Establishing a Scalable, Resilient Web Architecture | AWS Public Sector Summit 2016
•Download as PPTX, PDF•
4 likes•1,935 views
Amazon Web Services (AWS) provides an ideal platform for running web architectures. This session describes the foundational services required for deploying an example web architecture. It covers Amazon EC2, Amazon EBS, Elastic Load Balancing, Auto Scaling, Amazon S3, Amazon RDS, and Amazon Machine Images (AMIs) and relates overviews of the services back to the example web architecture. After the initial architecture discussion, we will describe the usage of Amazon S3 for scalable content, Elastic Load Balancing, and Auto Scaling to provide high availability.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to Establishing a Scalable, Resilient Web Architecture | AWS Public Sector Summit 2016
Similar to Establishing a Scalable, Resilient Web Architecture | AWS Public Sector Summit 2016 (20)
More from Amazon Web Services
More from Amazon Web Services (20)
Recently uploaded
Recently uploaded (20)
Establishing a Scalable, Resilient Web Architecture | AWS Public Sector Summit 2016
- 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Establishing a Scalable, Resilient Web Architecture Todd M. Gagorik, Senior Manager, Solutions Architecture, AWS Web Services - WWPS June 20, 2016
- 2. Let’s Start with a Demo....
- 3. AWS Mission Enable businesses and developers to use web services* to build scalable, sophisticated applications. *What people now call “the cloud”
- 4. Gartner Magic Quadrant for Cloud Infrastructure as a Service, Worldwide Gartner “Magic Quadrant for Cloud Infrastructure as a Service, Worldwide,” Lydia Leong, Douglas Toombs, Bob Gill, May 18, 2015. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available at http://aws.amazon.com/resources/analyst-reports/. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
- 5. ON DEMAND }UNIFORM PAY AS YOU GO AVAILABLE
- 6. ON DEMAND }UNIFORM PAY AS YOU GO AVAILABLE
- 7. Compute Storage Security Scaling Database Networking Monitoring Messaging Workflow DNS Load Balancing BackupCDN }ON DEMAND UNIFORM PAY AS YOU GO AVAILABLE WEB SERVICE API
- 8. Physical Space Cabling Power Cooling Networking Racks Servers Storage Certification Labor On-Premises $0to Get Started no long-term contracts Cloud Computing vs.
- 10. But first…
- 11. Architected for Government Security Requirements Certifications and accreditations for workloads that matter AWS CloudTrail and AWS Config Call logging and configuration management for governance & compliance • Log, review, alarm on all user actions • Browse and query database of current and previous state of cloud resources
- 12. Security Is a Shared Responsibility Customers Refocus on Systems and Apps. Security experts are a scarce resource! Refocus your security professional on a subset of the problem. Facilities Physical security Compute infrastructure Storage infrastructure Network infrastructure Virtualization layer (Amazon EC2) Hardened service endpoints Rich AWS Identity and Access Management (IAM ) capabilities + = Network configuration Security groups OS firewalls Operating systems Application security Proper service configuration AuthN & account management Authorization policies Customers More secure and compliant systems than any single entity could achieve on its own
- 13. Economies of Scale Apply to Security and Compliance The customer community benefits from tough scrutiny, the world-class AWS security team, market-leading capabilities, and constant improvements. Everyone’s Systems and Applications Security Infrastructure Security Infrastructure Requirements Requirements Requirements Nothing better for the entire community than a tough set of customers…
- 14. AWS Global Infrastructure 11 AWS Regions 50+ AWS Edge Locations
- 15. AWS Global Infrastructure Availability Zone A Availability Zone B Availability Zone C EU (Ireland) Availability Zone A Availability Zone B South America (Sao Paulo) Availability Zone A Availability Zone B Asia Pacific (Sydney) Availability Zone A Availability Zone B GovCloud (OR) Availability Zone A Availability Zone B Availability Zone C Availability Zone D US East (VA) Availability Zone A Availability Zone B US West (CA) Availability Zone A Availability Zone B Asia Pacific (Singapore) Availability Zone A Availability Zone B Availability Zone C Asia Pacific (Tokyo) Availability Zone A Availability Zone B Availability Zone C US West (OR) Customer Decides Where Applications and Data Reside US REGIONS GLOBAL REGIONS Note: Conceptual drawing only. The number of Availability Zones may vary. Availability Zone A Availability Zone B EU (Frankfurt)
- 16. AWS Global Infrastructure Application Services Networking Deployment & Administration DatabaseStorageCompute
- 17. AWS S3 AWS SQS AWS EC2 AWS Simple DB AWS EBS AWS CloudFront Elastic Load Balancing Auto Scaling AWS VPC AWS RDS AWS SNS AWS IAM AWS Route 53 AWS SES AWS Elastic Beanstalk AWS CloudFormation AWS Elasticache AWS Direct Connect AWS GovCloud AWS Storage Gateway AWS DynamoDB AWS CloudSearch AWS SWF AWS Glacier AWS Redshift AWS Data Pipeline AWS Elastic Transcoder AWS OpsWorks AWS CloudHSM AWS AppStream AWS CloudTrail AWS WorkSpaces AWS Kinesis AWS ECS AWS Lambda AWS Config AWS CodeDeploy AWS RDS for Aurora AWS KMS AWS Cognito AWS WorkDocs AWS Directory Service AWS Mobile Analytics 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 AWS WorkMail AWS’ History of Innovation AWS has been continually expanding its services to support virtually any cloud workload, and it now has more than 40 services. April 9, 2015 AWS EFS AWS Machine Learning
- 18. Architect for High Availability
- 19. 1. Use multiple Availability Zones.
- 20. 2. Use Amazon RDS with replicas and standby.
- 21. 3. Use Auto Scaling groups.
- 22. 4. Use Elastic Load Balancing.
- 23. 5. Use Amazon Route 53 to host DNS zones.
- 24. Three Services: Better Together Amazon CloudWatch Elastic Load Balancing Auto Scaling
- 25. Use at regional level Combined with Auto Scaling, ELB will balance requests and resource capacity across Availability Zones Within Amazon VPC Use to load balance between application tiers within an Availability Zone Instance migrations Easily move instances from dev environments to test environments by moving between elastic load balancers Leverage SLA Improve application reliability with Route 53’s SLA on requests served Weighted routing Perform A/B analysis and staged application rollouts by moving a portion of traffic to new infrastructure Control TTLs and updates Take absolute control of DNS updates for more decisive system updates Scale databases without admin overhead Choose instance size for databases and scale up over time Add high availability from management console Create Multi-AZ deployments and Read Replicas. AWS takes care of the failover and recreation of a new standby in event of master DB loss Elastic Load Balancing Route 53 RDS Dynamically scale resources & control costs Provision only the resources that are required with scale up and cool down policies that match demand Auto Scaling Architect to Use Cloud Strengths
- 26. So, How Did It Go?
- 27. AWS CloudFormation? Simplified provisioning for the full breadth of AWS services. Create templates of the infrastructure and applications you want to run on AWS. CloudFormation automatically provisions the required AWS resources and their relationships from the templates. Easily version control, replicate, or update the infrastructure and applications. CloudFormation integrates with other development, CI/CD, and management tools.
- 28. Questions?
Editor's Notes
- So in 2006 AWS Web Services was born. It's mission was clear: to enable businesses and developers to use web services to scalable sophisticated applications. It's interesting to note that what we called Web Services, has now morphed into a common term 'the Cloud'. AWS Web Services is and always has been a distinct and individual AWS organization.
- REMINDER! Amazon Web Services to Gartner External Use Policy As a subscriber to Gartner Services, all Amazon Web Services associates are obligated to seek permission from Gartner in order to use the "Gartner" name, take excerpts of Gartner research or quote Gartner analysts. All such use must comply with the Gartner Copyright and Quote Policy on gartner.com, which includes submitting usage requests in writing to quote.requests@gartner.com for review and approval prior to distribution. It is very important to follow these requirements to insure that Amazon Web Services does not violate its agreement with Gartner. Approved talking points for internal and private meetings (e.g. customer meeting without other vendors or partners present): AWS is rated as the “Leader” in this market evaluation far ahead of all other vendors assessed for the fifth consecutive evaluation, dating back to 2011. Gartner increased its estimate of AWS market share and customer adoption over last year’s estimate – Gartner says in this report that AWS has ten times more cloud capacity in use than the other 14 providers combined (in 2014, that estimate was 5 times.) AWS improved its market leadership position across both axes in this evaluation year-over-year even as Gartner increased the requirements expected of providers in the evaluation. AWS is the only “Leader” recommended for implementing enterprise applications. Gartner recommends AWS for “all use cases that run well in a virtualized environment,” including enterprise applications. Competitors clearly lag behind AWS in features and customer adoption. In 2015, all vendors except Microsoft and Amazon fell below the mid-point on ability to execute, with IBM, CSS and Verizon slipping significantly and HP falling out of the report entirely. About Microsoft, Gartner states, “Furthermore, customers express concern about the global impact of many past Azure outages, which may necessitate ensuring that critical applications on Azure have a non-Azure disaster recovery solution.” About Google, Gartner states, “[Google] is still in the rudimentary stages of learning to engage with enterprise and midmarket customers, and needs to expand its sales, solutions engineering and support capabilities,” and that, “Google lacks many capabilities important to businesses that want to migrate legacy workloads to the cloud.” NOTE: the above comments and quotations cannot be used in any public forum. This is includes but is not limited to events and conferences (AWS, partner or customer), media events, user groups and written communications such as promotional materials, websites, and email to anyone external to AWS. If you are in doubt please contact aws-ar@amazon.com for help.
- To help understand why AWS Web Services and Cloud Computing are changing IT delivery, a nice comparison to make is that of a utility like electricity. When electricity was discovered businesses would generate their own, using steam generators to power factories. When electricity was brought together under a national system of supply, it was no longer necessary for everyone to generate their own and buy and maintain their generators, you could simply tap into the grid and use what you needed, paying only for what you did use, and be assured that the electricity you consumed was consistent and always available.
- To help understand why AWS Web Services and Cloud Computing are changing IT delivery, a nice comparison to make is that of a utility like electricity. When electricity was discovered businesses would generate their own, using steam generators to power factories. When electricity was brought together under a national system of supply, it was no longer necessary for everyone to generate their own and buy and maintain their generators, you could simply tap into the grid and use what you needed, paying only for what you did use, and be assured that the electricity you consumed was consistent and always available.
- Utility computing brings those same benefits to the delivery of IT - the factories of many businesses.
- services that are normally expensive to manage or difficult to use become available on-demand, in a uniform and available way, and only paid for when used. Just like electricity. This is what AWS does. It takes away the hard work from providing infrastructure IT services and makes them available to anyone on a pay as you go basis.
- services that are normally expensive to manage or difficult to use become available on-demand, in a uniform and available way, and only paid for when used. Just like electricity. This is what AWS does. It takes away the hard work from providing infrastructure IT services and makes them available to anyone on a pay as you go basis.
- Utility computing brings those same benefits to the deliver of IT - the factories of many businesses.
- If you look at the amount of certifications that AWS has achieved and secured for its customers over the last several years, influenced by what they told us matters most, it’s been a real enabler for enterprises to move. We have SOC 1, SOC 2 and SOC 3, and ISO27001. Customers can be PCI and HIPAA compliant on AWS and we have a number of public sector certifications like FIZMA, ITAR, FEDRAMP and have been successfully evaluated at the Moderate level for Federal government systems as well as DIACAP Level 2 for DoD systems. We also recently launched our latest certification ISO9001 which is primarily for healthcare, life sciences, medical devices, automotive and aerospace.
- We see security as a shared responsibility model with the customer. We manage and control the components from the host operating system and virtualization layer down to the physical security of the facilities in which the services operate, and the customers are responsible for building secure applications. The cloud paradigm hugely reduces the total “security surface area” that customer security experts need to take care of for themselves. They rely on us (as verified by our auditors) for all the low level infrastructure security. They can then refocus their expertise on the higher level OS and application security issues. With that narrower focus, that “reduced security surface area,” comes better security. Your experts can focus and achieve better results in the areas that are more closely related to the differentiated value for your business or mission, as opposed to the generic “undifferentiated heavy lifting” that applies to low-level security and compliance work as well as infrastructure management itself.
- When big institutions submit stringent security requirements to us, and review the audit findings of our compliance auditors, we build their requirements and incorporate their feedback into the platform. EVERYBODY benefits from them. We don’t build “one off” solutions for anyone, so everybody benefits from the improvements made for any customer. In many cases, this results in a better security profile than what each individual firm could accomplish on their own.