AWS CloudFormation Automation, TrafficScript, and Serverless architecture with Brocade's vADC
•Download as PPTX, PDF•
2 likes•689 views
Chris Kawchuck has 20 years experience in the Telecom and Service provider industry. He will be demonstrating how easy it is to spin up a Brocade vADC in AWS; enabling serverless architectures using S3 buckets, and accomplish real-time traffic rewrites to get you out of sticky situations. Learn about: 1. Load balancing and scaling options available on AWS 2. Automating the Brocade vADC spin up using Cloudformation Templates 3. Enabling use of "Serverless" web pages in AWS 4.Taking care of tricky situations using TrafficScript Implementing any 3rd party Load Balancer from the Amazon AWS Marketplace can be a daunting task. Not only does one have to learn the vendor's specific interface, you also need to perform quite a few administrative tasks to setup front end IPs, back end pools, clustering, and so on. Brocade has published a CloudFormation Template (CFT) which takes all the hard work out of setting it up and operating. Using DevOps tools and open source scripts, we not only automate the deployment of the Brocade vADC within AWS, but all the configuration you need to administer, cluster, and provision your Load Balancers; including public IPs and your back-end server pools. We would like you to try it, and take advantage of the powerful feature of the Brocade vADC. https://github.com/dkalintsev/Brocade/tree/master/vADC/CloudFormation/Templates/Variants-and-experimental/Configured-by-Puppet * Presented at the Sydney AWS User Group session 1st February 2017 http://www.meetup.com/AWS-Sydney/ Hosted and organised by PolarSeven - http://polarseven.com View the full video presentation here: https://youtu.be/rKTG2zjQS6o
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (18)
Similar to AWS CloudFormation Automation, TrafficScript, and Serverless architecture with Brocade's vADC
Similar to AWS CloudFormation Automation, TrafficScript, and Serverless architecture with Brocade's vADC (20)
More from PolarSeven Pty Ltd
More from PolarSeven Pty Ltd (20)
Recently uploaded
Recently uploaded (20)
AWS CloudFormation Automation, TrafficScript, and Serverless architecture with Brocade's vADC
- 1. Brocade vADC Cloudformation and TrafficScript
- 2. Fill out the feedback form and go in a draw to win a drone today. Drone to be Won Today!
- 3. Agenda • What is the Brocade vADC ‒ Quick Intro ‒ …as you likely already know what a Load Balancer is • I already have AWS’s ELB – Why do I need a vADC? What’s so special about it? • Walkthrough of the CFT ‒ From Heavy Lifting to Automated CloudFormation Builds ‒ TrafficScript – the Swiss Army Knife of HTTP • Summary ‒ Sample Deployments in AWS 3
- 5. High-level view of Traffic Manager Web and Application Servers Brocade vADC provides visibility and control Brocade Virtual Traffic Manager Optimize Infrastructure - to improve performance and increase capacity Optimize Content - to improve response time and brand value Differentiate and Prioritize - to optimize user experience Inspect and Secure - to block attackers and secure data
- 6. Under the Hood Web and Application Servers Request Rules SSL Decryption Service Protection TCP Offload Rate Shaping HTTP/2 Application Firewall Load Balancing Session Persistence Bandwidth Shaping SSL Encryption HTTP Multiplexing Concurrency Control Application Auto-Scaling Request Response Monitors Virtual Server Client Connections Pool Server Connections Response Rules TCP Offload HTTP Caching Content Compression Service Level Monitoring Bandwidth Shaping Transaction Logging HTTP/2 Application Firewall
- 7. Ok, that’s great… …but I already have AWS ELB © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 7
- 8. vADC is “ In Addition to…” ELB okay for most; vTM best for the rest… As an abstracted service, Amazon ELB (Elastic Load Balancer) functions well as a basic web service load balancer. However, the demands of many modern global businesses require the greater sophistication that only an application delivery controller can offer. Only recently has AWS released an upgraded ELB in the form of an Application Load Balancer (ALB) which operates at the Layer 7 Application Layer and allows you to define routing rules based on content across multiple services or containers running on one or more Amazon Elastic Compute Cloud (EC2) instances. Brocade Virtual Traffic Manager (vTM) is designed to seamlessly integrate with any application deployed on Amazon Web Services to provide load balancing, user experience optimization, application scalability, and fine-grained application control. Brocade vTM nicely complements (or replaces!) Amazon ELB/ALB for creating highly reliable global cloud deployments requiring advanced ADC features. © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. 8
- 9. Would you like to try it? We have a nice CloudFormation Template you can try now!
- 10. Brocade AWS Cloud Formation Template • A pre-canned Redunant vADC Deployment to try! ‒ Dual vADCs in multiple AZs w/Clustering ‒ vADC Management and Dual public EIPs allocated for Traffic ‒ vADC Config Automation via Puppet Scripting/Automation ‒ Autoscale Apache2 WebServers pre-built for you ‒ Github integration for externally editable config 10© 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY
- 11. URL for the CFT and Instructions • https://github.com/dkalintsev/Brocade/tree/master/vADC/CloudFormatio n/Templates/Variants-and-experimental/Configured-by-Puppet © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 11
- 12. Brocade AWS Cloud Formation Template 12© 2016 BROCADE COMMUNICATIONS SYSTEMS, INC.
- 13. Traffic Script The “Swiss Army Knife” of HTTP (or when you need to get stuff done)
- 14. Brocade vTM Traffic Management Tool: TrafficScript • An intuitive and powerful scripting language that lets you manipulate your traffic as it passes through the Traffic Manager: ‒ Request Rules ‒ Response Rules ‒ Transaction Completion Rules 14© 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY
- 15. SIMPLE STATE MACHINE: TWO EVENTS, REQUEST AND RESPONSE A Simple Model for Application Rules Brocade Virtual Traffic Manager Client Server Nodes Write to server Write to client Retry request 1. Receives request and runs Request Rules 2. Runs Response Rules then forwards on to the client
- 16. A More Detailed Look….. 16 Request Response SSL Decryption Service Protection TCPOffload Rate Shaping ApplicationFirewall Content Compression HTTP Caching TCPOffload Service Level Monitoring Bandwidth Shaping TransactionLogging ApplicationFirewall Pool (Server Connections) VirtualServer (Client Connections) Load Balancing SessionPersistence Bandwidth Shaping SSLEncryption HTTP Multiplexing Concurrency Control ApplicationAuto- Scaling Health Monitors Request Rules Rule Builder TrafficScript Java Response Rules Rule Builder TrafficScript Java Completion Rules TrafficScript Web / Application Servers © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY
- 17. TrafficScript Example #1 • Update a copyright banner: 17 # Let's only grab the response if it is an HTML document: $responseType = http.getResponseHeader( "Content-Type" ); if(string.contains($responseType, "text/html")){ # We grab the body the server sent: $oldBody = http.getResponseBody(); # We replace the old copyright string with the new one (note: case insensitive!) $newBody = string.replaceAllI($oldBody, "copyright 2013", "copyright 2016"); # Then we send the new HTML body to the user. http.setResponseBody($newBody); } © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY
- 18. TrafficScript Example #2 • Treat Platinum Frequent Flyers like Royalty: 18 # Let's extract the Frequent Flyer number from the URL $FFNumber = http.getFormParam("FFID"); # Let's look them up in a special web form to see what level Frequent Flyer they are: $FFLookup = http.request.get("http://fflookup.airline.com/ffLookup.php?FFID=".$FFNumber); # If they are Platinum Frequent Flyer, let's roll out the Red Carpet: if(string.containsI($FFLookup, "platinum")){ # We have a dedicated pool of servers for Platinum Frequent Flyers: pool.select("pool_Platinum_FF"); # And apply a pair of special Bandwidth Classes so we don’t slow them down # when the site is under load like everyone else: request.setBandwidthClass("BW_Platinum_FF_REQ"); response.setBandwidthClass("BW_Platinum_FF_RES"); } © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY
- 19. TrafficScript Example #3 • Serverless Architecture: 19 #Input Script # Redirect All Requests to an S3 Bucket http.setHeader("Host", "spa-11-14-test.s3-website-ap-southeast-2.amazonaws.com"); pool.use("test-SPA-s3"); # Return Script – Rewrite the nasty S3 URL $body = http.getResponseBody(); $newBody = string.regexsub($body, "spa-11-14-test.s3-website-ap- southeast-2.amazonaws.com", "test.11-14.net", "g"); http.setResponseBody($newBody); http.setHeader("Host", "test.11-14.net"); © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC.
- 20. TrafficScript Example #4 • Offload APIs to “real servers” or other sites and rewrite: 20 $client = request.getRemoteIP(); $url = http.getPath(); #If the user wants to go to our “/blog” if (string.startsWith($url, "/blog")) { $path = http.getRawURL(); $newpath = string.regexsub($path, "^/blog(.*)", "/$1"); $path = string.regexsub($newpath, "//", "/"); http.setRawPath($path); http.setHeader("Host", "telecomoccasionally.wordpress.com"); pool.use("blog"); } #Return Script $body = http.getResponseBody(); $newBody = string.regexsub($body, "telecomoccasionally.wordpress.com", "test.11-14.net/blog", "g"); http.setResponseBody($newBody); http.setHeader("Host", "test.11-14.net"); © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC.
- 22. Perpetual Term or Subscription Service Provider Bulk License for ADCaaS Evaluation 30-day limited Developer Throughput limited Brocade vADC Licensing Models
- 23. Brocade vADC Content Whitepapers – Application Delivery • Application Delivery for Amazon AWS • Application Delivery for Microsoft Azure Product Materials • Brocade vADC Data Sheets • Brocade vADC Licensing Guide • Brocade vADC Performance Reference • Brocade vADC Success Stories • Deployment Guides for Microsoft, Oracle, SAP • Technical presentations • Brainshark product videos www.brocade.com Thought Leadership • Video: A New Approach to Application Delivery • Infographic: ADC-as-a-Service Whitepapers – Application Security • PCI-DSS compliance with Brocade vADC • Distributed Application Security • Application Security for Microsoft Azure • Security for DoD applications • Why Web Application Firewalls Matter
- 24. • vTM can do everything ELB can plus tons more! • Supports more protocols, more checks, integrated vWAF • Scale out your ELB without blowing your budget • Solve unexpected application problems with TrafficScript • CloudFormation Template makes this easy to try! Brocade vADC can help to:
- 25. Over to you Ross! i = RND(0)*32; Drone to be Won Now!
- 26. Thank you
Editor's Notes
- This diagram shows how Brocade Virtual Traffic Manager is the core service platform. It sits in front of the web and application servers to accept requests on behalf of external users and manage the dialog with the application. [click] First, Traffic Manager controls incoming traffic to ensure that a sudden surge in requests does not flood the application. And because Traffic Manager continuously monitors the health of the web and application servers, it can route traffic around slow or failing systems to maximize the availability and uptime of the application. [click] Second, Traffic Manager can optimize the application by caching duplicate requests and reducing the number of connections and resources needed to manage the customer transactions. This increases the number of users that the application can service, and at the same time improves the response time seen by end users, leading to much faster page views. [click] Third, Traffic Manager can help to identify different kinds of users, based on their location, their identity, or even if they are frequent customers, by using a powerful set of rules that understands how applications work. So IT administrators can give priority to important requests or loyal customers, while freeing up resources on the application by restricting less important traffic, or even redirect customers to their nearest data center to give even faster response times. [click] Finally, Traffic Manager can also identify and protect against external vulnerabilities and attacks from sources such as cross-site-scripting, SQL injection and external attacks on web servers. This kind of attack is becoming more and more common, with web sites being tricked into executing code to extract user information and credit card data. Traffic Manager is available with an add-on Web Application Firewall, which can help achieve compliance with PCI-DSS requirements for protection against this kind of attack.
- Here we can see a typical web application on the right, with Traffic Manager sitting in front of the application. There are two key parts to the architecture: First, there is a “Virtual Server,” which manages incoming client connections. Traffic Manager can manage several virtual IP addresses, with one virtual server set up for each IP address that enterprises want to manage, but in this example, we are only looking at one simple web service. As well as managing the incoming requests on behalf of the web application, Traffic Manager also manages the server connections using one or more “Server Pools.” Again, a web application could use several “Server Pools” such as a group of web servers, and another set of application servers, and even reserve groups of content or payment servers. [click] And in the background, Traffic Manager monitors the health of individual application servers, and can judge which servers are likely to respond more quickly to different types of requests. Enterprises can choose one of several built-in methods to decide how the workload should be balanced across the server pools. [click] Let’s see what happens when the user starts a transaction, such as to request a web page. The request is first captured by Traffic Manager’s “Virtual Server,” which manages incoming client connections. However, before Traffic Manager passes the request onto the application, we have the opportunity to apply “Request Rules.” These could be to protect against traffic overload, offload security and encryption, or to protect against unwanted attack, or even to redirect content requests by translating from one web address to another. Rules are really easy to set up using the graphical console, but sometimes enterprises may need to implement business rules to decide how and where services should be run. For example, enterprises might want to select different types of content or data sources for geographic or regional applications. So in addition to the graphical interface, enterprises can define business rules using a TrafficScript, a simple scripting tool that understands the way applications work. Application programmers can even create complex rules and content processing using Java, which helps with re-use of existing business logic and code. Enterprises can also use the real-time analytics to see what traffic is arriving at their application, how many concurrent user sessions are being processed, and the response times from servers. This makes it a really powerful tool for enterprises to understand their applications, and helps enterprises choose the right optimization strategies for their applications. [click] Once Traffic Manager has processed the request, we are almost ready to forward the request to the application. As well as managing the workloads across the servers, Traffic Manager also manages users sessions on behalf of the application. As before, the graphical interface makes it really easy to set up rules for how to manage user sessions and consolidate web connections--even rules to encrypt the forward connections to the application for additional security. [click] The application responds to our web request, and we’re almost ready to return the information to the client. We have processed the incoming request, we have decided how and when to forward the request to the application itself, but we have the opportunity to apply some “Response “Rules” before we finish. We might have intelligent caching rules in place to cache some types of content, but not others. Traffic Manager has very fast SSL encryption and content compression, which offloads a significant workload from the application. This is also the place to manage outbound bandwidth, and to verify service levels and application response times. And finally, we can also screen and trap data leakage, by screening out credit card information or other sensitive information. ---
- http://www.brocade.com/en/backend-content/pdf-page.html?/content/dam/common/documents/content-types/whitepaper/brocade-virtual-traffic-manager-load-balancing-amazon-aws-wp.pdf
- AWS ELB & ALB doesn’t not have such a tool.
- AWS ELB & ALB doesn’t not have such a tool.
- AWS ELB & ALB doesn’t not have such a tool.
- So the idea with Brocade TrafficScript [click] is that you create some simple rules, and attach them either to the request path, or the response path, [click] and use these rules to inspect and direct traffic to the most appropriate servers, to apply simple security policies, block or permit particular types of transactions, [click] or mask sensitive data in web responses sent back to the client. [click] Rules can control which features of Traffic Manager are used - compression, bandwidth, rate shaping or caching – but they can also control at a much closer level, right down to individual transactions. It's very easy to inspect and modify both requests and responses, to ensure that the right content is delivered to your end users at the best possible level of service. - We are sometimes asked why we use something called TrafficScript rather than an existing programming language, maybe Perl or JavaScript, or Java. There are a couple of reasons for that, most important is that we needed to make sure it was lightweight and fast enough to process requests at near-wirespeed, and we need to make sure that the architecture is non-blocking to make sure we can process at very high throughput without having to wait for other processes to finish. The great thing is that TrafficScript is really easy to use, and it understands the way applications work – so you don’t have to know the details of the size of the packets, or whether your packets are encrypted, or compressed, it works intuitively on all your application traffic.
- This slide shows how traffic passes through the Traffic Manager, and where each logical function occurs. [Click] TrafficScript allows you to act on a Request, [CLICK] A Response, or at the end of a transaction
- The http.request.get() function allows Traffic Manager to make an arbitrary connection to a remote HTTP service and do something with the reply. In this instance, you would get your application developers to expose an HTTP based query that allows the Traffic Manager to submit a FF number and get an HTTP response back with their FF Membership level. We grab the FF number out of the customer’s login, look it up get their membership level. Once we have this, we can apply different policies on the Traffic Manager like using a special pool or applying less restrictive bandwidth classes for example.
- And finally, we offer our customers a range of licensing models to suit their business. Some of our customers have perpetual licenses – you have to choose the feature set and capacity up front, so it is not very flexible, but matches the way that some traditional data centers operate. For customers who want a little more flexibility, we offer term or subscription licenses – again, you have to choose a fixed feature set and capacity, but you can decide on 12- or 24-month terms and review at each renewal period. We also offer a Service Provider Licensing program – with a portal to allow service providers to request licenses for their own customers. Service providers often create their own self-service portals for their client applications, which allows them to create their own innovative licensing offers. For example, some service providers offer monthly or hourly billing, or bundle with other services in their portfolio. And for some cloud providers, particularly for Amazon and Microsoft Azure, customers can have either a pay-as-you-go hourly billing model, or a bring-your-own-license offer for more flexibility. And recently, we have been seeing tremendous interest in our bulk licensing model, which we call ADC-as-a-Service. This works really well both for Enterprise customers and Service Providers who need to manage a number of application delivery controllers, and want the flexibility to reallocate the capacity to suit changes in workload or to support ramp-up of new services. Rather than having to choose a Traffic Manager with a fixed feature set and capacity, you decide on the overall amount of capacity you need, and then just divide up the resources between each of your applications and services. The best thing about this licensing model is that you can start small, and just add more capacity when you need more. Look out for the follow-on presentation module about the Brocade Services Director for more information about ADC-as-a-Service. Finally, we have two different ways for customers to try out Brocade Virtual Traffic Manager – First, we have a Developer Edition, which is free to download, and does not need a license key, but we do restrict the throughput to just ONE Mbps. We encourage both our existing customers and new contacts to download this software, and this version lets operations and engineering teams test all the product features, including all the APIs and optional add-on modules. We don’t allow our customers to run the Developer Edition in a production environment, but they are free to use it for development, demo and testing. In addition, we also have an Evaluation License, which is a 30-day fixed license to allow a formal proof-of-concept. Again, all features are turned on, but has no performance limit, which makes it great for benchmarking and formal testing, and when the 30-day license expires, the software returns to Developer Mode again.
- Wrapping this up, we already have a range of materials available to help you develop new business opportunities, including BrainShark training, whitepapers and data sheets, and we’ll be releasing more over the coming weeks. Moving forward, do please look out for the other follow-on presentations which look at the other Brocade vADC components in more detail. And we encourage you to work with your local software networking specialists, and help move your customers to the New IP with Brocade vADC.