Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Beyond EC2 and S3
Similar to Beyond EC2 and S3 (20)
Recently uploaded
Recently uploaded (12)
Beyond EC2 and S3
- 1. Beyond EC2 and S3 How the AWS Ecosystem can work for you
- 2. Agenda • Introduction • Amazon Web Services • AWS Products and Services • Use Cases / Practical Applications
- 3. Lorenzo Aiello • “Big Data Geek” • Five Talent • AWS/IT Engineer • Working with AWS Ecosystem since 2012 • Manage large AWS deployments • $200,000 / year • Multiple AWS Certifications
- 4. Amazon Web Services • Large Companies had Scaling Problems • Google, Amazon and Microsoft developed their own Clouds • Launched in JAN 2006 • Google Cloud launched in APR 2008 • Microsoft Azure launched in OCT 2008
- 5. AWS Perceptions and Misconceptions Less Reliable 99.999999999% Guarantee Automated Failure Recovery 11 Geographic Regions 3-5 Accessible Availability Zones per Region More Expensive Pay as you go Multiple ways to lower costs from “retail” Overcapacity discounts AutoScale capacity as-needed Less Secure Client Owned Data Encryption Options Available Client Chosen Location Data Versioning and Automated Backups Managed Firewalls Dedicated Hardware
- 8. Virtual Private Cloud (VPC) Internet Gateway security group security group
- 9. Elastic Computer Cloud (EC2) ENI • Network Interface • Re-Assignable • Handles NATing Instance • Actual Server • Multiple Distributions • Custom Operating System AMI • Amazon Machine Image • Complete Snapshot • Type Independent
- 10. Elastic Computer Cloud (EC2) EIP • Elastic IP • Static IP • rDNS/PTR Available • Re-Assignable within Acct ELB • Load Balancer • Infinite Scaling • Multiple Protocols • SSL Termination • Dual Stack Networking Auto Scaling • Handles Instance Scaling • Auto-Join to ELB • Flexible Triggers/Rules
- 11. Route 53 Hosted Zones • DNS Server • Globally Distributed
- 12. Amazon S3 Bucket • Available over SSL • Signed URLs (Expires) • No Size/File/Folder Limits • Can Server Static Files Object • 5TB File Limit • Custom MetaData • Managed Encryption • Self-Encrypted Glacier • Cold Storage • 1/3 the Cost • Designed for Archives • 3-4 Hour Recovery Time
- 13. Elastic Block Storage Volume • Hard Drive for EC2 Instances • Magnetic / SSD available • Guaranteed Performance • 16 TB Max / Volume • Encryption Available Snapshot • “AMI” for Volumes • Point-in-Time Snapshot • Stored in S3 • Regional Transfers
- 14. Content Delivery Distribution • Content Delivery Network (CDN) • Download and Streaming (RTMP) Options • Geographic Restrictions Available • Custom Domains (APEX Support) • User-Defined Caching Behavior • Cookie/Header Forwarding Available • Device Detection Edge Locations • Cache Location • 50+ Locations Worldwide
- 15. Databases RDS • Relational Databases • Failover • Automated Snapshots • Read-Replicas (Cross Region) • Software • MySQL • Oracle • PostgreSQL • MSSQL DynamoDB • NoSQL Database • Guaranteed Performance ElastiCache • In-Memory Caching • Clustering Available • Software • Memcached • Redis
- 16. CloudWatch Alarms • Health Monitoring • Usable Across Most Services • 1-Minute Metrics • Custom Metrics / Intervals • User-Defined Actions / Behaviors on Trigger
- 17. Application Services SES • Email Service • Authenticated SMTP Relay SQS • Queueing Service • Adding JSON Tasks • Long-Polling SNS • Notification Service • Push Notifications • Protocols • HTTP • Email • Mobile • Cell Networks
- 18. Identity and Access Management Users / Groups • Custom Policies • Completely Granular • Managed Policies Roles • Server Roles • Rotating Credentials • SDK Auto-Queries Meta MFA • Multi-Factor Authentication • Ability to Force / Require
- 19. Who should and shouldn’t use AWS Who Should • Looking for Low Cost, High Availability • Highly fluctuating workloads Who Shouldn’t • Extra-ordinary requirements • Need for Bulk Bandwidth • Requirement for physical access
- 20. Best Practices and Quick Tips • Protect the Master Account • Enable Multi-Factor Authentication • Use IAM Accounts • Never store Access Keys in Source Code • Use Local Profiles • Use Server Roles • Never store data on EC2 Instances • Use RDS Databases • Use S3 for Files / Objects • Use auto-scaling of one instead of none
Editor's Notes
- Welcome Agenda Introduction Amazon Web Services (History, What it is, Misconceptions, Assurance, Big-Name Clients) Quick overview of AWS Products and Services Focusing on Entry/Mid-Level Frequently Used Services Skipping Enterprise-Level Dinner Use Cases / Practical Applications (including Q&A and Discussions around optimal AWS utilization)
- Late 1990s/Early 2000s Big Companies had scaling problems “Classic” server deployments in custom-built datacenters Oracle, IBM servers High overhead Expensive maintenance Google, Amazon and Microsoft all had the solve the problem and did so by building their own “Cloud” environments. Virtualized environments… Take advantage of all physical hardware by allowing multi-tenant environments Allowed near-instant provisioning and scaling (minutes vs hours) Allow software and hardware teams to work independently of each other Amazon launched their first public AWS Service (Simple Queue Service) in NOV 2004 Google and Microsoft started making their cloud environments publicly available in 2008
- Less Reliable Originates from poorly architected environments and applications not designed to gracefully fail. 99.999999999 (9 9’s) of reliability guaranteed Applications can be built to have automated failure recovery on top of Amazon’s failure recovery 11 Geographic Regions Each region is geographically separated across the world Each region has 3-5 availability zones exposed to each client (there are actually more than that in each region) Each Availability zone is physically separated (building/campus) from each other Entire AWS Ecosystem is designed to continue functioning with loss of AZ or even Region (if the application is designed to allow for it) ------ More Expensive Originates from not fully understanding the billing process and rate reduction options available. Pay as you go (PAYG) – pay for what you use, when you use it Prices listed online are often all “on-demand”. Options are available for “reserved” and “bulk” pricing. Spot Instances / Overcapacity also available (can discuss later). AutoScale application infrastructure as needed, automatically ------ Less Secure Originates from not fully understanding what shared responsibilities exist. Amazon managed infrastructure, you managed application. Clients own all of the data AWS offers options to encryption data both in motion (SSL) and at rest (Data Encryption) Clients can choose where data stored geographically (political or compliance) Data Versioning and Automated Backups of entire services and databases are all one-click on/off *Favorite Feature* -- Firewalls made easy (Security Groups) – fully managed, AWS handles hardware and network infrastructure security Provision dedicated hardware (only you are allowed to use) Physical Security Badge Controlled Access Guard Stations Armed Guards 24/7 Undisclosed Locations Monitored Security Cameras Alarms Segmented Rack Cages Completely Audited Access, Procedures and Processes Security often increases when using AWS due to security policies, countermeasures of scale Compliance List (next slide)
- Netflix – Perhaps one of the most well known on here Services 57 million members in 50 countries Delivers billions of hours of content per month Collects and tracks 10PB of analytics per month to improve the streaming experience SAP – The biggest enterprise software company on the planet Enterprise software handles and tracks 60% of the world’s GDP US Department of State – Pretty self explanatory Amazon.com – Amazon runs amazon.com entirely on the AWS infrastructure
- VPC is the your private network By default, instance can only communicate with each other (no outside access) It is possible to have services that have no external/public access Include an Internet Gateway for internet routing In its most basic configuration, works just like at home Internet Gateway = Router Security Groups = Firewall Set who can access what ports Eg. Port 80 (HTTP) and Port 443 (HTTPS) are globally accessible while your office/home IP has FTP access Eg. No-one can access MySQL outside of the VPC Network
- Instance Actual server Comparable to a VPS/Dedicated Server Multiple Distributions Ability to upload custom distribution ENI Elastic Network Interface Re-Assignable between instances Every piece of infrastructure has an ENI NAT = Network Address Translation AMI Amazon Machine Image Complete snapshot (disk and configurations) Type Independent (launch same AMI on multiple instance types)
- ENI Elastic Network Interface Re-Assignable between instances Every piece of infrastructure has an ENI ELB Elastic Load Balancer Infinitely Scalable with a single provisioned ELB (happens on the backend) Multiple Protocols Simultaneously SSL Termination Dual Stack Networking (IPv4 and IPv6) Auto Scaling Auto Scaling Groups (Rules) Launch Configurations (AMI + Instance Type) Handles the triggers and automated behavior for scaling
- Hosted Zone DNS Server Globally Distributed
- Use Auto-Scaling of 1 One ASG , min: 1, max: 1, desired 1: Provides failover/redundancy automatically No Cost