As more customers adopt Amazon Virtual Private Cloud architectures, the features and flexibility of the service are squaring off against increasingly complex design requirements. This session follows the evolution of a single regional VPC into a multi-VPC, multi-region design with diverse connectivity into on-premises systems and infrastructure. Along the way, we investigate creative customer solutions for scaling and securing outbound VPC traffic, managing multi-tenant VPCs, conducting VPC-to-VPC traffic, extending corporate federation and name services into VPC, running multiple hybrid environments over AWS Direct Connect, and integrating corporate multiprotocol label switching (MPLS) clouds into multi-region VPCs.
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013Amazon Web Services
As more customers adopt Amazon Virtual Private Cloud architectures, the features and flexibility of the service are squaring off against increasingly complex design requirements. This session follows the evolution of a single regional VPC into a multi-VPC, multi-region design with diverse connectivity into on-premises systems and infrastructure. Along the way, we investigate creative customer solutions for scaling and securing outbound VPC traffic, managing multi-tenant VPCs, conducting VPC-to-VPC traffic, extending corporate federation and name services into VPC, running multiple hybrid environments over AWS Direct Connect, and integrating corporate multiprotocol label switching (MPLS) clouds into multi-region VPCs.
This document discusses evolving VPC designs from a single VPC to multiple interconnected VPCs. It begins with a basic single VPC design and evolves it to incorporate multiple subnets, NAT gateways, VPC endpoints and peering. The document explores use cases for separating resources into multiple VPCs and presents a hub-and-spoke design using VPC peering to interconnect VPCs and provide shared services while maintaining isolation and control.
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...Amazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
(ARC403) From One to Many: Evolving VPC Design | AWS re:Invent 2014Amazon Web Services
As more customers adopt Amazon VPC architectures, the features and flexibility of the service are squaring off against increasingly complex design requirements. This session follows the evolution of a single regional VPC into a multi-VPC, multiregion design with diverse connectivity into on-premises systems and infrastructure. Along the way, we investigate creative customer solutions for scaling and securing outbound VPC traffic, managing multitenant VPCs, conducting VPC-to-VPC traffic, running multiple hybrid environments over AWS Direct Connect, and integrating corporate multiprotocol label switching (MPLS) clouds into multiregion VPCs.
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...Amazon Web Services
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) cloud where you can launch AWS resources in a virtual data center that you define. In this session you learn how to leverage the VPC networking constructs to configure a highly available and secure virtual data center on AWS for your application. We cover best practices around choosing an IP range for your VPC, creating subnets, configuring routing, securing your VPC, establishing VPN connectivity, and much more. The session culminates in creating a highly available web application stack inside of VPC and testing its availability with Chaos Monkey.
(NET201) Creating Your Virtual Data Center: VPC FundamentalsAmazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. In this talk, we discuss advanced tasks in Amazon VPC, including the implementation of VPC peering, the creation of multiple network zones, the establishment of private connections, and the use of multiple routing tables. We also provide information on Enhanced Networking and on migrating from EC2-Classic to VPC.
In this advanced technical session, learn how you can use AWS to build and deploy virtual data centers as fast as you design them. This session follows the evolution of a single regional Amazon Virtual Private Cloud (VPC) into a multi-VPC, multi-region design with diverse connectivity into on-premises systems and infrastructure. Along the way, we investigate best practice designs in use by AWS customers to simplify and optimize as they grow. Topics covered include: automating virtual data centers with CloudFormation, scaling and securing outbound VPC traffic, Peering VPCs within a region, and running global hybrid networks with VPC and Direct Connect.
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013Amazon Web Services
As more customers adopt Amazon Virtual Private Cloud architectures, the features and flexibility of the service are squaring off against increasingly complex design requirements. This session follows the evolution of a single regional VPC into a multi-VPC, multi-region design with diverse connectivity into on-premises systems and infrastructure. Along the way, we investigate creative customer solutions for scaling and securing outbound VPC traffic, managing multi-tenant VPCs, conducting VPC-to-VPC traffic, extending corporate federation and name services into VPC, running multiple hybrid environments over AWS Direct Connect, and integrating corporate multiprotocol label switching (MPLS) clouds into multi-region VPCs.
This document discusses evolving VPC designs from a single VPC to multiple interconnected VPCs. It begins with a basic single VPC design and evolves it to incorporate multiple subnets, NAT gateways, VPC endpoints and peering. The document explores use cases for separating resources into multiple VPCs and presents a hub-and-spoke design using VPC peering to interconnect VPCs and provide shared services while maintaining isolation and control.
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...Amazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
(ARC403) From One to Many: Evolving VPC Design | AWS re:Invent 2014Amazon Web Services
As more customers adopt Amazon VPC architectures, the features and flexibility of the service are squaring off against increasingly complex design requirements. This session follows the evolution of a single regional VPC into a multi-VPC, multiregion design with diverse connectivity into on-premises systems and infrastructure. Along the way, we investigate creative customer solutions for scaling and securing outbound VPC traffic, managing multitenant VPCs, conducting VPC-to-VPC traffic, running multiple hybrid environments over AWS Direct Connect, and integrating corporate multiprotocol label switching (MPLS) clouds into multiregion VPCs.
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...Amazon Web Services
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) cloud where you can launch AWS resources in a virtual data center that you define. In this session you learn how to leverage the VPC networking constructs to configure a highly available and secure virtual data center on AWS for your application. We cover best practices around choosing an IP range for your VPC, creating subnets, configuring routing, securing your VPC, establishing VPN connectivity, and much more. The session culminates in creating a highly available web application stack inside of VPC and testing its availability with Chaos Monkey.
(NET201) Creating Your Virtual Data Center: VPC FundamentalsAmazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. In this talk, we discuss advanced tasks in Amazon VPC, including the implementation of VPC peering, the creation of multiple network zones, the establishment of private connections, and the use of multiple routing tables. We also provide information on Enhanced Networking and on migrating from EC2-Classic to VPC.
In this advanced technical session, learn how you can use AWS to build and deploy virtual data centers as fast as you design them. This session follows the evolution of a single regional Amazon Virtual Private Cloud (VPC) into a multi-VPC, multi-region design with diverse connectivity into on-premises systems and infrastructure. Along the way, we investigate best practice designs in use by AWS customers to simplify and optimize as they grow. Topics covered include: automating virtual data centers with CloudFormation, scaling and securing outbound VPC traffic, Peering VPCs within a region, and running global hybrid networks with VPC and Direct Connect.
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Amazon Web Services
This document discusses using Amazon Virtual Private Cloud (VPC) for hybrid IT architectures. It defines hybrid IT and outlines some common AWS services that can be used to build hybrid solutions, including VPC, VPN/Direct Connect networking, IAM policies and virtual images. Specific examples are given for disaster recovery and development/test environments extending on-premises networks to AWS. The presentation concludes with a demonstration of creating a VPC with IPSEC VPN tunnels to an on-premises office and deploying a CMS within the VPC.
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)Amazon Web Services
As more customers adopt Amazon VPC architectures, the features and flexibility of the service are squaring off against evolving design requirements. This session follows this evolution of a single regional VPC into a multi-VPC, multi-region design with diverse connectivity into on-premises systems and infrastructure. Along the way, we investigate creative customer solutions for scaling and securing outbound VPC traffic, securing private access to Amazon S3, managing multi-tenant VPCs, integrating existing customer networks through AWS Direct Connect, and building a full VPC mesh network across global regions.
Amazon Virtual Private Cloud VPC Architecture AWS Web ServicesRobert Wilson
Amazon Virtual Private Cloud (VPC) allows users to create isolated virtual networks within AWS. The document discusses VPC fundamentals like subnets and security and provides examples of four common VPC architecture scenarios including VPC with public/private subnets and connecting VPC to an on-premise network with hardware VPN. It also outlines options for connecting a corporate network to a VPC like Direct Connect, VPN, and software VPN using EC2 instances.
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014Amazon Web Services
This document discusses various approaches to automating network configuration and management in AWS. It begins by describing basic, intermediate, and advanced levels of network automation. It then provides examples of automating network builds using the AWS CLI, custom scripts in Bash/PowerShell, and AWS CloudFormation. The document also discusses approaches for dynamic network automation including using tags, instance metadata, and external data stores. It covers automating components like NAT instances, VPC peering, and VPN connections. Finally, it discusses options for virtual IP addresses and monitoring network traffic.
Securing your AWS Resources with Amazon VPC - AWS Summit 2012 - NYCAmazon Web Services
Virtual Private Cloud (VPC) provides users virtual private networking capabilities in AWS. It allows users to define their own virtual networking environment, including IP address ranges, subnets, route tables, and network gateways. VPC provides capabilities like private subnets, network access control lists, multiple network interfaces, and connectivity to customer networks through virtual private gateways and hardware VPN connections. Common uses of VPC include mixing public and private resources, providing fixed private IPs, and extending an organization's existing network into AWS. VPC supports many AWS services and provides more security and network segmentation options compared to standard EC2 networking.
"What if weather or any other major event prevents a large number of your users from coming into the office? Does your VPN or remote connectivity solution scale?
Deploying solutions in AWS gives you access to agility, cost savings, elasticity, breadth of functionality, and the ability to deploy globally in minutes. With access to these benefits through the AWS platform, administrators can launch global, scalable and resilient VPN solutions to support your business at a moments notice.
In this session, learn how to build a flexible, elastic, highly secure VPN infrastructure by using Amazon Route 53, Amazon EC2, Auto Scaling, and 3rd party solutions to allow hundreds or thousands of users to work remotely as soon as the first snowflakes begin to fall.
To attend this session it is suggested that attendees have a working knowledge of VPC, EC2, general networking and an understanding of routing protocols."
In this session from the London AWS Summit 2015 Tech Track Replay, AWS Solutions Architect Steve Seymour dives deep into the Amazon Virtual Private Cloud service, covering features as well as best practices.
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.
Virtual Private Cloud (VPC) allows users to define a virtual network in the AWS cloud. VPC allows users to assign static IP addresses, control network access with security groups and network access control lists, and connect the VPC to their own infrastructure using VPN or AWS Direct Connect. The webinar provided an overview of VPC capabilities and common usage patterns such as extending an existing data center into AWS, exposing systems publicly in AWS, and enabling branch office access via VPN. Demos showed integrating an AWS VPC with an on-premises Active Directory and using multiple IP addresses and network interfaces.
VPC allows users to create a virtual network in AWS that is logically isolated from other networks. It includes IP addresses, subnets, route tables, internet gateways, and security features. VPC supports private IP addresses that can only communicate within the VPC, public IP addresses reachable from the internet, and elastic IP addresses that can be attached and detached from instances. Subnets divide the VPC into distinct regions and cannot span availability zones. They can be configured as public or private depending on internet access. Route tables and security groups control network traffic flow. Network ACLs provide optional subnet level firewalls.
Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC Cohesive Networks
Use this VNS3 set up guide to get started in the Amazon Cloud (AWS) VPC public cloud environments.
About VNS3:
VNS3 delivers cloud networking and NFV functionality for virtual and cloud environments. The VNS3 virtual network security appliance includes a router, switch, stateful firewall, VPN support (IPsec and SSL), and protocol redistributor, and extensible NFV optimized for all major cloud providers. VNS3 cloud networks are configured and managed through the VNS3 Manager web-based UI or resetful API.
VNS3 is available in: Amazon Web Services EC2, Amazon Web Services VPC, Microsoft Azure, CenturyLink Cloud, Google Compute Engine (GCE), Rackspace, IBM SoftLayer, ElasticHosts, Verizon Terremark vCloud Express, InterRoute, Abiquo, Openstack, Flexiant, Eucalyptus, Abiquo, HPE Helion, VMware (all formats), Citrix, Xen, KVM, and more.
VNS3 supports most IPsec data center solutions, including: Preferred Most models from Cisco Systems*, Juniper, Watchguard, Dell SONICWALL, Netgear, Fortinet, Barracuda Networks, Check Point*, Zyxel USA, McAfee Retail, Citrix Systems, Hewlett Packard, D-Link, WatchGuard, Palo Alto Networks, OpenSwan, pfSense, Vyatta, and any IPsec device that supports IKE1 or IKE2, AES256 or AES128 or 3DES, SHA1 or MD5, and most importantly NAT-Traversal standards.
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...Amazon Web Services
Twilio provides a communications API that enables voice, VoIP, and messaging capabilities for web and mobile apps. They migrated their infrastructure from the isolated EC2-Classic platform to EC2-VPC to enable global routing between regions and services. This reduced complexity, improved performance and latency, and allowed for more frequent and less risky deployments. The migration required bridging traffic between EC2-Classic and EC2-VPC instances and using software routers and service discovery for peering between regions. The new global VPC infrastructure improved customer experience and satisfaction.
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. In this talk, we discuss advanced tasks in Amazon VPC, including the implementation of VPC peering, the creation of multiple network zones, the establishment of private connections, and the use of multiple routing tables. We also provide information for current Amazon EC2-Classic network customers and help you prepare to adopt Amazon VPC.
The document defines key AWS networking terms like regions, availability zones, VPCs, internet gateways, load balancers, and subnets. It explains that regions contain availability zones and resources aren't replicated across regions by default. VPCs are virtual private networks that can contain public and private subnets. Internet gateways, load balancers, and NAT/bastion instances are used to control ingress and egress network traffic between subnets, availability zones, and the public internet. Diagrams show example single region and multi-region network topologies using these services.
Deep Dive: Amazon Virtual Private Cloud (March 2017)Julien SIMON
- The document discusses VPC configurations, networking services like ENIs, routing tables, security groups, and network ACLs.
- It provides examples of building hybrid architectures with on-premises networks by creating VPCs, VPN/Direct Connect connections, and routing configurations.
- VPC peering and endpoints are also covered, allowing communication and service access between VPCs in the same or different AWS accounts without an internet gateway.
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. In this talk, we discuss advanced tasks in Amazon VPC, including the implementation of VPC peering, the creation of multiple network zones, the establishment of private connections, and the use of multiple routing tables. We also provide information for current Amazon EC2-Classic network customers and help you prepare to adopt Amazon VPC.
Selecting the Best VPC Network Architecture (CPN208) | AWS re:Invent 2013Amazon Web Services
Which is better: a single VPC with multiple subnets or multiple accounts with many VPCs? Should you simplify management with a single VPC or use multiple VPCs to lessen the blast radius of network changes? In this session, we hear from customers who've implemented each approach and discuss how they addressed management, security, and connectivity for their Amazon EC2 environments.
Double Redundancy with AWS Direct Connect - Pop-up Loft Tel AvivAmazon Web Services
AWS Direct Connect provides low latency and high performance connectivity to the AWS cloud by allowing the provision of physical fiber from the customer’s location or data center into AWS Direct Connect points of presence. This session covers design considerations around AWS Direct Connect solutions. We will discuss how to design and configure physical and logical redundancy using both physically redundant fibers and logical VPN connectivity, and includes a live demo showing both the configuration and the failure of a doubly redundant connectivity solution. This session is for network engineers/architects, technical professionals, and infrastructure managers who have a working knowledge of Amazon VPC, Amazon EC2, general networking, and routing protocols.
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
The Ruby community has driven a lot of technical innovation in deployment and configuration management over the last few years, and so the idea of delivering high-quality software rapidly should be familiar to most of us. But although our tools are state-of-the-art, getting them to work together properly can be surprisingly frustrating. In this talk, I'll explain how to implement a high-quality rapid build and deploy process using standard CI tools, Bundler, RVM, and Capistrano. I'll also discuss how to coach your developers, QAs, and client to be "production-ready, any time."
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CloudIDSummit
John DaSilva, Identity Architect, Ping Identity
Brian Campbell, Portfolio Architect, Ping Identity
If you asked yourself the question, "What is OAuth and will it solve my mobile device SSO headaches?” then this is the session for you! In this bootcamp, you will learn the basic foundations of OAuth, the drivers (the “why”) behind it, the use cases, the protocol flow and basic terminology. Once we have a basic understanding of OAuth, we will explore various implementation strategies for OAuth 2.0. We’ll dissect the Web Server, User Agent and Native Application use cases, and describe how to configure OAuth in PingFederate Authorization Server. We will even take a look at the up and coming OpenID Connect specification. Bring your laptop; a configuration of PingFederate that you can set up and temporary product licenses will be supplied.
The document provides an overview of architectural best practices for building scalable applications on AWS. It discusses 7 key lessons: 1) design for failure, 2) loose coupling, 3) implement elasticity, 4) build security in every layer, 5) don't fear constraints, 6) think parallel, and 7) leverage different AWS storage options. Examples are given for how to apply each lesson when migrating a traditional web architecture to be cloud-native on AWS.
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Amazon Web Services
This document discusses using Amazon Virtual Private Cloud (VPC) for hybrid IT architectures. It defines hybrid IT and outlines some common AWS services that can be used to build hybrid solutions, including VPC, VPN/Direct Connect networking, IAM policies and virtual images. Specific examples are given for disaster recovery and development/test environments extending on-premises networks to AWS. The presentation concludes with a demonstration of creating a VPC with IPSEC VPN tunnels to an on-premises office and deploying a CMS within the VPC.
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)Amazon Web Services
As more customers adopt Amazon VPC architectures, the features and flexibility of the service are squaring off against evolving design requirements. This session follows this evolution of a single regional VPC into a multi-VPC, multi-region design with diverse connectivity into on-premises systems and infrastructure. Along the way, we investigate creative customer solutions for scaling and securing outbound VPC traffic, securing private access to Amazon S3, managing multi-tenant VPCs, integrating existing customer networks through AWS Direct Connect, and building a full VPC mesh network across global regions.
Amazon Virtual Private Cloud VPC Architecture AWS Web ServicesRobert Wilson
Amazon Virtual Private Cloud (VPC) allows users to create isolated virtual networks within AWS. The document discusses VPC fundamentals like subnets and security and provides examples of four common VPC architecture scenarios including VPC with public/private subnets and connecting VPC to an on-premise network with hardware VPN. It also outlines options for connecting a corporate network to a VPC like Direct Connect, VPN, and software VPN using EC2 instances.
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014Amazon Web Services
This document discusses various approaches to automating network configuration and management in AWS. It begins by describing basic, intermediate, and advanced levels of network automation. It then provides examples of automating network builds using the AWS CLI, custom scripts in Bash/PowerShell, and AWS CloudFormation. The document also discusses approaches for dynamic network automation including using tags, instance metadata, and external data stores. It covers automating components like NAT instances, VPC peering, and VPN connections. Finally, it discusses options for virtual IP addresses and monitoring network traffic.
Securing your AWS Resources with Amazon VPC - AWS Summit 2012 - NYCAmazon Web Services
Virtual Private Cloud (VPC) provides users virtual private networking capabilities in AWS. It allows users to define their own virtual networking environment, including IP address ranges, subnets, route tables, and network gateways. VPC provides capabilities like private subnets, network access control lists, multiple network interfaces, and connectivity to customer networks through virtual private gateways and hardware VPN connections. Common uses of VPC include mixing public and private resources, providing fixed private IPs, and extending an organization's existing network into AWS. VPC supports many AWS services and provides more security and network segmentation options compared to standard EC2 networking.
"What if weather or any other major event prevents a large number of your users from coming into the office? Does your VPN or remote connectivity solution scale?
Deploying solutions in AWS gives you access to agility, cost savings, elasticity, breadth of functionality, and the ability to deploy globally in minutes. With access to these benefits through the AWS platform, administrators can launch global, scalable and resilient VPN solutions to support your business at a moments notice.
In this session, learn how to build a flexible, elastic, highly secure VPN infrastructure by using Amazon Route 53, Amazon EC2, Auto Scaling, and 3rd party solutions to allow hundreds or thousands of users to work remotely as soon as the first snowflakes begin to fall.
To attend this session it is suggested that attendees have a working knowledge of VPC, EC2, general networking and an understanding of routing protocols."
In this session from the London AWS Summit 2015 Tech Track Replay, AWS Solutions Architect Steve Seymour dives deep into the Amazon Virtual Private Cloud service, covering features as well as best practices.
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.
Virtual Private Cloud (VPC) allows users to define a virtual network in the AWS cloud. VPC allows users to assign static IP addresses, control network access with security groups and network access control lists, and connect the VPC to their own infrastructure using VPN or AWS Direct Connect. The webinar provided an overview of VPC capabilities and common usage patterns such as extending an existing data center into AWS, exposing systems publicly in AWS, and enabling branch office access via VPN. Demos showed integrating an AWS VPC with an on-premises Active Directory and using multiple IP addresses and network interfaces.
VPC allows users to create a virtual network in AWS that is logically isolated from other networks. It includes IP addresses, subnets, route tables, internet gateways, and security features. VPC supports private IP addresses that can only communicate within the VPC, public IP addresses reachable from the internet, and elastic IP addresses that can be attached and detached from instances. Subnets divide the VPC into distinct regions and cannot span availability zones. They can be configured as public or private depending on internet access. Route tables and security groups control network traffic flow. Network ACLs provide optional subnet level firewalls.
Cohesive Networks Support Docs: VNS3 Configuration for Amazon VPC Cohesive Networks
Use this VNS3 set up guide to get started in the Amazon Cloud (AWS) VPC public cloud environments.
About VNS3:
VNS3 delivers cloud networking and NFV functionality for virtual and cloud environments. The VNS3 virtual network security appliance includes a router, switch, stateful firewall, VPN support (IPsec and SSL), and protocol redistributor, and extensible NFV optimized for all major cloud providers. VNS3 cloud networks are configured and managed through the VNS3 Manager web-based UI or resetful API.
VNS3 is available in: Amazon Web Services EC2, Amazon Web Services VPC, Microsoft Azure, CenturyLink Cloud, Google Compute Engine (GCE), Rackspace, IBM SoftLayer, ElasticHosts, Verizon Terremark vCloud Express, InterRoute, Abiquo, Openstack, Flexiant, Eucalyptus, Abiquo, HPE Helion, VMware (all formats), Citrix, Xen, KVM, and more.
VNS3 supports most IPsec data center solutions, including: Preferred Most models from Cisco Systems*, Juniper, Watchguard, Dell SONICWALL, Netgear, Fortinet, Barracuda Networks, Check Point*, Zyxel USA, McAfee Retail, Citrix Systems, Hewlett Packard, D-Link, WatchGuard, Palo Alto Networks, OpenSwan, pfSense, Vyatta, and any IPsec device that supports IKE1 or IKE2, AES256 or AES128 or 3DES, SHA1 or MD5, and most importantly NAT-Traversal standards.
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...Amazon Web Services
Twilio provides a communications API that enables voice, VoIP, and messaging capabilities for web and mobile apps. They migrated their infrastructure from the isolated EC2-Classic platform to EC2-VPC to enable global routing between regions and services. This reduced complexity, improved performance and latency, and allowed for more frequent and less risky deployments. The migration required bridging traffic between EC2-Classic and EC2-VPC instances and using software routers and service discovery for peering between regions. The new global VPC infrastructure improved customer experience and satisfaction.
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. In this talk, we discuss advanced tasks in Amazon VPC, including the implementation of VPC peering, the creation of multiple network zones, the establishment of private connections, and the use of multiple routing tables. We also provide information for current Amazon EC2-Classic network customers and help you prepare to adopt Amazon VPC.
The document defines key AWS networking terms like regions, availability zones, VPCs, internet gateways, load balancers, and subnets. It explains that regions contain availability zones and resources aren't replicated across regions by default. VPCs are virtual private networks that can contain public and private subnets. Internet gateways, load balancers, and NAT/bastion instances are used to control ingress and egress network traffic between subnets, availability zones, and the public internet. Diagrams show example single region and multi-region network topologies using these services.
Deep Dive: Amazon Virtual Private Cloud (March 2017)Julien SIMON
- The document discusses VPC configurations, networking services like ENIs, routing tables, security groups, and network ACLs.
- It provides examples of building hybrid architectures with on-premises networks by creating VPCs, VPN/Direct Connect connections, and routing configurations.
- VPC peering and endpoints are also covered, allowing communication and service access between VPCs in the same or different AWS accounts without an internet gateway.
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. In this talk, we discuss advanced tasks in Amazon VPC, including the implementation of VPC peering, the creation of multiple network zones, the establishment of private connections, and the use of multiple routing tables. We also provide information for current Amazon EC2-Classic network customers and help you prepare to adopt Amazon VPC.
Selecting the Best VPC Network Architecture (CPN208) | AWS re:Invent 2013Amazon Web Services
Which is better: a single VPC with multiple subnets or multiple accounts with many VPCs? Should you simplify management with a single VPC or use multiple VPCs to lessen the blast radius of network changes? In this session, we hear from customers who've implemented each approach and discuss how they addressed management, security, and connectivity for their Amazon EC2 environments.
Double Redundancy with AWS Direct Connect - Pop-up Loft Tel AvivAmazon Web Services
AWS Direct Connect provides low latency and high performance connectivity to the AWS cloud by allowing the provision of physical fiber from the customer’s location or data center into AWS Direct Connect points of presence. This session covers design considerations around AWS Direct Connect solutions. We will discuss how to design and configure physical and logical redundancy using both physically redundant fibers and logical VPN connectivity, and includes a live demo showing both the configuration and the failure of a doubly redundant connectivity solution. This session is for network engineers/architects, technical professionals, and infrastructure managers who have a working knowledge of Amazon VPC, Amazon EC2, general networking, and routing protocols.
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
The Ruby community has driven a lot of technical innovation in deployment and configuration management over the last few years, and so the idea of delivering high-quality software rapidly should be familiar to most of us. But although our tools are state-of-the-art, getting them to work together properly can be surprisingly frustrating. In this talk, I'll explain how to implement a high-quality rapid build and deploy process using standard CI tools, Bundler, RVM, and Capistrano. I'll also discuss how to coach your developers, QAs, and client to be "production-ready, any time."
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CloudIDSummit
John DaSilva, Identity Architect, Ping Identity
Brian Campbell, Portfolio Architect, Ping Identity
If you asked yourself the question, "What is OAuth and will it solve my mobile device SSO headaches?” then this is the session for you! In this bootcamp, you will learn the basic foundations of OAuth, the drivers (the “why”) behind it, the use cases, the protocol flow and basic terminology. Once we have a basic understanding of OAuth, we will explore various implementation strategies for OAuth 2.0. We’ll dissect the Web Server, User Agent and Native Application use cases, and describe how to configure OAuth in PingFederate Authorization Server. We will even take a look at the up and coming OpenID Connect specification. Bring your laptop; a configuration of PingFederate that you can set up and temporary product licenses will be supplied.
The document provides an overview of architectural best practices for building scalable applications on AWS. It discusses 7 key lessons: 1) design for failure, 2) loose coupling, 3) implement elasticity, 4) build security in every layer, 5) don't fear constraints, 6) think parallel, and 7) leverage different AWS storage options. Examples are given for how to apply each lesson when migrating a traditional web architecture to be cloud-native on AWS.
OpenID Connect - An Emperor or Just New Cloths?Oliver Pfaff
OpenID Connect is a specification that defines an identity layer on top of the OAuth 2.0 authorization framework. It allows clients to verify user identity and obtain basic profile information about the user. OpenID Connect supports common identity use cases like single sign-on and identity federation through the use of ID tokens and user info endpoints. While it is not a complete replacement for SAML, OpenID Connect provides a simpler approach that is better suited for mobile and REST-based applications compared to the XML-based SAML standard.
Hadoop Summit 2012 | Optimizing MapReduce Job PerformanceCloudera, Inc.
Optimizing MapReduce job performance is often seen as something of a black art. In order to maximize performance, developers need to understand the inner workings of the MapReduce execution framework and how they are affected by various configuration parameters and MR design patterns. The talk will illustrate the underlying mechanics of job and task execution, including the map side sort/spill, the shuffle, and the reduce side merge, and then explain how different job configuration parameters and job design strategies affect the performance of these operations. Though the talk will cover internals, it will also provide practical tips, guidelines, and rules of thumb for better job performance. The talk is primarily targeted towards developers directly using the MapReduce API, though will also include some tips for users of higher level frameworks.
(APP304) AWS CloudFormation Best Practices | AWS re:Invent 2014Amazon Web Services
"With AWS CloudFormation you can model, provision, and update the full breadth of AWS resources. You can manage anything from a single Amazon EC2 instance to a multi-tier application.
If you are familiar with AWS CloudFormation or using it already, this session is for you. If you are familiar with AWS CloudFormation, you may have questions such as ''How do I plan my stacks?', ''How do I deploy and bootstrap software on my stacks?' and ''Where does AWS CloudFormation fit in a DevOps pipeline?' If you are using AWS CloudFormation already, you may have questions such as ''How do I manage my templates at scale?', ''How do I safely update stacks?', and ''How do I audit changes to my stack?' This session is intended to answer those questions.
If you are new to AWS CloudFormation, get up to speed for this session by completing the Working with CloudFormation lab in the self-paced Labs Lounge."
(WEB302) Best Practices for Running WordPress on AWS | AWS re:Invent 2014Amazon Web Services
This document summarizes a discussion between Andreas Chatzakis and Chris Pitchford about optimizing WordPress websites on AWS. Some key points include:
- Using AWS services like S3, CloudFront, Route 53, and EC2 with auto scaling to host WordPress sites for high performance and availability.
- Configuring CloudFront caching rules for static, dynamic admin, and dynamic front-end content.
- Leveraging RDS for the database with read replicas and ElastiCache for caching to improve database performance.
- Monitoring with CloudWatch and auto scaling EC2 instances when CPU usage is high.
- Implementing best practices like separating databases and web servers, using IAM roles
(GAM301) Real-Time Game Analytics with Amazon Kinesis, Amazon Redshift, and A...Amazon Web Services
Success in free-to-play gaming requires knowing what your players love most. The faster you can respond to players' behavior, the better your chances of success. Learn how mobile game company GREE, with over 150 million users worldwide, built a real-time analytics pipeline for their games using Amazon Kinesis, Amazon Redshift, and Amazon DynamoDB. They walk through their analytics architecture, the choices they made, the challenges they overcame, and the benefits they gained. Also hear how GREE migrated to the new system while keeping their games running and collecting metrics.
The document discusses implementing a hybrid database solution using both MongoDB and MySQL. It describes storing less frequently changing and reference data like users and products in MongoDB for flexibility, while storing transactional data like orders and inventory counts in MySQL for ACID compliance. The system keeps the data in sync between the two databases using listeners that update MySQL whenever related data is created or changed in MongoDB.
One of the advantages of learning a new language is being exposed to new idioms and new approaches to solving old problems. In this talk, we will introduce the Ruby language with particular focus on the idioms and concepts that are different from what is found in Java.
We will introduce concepts such as closures, continuations and meta programming. We will also examine powerful techniques that are practically impossible in Java due to its compile time binding of types.
No experience with Ruby is assumed although an understanding of Java would be helpful.
This talk was given at the Toronto Java Users Group in April 2008
This document summarizes techniques for optimizing Hive queries, including recommendations around data layout, format, joins, and debugging. It discusses partitioning, bucketing, sort order, normalization, text format, sequence files, RCFiles, ORC format, compression, shuffle joins, map joins, sort merge bucket joins, count distinct queries, using explain plans, and dealing with skew.
PowerPoint presentation supporting the oral presentation of Kyle Anderson from AGI, Inc. Presentation given to Christian technicians in India at a worship conference.
Powering Interactive Data Analysis at Pinterest by Amazon RedshiftJie Li
In the last six month, we have set up Amazon Redshift to power our interactive data analysis at Pinterest. It has tremendously improved the speed of analyzing our data.
Callbacks, Promises, and Coroutines (oh my!): Asynchronous Programming Patter...Domenic Denicola
This talk takes a deep dive into asynchronous programming patterns and practices, with an emphasis on the promise pattern.
We go through the basics of the event loop, highlighting the drawbacks of asynchronous programming in a naive callback style. Fortunately, we can use the magic of promises to escape from callback hell with a powerful and unified interface for async APIs. Finally, we take a quick look at the possibilities for using coroutines both in current and future (ECMAScript Harmony) JavaScript.
Learn how the Blue/Green Deployment methodology combined with AWS tools and services can help reduce the risks associated with software deployment. We will illustrate common patterns and highlight ways deployment risks are mitigated by each pattern. Topics will include how services like AWS CloudFormation, AWS Elastic Beanstalk, Amazon EC2 Container Service, Amazon Route53, Auto Scaling and Elastic Load Balancing can help automate deployment. We will also address how to effectively manage deployments in the context of data model and schema changes. Learn how you can adopt blue/green for your software release processes in a cost-effective and low-risk way.
10+ Deploys Per Day: Dev and Ops Cooperation at FlickrJohn Allspaw
Communications and cooperation between development and operations isn't optional, it's mandatory. Flickr takes the idea of "release early, release often" to an extreme - on a normal day there are 10 full deployments of the site to our servers. This session discusses why this rate of change works so well, and the culture and technology needed to make it possible.
High Availability in the Cloud - Architectural Best PracticesRightScale
RightScale Webinar: The April 21st Amazon service disruption in the US East Region caused many to revisit application architectures to better withstand failures. With cloud infrastructure as a level playing field, we all have effectively the same building blocks and it’s up to each of us to balance cost and complexity against the risk of outages. Fortunately, there are many simple approaches in the cloud that dramatically improve application scalability and availability with little incremental cost.
AWS Summit London 2014 | From One to Many - Evolving VPC Design (400)Amazon Web Services
In this advanced technical session you will learn how you can use AWS to build and deploy virtual data centres as fast as you can design them. Learn how to combine CloudFormation templates together with best practice techniques that are in use by AWS customers today to optimise the design and implementation of your VPCs
As more customers adopt Amazon Virtual Private Cloud architectures, the features and flexibility of the service are squaring off against increasingly complex design requirements. This session follows the evolution of a single regional VPC into a multi-VPC, multi-region design with diverse connectivity into on-premises systems and infrastructure. Along the way, we investigate creative customer solutions for scaling and securing outbound VPC traffic, managing multi-tenant VPCs, conducting VPC-to-VPC traffic, extending corporate federation and name services into VPC, running multiple hybrid environments over AWS Direct Connect, and integrating corporate multiprotocol label switching (MPLS) clouds into multi-region VPCs.
For more training on AWS, visit: https://www.qa.com/amazon
AWS Loft | London - Amazon Virtual Private Cloud by Andrew Kane, Solution Architect
April 18, 2016
The document outlines the agenda for a user group meeting on AWS VPC topics. The agenda includes reviewing default and custom VPCs, NAT instances and gateways, VPC peering, flow logs, endpoints, VPN connections, Direct Connect, limits and pricing, and exam tips. It also lists past topics such as storage, compute, databases, and networking services, as well as upcoming topics such as Lambda, cost optimization, and machine learning.
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
Presented by: Koen Biggelaar, Senior Manager Solutions Architecture, Amazon Web Services
Customer Guest: Jurjan Woltman, Architect, Wehkamp
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
The document discusses Amazon Virtual Private Clouds (VPCs). It describes VPCs as isolated virtual networks within the AWS cloud that allow users to define their own virtual networking environments, including IP ranges, subnets, route tables and network gateways. It provides examples of how to configure public and private subnets, security groups, route tables and internet gateways to control traffic within a VPC network.
AWS VPC NOTES _ LEARN AWS EFFECTIVELY and Easilyakramemohemat
The document discusses Amazon Virtual Private Clouds (VPCs). It describes VPCs as isolated virtual networks within the AWS cloud that allow users to define their own virtual networking environments, including IP ranges, subnets, route tables and network gateways. It provides examples of how to configure public and private subnets, security groups, route tables and internet gateways to control traffic within a VPC network.
AWS Direct Connect allows organizations to establish a dedicated network connection from their premises to AWS. It provides higher bandwidth, more consistent network performance than internet-based connections, and avoids public internet charges for data transfer. Customers can establish Direct Connect connections from their data centers to AWS using partner network providers.
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Web Services
This document provides an overview of Amazon Virtual Private Cloud (VPC) networking fundamentals and connectivity options. It discusses setting up an internet-connected VPC including choosing an IP address range, creating subnets in availability zones, creating a route to the internet, and authorizing traffic. It also covers VPC peering, virtual private networks (VPNs), AWS Direct Connect, VPC endpoints, AWS PrivateLink, DNS options with Route 53, and VPC flow logs.
The Getting Started on AWS deck serves to introduce Amazon users and prospective customers to the Amazon VPC, EC2 and the concepts and components that are necessary building Fault Tolerant & High Available environments on AWS. It also serves to introduce services like Direct Connect, Router53 (Amazon DNS Service) and one of our new additions, the Amazon
Application Load Balancer (ALB). After perusing this deck, users should have a better understanding of what these services are and their propose benefits.
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWSPROIDEA
Celem prezentacji jest przedstawienie sposobu tworzenia i zarządzania infrastrukturą sieciową w chmurze (AWS). Podczas prezentacji użytkownicy dowiedzą się z jakich komponentów składa się infrastruktura w chmurze, zapoznają się z tematyką VPC (Virtual Private Cloud), Security Group, Direct Connect, Avaibility Zone, Route53, Regions. Dodatkowo dowiedzą się jak należy projektować systemy aby były określane jako HA oraz w jaki sposób można tworzyć rozwiązania hybrydowe i połączyć chmurę z istniejącą infrastrukturą on-premise. Dodatkowo słuchacze zapoznają się ze sposobem zarządzania infrastrukturą sieciową jak kodem (tzw. IaC - Infrastructure as Code) – co pozwala w szybki sposób tworzyć i zarządzać całością infrastruktury sieciowej w chmurze.
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...Amazon Web Services
In this session, we walk through the fundamentals of Amazon VPC. First, we cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks that AWS makes available with Amazon VPC and how you can connect this with your offices and current data center footprint.
Creating Your Virtual Data Center - AWS Summit Bahrain 2017Amazon Web Services
This document provides an overview of setting up a virtual private cloud (VPC) on Amazon Web Services (AWS) with internet connectivity. It discusses choosing an IP address range and subnets across availability zones for the VPC. It also covers creating a route to the internet, authorizing traffic, and using security groups. The document then discusses additional VPC connectivity options like restricting internet access, connecting to on-premises networks via VPN or Direct Connect, and connecting VPCs via peering. It concludes by covering integrating AWS services into the VPC and using services like S3 endpoints, Route 53, and VPC flow logs.
Network design considerations when connecting to a public cloud service like AWS or Azure.
How does an AWS Direct Connect work, when to use the Internet and when to use a more guaranteed performance environment like a Private IP Network / MPLS network.
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...Amazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
This document discusses several ways to access AWS cloud workloads from various locations, including from the internet, from other VPCs, and from on-premises networks. It provides an overview of networking services like internet gateways, VPC peering, transit gateways, Direct Connect, and VPN connections. Diagrams show example architectures using these services to provide secure, scalable access to workloads from different networks.
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
I crafted this presentation for the AWS Chicago Meetup. This deck covers the rationale, building blocks, guidelines, and several best practices for Amazon Web Services Virtual Private Cloud. I classify it as a somewhere between a 101 and 201 level presentation.
If you like the presentation, I would appreciate you clicking the Like button.
Similar to From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013 (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
1) The document discusses building a minimum viable product (MVP) using Amazon Web Services (AWS).
2) It provides an example of an MVP for an omni-channel messenger platform that was built from 2017 to connect ecommerce stores to customers via web chat, Facebook Messenger, WhatsApp, and other channels.
3) The founder discusses how they started with an MVP in 2017 with 200 ecommerce stores in Hong Kong and Taiwan, and have since expanded to over 5000 clients across Southeast Asia using AWS for scaling.
This document discusses pitch decks and fundraising materials. It explains that venture capitalists will typically spend only 3 minutes and 44 seconds reviewing a pitch deck. Therefore, the deck needs to tell a compelling story to grab their attention. It also provides tips on tailoring different types of decks for different purposes, such as creating a concise 1-2 page teaser, a presentation deck for pitching in-person, and a more detailed read-only or fundraising deck. The document stresses the importance of including key information like the problem, solution, product, traction, market size, plans, team, and ask.
This document discusses building serverless web applications using AWS services like API Gateway, Lambda, DynamoDB, S3 and Amplify. It provides an overview of each service and how they can work together to create a scalable, secure and cost-effective serverless application stack without having to manage servers or infrastructure. Key services covered include API Gateway for hosting APIs, Lambda for backend logic, DynamoDB for database needs, S3 for static content, and Amplify for frontend hosting and continuous deployment.
This document provides tips for fundraising from startup founders Roland Yau and Sze Lok Chan. It discusses generating competition to create urgency for investors, fundraising in parallel rather than sequentially, having a clear fundraising narrative focused on what you do and why it's compelling, and prioritizing relationships with people over firms. It also notes how the pandemic has changed fundraising, with examples of deals done virtually during this time. The tips emphasize being fully prepared before fundraising and cultivating connections with investors in advance.
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
This document discusses Amazon's machine learning services for building conversational interfaces and extracting insights from unstructured text and audio. It describes Amazon Lex for creating chatbots, Amazon Comprehend for natural language processing tasks like entity extraction and sentiment analysis, and how they can be used together for applications like intelligent call centers and content analysis. Pre-trained APIs simplify adding machine learning to apps without requiring ML expertise.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
20 Comprehensive Checklist of Designing and Developing a WebsitePixlogix Infotech
Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
3. In a physical world you Design your network infrastructure…
then spend a lot of time building and deploying
4. With Amazon Virtual Private Cloud, build and deploy virtual
datacenters as fast as you design them
version
5. VPC
Tip
Get to know AWS CloudFormation
• Source control and version control your datacenter
• Deploy infrastructure with one command
• Reproduce anywhere in the globe in minutes
• Segregation of Duties (SoD) between
infrastructure and application owners
6. Elements of VPC Design
Amazon VPC
Router
Internet
Gateway
Customer
Gateway
Subnet
Virtual
Private
Gateway
VPN
Connection
Route Table
Elastic Network
Interface
7. •
•
A VPC can span all AZ’s in
an AWS Region
•
Availability Zone A
VPC is a private, isolated
section of the AWS Cloud
where you define the
networking within
Only one decision upon
VPC creation:
Availability Zone B
What IP CIDR block to assign?
8. •
Subnet
Availability Zone A
Subnet
Availability Zone B
•
On subnet creation only
AZ, VPC and CIDR block
designated
•
VPC CIDR: 10.1.0.0 /16
Subnets are AZ specific
Modifying a Subnet’s
Routing Table or Network
Access Control Lists is
done after creation
9. VPC
Tip
Plan your VPC IP space before
creating it
•
Consider future AWS region expansion
•
Consider future connectivity to corporate networks
•
Consider subnet design
•
VPC can be /16 down to /28
•
CIDR cannot be modified once created
•
Overlapping IP spaces = future headache
10. •
Public and Private subnets
are a common logical
isolation
•
At this point in VPC
configuration, Public and
Private are just indicators
of the subnet purpose
•
Several additional elements
must be configured before
traffic can egress the VPC
VPC CIDR: 10.1.0.0 /16
Public Subnet
Private Subnet
Availability Zone A
Public Subnet
Private Subnet
Availability Zone B
11. •
Subnet size should be
considered relative to
subnet purpose and not the
Layer 2 limits of traditional
switched networks
•
For subnets containing
large, dynamic workloads,
subnet size might be many
1000s of instances
•
Traditional subnet
constraints such as
broadcast domain limits do
not apply in VPC
VPC CIDR: 10.1.0.0 /16
Instance A
10.1.1.11 /24
Instance B
10.1.2.22 /24
Public Subnet
Public Subnet
Instance C
10.1.3.33 /24
Private Subnet
Availability Zone A
Instance D
10.1.4.44 /24
Private Subnet
Availability Zone B
12. •
By default, every subnet
can route to every other
subnet in a VPC
•
A virtual router forms this
star topology between all
VPC subnets
•
The VPC DHCP Service
hands out the virtual router
address as the default
gateway to every instance
booting in a VPC subnet
•
Virtual Router always takes
the .1 address of every
VPC subnet
VPC CIDR: 10.1.0.0 /16
Instance A
10.1.1.11 /24
Public Subnet
Instance B
10.1.2.22 /24
.1
.1
.1
.1
Instance C
10.1.3.33 /24
Private Subnet
Availability Zone A
Public Subnet
Instance D
10.1.4.44 /24
Private Subnet
Availability Zone B
13. VPC CIDR: 10.1.0.0 /16
Route Table
Instance A
10.1.1.11 /24
Public Subnet
Destination
Target
10.1.0.0/16
Instance B
10.1.2.22 /24
local
Public Subnet
•
Instance C
10.1.3.33 /24
Private Subnet
Availability Zone A
The local route is the first entry
in every VPC Routing Table
and enables intra subnet
routing (the star topology)
•
The local route cannot be
deleted
Instance D
10.1.4.44 /24
Private Subnet
Availability Zone B
15. VPC
Tip
Leave the Main Route Table Alone
• Upon creation, every subnet is associated with the Main
Route Table
• Only after subnet creation can you modify the Route Table
assigned to a subnet
• So leave Main Route Table with only the local route and
eliminate the possibility of a subnet being given routes it
shouldn’t
16. Instance A
10.1.1.11 /24
Instance B
10.1.2.22 /24
Public Subnet
Public Subnet
Instance C
10.1.3.33 /24
Private Subnet
Route Table
Availability Zone A
Destination
Target
10.1.0.0/16
local
10.1.1.0/24
Instance B
Instance D
10.1.4.44 /24
Private Subnet
Availability Zone B
•
You cannot create a route
more specific than the local
route
•
VPC CIDR: 10.1.0.0 /16
VPC Routing Tables are for
defining ways OUT of a VPC
and not for defining Intra-VPC
routes
17. Network ACLs vs Security Groups
Elastic Network
Instance
Security Group
NACLs
Security Groups
•
•
•
•
• Applied to instance ENI (up
to 5 per)
• Stateful
• Allow Only (whitelist)
• Rules evaluated as a whole
• SGs can reference other
SGs in same VPC
Applied to subnets (1 per)
Stateless
Allow & Deny (blacklist)
Rules processed in order
Network ACL
VPC Subnet
18. VPC Network ACLs: What are they good for?
• Enforcing baseline security policy
– Example:
“No TFTP, NetBIOS or SMTP shall egress this
subnet”
Instance
VPC Subnet
• Catch all for holes in instance
security groups
• Segregation of security between
network ops and dev ops
19. VPC Network ACLs: Best Practices
•
•
•
•
Use sparingly, keep it simple
Egress security policies are best
Create rule #’s with room to grow
Use IAM to tightly control who can alter or delete NACLs
Pushing this will Hurt!
Default Network ACL:
20. VPC
Tip
Create an IAM VPC Admin Group
Examples of “High Blast Radius” VPC API calls that should be restricted:
Support
Resource
Permissions
{
AttachInternetGateway
AssociateRouteTable
CreateRoute
DeleteCustomerGateway
DeleteInternetGateway
DeleteNetworkAcl
DeleteNetworkAclEntry
DeleteRoute
DeleteRouteTable
DeleteDhcpOptions
ReplaceNetworkAclAssociation
DisassociateRouteTable
21. Example IAM Policy for NACL Admin
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DeleteNetworkAcl",
"ec2:DeleteNetworkAclEntry"
],
"Resource": "arn:aws:ec2:us-west-2:123456789012:network-acl/*",
"Condition": {
"StringEquals": {
Multi Factor Authentication
"ec2:ResourceTag/Environment": "prod"
},
required for Actions in Policy
"Null": {
"aws:MultiFactorAuthAge": "false"
}
}
}
]
}
22. VPC CIDR: 10.1.0.0 /16
Instance A
10.1.1.11 /24
Instance B
10.1.2.22 /24
Public Subnet
Public Subnet
Instance C
10.1.3.33 /24
Private Subnet
Availability Zone A
Instance D
10.1.4.44 /24
Private Subnet
Availability Zone B
Creating Ways “Out”
of a VPC
23. VPC CIDR: 10.1.0.0 /16
Only 1 IGW and 1 VGW
per VPC
Internet
Gateway
Instance A
10.1.1.11 /24
Instance B
10.1.2.22 /24
Public Subnet
Public Subnet
Instance C
10.1.3.33 /24
Instance D
10.1.4.44 /24
Route Table
Direct
Connect
Target
local
Corp CIDR
Private Subnet
Availability Zone A
Customer
Data Center
Destination
10.1.0.0/16
Private Subnet
VGW
Availability Zone B
Virtual
Private
Gateway
VPN
Connection
Customer
Data Center
24. VPC CIDR: 10.1.0.0 /16
Route
Table
Instance A
10.1.1.11 /24
Public Subnet
Instance C
10.1.3.33 /24
Private Subnet
Availability Zone A
Three Elements Required to
Egress VPC from IGW:
1.
Internet Gateway must be
associated to VPC
2.
Subnet must be
associated to a Routing
Table with a route to the
IGW
3.
Instances in the subnet
that will egress VPC must
be associated with a
Public IP
Route Table
Destination
Target
10.1.0.0/16
Instance B
local
10.1.2.22 /24
0.0.0.0/0
Public
IGW Subnet
Instance D
10.1.4.44 /24
Private Subnet
Availability Zone B
25. Ways to Assign Public IPs
Elastic IP (EIP)
•
•
•
•
•
•
Associated with AWS account and not a specific instance
1 Public IP to 1 Private IP static NAT mapping
Instance does not “see” an EIP associated to it
Persists independent of the instance
Can be assigned while instance is stopped or running
Can be moved, reassigned to other ENIs
26. Ways to Assign Public IPs
Automatic dynamic Public IP assignment
• Done on instance launch into VPC subnet
• Public IP is dynamic and could change if instance is
stopped and restarted
• Does not count against AWS Account EIP limits
• Works only on instances with a single ENI
27. Internet
AWS outside the VPC
AWS
region
•
Services such as S3 and
Dynamo DB are Regional
and accessible only via
Public End Points
•
Resources in a VPC
requiring access to
Regional services must be
able to egress the VPC into
the Public AWS network
Amazon S3 DynamoDB
Route
Table
Instance A
Public: 54.200.129.18
Private: 10.1.1.11 /24
Public Subnet
Instance C
10.1.3.33 /24
Private Subnet
Availability Zone A
Instance B
10.1.2.22 /24
Public Subnet
Instance D
10.1.4.44 /24
Private Subnet
Availability Zone B
28. Examples of AWS outside the VPC
•
•
•
AWS API Endpoints
– Think about which APIs you might be calling from instances within the
VPC
– Good examples: Amazon EC2, AWS CloudFormation, Auto Scaling,
Amazon SWF, Amazon SQS, Amazon SNS
Regional Services
– Amazon S3
– Amazon Dynamo DB
Software and Patch Repositories
– Amazon Linux repo allows access only from AWS public IP blocks
29. Internet
AWS
region
Amazon S3 DynamoDB
Route
Table
Instance A
Public: 54.200.129.18
Private: 10.1.1.11 /24
Public Subnet
Instance C
10.1.3.33 /24
Private Subnet
Availability Zone A
Instance B
10.1.2.22 /24
Public Subnet
Instance D
10.1.4.44 /24
Private Subnet
Availability Zone B
And what if instance C
in a private subnet
needs to reach outside
the VPC?
It has no route to the
IGW and no public IP.
30. Internet
AWS
region
Amazon S3 DynamoDB
NAT A
Public: 54.200.129.18
Private: 10.1.1.11 /24
Public Subnet
Deploy an instance that
functions as a
N etwork
A ddress
T ranslat(or)
Instance B
10.1.2.22 /24
Public Subnet
Route Table
Instance C
10.1.3.33 /24
Instance D
10.1.4.44 /24
Availability Zone A
Target
10.1.0.0/16
Private Subnet
Destination
local
0.0.0.0/0
NAT
instanc
e
Private Subnet
Availability Zone B
31. VPC
Tip
What makes up the Amazon Linux
NAT AMI?
Not much to it:
1. IP forwarding enabled
2. IP NAT Masquerading enabled in iptables
3. Source / Destination check is turned off on the instance
$echo 1 > /proc/sys/net/ipv4/ip_forward
$echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects
$/sbin/iptables -t nat -A POSTROUTING -o eth0 –s 10.1.0.0/16 -j MASQUERADE
$/sbin/iptables-save
$aws ec2 modify-instance-attributes –instance-id i-xxxxxxxx –source-destcheck “{”Value”:false}”
32. Internet
AWS
region
Amazon S3 DynamoDB
Other private subnets
can share the same
routing table and use
the NAT
But…
NAT A
Public: 54.200.129.18
Private: 10.1.1.11 /24
Public Subnet
Instance C
10.1.3.33 /24
Private Subnet
Availability Zone A
Instance B
10.1.2.22 /24
Public Subnet
Instance D
10.1.4.44 /24
Private Subnet
Availability Zone B
33. Internet
AWS
region
Amazon S3 DynamoDB
NAT A
Public: 54.200.129.18
Private: 10.1.1.11 /24
Public Subnet
Private Subnet
Availability Zone A
Instance B
10.1.2.22 /24
Public Subnet
Private Subnet
Availability Zone B
… you could reach
a bandwidth bottleneck
if your private instances
grow and their NAT
bound traffic grows with
them.
35. Do bandwidth intensive processes need to be
behind a NAT?
•
Separate out application components with bandwidth needs
•
Run components from public subnet instances
•
Goal is full instance bandwidth out of VPC
•
Auto Scaling with Public IP makes this easy
•
NAT still in place for remaining private instances
•
Most Common use case:
Multi-Gbps streams to Amazon S3
36. Internet
Customers
• Image processing app with high
outbound network to Amazon
S3
AWS
region
Amazon S3 DynamoDB
Public ELB
ELB Auto scaling Group
Public ELB Subnet
Web
Servers
Public Subnet
• Public ELB receives incoming
customer HTTP/S requests
• Auto Scaling assigns public IP
to new web servers
Public ELB Subnet
NAT
Direct to Amazon S3
Multi AZ Auto scaling Group
Private Subnet
Availability Zone A
Public Subnet
Private Subnet
Availability Zone B
• With public IPs, web servers
initiate outbound requests
directly to Amazon S3
• NAT device still in place for
private subnets
37. Autoscaling Support for Automatic
Public IP Assignment
Sample Launch Configuration (named “hi-bandwidth-public”):
$aws autoscaling create-launch-configuration --launch-configuration-name hi-bandwidthpublic --image-id ami-xxxxxxxx --instance-type m1.xlarge --associate-public-ip-address
38. Internet
Autoscale HA NAT
• Use Auto Scaling for NAT
Availability
AWS
Region
Amazon S3 DynamoDB
• Create 1 NAT per AZ
• All private subnet route tables to
point to same AZ NAT
• 1 Auto Scaling group per NAT
with min and max size set to 1
NAT
Public Subnet
Private Subnet
Availability Zone A
NAT
Public Subnet
Private Subnet
Availability Zone B
• Let Auto Scaling monitor the
health and availability of your
NATs
• If NAT fails, user data script in
Autoscaling Launch config
programmatically updates
private subnet route tables to
point to new NAT instance ID
39. Auto Scaling for Availability
Sample HA NAT Autoscaling group (named “ha-nat-asg”):
$aws autoscaling create-auto-scaling-group --auto-scaling-group-name hanat-asg --launch-configuration-name ha-nat-launch --min-size 1 --max-size
1 --vpc-zone-identifier subnet-xxxxxxxx
40. Automating HA NAT with EC2 User Data
Latest version of the HA NAT User Data script on GitHub:
https://github.com/ralex-aws/vpc
41. IAM EC2 Role for HA NAT Instance
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:ModifyInstanceAttribute",
"ec2:DescribeSubnets",
"ec2:DescribeRouteTables",
"ec2:CreateRoute",
"ec2:ReplaceRoute"
],
"Resource": "*"
}
]
}
42. VPC
Tip
Tag Early, Tag Often!
•
Tagging strategy should be part of early design
•
Project Code, Cost Center, Environment, Team, Business Unit
•
Tag resources right after creation
•
Tags supported for resource permissions
•
AWS Billing also supports tags
•
Tight IAM controls on the creation and editing of tags
43. Finally, if design requirements keep high
bandwidth streams behind NAT:
• Use the 1 HA NAT per AZ design
• Vertically scale your NAT instance type to one with a High Network
Performance rating
• Keep a close watch on your network metrics
t1.micro
Very Low
m1.small
Low
m1.large
Moderate
m1.xlarge, c1.xlarge
High
44. For further HA NAT design alternatives, please see:
High Availability for Amazon VPC NAT Instances
http://aws.amazon.com/articles/2781451301784570
Deploy HA NAT With Cloudformation Templates:
http://aws.amazon.com/articles/6079781443936876
46. Considering Multiple VPCs
•
Public Facing
Web App
Internal
Corporate
App
VPN
Connection
Customer
Data Center
Public Facing Web App
deployed in own VPC
•
AWS
region
Now want to deploy an
internal only Corporate App
connected to Corporate
Datacenter via VPN
•
New VPC created in the
Region for Corporate app
to keep the external and
internal applications
isolated from each other
What’s Next?
47. Common Multi-VPC Customer Use Cases:
• Application isolation
• Scope of audit containment
• Risk level separation
• Separate production from non-production
• Multi tenant isolation
• Business unit alignment
48. Considerations for One or Many VPCs:
• Know your inter-VPC traffic
• Separate AWS accounts by definition means separate
VPCs
• IAM / resource permissions and controls
• VPC limits:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Appendix_Limits.html
49. There is a whole talk on this one!
CPN208
Selecting the Best VPC Network Architecture
51. Internal Application to VPC
AWS
region
Public Facing
Web App
Internal
Corporate
App
VPN
Connection
Customer
Data Center
52. Internal Application to VPC
AWS
region
Route Table
Private Subnet
Availability Zone A
Destination
Virtual
Private
Gateway
Availability Zone B
VPN
Connection
Corporate
Data Center
Corporate Internal
Customers
local
Corp CIDR
Private Subnet
Target
10.1.0.0/16
Intranet
App
Intranet
App
VGW
53. But… app will leverage this for storing
data:
Amazon S3
54. And you don’t really want to do this:
Amazon
S3
AWS
region
Internet
Intranet
App
Intranet
App
Private Subnet
Availability Zone A
Virtual
Private
Gateway
Private Subnet
Availability Zone B
Corporate Border
Router
Internet
VPN
Connection
Corporate VPN
Corporate
Data Center
55. Control IGW Access through a Proxy Layer
• Deploy a proxy control layer between application and IGW
• Restrict all outbound HTTP/S access to only approved URL
destinations like Amazon S3
• No route to IGW for private subnets
• Control access to proxy through security groups
• Must configure proxy setting in OS of instances
56. Controlling the Border
AWS region
• Deploy internal ELB layer
across AZs
• Add all instances allowed
outside access to a security
group
ELB Multi AZ Auto scaling Group
Intranet
App
Private Subnet
Availability Zone A
• Use this security group as the
only source allowed access to
the proxy port in the load
balancer’s security group
ELB Private Subnet
ELB Private Subnet
Internal
ELB
Intranet
App
Private Subnet
Availability Zone B
VPN
Connection
Corporate
Data Center
Corporate Internal
Customers
57. VPC
Tip
Put load balancers in their own
subnets
• Elastic Load Balancing is Amazon EC2 in your
subnets
• Elastic Load Balancing is using your private
addresses
• Separate subnets = separate control
• Distinguish LB layer from app layers
58. Amazon
S3
AWS region
• Squid Proxy layer deployed
between internal load balancer
and the IGW border.
Multi AZ Auto scaling Group
Proxy Public Subnet
Private Subnet (s)
Proxy Public Subnet
• Only proxy subnets have route
to IGW.
ELB Private Subnet
HTTP/S
ELB Private Subnet
Intranet
App
Controlling the Border
• Proxy security group allows
inbound only from Elastic Load
Balancing security group.
Internal
ELB
• Proxy restricts which URLs may
pass. In this example,
s3.amazonaws.com is allowed.
Intranet
App
Private Subnet (s)
Availability Zone B
Availability Zone A
VPN
Connection
Corporate
Data Center
Corporate Internal
Customers
• Egress NACLs on proxy
subnets enforce HTTP/S only.
59. Squid.conf Sample Config:
# CIDR AND Destination Domain based Allow
# CIDR Subnet blocks for Internal ELBs
acl int_elb_cidrs src 10.1.3.0/24 10.1.4.0/24
# Destination domain for target S3 bucket
acl s3_v2_endpoints dstdomain $bucket_name.s3.amazonaws.com
# Squid does AND on both ACLs for allow match
http_access allow int_elb_cidrs s3_v2_endpoints
# Deny everything else
http_access deny all
60. Using Squid Proxy Instances for Web Service Access
in Amazon VPC:
http://aws.amazon.com/articles/5995712515781075
61. … and this design could also be an
option to our earlier NAT bandwidth
discussion if outbound traffic
requirements are HTTP only.
63. …or what do you mean
ip-10-1-1-57.us-west-2.compute.internal isn’t
a “friendly” name?
64. Active Directory + DNS in the VPC
AWS
region
Domain Join +
DNS Queries
Public Facing
Web App
Domain
Controller
+ DNS
Internal
Corporate
App
New Instance:
friendly-vpc-123.corp.example.com
• Domain Controllers launched in
internal VPC
• Internal VPC instances join
domain upon launch
• Instances use Dynamic DNS to
register both A and PTR records
• Domain controller replicates
with Corporate AD servers
• VPC DNS forwarding to
corporate DNS
VPN
Connection
AD
Replication
corp.example.com
AD Controller
Corporate Data center
DNS
Forward
Requests
example.com
DNS
65. DNS in the VPC
• Enable automatic DNS hostname creation and
resolution with these 2 options:
• Automatic hostname creation
• Private only instances assigned private hostname
• Public instances assigned public and private
66. Split DNS Resolution
From outside VPC:
From inside VPC:
Private hostnames only
resolvable within VPC
•
Public hostnames will
resolve to private IP
addresses within the VPC
•
10.1.0.2 represents the
VPC Virtual DNS Service
and will always take the .2
address of your VPC CIDR
block
•
Example hostnames for Public VPC instance:
ec2-54-200-171-240.us-west-2.compute.amazonaws.com
ip-10-1-1-87.us-west-2.compute.internal
•
VPC Virtual DNS Service is
also called
“AmazonProvidedDNS”
and enables instances in a
VPC to resolve public DNS
names
67. DHCP Option Sets
•
Not possible to replace the
VPC DHCP service with your
own
•
But it is possible to customize
what VPC DHCP hands out
•
Default option set only
contains DNS =
“AmazonProvidedDNS”
•
1 option set assigned per VPC
•
Changing option set
dynamically applies the next
time an instance requests a
lease refresh
68. Domain Join + Dynamic DNS updates
Availability Zone A
New VPC
DC 1
10.1.3.10
New Instance:
friendly-vpc-123.corp.example.com
Private Subnet
Private Subnet
New Instance Domain Registration
Internal
Corporate
App
New VPC
DC 2
10.1.4.10
Private Subnet
Availability Zone B
VPN
Connection
AD + DNS
Replication
corp.example.com
AD Forest
Corporate Data center
Dynamic DNS without Microsoft DHCP:
example.com
DNS
70. DNS Query Path
Availability Zone A
VPC DNS 1
10.1.3.10
DNS query:
www.xyz.com
Private Subnet
Private Subnet
Internal
Corporate
App
VPC DNS 2
10.1.4.10
Private Subnet
Availability Zone B
VPN
Connection
VPC DNS
Forwards to
Example DNS
DNS Forwards on to root
DNS servers if required
corp.example.com
AD Forest
example.com
DNS
Internet
Corporate Data center
71. For AWS CloudFormation templates and guides to setting up
Microsoft AD domains in VPC, please see:
Deploy a Microsoft SharePoint 2010 Server Farm in the AWS Cloud in 6
Simple Steps:
http://aws.amazon.com/articles/9982940049271604
Implementing Microsoft Windows Server Failover Clustering (WSFC)
and SQL Server 2012 AlwaysOn Availability Groups in the AWS Cloud
http://aws.amazon.com/whitepapers/microsoft-wsfc-sql-alwayson/
Microsoft Exchange Server 2010 in the AWS Cloud: Planning &
Implementation Guide:
http://media.amazonwebservices.com/AWS_Exchange_Planning_I
mplementation_Guide.pdf
73. AWS region
Public Facing
Web App
Internal
Corporate
App
VPN
Connection
What’s Next
???
AD Domain extended into VPC
example.com
AD Controller
Corporate Data center
example.com
DNS
74. AWS region
Public Facing
Web App
Internal
Corporate
App #1
Corporate Data center
Internal
Corporate
App #2
HA Pair VPN
Endpoints
Internal
Corporate
App #3
Internal
Corporate
App #4
Customer Gateways (CGW):
• 1 per VPN tunnel
• 1 public IP per CGW
• AWS provides 2 tunnel
destinations per region
75. VPN Hub and Spoke an option…
AWS
region
• Amazon EC2 VPN instances to
central virtual private gateway
Internal
Corporate
App #2
Internal
Corporate
App #3
• Control VPC contains common
services for all app VPCs
Services
VPC
Public Facing
Web App
Internal
Corporate
App #1
• For HA, 2 Amazon EC2-based
VPN endpoints in each spoke
Internal
Corporate
App #4
• Dynamic Routing protocol (BGP,
OSPF) between Spokes and
Hub
• If multi Gbps traffic flow to
Corporate Datacenter, then
IPSec tunnels could become
bandwidth bottleneck
HA Pair VPN
Endpoints
Corporate Data center
76. … or simplify with AWS Direct Connect
AWS region
Public Facing
Web App
Internal
Corporate
App #1
Internal
Corporate
App #2
Internal
Corporate
App #3
Internal
Corporate
App #4
AWS Direct Connect Private Virtual
Interface (PVI) connects to VGW on
VPC
•
•
1 PVI per VPC
802.1Q VLAN Tags isolate traffic
across AWS Direct Connect
AWS Direct Connect
Location
Private Fiber Connection
One or Multiple
50 – 500 Mbps,
1 Gbps or 10 Gbps pipes
Customer
Data Center
77. A few bits on AWS Direct Connect…
•
Dedicated, private pipes into AWS
•
Create private (VPC) or public interfaces to AWS
•
Cheaper data out rates than Internet (data in still free)
•
Consistent network performance compared to Internet
•
At Least 1 location to each AWS region (even GovCloud!)
•
Recommend redundant connections
•
Multiple AWS accounts can share a connection
80. VPC
Tip
Know Your Routing Database
• Keep track of all incoming BGP announcements into your VPCs
• Create a new Routing Table, unassigned to any subnet, and
enable Route Propagation
• Routing Table will show all routes the VGW has learned through
BGP announcements
• See what the VGW sees
81. Customer Interface 0/1.501
Public Virtual Interface 1
VLAN Tag
501
VLAN Tag
501
BGP ASN
65501 (or Public)
BGP ASN
7224
BGP Announce
Customer Public
BGP Announce
AWS Regional
Public CIDRs
Interface IP
Public /30 Provided
Interface IP
Public /30 Provided
Customer Internal
Network
Public AWS + VPCs Over AWS Direct Connect
VGW 1
VPC 1
10.1.0.0/16
VGW 2
VPC 2
10.2.0.0/16
Route Table
Destination
Target
VLAN 101
10.1.0.0/16
PVI 1
VLAN 102
10.2.0.0/16
PVI 2
10.3.0.0/16
PVI 3
10.4.0.0/16
PVI 4
Public AWS
PVI 5
VGW 3
VLAN 103
Customer
Switch + Router
VLAN 501
VPC 3
10.3.0.0/16
NAT / PAT
Security Layer
Public AWS
Region
82. AWS Direct Connect
Location
Customer Routers
AWS DX Routers
AWS
region
Customer Internal
Network
•
•
•
•
Multiple Physical connections:
Active / Active links via BGP multi-pathing
Active / Passive also an option
BGP MEDs or local preference can influence
route
Bidirectional Forwarding Detection (BFD)
supported
83. AWS Direct Connect
Location:
Virginia or NYC
Going Global
US-East-1
AWS
region
Customer
Routers
Customer Global
MPLS Backbone
Network
AWS Direct Connect
Routers
AWS Direct Connect
Location:
Ireland or London
EU-West-1
AWS
region
Customer
Routers
AWS DX
Routers
84. With AWS regions just another spoke on your global network,
it’s easy to bring the cloud down to you as you expand around the world.
US-East-1 region
AWS Direct
Connect PoP
Virginia or NYC
EU-West-1 region
US Corporate
Data Center
Corporate MPLS
Backbone
EU Corporate
Data Center
AWS Direct
Connect PoP
Ireland or London
85. Evolving VPC Design: Recap
•
•
•
•
•
•
Elements of VPC Design
Scalable and Available NAT
One VPC, Two VPC
Controlling the Border
Directory and Name Services in the VPC
Bringing It All Back Home
86. Related re:Invent Sessions:
ARC202 High Availability Application Architectures in
Amazon VPC
ARC304 Cloud Architectures with AWS Direct Connect
CPN205 Securing Your Amazon EC2 Environment with
AWS IAM Roles and Resource-Based Permissions
CPN208 Selecting the Best VPC Network Architecture
DMG201 Zero to Sixty: AWS CloudFormation
DMG303 AWS CloudFormation under the Hood
87. Please give us your feedback on this
presentation
ARC401
As a thank you, we will select prize
winners daily for completed surveys!