This document provides an agenda and overview for an AWS Fundamentals Basecamp training session. The agenda includes sessions on AWS Basecamp introduction, introduction to cloud computing, AWS services and regions overview, AWS networking, AWS security overview, AWS compute services, AWS storage services, and AWS databases. It also includes a break for lunch and a hands-on lab building AWS infrastructure in the afternoon. The document provides details on the topics that will be covered in each session.
The art of information architecture in Office 365Simon Rawson
I gave this this presentation at the Collab365 Global Conference in September 2020. It covers the main elements you need to consider in developing an information architecture and management plan for Office 365
Walk through this hands-on workshop to expand your AWS technical skills. Gain credibility for your experience working with AWS by building proficiency with services and solutions in the areas of AWS Architecture Fundamentals.
Walk through this hands-on workshop to expand your AWS technical skills. Gain credibility for your experience working with AWS by building proficiency with services and solutions in the areas of AWS Architecture Fundamentals.
Walk through this hands-on workshop to expand your AWS technical skills. Gain credibility for your experience working with AWS by building proficiency with services and solutions in the areas of AWS Architecture Fundamentals.
Walk through this hands-on workshop to expand your AWS technical skills. Gain credibility for your experience working with AWS by building proficiency with services and solutions in the areas of AWS Architecture Fundamentals.
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
I crafted this presentation for the AWS Chicago Meetup. This deck covers the rationale, building blocks, guidelines, and several best practices for Amazon Web Services Virtual Private Cloud. I classify it as a somewhere between a 101 and 201 level presentation.
If you like the presentation, I would appreciate you clicking the Like button.
The Getting Started on AWS deck serves to introduce Amazon users and prospective customers to the Amazon VPC, EC2 and the concepts and components that are necessary building Fault Tolerant & High Available environments on AWS. It also serves to introduce services like Direct Connect, Router53 (Amazon DNS Service) and one of our new additions, the Amazon
Application Load Balancer (ALB). After perusing this deck, users should have a better understanding of what these services are and their propose benefits.
The art of information architecture in Office 365Simon Rawson
I gave this this presentation at the Collab365 Global Conference in September 2020. It covers the main elements you need to consider in developing an information architecture and management plan for Office 365
Walk through this hands-on workshop to expand your AWS technical skills. Gain credibility for your experience working with AWS by building proficiency with services and solutions in the areas of AWS Architecture Fundamentals.
Walk through this hands-on workshop to expand your AWS technical skills. Gain credibility for your experience working with AWS by building proficiency with services and solutions in the areas of AWS Architecture Fundamentals.
Walk through this hands-on workshop to expand your AWS technical skills. Gain credibility for your experience working with AWS by building proficiency with services and solutions in the areas of AWS Architecture Fundamentals.
Walk through this hands-on workshop to expand your AWS technical skills. Gain credibility for your experience working with AWS by building proficiency with services and solutions in the areas of AWS Architecture Fundamentals.
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
I crafted this presentation for the AWS Chicago Meetup. This deck covers the rationale, building blocks, guidelines, and several best practices for Amazon Web Services Virtual Private Cloud. I classify it as a somewhere between a 101 and 201 level presentation.
If you like the presentation, I would appreciate you clicking the Like button.
The Getting Started on AWS deck serves to introduce Amazon users and prospective customers to the Amazon VPC, EC2 and the concepts and components that are necessary building Fault Tolerant & High Available environments on AWS. It also serves to introduce services like Direct Connect, Router53 (Amazon DNS Service) and one of our new additions, the Amazon
Application Load Balancer (ALB). After perusing this deck, users should have a better understanding of what these services are and their propose benefits.
Common Infrastructure Exploits in AWS/GCP/Azure Servers and ContainersPriyanka Aash
IaaS clouds transformed datacenter security architecture by enabling programmatic detection of flaws, making the cloud more transparently secure than any legacy architecture. But security practitioners who assume congruence to legacy designs miss where attack surface and visibility has changed. With concrete examples, this talk will explore the practical risks posed by misunderstanding VPC DNS and more.
Learning Objectives:
1: Understand exfil. risks in cloud hosting services due to DNS and VPC endpoints.
2: Understand what mitigations are not available when moving from legacy to cloud.
3: Understand mitigations available for server and serverless (container) designs.
(Source: RSA Conference USA 2018)
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). We will discuss core VPC concepts including picking your IP space, subnetting, routing, security, NAT and VPC Endpoints.
AWS User Group July 2014 - Getting Started with cloud computing and AWS
Getting Started with cloud computing and AWS
Slides for the following AWS User Group Talks:
"Public Cloud and AWS Overview" - Ryan Koop, Director of Products and Marketing at Cohesive @ryankoop
"Getting Started in AWS" - Jonny Sywulak, Continuous Delivery Engineer at Stelligent Systems LLC @jonathansywulak
July Sponsors:
Hosts: Cohesive
Beers and drinks: Cohesive
Pizza: el el see
Organizers: Cohesive
Interested in getting involved next time? Have an idea for a talk? email margaret.walkerATcohesive.net
#AWSChicago
Amazon Web Services (AWS) can make hosting scalable, highly-available websites and web applications easier and less expensive for the Enterprise Education customers. Join us for an informative webinar on tools AWS provides to elastically scale your architecture to avoid underutilized resources while reducing complexity with templates, partners, and tools to do much of the heavy lifting of creating and running a website for you.
Walk through this hands-on workshop to expand your AWS technical skills. Gain credibility for your experience working with AWS by building proficiency with services and solutions in the areas of AWS Architecture Fundamentals.
AWS Webcast - AWS Webinar Series for Education #3 - Discover the Ease of AWS ...Amazon Web Services
This webinar will emphasize how easy it is to deploy AWS resources with access to various publicly available AMIs, SaaS solutions, and CloudFormation templates to get started quickly with AWS. This session will dig deeper into how to launch critical business applications on AWS such as deploy an emergency website, launch SharePoint server and more. The gist of the webinar will be on ease of use and ability to clone environments that largest customers are running while trivializing undifferentiated heavy lifting to emphasize AWS’ ease in deploying in enterprises settings.
IDERA Slides: Managing the Transition to Hybrid CloudDATAVERSITY
Companies are struggling to understand the various cloud deployment options and how they will effectively manage their environment. As organizations transition to using cloud solutions for part or all of their database configurations, the IT teams need to understand what choices they must make for ensuring they can meet business expectations for performance, security, and availability. IDERA’s Rob Reinauer shares insights into managing SQL Server environments from cloud to ground so that you can make confident decisions for your database deployments and mitigate the added data risks cloud environments can introduce.
Understanding Virtual Networking in the Cloud - RightScale Compute 2013RightScale
Speaker: Josep Blanquer - Chief Architect, RightScale
Managing networking constructs in public and private clouds is a complex task. Add to that the different names, semantics, and capabilities that each cloud exposes, and you have a sure recipe for a headache. We will describe how subnets, firewalls, security groups, routing tables, virtual network interfaces, and other constructs map to the names and semantics in various public and private clouds. In this session we will present RightScale Networks Manager, a distilled definition of networking concepts that works across clouds. Networks Manager is a single pane of glass — UI and API — for your cloud networking infrastructure, saving you headaches from networking idiosyncrasies.
Join Marc Trouard-Riolle from Citrix Cloud Product Marketing for the latest presentation in the Citrix Cloud Master Class series.
In this session you will hear about building private enterprise clouds with Citrix CloudPlatform:
Learn about hypervisor, storage and networking considerations within private cloud use cases
Build a tailored availability zone for traditional workloads
See a step-by-step demonstration of building an enterprise private cloud
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]Amazon Web Services
If your institution is beginning your cloud journey with Internet2 NET+ AWS, join this webinar to learn how to get started. This webinar will spend 30 minutes covering how to connect to AWS via the Internet2 Network, and then deep dive into networking topics. You’ll learn high-level network design, how to transfer packets to and from the AWS Cloud, and the basics of Amazon Virtual Private Cloud (VPC), VPNs to AWS, and Direct Connect. Finally, you’ll get an overview of how the Internet2 Network facilitates connections to Regional Networks in the US and other National Research and Education Networks (NREN) internationally.
Common Infrastructure Exploits in AWS/GCP/Azure Servers and ContainersPriyanka Aash
IaaS clouds transformed datacenter security architecture by enabling programmatic detection of flaws, making the cloud more transparently secure than any legacy architecture. But security practitioners who assume congruence to legacy designs miss where attack surface and visibility has changed. With concrete examples, this talk will explore the practical risks posed by misunderstanding VPC DNS and more.
Learning Objectives:
1: Understand exfil. risks in cloud hosting services due to DNS and VPC endpoints.
2: Understand what mitigations are not available when moving from legacy to cloud.
3: Understand mitigations available for server and serverless (container) designs.
(Source: RSA Conference USA 2018)
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). We will discuss core VPC concepts including picking your IP space, subnetting, routing, security, NAT and VPC Endpoints.
AWS User Group July 2014 - Getting Started with cloud computing and AWS
Getting Started with cloud computing and AWS
Slides for the following AWS User Group Talks:
"Public Cloud and AWS Overview" - Ryan Koop, Director of Products and Marketing at Cohesive @ryankoop
"Getting Started in AWS" - Jonny Sywulak, Continuous Delivery Engineer at Stelligent Systems LLC @jonathansywulak
July Sponsors:
Hosts: Cohesive
Beers and drinks: Cohesive
Pizza: el el see
Organizers: Cohesive
Interested in getting involved next time? Have an idea for a talk? email margaret.walkerATcohesive.net
#AWSChicago
Amazon Web Services (AWS) can make hosting scalable, highly-available websites and web applications easier and less expensive for the Enterprise Education customers. Join us for an informative webinar on tools AWS provides to elastically scale your architecture to avoid underutilized resources while reducing complexity with templates, partners, and tools to do much of the heavy lifting of creating and running a website for you.
Walk through this hands-on workshop to expand your AWS technical skills. Gain credibility for your experience working with AWS by building proficiency with services and solutions in the areas of AWS Architecture Fundamentals.
AWS Webcast - AWS Webinar Series for Education #3 - Discover the Ease of AWS ...Amazon Web Services
This webinar will emphasize how easy it is to deploy AWS resources with access to various publicly available AMIs, SaaS solutions, and CloudFormation templates to get started quickly with AWS. This session will dig deeper into how to launch critical business applications on AWS such as deploy an emergency website, launch SharePoint server and more. The gist of the webinar will be on ease of use and ability to clone environments that largest customers are running while trivializing undifferentiated heavy lifting to emphasize AWS’ ease in deploying in enterprises settings.
IDERA Slides: Managing the Transition to Hybrid CloudDATAVERSITY
Companies are struggling to understand the various cloud deployment options and how they will effectively manage their environment. As organizations transition to using cloud solutions for part or all of their database configurations, the IT teams need to understand what choices they must make for ensuring they can meet business expectations for performance, security, and availability. IDERA’s Rob Reinauer shares insights into managing SQL Server environments from cloud to ground so that you can make confident decisions for your database deployments and mitigate the added data risks cloud environments can introduce.
Understanding Virtual Networking in the Cloud - RightScale Compute 2013RightScale
Speaker: Josep Blanquer - Chief Architect, RightScale
Managing networking constructs in public and private clouds is a complex task. Add to that the different names, semantics, and capabilities that each cloud exposes, and you have a sure recipe for a headache. We will describe how subnets, firewalls, security groups, routing tables, virtual network interfaces, and other constructs map to the names and semantics in various public and private clouds. In this session we will present RightScale Networks Manager, a distilled definition of networking concepts that works across clouds. Networks Manager is a single pane of glass — UI and API — for your cloud networking infrastructure, saving you headaches from networking idiosyncrasies.
Join Marc Trouard-Riolle from Citrix Cloud Product Marketing for the latest presentation in the Citrix Cloud Master Class series.
In this session you will hear about building private enterprise clouds with Citrix CloudPlatform:
Learn about hypervisor, storage and networking considerations within private cloud use cases
Build a tailored availability zone for traditional workloads
See a step-by-step demonstration of building an enterprise private cloud
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]Amazon Web Services
If your institution is beginning your cloud journey with Internet2 NET+ AWS, join this webinar to learn how to get started. This webinar will spend 30 minutes covering how to connect to AWS via the Internet2 Network, and then deep dive into networking topics. You’ll learn high-level network design, how to transfer packets to and from the AWS Cloud, and the basics of Amazon Virtual Private Cloud (VPC), VPNs to AWS, and Direct Connect. Finally, you’ll get an overview of how the Internet2 Network facilitates connections to Regional Networks in the US and other National Research and Education Networks (NREN) internationally.
Similar to AWS BaseCamp: AWS Architecture Fundamentals (20)
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
5. New IT Business Model
Cloud Computing
is first and foremost a
Business Model
6. Business Reasons for Adopting Cloud Computing
GoodNot Good
Go global in minutes
Remove undifferentiated
heavy lifting
Stop guessing capacity
Increased agility
Lower variable expense than they
could achieve on their own
Move from capital expense to
variable expense$
7. Defining Cloud Computing
NIST defined a well accepted, industry
standard definition of Cloud Computing
url: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf
Covers:
5 Key Characteristics of Cloud Computing
3 Service Model
4 Deployment Models
plus
5 Cloud Actors
A Cloud Reference Architecture
Shared Security model
8. What is Cloud Computing?
NIST 5 Key Characteristics
#1 On-demand self service
“as easy as buying candy from a vending machine”
#2 Broad network access
“access it anytime from anywhere”
#3 Resource pooling
“you’re not the only user”
#4 Rapid elasticity
“scale up and scale down in real-time”
#5 Measured service
“pay only for what you consume”
9. Why Amazon Web Services?
“It is the overwhelming market share leader, with over 10 times more cloud IaaS
compute capacity in use than the aggregate total of the other 14 providers in this Magic
Quadrant” Gartner Report May, 2015.
In 2013, IT research firm
Gartner had to rescale its
famed infrastructure-as-
a- service “Magic
Quadrant” to
accommodate Amazon
Web Services’ enormous
competitive lead.
10. AWS Today - 2017 Public cloud market share
Amazon Web Services: 45%
per Synergy Research Group
AWS generating > $12 billion a year.
15. Regions and Availability Zones
Global Resources
» IAM Users
» Route 53 Records
Regional Resources
» S3 Buckets
» VPCs
» ELB
» EIPs
AZ Resources
» EBS Volumes
» EC2 Instances
» RDS Instances
» Subnets
» ENIs
16. Edge Locations
• CDN Endpoints for CloudFront (PoPs)
• Edge Locations != Regions
• More Edge Locations than Regions
• ~70 Edge locations and growing
20. VPC – Network and Subnets
• Network Topology
o Private address space
Any range is valid, but we suggest a non-routable CIDR
Public CIDR ranges are only reachable via a Virtual Private Gateway
CIDR ranges can be as large as a /16 to as small as a /28
• Subnets
o Public subnets have a 0.0.0.0/0 route to the Internet Gateway (IGW)
Instances that require a public IP need to reside in a public subnet
o Private subnets do not have an outbound route through the IGW
NAT instances are commonly used as an outbound gateway for private instances
o Subnets cannot span AZ’s, but can share routing tables, which provides similar functionality.
21. VPC – Route Tables
• Route Tables
o Can be applied to multiple subnets
o Typical routing entries
10.0.0.0/16 = Local
0.0.0.0/0 = Internet Gateway
(Public Subnet)
-or-
0.0.0.0/0 = eni-12345678 (Private
Subnet)
22. VPC – Network ACLs
Behavior:
• Allow/Deny traffic at the subnet level
• Stateless
• Default is Allow All
Pro – further defines permissible traffic
Con – adds complexity and can
complicate troubleshooting
23. VPC - Security Groups
• Security Groups are similar to firewall rules
• Can be associated to resources independent
of a subnet or CIDR range
• Security Groups are limited only to the VPC
in which you create them
Example of Security Group configuration
24. VPC - Security Group Behavior
• Work at instance level
• Stateful
• Deny by default
• IP Whitelisting (CIDR)
• Allow port and protocol
– Can allow TCP, UDP, ICMP or a
combination of all three
• SG Trust Relationships
– Scoped to the VPC
25. Client Ingress
SSH and RDP Ingress
Platform Server Ingress
Platform Server Egress
Database Access
SID App
APP
SID_App_Ingress
SID Database
SID View
VIEW
SID_Admin_Ingress
Protocol Port Range Source
TCP 22 10.99.101.0/24
TCP 3389 10.99.101.0/24
SID_App_Egress
Protocol Port Range Destination
TCP 443 10.87.14.29/32
TCP 3306 10.24.3.102/32
SID_DB_Ingress
Protocol Port Range Source
TCP 3306 SID_APP_SG
SID_View_Ingress
Protocol Port Range Source
TCP 80 10.12.0.0/16
TCP 80 10.45.2.0/24
TCP 80 10.62.31.0/24
View Firewall Policies
SID_View_Ingress
SID_Admin_Ingress
App Firewall Policies
SID_App_Ingress
SID_Admin_Ingress
SID_App_Egress
Database Firewall Policies
SID_DB_Ingress
Protocol Port Range Source
TCP 80 10.241.25.0/24
TCP 443 10.241.25.0/24
TCP 8080 SID_VIEW_SG
VPC - Security Group/Firewall Rules
28. VPC– Peering
• Peering
o Not Transitive
o VPC -> VPC peering
o Unique CIDR
o VPN solutions
OpenVPN
OpenSwan
29. Route53 - Basic Feature Set
• Zone Creation
• Zone Import
o Import your zone file from a previous provider
o Delegate this zone to the AWS name servers
• Record Types
o A
o CNAME
o TXT,MX,DKIM
o Alias
o S3 buckets and ELBs can be an alias target, allows zone apex magic
30. Route53 - Advanced Feature Set
• Weighted Resource Record Sets
• Health Checks
• Global Load Balancer
– Using weighted record sets, you can create a pool of
endpoints from which to balance traffic
– Enabling a health-check on this pool allows for a DNS based
load balancer which can be applied to any resource (AWS
or non-AWS)
• Latency Resource Record Sets
• Geolocation Resource Record Sets
31. Route53 – Global Failover
• Global Failover Pattern
• Uses R53 Health Checks
Route 53
Virginia Region
myapp.example.com
Ireland Region
37. IAM Users
o Identity and Access Management
o Create Users and Groups
o Establish Trust Relationships
o Govern Access via Policy Documents
38. IAM - Groups, Roles & Instance Profiles
o Deny by default
Explicit allow required to grant access
Explicit deny always trumps an explicit allow
o Users/Groups
Policies can be applied at the group or user level
o Roles
Policies can be applied to roles
o Instance Profile
An instance profile is a container for an IAM role that you can use to pass
role information to an EC2 instance when the instance starts
Assumes role
Credentials are stored in instance metadata
Only Access Key ID and Temporary Token
40. IAM – AWS Master Account
AWS Account
Master/Root Account Permissions
Allow by default
MFA
Always treat the master account
credentials as if they could launch an
ICBM!
42. EC2 – Elastic Cloud Compute
AMI
• Instances are based on an Amazon Machine
Image
• You can create new AMIs from a running
instance
• AMIs are stored in S3 for 11 9’s of durability
• AMIs are unique to each region
43. EC2 - Instance Types
Choosing the correct instance type for the required workload
o T2 for light weight general purpose – but with burstable performance
o M4 for general purpose
o R3, X1 for memory and database heavy applications
o C3, C4 for compute heavy applications
o G2, P2 for GPU intensive applications
o I2, D2 for storage heavy applications (random)
o HS1 for storage heavy applications (sequential)
Example of M3 family of instance type
44. EC2 - Running Instances
Running instances
•Instances are launched into an existing VPC subnet
•CloudWatch monitoring is enabled by default
o CPU Utilization, Network I/O are the primary data points of interest
o Memory and Disk require an additional script that will post a to a custom
CloudWatch metric
•Status checks
o OS check
o Network reachability check
45. EC2 – Instance Recovery
• CloudWatch monitors instance
• Automatically recovers if it becomes impaired
– underlying hardware failure
– problem that requires AWS involvement to repair
• During instance recovery, the instance is migrated during
an instance reboot, and any data that is in-memory is lost
47. EC2 - Bootstrapping
User Data
• Provides a hook to inject scripting into any standard instance you decide
to launch
o These include the Amazon Linux, Windows and Ubuntu AMIs
o User Data can only be modified while the instance is stopped
• Suggested patterns
o Install security updates
yum update -y
o Install middleware
yum install -y httpd
chkconfig httpd on
o Download and execute a remote script
Assign an IAM Profile to the EC2 instance
Aws s3 cp s3://mybucket/myscript.sh /tmp/myscript.sh
./tmp/myscript.sh
48. EC2 - Pricing
1 > On Demand Instance
• This is the most common and flexible pricing option
• Pay only for what you use
• Stopped instances will not accrue hourly compute costs
• Pay by the instance hour
2 > Reserved Instance (RI)
• 1 or 3 year commitment
• Pay for EC2 hourly at reduced rates (from On Demand rates)
• Payment Options
• No Upfront payment: no CapEx, lower hourly rate than On Demand
• Partial Upfront payment: some CapEx, lower hourly rate than No Upfront
• All Upfront payment: larger Capex, lowest hourly rate possible
49. EC2 - Pricing
3 > Spot
• Useful for “worker pool”
scenarios
oTranscode, map reduce
task nodes
• Can be lost as soon as
someone is willing to pay
more for that instance
51. ELB - Elastic Load Balancer
Elastic Pool of Virtual Load Balancers
Public Side
• Consists of an endpoint which is the equivalent to a
traditional VIP
• Does not use a static IPv4, but rather an Alias/CNAME
• The endpoint will not always resolve to the same IP
Private Side
• Minimum of one virtual ELB node per AZ
Certificate Termination
• Only one SSL certificate per ELB
• Multi-Domain certificates are valid
53. Auto Scaling Key Features
• Adds or removes servers based on load
• Self-healing pool of resources
• Every instance is based on a “gold” master image
Auto Scaling - Overview
54. Auto scaling group
• Instance location
o Subnet
o Load Balancer
• Number of instances
o Min
o Max
o Desired
Launch config
• Instance details
o Size
o PEM key
o IAM Profile
o Security Group(s)
o User data
Auto Scaling - Components
55. Auto Scaling - Multi-AZ
Multi-AZ Auto Scaling
• Highly Available
• Production Standard
• Spans Datacenters
56. Auto Scaling - CloudWatch
CloudWatch is the final piece of the auto scaling puzzle. You can create alarms
based on instance metrics which trigger auto scaling actions.
Scaling policies
Scale up alarm
• Execute policy when: CPU is greater than 60%
• Take the action: Add 2 instances
• And then wait: 10 minutes
Scale down alarm
• Execute policy when: CPU is less than 20%
• Take the action: Remove 2 instances
• And then wait: 10 minutes
58. Directory Service - Overview
Three types of directory services:
o Microsoft AD
o A managed Microsoft Active Directory service running on Windows Server 2012 R12
o Highly availability (multi-AZ), patched, and monitored
o Can support up to 50,000 users
o Fully functional MS AD
o Simple AD
o Powered by Samba 4 Active Directory
o Users and Groups can be created directly in the AWS console
o Windows servers can auto-join this domain as they would in an AD environment
o Can support 500 users
o AD Connector
o Connect your on-prem AD to your AWS account
o Associate AD users/groups with IAM users/groups
o Windows servers can auto-join this domain as they would in an AD environment
o Manage the AWS console using your AD credentials
59. Directory Service – AD Connector
• Active Directory Connector instances
are launched into your VPC
• AD Connectors communicate with on-
prem AD servers
• AD credentials are no longer
necessary when joining instances to a
domain (Auto-Join)
62. Storage Services
• EBS – Elastic Block Store - (not actually a ”service”)
• S3 – Simple Storage Service - (object storage)
• Standard
• Standard I/A – Infrequent Access
• Reduced Redundancy Storage (RRS) – 4 9’s of durability (1 facility)
• Glacier – Archival/Long-term
• Expedited – 1-5 minutes
• Standard – 3-5 hours
• Bulk – 5-12 hours
• AWS Storage Gateway
• Gateway-cached volumes – store primary data in AWS and cache most recently used data locally
• Gateway-stored volumes – store entire dataset onsite and asynchronously replicate data back to S3
• Gateway-virtual tape library – store your virtual tapes in either S3 or Glacier
• EFS – Elastic File System
63. Traditional Platform - Storage Architecture
In the old days…
• Hardware acquisition and datacenter space required
advanced planning
• Disk space and I/O allocation juggling for the entire
application lifecycle
• Volume and file redundancy not built-in
• Capital commitment and refresh budget
considerations
/root C:
/swap
Pagefile
Temp Dir
/app
/data
Program
Files
Data
Server Head
NAS or Fileserver
/DirShare 01/
File01
File02
/DirShare 02/
File01
Tape Library
ArchiveVol02
ArchiveVol 01
SMB /CIFS
Platform Monitoring Tools
64. AWS Instance Volumes and Data Storage
The new [improved] way of doing things…
• Elastic pay-as-you-go model
• Redundancy and snapshot utilities built-in
• New APIs and tools simplify application development,
administration and data lifecycle management
65. EBS - Elastic Block Store
Block storage ideal for creating versatile OS volumes
• Define type, size and optionally I/O capacities [within service limits]
• Magnetic, SSD and Provisioned IOPS
• Mount to a single instance, similar to local drive
• Simplified Encryption options
Persistent and durable
• Redundant copies stored in single AZ
• Not permanently bound to a server instance and will survive server crash or shutdown
Snapshot capabilities for point-in-time backups
• Resizing and duplicating volumes
• Moving across AZs; Exporting across Regions
Performance metrics available through CloudWatch
66. Elastic Block Store (EBS) – Best Practices
Recommended for applications
• Making frequent data changes
• Requiring consistent I/O performance
• Needing to persist data beyond server instance stop/start
cycles
• Requiring fine-grain control of raw, unformatted data blocks
Define appropriate configuration options
• EBS Optimized instances can handle higher I/O bandwidth
• Underlying technology (Magnetic, General Purpose (SSD),
Provisioned IOPS (SSD)
/root C:
/swap Pagefile
Temp Dir
/app
/data
Program
Files
Data
Server Virtual Head
67. Ephemeral Drives (EC2 Instance Store) Overview
Block device attached to the host machine
• Available to server instance
• May be mounted and used for temporary storage
• No additional usage charges for disk space or I/O
Not redundant: no built-in RAID or snapshot function
Data loss will result if any of the following occur:
• Host server or instance crash
• Instance termination
• Disk failure
/root C:
/swap
Pagefile
Temp Dir
/app
/data
Program
Files
Data
Server Virtual Head
68. S3 - Simple Storage Service
Object storage container with virtually unlimited capacity
• Store files (objects) in containers (buckets)
• Redundant copies for high durability and reliability
• Available on the internet via REST requests directly or through SDK
• Multiple strategies to secure contents
• Set permissions, access policies and optionally require MFA
• Encryption: Server (simplified) or Client-side
• Audit logging (optional) will record all access requests via APIs
• Built-in tools for managing versioning, object lifecycle and creating static websites
• Provides 99.999999999% durability (11 ‘9s’)
• Provides 99.99% availability
/mybucket01/
File01
File02
/mybucket02/
File01
Http / Https
Amazon S3
69. Amazon Glacier - Overview
Storage service optimized for reliable and low cost storage of archive data
• Data objects are securely archived, however not immediately accessible
• Create vaults (containers) to hold archives (any file based object)
• Upload archives programmatically
• Submit requests to retrieve archives. Available in about 4 hours
• Cost is approximately $.01/GB/Month plus modest API and retrieval charges [if
applicable]
70. EFS – Elastic File System
Fully managed file server storage
• Uses NFS (v4.1) protocol
• Linux server only, Windows support planned for future release
• Can be mounted by 1,000s of EC2s
• Can be accessed from on-prem Data Center if using Direct Connect
• Highly available, redundant across multiple AZs
73. AWS Structured Data Services
Deploying structured data systems (for example SQL, NoSQL and Data Warehouse
applications) in a traditional environment may be complex, costly, and time
consuming.
Amazon provides a set of structured data services with the following advantages:
• Simple to deploy, operate and scale
• Many common administrative and operational tasks are automated
• Pay-as-you-go pricing
• Support for a wide variety of standard and emerging application models
74. RDS - Relational Database Service
Fully managed relational database service offering popular platforms with the
following key advantages:
• Amazon manages resource redundancy, software patching, backups, failure
detection and recovery
• Ability to configure specific resources to cost-effectively scale your application
• Pay-as-you-go model offering included license or license portability [see fine print
to ensure license compliance]
• Streamlined management options to easily configure highly available topologies,
create database snapshots and deploy test instances
75. RDS - Relational Database Service
Key Concepts
Database Instance
Database Storage
DB Instance Class
6 Platforms
1. Oracle
2. MS SQL
3. MySQL
4. PostgreSQL
5. MariaDB
6. Amazon Aurora
76. AWS Aurora
Fully managed relational database engine that combines the speed and
availability of high-end commercial databases with the simplicity and cost
effectiveness of open source databases.
Key features:
o Architected for 99.99% availability
o Automatic failover < 30s (Possible Oracle RAC solution)
o Enterprise performance (5x) at 1/10 the cost
o Compatible with MySQL and PostgreSQL
o Automatically grows storage as needed, up to 64 TB
o Easy migration from MySQL
o Up to 15 Aurora Replicas in a region
o Cross-region replication
o Encryption in-transit and at rest
o Continuous backup to S3 (11 9’s data durability)
o Fully managed
77. DynamoDB
Fully managed NoSQL database service offering the following key advantages:
• Seamless and virtually unlimited scalability conveniently managed
automatically by Amazon
• Ability to define specific resource allocation limits to ensure predictable
performance while containing costs
• Easy administration and well-supported development model
• Integration with other core Amazon data services (for example Redshift and
EMR)
78. Redshift
Fully managed Enterprise-class data warehouse service offering the following
advantages:
• High performance, massively parallel columnar storage architecture providing
streamlined scalability
• Mainstream SQL query syntax allowing for rapid platform adoption
• Flexible node type and RI options allowing for workload alignment and cost
efficiency
79. Database Migration Service (DMS)
• AWS Database Migration Service helps you migrate databases to AWS
easily and securely.
• The source database remains fully operational during the migration,
minimizing downtime to applications that rely on the database.
• Homogenous (Oracle to Oracle) & heterogeneous migrations (ie Oracle
to Aurora, or Microsoft SQL Server to MySQL) using Schema Conversion
Tool
• Can also be used for continuous data replication with high-availability
81. General Information
1-888-317-7920
info@2ndwatch.com
www.2ndwatch.com
Contact Us
Joe Conlin
Solutions Architect
jconlin@2ndwatch.com
Scott Turvey
Solutions Architect
sturvey@2ndwatch.com
Locations
BOSTON
SEATTLE
NEW YORK
VIRGINIA
ATLANTA
PHILADELPHIA
DALLAS
LIBERTY LAKE
LOS ANGELES
CHICAGO
Dave Kuzminski
Regional Territory Manager
dkuzminski@2ndwatch.com