goals Full control over AWS resources EC2 resources, Autoscale, ELB, S3, etc. Team Isolation Resources created by one team can only be modified/terminated by that team
3rd Party Solution enStratus, RightScale, asgard, etc Good Bad ● enStratus & RightScale ● No AWS API Access provide cloud-agnostic ● No AWS CLI Tools & SDKs tools ● Locked into only supported services
Multiple Accounts Good Bad ● Provides for full resource ● Inter-team network control with direct API communications can become access very complicated, relying ● Protects teams from one on VPN between VPCs -> another Reduced Reliability ● Allows for easy accounting ● Management of networking is on a per-team basis a possible bottleneck ● May make it easier for ● Shared resources may need external auditors to to be redundantly built in determine which teams have every VPC: LDAP, DNS, "production" access Monitoring
Single Shared Account Good Bad ● Sharing of resources will ● No built-in protections be simple - just open between teams, even with access via security groups IAM between teams ● Creates a centralized ● Reliable networking between resource that someone has teams without need for VPN to maintain ● Possibly better performance ● Requires us to build tools due to fewer hops to use long-term ● Certain resources can be shared: LDAP, DNS, Monitoring, etc.
Nexus, circa August 2012
In more detail... Nexus is: ● AWS Infrastructure designed with best practices: ○ secure ○ highly available ○ multi-region ○ repeatable ● Cloud building blocks and recipes for all of Engineering ● A Single Account Solution Philosophy: Engineering teams at Bazaarvoice are free to choose their own stack, but we want to make Nexus so compelling that it is the default choice.
(some) Batteries Included Included: Dev teams provide ● Bastion Hosts anything required to ● NAT Instances run their app, which ● VPN Connectivity between Regions probably means: ● Internal DNS ● Monitoring* ● Puppet/Chef/etc ● Centralized Logging* ● Your actual app ● Services Discovery* ● Deployment process ● Scripts & CloudFormation in Github to create ephemeral VPCs that look like a Managed Environment
Nexus Regions
bas·tion (*/ˈbas-chən/*)
NAT Instances
Autoscaling with CloudFormation
Internal DNS
External DNS (Route53) Records in the .nexus.bazaarvoice.com zone are for you to use.
Badger
Cabertoss
Conformity -> Measurable Efficiency
Limitations & Risks ● Danger! Single Shared Account ○ You can wipe out all of a region with a bad script. ● Single NAT per AZ ○ Someone else downloading lots of data from the internet will affect all other instances sharing your private subnet. ● Single VPN Instance per VPN Destination ○ Similar to NAT problem, but worse. ○ Avoid VPN when possible ○ If not possible, make your VPN dependency resilient to lack of bandwidth and network blips
Nexus is a catalyst: old and busted new and shiny waterfall agile centralized development distributed teams 8-10 week release cycle release anytime monolithic app services oriented architecture mysql cassandra solr elasticsearch java whatever dev + ops devops
Email: victor@bazaarvoice.com Twitter: @victortrac Thanks!

Recommended

Netflix Open Source Meetup Season 4 Episode 3
Netflix Open Source Meetup Season 4 Episode 3Netflix Open Source Meetup Season 4 Episode 3
Netflix Open Source Meetup Season 4 Episode 3aspyker
 
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)Amazon Web Services
 
Amazon AWS Free-Tier
Amazon AWS Free-TierAmazon AWS Free-Tier
Amazon AWS Free-TierThanh Nguyen
 
Netflix security monkey overview
Netflix security monkey overviewNetflix security monkey overview
Netflix security monkey overviewRyan Hodgin
 
ExpertsLive NL 2018 - A deepdive into Azure Networking
ExpertsLive NL 2018 - A deepdive into Azure NetworkingExpertsLive NL 2018 - A deepdive into Azure Networking
ExpertsLive NL 2018 - A deepdive into Azure NetworkingKarim Vaes
 
ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...
ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...
ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...Amazon Web Services
 
AWS VPC best practices 2016 by Bogdan Naydenov
AWS VPC best practices 2016 by Bogdan NaydenovAWS VPC best practices 2016 by Bogdan Naydenov
AWS VPC best practices 2016 by Bogdan NaydenovBogdan Naydenov
 
A Deepdive into Azure Networking
A Deepdive into Azure NetworkingA Deepdive into Azure Networking
A Deepdive into Azure NetworkingKarim Vaes
 

Recommended

Netflix Open Source Meetup Season 4 Episode 3
Netflix Open Source Meetup Season 4 Episode 3Netflix Open Source Meetup Season 4 Episode 3
Netflix Open Source Meetup Season 4 Episode 3aspyker
 
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)Amazon Web Services
 
Amazon AWS Free-Tier
Amazon AWS Free-TierAmazon AWS Free-Tier
Amazon AWS Free-TierThanh Nguyen
 
Netflix security monkey overview
Netflix security monkey overviewNetflix security monkey overview
Netflix security monkey overviewRyan Hodgin
 
ExpertsLive NL 2018 - A deepdive into Azure Networking
ExpertsLive NL 2018 - A deepdive into Azure NetworkingExpertsLive NL 2018 - A deepdive into Azure Networking
ExpertsLive NL 2018 - A deepdive into Azure NetworkingKarim Vaes
 
ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...
ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...
ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...Amazon Web Services
 
AWS VPC best practices 2016 by Bogdan Naydenov
AWS VPC best practices 2016 by Bogdan NaydenovAWS VPC best practices 2016 by Bogdan Naydenov
AWS VPC best practices 2016 by Bogdan NaydenovBogdan Naydenov
 
A Deepdive into Azure Networking
A Deepdive into Azure NetworkingA Deepdive into Azure Networking
A Deepdive into Azure NetworkingKarim Vaes
 
Connecting Kafka Across Multiple AWS VPCs
Connecting Kafka Across Multiple AWS VPCs Connecting Kafka Across Multiple AWS VPCs
Connecting Kafka Across Multiple AWS VPCs confluent
 
VPC Design for Enterprise Connectivity
VPC Design for Enterprise ConnectivityVPC Design for Enterprise Connectivity
VPC Design for Enterprise ConnectivityAmazon Web Services
 
NEW LAUNCH! Advanced Task Scheduling with Amazon ECS and Blox
NEW LAUNCH! Advanced Task Scheduling with Amazon ECS and BloxNEW LAUNCH! Advanced Task Scheduling with Amazon ECS and Blox
NEW LAUNCH! Advanced Task Scheduling with Amazon ECS and BloxAmazon Web Services
 
AWS re:Invent 2016: ↑↑↓↓←→←→ BA Lambda Start (SVR305)
AWS re:Invent 2016: ↑↑↓↓←→←→ BA Lambda Start (SVR305)AWS re:Invent 2016: ↑↑↓↓←→←→ BA Lambda Start (SVR305)
AWS re:Invent 2016: ↑↑↓↓←→←→ BA Lambda Start (SVR305)Amazon Web Services
 
An Introduction to Amazon VPC
An Introduction to Amazon VPCAn Introduction to Amazon VPC
An Introduction to Amazon VPCSarah Z
 
(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWSAmazon Web Services
 
Blockchain on AWS
Blockchain on AWSBlockchain on AWS
Blockchain on AWSAWS Riyadh User Group
 
Production ready tooling for microservices on kubernetes
Production ready tooling for microservices on kubernetesProduction ready tooling for microservices on kubernetes
Production ready tooling for microservices on kubernetesChandresh Pancholi
 
Amazon Virtual Private Cloud VPC Architecture AWS Web Services
Amazon Virtual Private Cloud VPC Architecture AWS Web ServicesAmazon Virtual Private Cloud VPC Architecture AWS Web Services
Amazon Virtual Private Cloud VPC Architecture AWS Web ServicesRobert Wilson
 
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)Amazon Web Services
 
Practical Steps to Hack Proofing AWS
Practical Steps to Hack Proofing AWSPractical Steps to Hack Proofing AWS
Practical Steps to Hack Proofing AWSAmazon Web Services
 
Serverless Stream Processing with Bill Bejeck
Serverless Stream Processing with Bill BejeckServerless Stream Processing with Bill Bejeck
Serverless Stream Processing with Bill Bejeckconfluent
 
Hardening cassandra for compliance or paranoia
Hardening cassandra for compliance or paranoiaHardening cassandra for compliance or paranoia
Hardening cassandra for compliance or paranoiazznate
 
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud BoundariesGDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud BoundariesJames Anderson
 
Cloud computing, SaaS, and security
Cloud computing, SaaS, and securityCloud computing, SaaS, and security
Cloud computing, SaaS, and securityMichael Van Kleeck
 
Selecting the Best VPC Network Architecture (CPN208) | AWS re:Invent 2013
Selecting the Best VPC Network Architecture (CPN208) | AWS re:Invent 2013Selecting the Best VPC Network Architecture (CPN208) | AWS re:Invent 2013
Selecting the Best VPC Network Architecture (CPN208) | AWS re:Invent 2013Amazon Web Services
 
CloudStack vs Openstack
CloudStack vs OpenstackCloudStack vs Openstack
CloudStack vs OpenstackMadan Ganesh Velayudham
 
Securing AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi VaultSecuring AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi VaultShrivatsa Upadhye
 
Advanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAdvanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAmazon Web Services
 
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...Amazon Web Services
 
AWS Lambda and Serverless Cloud
AWS Lambda and Serverless CloudAWS Lambda and Serverless Cloud
AWS Lambda and Serverless CloudAmazon Web Services
 
Cloudformation & VPC, EC2, RDS
Cloudformation & VPC, EC2, RDSCloudformation & VPC, EC2, RDS
Cloudformation & VPC, EC2, RDSCan Abacıgil
 

More Related Content

What's hot

Connecting Kafka Across Multiple AWS VPCs
Connecting Kafka Across Multiple AWS VPCs Connecting Kafka Across Multiple AWS VPCs
Connecting Kafka Across Multiple AWS VPCs confluent
 
VPC Design for Enterprise Connectivity
VPC Design for Enterprise ConnectivityVPC Design for Enterprise Connectivity
VPC Design for Enterprise ConnectivityAmazon Web Services
 
NEW LAUNCH! Advanced Task Scheduling with Amazon ECS and Blox
NEW LAUNCH! Advanced Task Scheduling with Amazon ECS and BloxNEW LAUNCH! Advanced Task Scheduling with Amazon ECS and Blox
NEW LAUNCH! Advanced Task Scheduling with Amazon ECS and BloxAmazon Web Services
 
AWS re:Invent 2016: ↑↑↓↓←→←→ BA Lambda Start (SVR305)
AWS re:Invent 2016: ↑↑↓↓←→←→ BA Lambda Start (SVR305)AWS re:Invent 2016: ↑↑↓↓←→←→ BA Lambda Start (SVR305)
AWS re:Invent 2016: ↑↑↓↓←→←→ BA Lambda Start (SVR305)Amazon Web Services
 
An Introduction to Amazon VPC
An Introduction to Amazon VPCAn Introduction to Amazon VPC
An Introduction to Amazon VPCSarah Z
 
(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWSAmazon Web Services
 
Production ready tooling for microservices on kubernetes
Production ready tooling for microservices on kubernetesProduction ready tooling for microservices on kubernetes
Production ready tooling for microservices on kubernetesChandresh Pancholi
 
Amazon Virtual Private Cloud VPC Architecture AWS Web Services
Amazon Virtual Private Cloud VPC Architecture AWS Web ServicesAmazon Virtual Private Cloud VPC Architecture AWS Web Services
Amazon Virtual Private Cloud VPC Architecture AWS Web ServicesRobert Wilson
 
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)Amazon Web Services
 
Practical Steps to Hack Proofing AWS
Practical Steps to Hack Proofing AWSPractical Steps to Hack Proofing AWS
Practical Steps to Hack Proofing AWSAmazon Web Services
 
Serverless Stream Processing with Bill Bejeck
Serverless Stream Processing with Bill BejeckServerless Stream Processing with Bill Bejeck
Serverless Stream Processing with Bill Bejeckconfluent
 
Hardening cassandra for compliance or paranoia
Hardening cassandra for compliance or paranoiaHardening cassandra for compliance or paranoia
Hardening cassandra for compliance or paranoiazznate
 
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud BoundariesGDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud BoundariesJames Anderson
 
Cloud computing, SaaS, and security
Cloud computing, SaaS, and securityCloud computing, SaaS, and security
Cloud computing, SaaS, and securityMichael Van Kleeck
 
Selecting the Best VPC Network Architecture (CPN208) | AWS re:Invent 2013
Selecting the Best VPC Network Architecture (CPN208) | AWS re:Invent 2013Selecting the Best VPC Network Architecture (CPN208) | AWS re:Invent 2013
Selecting the Best VPC Network Architecture (CPN208) | AWS re:Invent 2013Amazon Web Services
 
Securing AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi VaultSecuring AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi VaultShrivatsa Upadhye
 
Advanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAdvanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAmazon Web Services
 
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...Amazon Web Services
 

What's hot (20)

Connecting Kafka Across Multiple AWS VPCs
Connecting Kafka Across Multiple AWS VPCs Connecting Kafka Across Multiple AWS VPCs
Connecting Kafka Across Multiple AWS VPCs
 
VPC Design for Enterprise Connectivity
VPC Design for Enterprise ConnectivityVPC Design for Enterprise Connectivity
VPC Design for Enterprise Connectivity
 
NEW LAUNCH! Advanced Task Scheduling with Amazon ECS and Blox
NEW LAUNCH! Advanced Task Scheduling with Amazon ECS and BloxNEW LAUNCH! Advanced Task Scheduling with Amazon ECS and Blox
NEW LAUNCH! Advanced Task Scheduling with Amazon ECS and Blox
 
AWS re:Invent 2016: ↑↑↓↓←→←→ BA Lambda Start (SVR305)
AWS re:Invent 2016: ↑↑↓↓←→←→ BA Lambda Start (SVR305)AWS re:Invent 2016: ↑↑↓↓←→←→ BA Lambda Start (SVR305)
AWS re:Invent 2016: ↑↑↓↓←→←→ BA Lambda Start (SVR305)
 
An Introduction to Amazon VPC
An Introduction to Amazon VPCAn Introduction to Amazon VPC
An Introduction to Amazon VPC
 
(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS
 
Blockchain on AWS
Blockchain on AWSBlockchain on AWS
Blockchain on AWS
 
Production ready tooling for microservices on kubernetes
Production ready tooling for microservices on kubernetesProduction ready tooling for microservices on kubernetes
Production ready tooling for microservices on kubernetes
 
Amazon Virtual Private Cloud VPC Architecture AWS Web Services
Amazon Virtual Private Cloud VPC Architecture AWS Web ServicesAmazon Virtual Private Cloud VPC Architecture AWS Web Services
Amazon Virtual Private Cloud VPC Architecture AWS Web Services
 
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)
 
Practical Steps to Hack Proofing AWS
Practical Steps to Hack Proofing AWSPractical Steps to Hack Proofing AWS
Practical Steps to Hack Proofing AWS
 
Serverless Stream Processing with Bill Bejeck
Serverless Stream Processing with Bill BejeckServerless Stream Processing with Bill Bejeck
Serverless Stream Processing with Bill Bejeck
 
Hardening cassandra for compliance or paranoia
Hardening cassandra for compliance or paranoiaHardening cassandra for compliance or paranoia
Hardening cassandra for compliance or paranoia
 
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud BoundariesGDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
 
Cloud computing, SaaS, and security
Cloud computing, SaaS, and securityCloud computing, SaaS, and security
Cloud computing, SaaS, and security
 
Selecting the Best VPC Network Architecture (CPN208) | AWS re:Invent 2013
Selecting the Best VPC Network Architecture (CPN208) | AWS re:Invent 2013Selecting the Best VPC Network Architecture (CPN208) | AWS re:Invent 2013
Selecting the Best VPC Network Architecture (CPN208) | AWS re:Invent 2013
 
CloudStack vs Openstack
CloudStack vs OpenstackCloudStack vs Openstack
CloudStack vs Openstack
 
Securing AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi VaultSecuring AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi Vault
 
Advanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAdvanced Security Best Practices Masterclass
Advanced Security Best Practices Masterclass
 
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
 

Similar to Austin Scales - Nexus - Bazaarvoice's Cloud Infrastructure

Cloudformation & VPC, EC2, RDS
Cloudformation & VPC, EC2, RDSCloudformation & VPC, EC2, RDS
Cloudformation & VPC, EC2, RDSCan Abacıgil
 
Architecting applications on amazon web services with node.js
Architecting applications on amazon web services with node.jsArchitecting applications on amazon web services with node.js
Architecting applications on amazon web services with node.jsHenry Fougere
 
Getting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudGetting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudAmazon Web Services
 
Increase Speed and Agility with Amazon Web Services
Increase Speed and Agility with Amazon Web ServicesIncrease Speed and Agility with Amazon Web Services
Increase Speed and Agility with Amazon Web ServicesAmazon Web Services
 
Increase Speed and Agility with Amazon Web Services
Increase Speed and Agility with Amazon Web ServicesIncrease Speed and Agility with Amazon Web Services
Increase Speed and Agility with Amazon Web ServicesAmazon Web Services
 
Cloud Native Computing - Part II - Public Cloud (AWS)
Cloud Native Computing - Part II - Public Cloud (AWS)Cloud Native Computing - Part II - Public Cloud (AWS)
Cloud Native Computing - Part II - Public Cloud (AWS)Linjith Kunnon
 
Getting Started with AWS Lambda & Serverless Cloud
Getting Started with AWS Lambda & Serverless CloudGetting Started with AWS Lambda & Serverless Cloud
Getting Started with AWS Lambda & Serverless CloudIan Massingham
 
AWS Webcast - Website Hosting in the Cloud
AWS Webcast - Website Hosting in the CloudAWS Webcast - Website Hosting in the Cloud
AWS Webcast - Website Hosting in the CloudAmazon Web Services
 
Aws-What You Need to Know_Simon Elisha
Aws-What You Need to Know_Simon ElishaAws-What You Need to Know_Simon Elisha
Aws-What You Need to Know_Simon ElishaHelen Rogers
 
Herramientas Cloud Ninja AWS "From Zero to Hero"
Herramientas Cloud Ninja AWS "From Zero to Hero"Herramientas Cloud Ninja AWS "From Zero to Hero"
Herramientas Cloud Ninja AWS "From Zero to Hero"Amazon Web Services LATAM
 
Azure Service Fabric: The road ahead for microservices
Azure Service Fabric: The road ahead for microservicesAzure Service Fabric: The road ahead for microservices
Azure Service Fabric: The road ahead for microservicesMicrosoft Tech Community
 
Velocity NYC 2016 - Containers @ Netflix
Velocity NYC 2016 - Containers @ NetflixVelocity NYC 2016 - Containers @ Netflix
Velocity NYC 2016 - Containers @ Netflixaspyker
 
Getting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudGetting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudAmazon Web Services
 
Building IaaS Clouds and the Art of Virtual Machine Management: A Practical G...
Building IaaS Clouds and the Art of Virtual Machine Management: A Practical G...Building IaaS Clouds and the Art of Virtual Machine Management: A Practical G...
Building IaaS Clouds and the Art of Virtual Machine Management: A Practical G...Ruben S. Montero
 
Drilett aws vpc_presentation_shared
Drilett aws vpc_presentation_sharedDrilett aws vpc_presentation_shared
Drilett aws vpc_presentation_sharedDavid Rilett
 
Introduction to Windows Azure
Introduction to Windows AzureIntroduction to Windows Azure
Introduction to Windows AzureRavi Ranjan Karn
 
Automating Security in your IaC Pipeline
Automating Security in your IaC PipelineAutomating Security in your IaC Pipeline
Automating Security in your IaC PipelineAmazon Web Services
 

Similar to Austin Scales - Nexus - Bazaarvoice's Cloud Infrastructure (20)

AWS Lambda and Serverless Cloud
AWS Lambda and Serverless CloudAWS Lambda and Serverless Cloud
AWS Lambda and Serverless Cloud
 
Cloudformation & VPC, EC2, RDS
Cloudformation & VPC, EC2, RDSCloudformation & VPC, EC2, RDS
Cloudformation & VPC, EC2, RDS
 
Architecting applications on amazon web services with node.js
Architecting applications on amazon web services with node.jsArchitecting applications on amazon web services with node.js
Architecting applications on amazon web services with node.js
 
Getting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudGetting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless Cloud
 
Increase Speed and Agility with Amazon Web Services
Increase Speed and Agility with Amazon Web ServicesIncrease Speed and Agility with Amazon Web Services
Increase Speed and Agility with Amazon Web Services
 
Increase Speed and Agility with Amazon Web Services
Increase Speed and Agility with Amazon Web ServicesIncrease Speed and Agility with Amazon Web Services
Increase Speed and Agility with Amazon Web Services
 
cc.pptx
cc.pptxcc.pptx
cc.pptx
 
Cloud Native Computing - Part II - Public Cloud (AWS)
Cloud Native Computing - Part II - Public Cloud (AWS)Cloud Native Computing - Part II - Public Cloud (AWS)
Cloud Native Computing - Part II - Public Cloud (AWS)
 
Getting Started with AWS Lambda & Serverless Cloud
Getting Started with AWS Lambda & Serverless CloudGetting Started with AWS Lambda & Serverless Cloud
Getting Started with AWS Lambda & Serverless Cloud
 
AWS Webcast - Website Hosting in the Cloud
AWS Webcast - Website Hosting in the CloudAWS Webcast - Website Hosting in the Cloud
AWS Webcast - Website Hosting in the Cloud
 
Aws-What You Need to Know_Simon Elisha
Aws-What You Need to Know_Simon ElishaAws-What You Need to Know_Simon Elisha
Aws-What You Need to Know_Simon Elisha
 
Herramientas Cloud Ninja AWS "From Zero to Hero"
Herramientas Cloud Ninja AWS "From Zero to Hero"Herramientas Cloud Ninja AWS "From Zero to Hero"
Herramientas Cloud Ninja AWS "From Zero to Hero"
 
Introduction to DevOps on AWS
Introduction to DevOps on AWSIntroduction to DevOps on AWS
Introduction to DevOps on AWS
 
Azure Service Fabric: The road ahead for microservices
Azure Service Fabric: The road ahead for microservicesAzure Service Fabric: The road ahead for microservices
Azure Service Fabric: The road ahead for microservices
 
Velocity NYC 2016 - Containers @ Netflix
Velocity NYC 2016 - Containers @ NetflixVelocity NYC 2016 - Containers @ Netflix
Velocity NYC 2016 - Containers @ Netflix
 
Getting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudGetting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless Cloud
 
Building IaaS Clouds and the Art of Virtual Machine Management: A Practical G...
Building IaaS Clouds and the Art of Virtual Machine Management: A Practical G...Building IaaS Clouds and the Art of Virtual Machine Management: A Practical G...
Building IaaS Clouds and the Art of Virtual Machine Management: A Practical G...
 
Drilett aws vpc_presentation_shared
Drilett aws vpc_presentation_sharedDrilett aws vpc_presentation_shared
Drilett aws vpc_presentation_shared
 
Introduction to Windows Azure
Introduction to Windows AzureIntroduction to Windows Azure
Introduction to Windows Azure
 
Automating Security in your IaC Pipeline
Automating Security in your IaC PipelineAutomating Security in your IaC Pipeline
Automating Security in your IaC Pipeline
 

Austin Scales - Nexus - Bazaarvoice's Cloud Infrastructure

  • 1. Nexus Bazaarvoice Cloud Infrastructure Victor Trac Cloud Architect, Bazaarvoice
  • 3. Bazaarvoice Not bizarre boys Austin-based company founded in 2005 Basic stats: Thousands of clients SaaS serving software that collects and displays user generated content, Hundreds of millions of pieces of crunches analytics, and extracts content data. Hundreds of millions of unique Engineering offices in Austin, NYC, visitors per month London, and San Francisco Tens of billions of page-views per month
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 10. EC2, S3, VPC, Regions, Autoscale, CloudFormation, ELB...? Does this mean anything to you?
  • 11.
  • 12.
  • 13. VPC & Subnets VPC allows us to choose our internal IP space. Public: Default route via IGW Default Route for All Subnets to IGW ● Let's call these subnets all "Public" ● Requires all instances to have EIPs before talking to the internet ● EIPs are a limited resource Private: Default route via instance(s) in Public Subnets Advantage: Most instances in the private subnet can talk to the internet without dealing with an EIP.
  • 16. Elastic Load Balancing ● Only Round Robin and Sticky Sessions ● Supports HTTP Response code or basic TCP connection Health Checks
  • 17.
  • 18. { "AWSTemplateFormatVersion" : "2010-09-09", "Description" : "A text description for the template usage", "Parameters": { // A set of inputs used to customize the template per deployment }, "Mappings": { // Mappings match a key to a corresponding set of named values }, "Resources" : { // The set of AWS resources and relationships between them }, "Outputs" : { // A set of values to be made visible to the stack creator } }
  • 19. CloudFormation Instance Example { "AWSTemplateFormatVersion" : "2010-09-09", "Description" : "Create an EC2 instance running the Amazon Linux 32 bit AMI.”, "Parameters" : { "KeyPair" : { "Description" : "The EC2 Key Pair to allow SSH access to the instance", "Type" : "String" } }, "Resources" : { "Ec2Instance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "KeyName" : { "Ref" : "KeyPair" }, "ImageId" : "ami-75g0061f", "InstanceType" : "m1.small" } } }, "Outputs" : { "InstanceId" : { "Description" : "The InstanceId of the newly created EC2 instance", "Value" : { "Ref" : "Ec2Instance" } } } }
  • 20. IAM and Console Access Sign-on Credentials ● IAM Console login ○ Username, Password, and MFA Time token Access Credentials ● AWS has three API types: REST, Query, & SOAP. ● Each API uses one or more Access Credentials ○ Access Keys for REST and Query APIs ○ x.509 Certificates for SOAP API ○ EC2 KeyPairs for instance SSH authentication
  • 21.
  • 22. In the beginning... A Java application server + a MySQL Database Scaled by adding in another application server. Then we just duplicated this entire stack, giving us two "clusters". Scaled more by adding more and more clusters.
  • 25.
  • 26. Goals Full control over AWS resources EC2 resources, Autoscale, ELB, S3, etc. Team Isolation Resources created by one team can only be modified/terminated by that team
  • 27. 3rd Party Solution enStratus, RightScale, asgard, etc Good Bad ● enStratus & RightScale ● No AWS API Access provide cloud-agnostic ● No AWS CLI Tools & SDKs tools ● Locked into only supported services
  • 28. Multiple Accounts Good Bad ● Provides for full resource ● Inter-team network control with direct API communications can become access very complicated, relying ● Protects teams from one on VPN between VPCs -> another Reduced Reliability ● Allows for easy accounting ● Management of networking is on a per-team basis a possible bottleneck ● May make it easier for ● Shared resources may need external auditors to to be redundantly built in determine which teams have every VPC: LDAP, DNS, "production" access Monitoring
  • 29. Single Shared Account Good Bad ● Sharing of resources will ● No built-in protections be simple - just open between teams, even with access via security groups IAM between teams ● Creates a centralized ● Reliable networking between resource that someone has teams without need for VPN to maintain ● Possibly better performance ● Requires us to build tools due to fewer hops to use long-term ● Certain resources can be shared: LDAP, DNS, Monitoring, etc.
  • 31. In more detail... Nexus is: ● AWS Infrastructure designed with best practices: ○ secure ○ highly available ○ multi-region ○ repeatable ● Cloud building blocks and recipes for all of Engineering ● A Single Account Solution Philosophy: Engineering teams at Bazaarvoice are free to choose their own stack, but we want to make Nexus so compelling that it is the default choice.
  • 32. (some) Batteries Included Included: Dev teams provide ● Bastion Hosts anything required to ● NAT Instances run their app, which ● VPN Connectivity between Regions probably means: ● Internal DNS ● Monitoring* ● Puppet/Chef/etc ● Centralized Logging* ● Your actual app ● Services Discovery* ● Deployment process ● Scripts & CloudFormation in Github to create ephemeral VPCs that look like a Managed Environment
  • 38. External DNS (Route53) Records in the .nexus.bazaarvoice.com zone are for you to use.
  • 41.
  • 43. Limitations & Risks ● Danger! Single Shared Account ○ You can wipe out all of a region with a bad script. ● Single NAT per AZ ○ Someone else downloading lots of data from the internet will affect all other instances sharing your private subnet. ● Single VPN Instance per VPN Destination ○ Similar to NAT problem, but worse. ○ Avoid VPN when possible ○ If not possible, make your VPN dependency resilient to lack of bandwidth and network blips
  • 44. Nexus is a catalyst: old and busted new and shiny waterfall agile centralized development distributed teams 8-10 week release cycle release anytime monolithic app services oriented architecture mysql cassandra solr elasticsearch java whatever dev + ops devops
  • 45. Email: victor@bazaarvoice.com Twitter: @victortrac Thanks!