As more customers adopt Amazon Virtual Private Cloud architectures, the features and flexibility of the service are squaring off against increasingly complex design requirements. This session follows the evolution of a single regional VPC into a multi-VPC, multi-region design with diverse connectivity into on-premises systems and infrastructure. Along the way, we investigate creative customer solutions for scaling and securing outbound VPC traffic, managing multi-tenant VPCs, conducting VPC-to-VPC traffic, extending corporate federation and name services into VPC, running multiple hybrid environments over AWS Direct Connect, and integrating corporate multiprotocol label switching (MPLS) clouds into multi-region VPCs.
Selecting the Best VPC Network Architecture (CPN208) | AWS re:Invent 2013Amazon Web Services
Which is better: a single VPC with multiple subnets or multiple accounts with many VPCs? Should you simplify management with a single VPC or use multiple VPCs to lessen the blast radius of network changes? In this session, we hear from customers who've implemented each approach and discuss how they addressed management, security, and connectivity for their Amazon EC2 environments.
Amazon EC2 to Amazon VPC: A case study (CPN301) | AWS re:Invent 2013Amazon Web Services
In this session, you learn about Amazon Virtual Private Cloud and why you should consider using it for your applications. You also hear from the makers of Lucidchart, an online diagramming tool, which was originally launched in 2008 on the Amazon EC2 Classic platform. As the user base grew, so did their need for a more robust, secure infrastructure. After much debate about other vendors and colocation, Lucidchart chose Amazon VPC. To find out why, check out this session for a comparison of Amazon EC2 Classic against Amazon VPC. Matthew Barlocker, Chief Architect at Lucidchart, discusses their migration plan, pain points, and unexpected issues.
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...Amazon Web Services
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) cloud where you can launch AWS resources in a virtual data center that you define. In this session you learn how to leverage the VPC networking constructs to configure a highly available and secure virtual data center on AWS for your application. We cover best practices around choosing an IP range for your VPC, creating subnets, configuring routing, securing your VPC, establishing VPN connectivity, and much more. The session culminates in creating a highly available web application stack inside of VPC and testing its availability with Chaos Monkey.
(ENT308) Best Practices for Implementing Hybrid Architecture Solutions | AWS ...Amazon Web Services
In this session, Datapipe's Chief Technology Officer, John Landy, will lead a conversation with Datapipe Solution Architects around the steps taken to architect and manage an end-to-end hybrid infrastructure. This session will cover real world hybrid use-cases including migration, disaster recovery, governance, compliance and redundancy with multi-zone, multi-region deployments through discussion of three common challenges organizations face when moving to the cloud:
Architecting a Secure and Compliant Hybrid Solution
Staging Migrations: Getting from point A to point B to point AB
Ongoing management and optimization
Sponsored by Datapipe
AWS June Webinar Series - Deep dive: Hybrid ArchitecturesAmazon Web Services
In this webinar, learn how you evaluate, design, build, and manage distributed applications over hybrid infrastructures using Amazon Web Services. This webinar follows the evolution of a simple legacy data center expansion with basic connectivity into managing complex hybrid applications. Along the way, we investigate best practice designs in use by AWS customers. Topics covered include: interconnectivity, availability, security, hybrid networks with Amazon VPC and AWS Direct Connect as well as how AWS makes it easy to automate provisioning.
Learning Objectives: • Learn how to evaluate, design, build, and manage distributed applications over hybrid infrastructures using AWS. • Understand hybrid architecture topology and points of integration with AWS. • See example architectures and hear best practices from successful hybrid implementations
Who Should Attend: • Network managers, Infrastructure architects, Application owners
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...Amazon Web Services
In this session, we walk through the fundamentals of Amazon VPC. First, we cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks that AWS makes available with Amazon VPC and how you can connect this with your offices and current data center footprint.
Selecting the Best VPC Network Architecture (CPN208) | AWS re:Invent 2013Amazon Web Services
Which is better: a single VPC with multiple subnets or multiple accounts with many VPCs? Should you simplify management with a single VPC or use multiple VPCs to lessen the blast radius of network changes? In this session, we hear from customers who've implemented each approach and discuss how they addressed management, security, and connectivity for their Amazon EC2 environments.
Amazon EC2 to Amazon VPC: A case study (CPN301) | AWS re:Invent 2013Amazon Web Services
In this session, you learn about Amazon Virtual Private Cloud and why you should consider using it for your applications. You also hear from the makers of Lucidchart, an online diagramming tool, which was originally launched in 2008 on the Amazon EC2 Classic platform. As the user base grew, so did their need for a more robust, secure infrastructure. After much debate about other vendors and colocation, Lucidchart chose Amazon VPC. To find out why, check out this session for a comparison of Amazon EC2 Classic against Amazon VPC. Matthew Barlocker, Chief Architect at Lucidchart, discusses their migration plan, pain points, and unexpected issues.
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...Amazon Web Services
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) cloud where you can launch AWS resources in a virtual data center that you define. In this session you learn how to leverage the VPC networking constructs to configure a highly available and secure virtual data center on AWS for your application. We cover best practices around choosing an IP range for your VPC, creating subnets, configuring routing, securing your VPC, establishing VPN connectivity, and much more. The session culminates in creating a highly available web application stack inside of VPC and testing its availability with Chaos Monkey.
(ENT308) Best Practices for Implementing Hybrid Architecture Solutions | AWS ...Amazon Web Services
In this session, Datapipe's Chief Technology Officer, John Landy, will lead a conversation with Datapipe Solution Architects around the steps taken to architect and manage an end-to-end hybrid infrastructure. This session will cover real world hybrid use-cases including migration, disaster recovery, governance, compliance and redundancy with multi-zone, multi-region deployments through discussion of three common challenges organizations face when moving to the cloud:
Architecting a Secure and Compliant Hybrid Solution
Staging Migrations: Getting from point A to point B to point AB
Ongoing management and optimization
Sponsored by Datapipe
AWS June Webinar Series - Deep dive: Hybrid ArchitecturesAmazon Web Services
In this webinar, learn how you evaluate, design, build, and manage distributed applications over hybrid infrastructures using Amazon Web Services. This webinar follows the evolution of a simple legacy data center expansion with basic connectivity into managing complex hybrid applications. Along the way, we investigate best practice designs in use by AWS customers. Topics covered include: interconnectivity, availability, security, hybrid networks with Amazon VPC and AWS Direct Connect as well as how AWS makes it easy to automate provisioning.
Learning Objectives: • Learn how to evaluate, design, build, and manage distributed applications over hybrid infrastructures using AWS. • Understand hybrid architecture topology and points of integration with AWS. • See example architectures and hear best practices from successful hybrid implementations
Who Should Attend: • Network managers, Infrastructure architects, Application owners
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...Amazon Web Services
In this session, we walk through the fundamentals of Amazon VPC. First, we cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks that AWS makes available with Amazon VPC and how you can connect this with your offices and current data center footprint.
The features and flexibility of VPCs can support increasingly complex designs, and connecting your off-cloud environment to Amazon Web Services adds an additional layer of complexity. This session will dive deep into customer network-to-VPC connectivity options (DX, VPN, failover modes) and discuss decision points when designing VPCs.
Speaker: David Murray, Solutions Architect, Amazon Web Services
For more training on AWS, visit: https://www.qa.com/amazon
AWS Loft | London - Amazon Virtual Private Cloud by Andrew Kane, Solution Architect
April 18, 2016
Hybrid Infrastructure Integration is an approach to connect on-premises IT resources with AWS and bridge processes, services, and technologies used in common enterprise customer environments. This session addresses connectivity patterns, security controls, account governance, and operations monitoring approaches successfully implemented in enterprise engagements. Infrastructure architects and IT professionals can get an overview of various integration types, approaches, methodologies, and common service patterns, helping them to better understand and overcome typical challenges in hybrid enterprise environments.
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...Amazon Web Services
In this session, you learn why Twilio chose to migrate from Amazon EC2-Classic to VPC and how they leveraged features available only in VPC, specifically:
- AWS CloudHSM: Build out a secure key encryption or role-based access control for internal use; also used to securely store and encrypt data for external customers.- Elastic Network Interface (ENI): Allows multiple Elastic IPs per instance and the ability to move network interface between instances.- Hardware Virtual Machine (HVM) instances w/SRV-IO: New hardware virtualized instances that allow line-level performance of network interfaces for up to 10g Ethernet speeds. Secure data-in-transit by default, which ensures all machines communicate via a software-defined network and work in the same manner as VLAN tagging for compliance reasons. Sponsored by Twilio.
As enterprises move to the cloud, robust connectivity is often an early consideration. AWS Direct Connect provides a more consistent network experience for accessing your AWS resources, typically with greater bandwidth and reduced network costs. This session dives deep into the features of AWS Direct Connect and VPNs. We discuss deployment architectures and demonstrate the process from start to finish. We’ll show you how to configure public and private virtual interfaces, configure routers, use VPN backup, and provide secure communication between sites by using the AWS VPN CloudHub.
How do you build an architecture designed from the beginning to withstand failure? This webinar will cover techniques to develop a highly available application architecture that is capable of withstanding disaster and failure. Learn how to use multiple Availability Zones to spread your application or workload across multiple physical locations to isolate yourself from physical and geographical disruptions. Replicate your database and state information to increase availability.
Learning Objectives:
• How to design for failure
• How to distribute your application across Multiple Availability Zones (physically different data centers)
• How to scale your application as traffic grows and / or shrinks
• How to make your application self healing
• How to add loose coupling into your application to make it more survivable
Who Should Attend:
- Solutions Architects
- Developers, Administrators
- Dev-Ops Engineers
As more customers adopt Amazon VPC architectures, the features and flexibility of the service are squaring off against evolving design requirements. This session follows this evolution of a single regional VPC into a multi-VPC, multiregion design with diverse connectivity into on-premises systems and infrastructure. Along the way, we investigate creative customer solutions for scaling and securing outbound VPC traffic, securing private access to S3, managing multitenant VPCs, integrating existing customer networks through AWS Direct Connect and building a full VPC mesh network across global regions.
(ARC403) From One to Many: Evolving VPC Design | AWS re:Invent 2014Amazon Web Services
As more customers adopt Amazon VPC architectures, the features and flexibility of the service are squaring off against increasingly complex design requirements. This session follows the evolution of a single regional VPC into a multi-VPC, multiregion design with diverse connectivity into on-premises systems and infrastructure. Along the way, we investigate creative customer solutions for scaling and securing outbound VPC traffic, managing multitenant VPCs, conducting VPC-to-VPC traffic, running multiple hybrid environments over AWS Direct Connect, and integrating corporate multiprotocol label switching (MPLS) clouds into multiregion VPCs.
(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014Amazon Web Services
Hybrid Infrastructure Integration is an approach to connect on-premises IT resources with AWS and bridge processes, services, and technologies used in common enterprise customer environments. This session addresses connectivity patterns, security controls, account governance, and operations monitoring approaches successfully implemented in enterprise engagements. Infrastructure architects and IT professionals can get an overview of various integration types, approaches, methodologies, and common service patterns, helping them to better understand and overcome typical challenges in hybrid enterprise environments.
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)Amazon Web Services
As more customers adopt Amazon VPC architectures, the features and flexibility of the service are squaring off against evolving design requirements. This session follows this evolution of a single regional VPC into a multi-VPC, multi-region design with diverse connectivity into on-premises systems and infrastructure. Along the way, we investigate creative customer solutions for scaling and securing outbound VPC traffic, securing private access to Amazon S3, managing multi-tenant VPCs, integrating existing customer networks through AWS Direct Connect, and building a full VPC mesh network across global regions.
Walk through this hands-on workshop to expand your AWS technical skills. Gain credibility for your experience working with AWS by building proficiency with services and solutions in the areas of AWS Architecture Fundamentals.
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep DiveAmazon Web Services
In this session, we explore AWS support for IPv6 for full end-to-end connectivity for EC2 instances inside of a VPC. IPv6 on EC2 instances introduces new capabilities and interesting new wrinkles into the VPC model. Customer VPCs receive IPv6 addresses from an Amazon address block, and existing features such as security groups, network ACLs, route tables, peering, and gateways have been enhanced to support IPv6. Finally, we look at some future capabilities planned for IPv6 in VPC.
Helping to protect the security of our customers content is of utmost importance to AWS, as is maintaining customer trust and confidence. Under the AWS shared responsibility model, AWS provides a secure global infrastructure, including compute, storage, networking and database services, as well as a range of high level services.
AWS provides a range of security services and features that AWS customers can use to secure their content and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organization's security and compliance objectives.
Reasons to attend:
- Learn about the AWS approach to security and how responsibilities are shared between AWS and our customers.
- Learn how to build your own secure virtual private cloud and integrate it with your existing solutions.
- Learn how to use AWS services and scale to assist in mitigation against attacks.
- Learn best practices for securing your AWS account, your content and your applications.
This session introduces Lambda@Edge, a new AWS Lambda feature that allows developers to perform simple computations at AWS edge locations in response to CloudFront events. This will be of interest to developers who want to build low-latency, customized web experiences. We cover product functionality and details of the programming model, and we walk through potential use cases.
(CMP401) Elastic Load Balancing Deep Dive and Best PracticesAmazon Web Services
Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances for fault tolerance and load distribution. In this session, we go into detail about Elastic Load Balancing's configuration and day-to-day management, as well as its use in conjunction with Auto Scaling. We explain how to make decisions about the service and share best practices and useful tips for success.
AWS CloudFormation template with single & redundant systemNaoya Hashimoto
* Use CloudFormation to create Stacks composed of VPC, Internet Gateway, Route Table, ELB, EC2 Instance, EBS Volumes
* Single pattern with EC2 Instances WEB server and DB server with the same AZ
* Redundant pattern with EC2 Instances WEB server and DB server with multi-AZ
The features and flexibility of VPCs can support increasingly complex designs, and connecting your off-cloud environment to Amazon Web Services adds an additional layer of complexity. This session will dive deep into customer network-to-VPC connectivity options (DX, VPN, failover modes) and discuss decision points when designing VPCs.
Speaker: David Murray, Solutions Architect, Amazon Web Services
For more training on AWS, visit: https://www.qa.com/amazon
AWS Loft | London - Amazon Virtual Private Cloud by Andrew Kane, Solution Architect
April 18, 2016
Hybrid Infrastructure Integration is an approach to connect on-premises IT resources with AWS and bridge processes, services, and technologies used in common enterprise customer environments. This session addresses connectivity patterns, security controls, account governance, and operations monitoring approaches successfully implemented in enterprise engagements. Infrastructure architects and IT professionals can get an overview of various integration types, approaches, methodologies, and common service patterns, helping them to better understand and overcome typical challenges in hybrid enterprise environments.
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...Amazon Web Services
In this session, you learn why Twilio chose to migrate from Amazon EC2-Classic to VPC and how they leveraged features available only in VPC, specifically:
- AWS CloudHSM: Build out a secure key encryption or role-based access control for internal use; also used to securely store and encrypt data for external customers.- Elastic Network Interface (ENI): Allows multiple Elastic IPs per instance and the ability to move network interface between instances.- Hardware Virtual Machine (HVM) instances w/SRV-IO: New hardware virtualized instances that allow line-level performance of network interfaces for up to 10g Ethernet speeds. Secure data-in-transit by default, which ensures all machines communicate via a software-defined network and work in the same manner as VLAN tagging for compliance reasons. Sponsored by Twilio.
As enterprises move to the cloud, robust connectivity is often an early consideration. AWS Direct Connect provides a more consistent network experience for accessing your AWS resources, typically with greater bandwidth and reduced network costs. This session dives deep into the features of AWS Direct Connect and VPNs. We discuss deployment architectures and demonstrate the process from start to finish. We’ll show you how to configure public and private virtual interfaces, configure routers, use VPN backup, and provide secure communication between sites by using the AWS VPN CloudHub.
How do you build an architecture designed from the beginning to withstand failure? This webinar will cover techniques to develop a highly available application architecture that is capable of withstanding disaster and failure. Learn how to use multiple Availability Zones to spread your application or workload across multiple physical locations to isolate yourself from physical and geographical disruptions. Replicate your database and state information to increase availability.
Learning Objectives:
• How to design for failure
• How to distribute your application across Multiple Availability Zones (physically different data centers)
• How to scale your application as traffic grows and / or shrinks
• How to make your application self healing
• How to add loose coupling into your application to make it more survivable
Who Should Attend:
- Solutions Architects
- Developers, Administrators
- Dev-Ops Engineers
As more customers adopt Amazon VPC architectures, the features and flexibility of the service are squaring off against evolving design requirements. This session follows this evolution of a single regional VPC into a multi-VPC, multiregion design with diverse connectivity into on-premises systems and infrastructure. Along the way, we investigate creative customer solutions for scaling and securing outbound VPC traffic, securing private access to S3, managing multitenant VPCs, integrating existing customer networks through AWS Direct Connect and building a full VPC mesh network across global regions.
(ARC403) From One to Many: Evolving VPC Design | AWS re:Invent 2014Amazon Web Services
As more customers adopt Amazon VPC architectures, the features and flexibility of the service are squaring off against increasingly complex design requirements. This session follows the evolution of a single regional VPC into a multi-VPC, multiregion design with diverse connectivity into on-premises systems and infrastructure. Along the way, we investigate creative customer solutions for scaling and securing outbound VPC traffic, managing multitenant VPCs, conducting VPC-to-VPC traffic, running multiple hybrid environments over AWS Direct Connect, and integrating corporate multiprotocol label switching (MPLS) clouds into multiregion VPCs.
(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014Amazon Web Services
Hybrid Infrastructure Integration is an approach to connect on-premises IT resources with AWS and bridge processes, services, and technologies used in common enterprise customer environments. This session addresses connectivity patterns, security controls, account governance, and operations monitoring approaches successfully implemented in enterprise engagements. Infrastructure architects and IT professionals can get an overview of various integration types, approaches, methodologies, and common service patterns, helping them to better understand and overcome typical challenges in hybrid enterprise environments.
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)Amazon Web Services
As more customers adopt Amazon VPC architectures, the features and flexibility of the service are squaring off against evolving design requirements. This session follows this evolution of a single regional VPC into a multi-VPC, multi-region design with diverse connectivity into on-premises systems and infrastructure. Along the way, we investigate creative customer solutions for scaling and securing outbound VPC traffic, securing private access to Amazon S3, managing multi-tenant VPCs, integrating existing customer networks through AWS Direct Connect, and building a full VPC mesh network across global regions.
Walk through this hands-on workshop to expand your AWS technical skills. Gain credibility for your experience working with AWS by building proficiency with services and solutions in the areas of AWS Architecture Fundamentals.
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep DiveAmazon Web Services
In this session, we explore AWS support for IPv6 for full end-to-end connectivity for EC2 instances inside of a VPC. IPv6 on EC2 instances introduces new capabilities and interesting new wrinkles into the VPC model. Customer VPCs receive IPv6 addresses from an Amazon address block, and existing features such as security groups, network ACLs, route tables, peering, and gateways have been enhanced to support IPv6. Finally, we look at some future capabilities planned for IPv6 in VPC.
Helping to protect the security of our customers content is of utmost importance to AWS, as is maintaining customer trust and confidence. Under the AWS shared responsibility model, AWS provides a secure global infrastructure, including compute, storage, networking and database services, as well as a range of high level services.
AWS provides a range of security services and features that AWS customers can use to secure their content and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organization's security and compliance objectives.
Reasons to attend:
- Learn about the AWS approach to security and how responsibilities are shared between AWS and our customers.
- Learn how to build your own secure virtual private cloud and integrate it with your existing solutions.
- Learn how to use AWS services and scale to assist in mitigation against attacks.
- Learn best practices for securing your AWS account, your content and your applications.
This session introduces Lambda@Edge, a new AWS Lambda feature that allows developers to perform simple computations at AWS edge locations in response to CloudFront events. This will be of interest to developers who want to build low-latency, customized web experiences. We cover product functionality and details of the programming model, and we walk through potential use cases.
(CMP401) Elastic Load Balancing Deep Dive and Best PracticesAmazon Web Services
Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances for fault tolerance and load distribution. In this session, we go into detail about Elastic Load Balancing's configuration and day-to-day management, as well as its use in conjunction with Auto Scaling. We explain how to make decisions about the service and share best practices and useful tips for success.
AWS CloudFormation template with single & redundant systemNaoya Hashimoto
* Use CloudFormation to create Stacks composed of VPC, Internet Gateway, Route Table, ELB, EC2 Instance, EBS Volumes
* Single pattern with EC2 Instances WEB server and DB server with the same AZ
* Redundant pattern with EC2 Instances WEB server and DB server with multi-AZ
AWS Enterprise Day | Running Critical Business Applications on AWSAmazon Web Services
The Cloud Journey for many enterprise customers starts with an initial migration of websites and mobile applications to AWS, followed by deployment of their critical business services. These services, such as SAP and Oracle, are typically more complex and underpin many business processes in the customer's organisation and may be deployed as hybrid solutions, integrated closely with other internal and external services. To do this, customers need to have fast and reliable connectivity to existing on-premise networks, as we covered in the previous session. Let's look at how we can now build on that to help you understand the benefits that many customers have achieved when they moved their business applications to AWS.
AWS Summit London 2014 - JUST EAT - High Availability and Rapid Changedaniel-richardson
Nearly 1,000 takeaways ordered a minute from hungry consumers, with near real time confirmation from restaurants and delivery of their food just 45 minutes later is a hard technical challenge.
AWS allows the many small engineering teams at JUST EAT to take responsibility to meet that challenge, as they build and operate a platform that delivers a takeaway experience for consumers to love.
Learn how we migrated our e-commerce platform to AWS and organise both our platform and teams around the the twin goals of rapid change and high availability. During the session we break things live in production, and watch how the JUST EAT platform is designed around AWS to recover quickly and automatically.
Learn how to use Amazon Web Services (AWS). This "how-to" webinar will cover the basics to get started with AWS. After a brief overview, this session will dive into discussions of core AWS services and provide demonstrations of how to set up and utilize those services. Demonstrations and discussions will include:
- Setting up and connecting to your first Elastic Compute Cloud (EC2) virtual machine
- How to backup and restore your virtual machine instance
- How to set an email alert for changes in your virtual machine instance
- How to Upload files to Amazon's Simple Storage Service (S3) and make them publicly available on the Internet
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013Amazon Web Services
As more customers adopt Amazon Virtual Private Cloud architectures, the features and flexibility of the service are squaring off against increasingly complex design requirements. This session follows the evolution of a single regional VPC into a multi-VPC, multi-region design with diverse connectivity into on-premises systems and infrastructure. Along the way, we investigate creative customer solutions for scaling and securing outbound VPC traffic, managing multi-tenant VPCs, conducting VPC-to-VPC traffic, extending corporate federation and name services into VPC, running multiple hybrid environments over AWS Direct Connect, and integrating corporate multiprotocol label switching (MPLS) clouds into multi-region VPCs.
In this advanced technical session, learn how you can use AWS to build and deploy virtual data centers as fast as you design them. This session follows the evolution of a single regional Amazon Virtual Private Cloud (VPC) into a multi-VPC, multi-region design with diverse connectivity into on-premises systems and infrastructure. Along the way, we investigate best practice designs in use by AWS customers to simplify and optimize as they grow. Topics covered include: automating virtual data centers with CloudFormation, scaling and securing outbound VPC traffic, Peering VPCs within a region, and running global hybrid networks with VPC and Direct Connect.
AWS Summit London 2014 | From One to Many - Evolving VPC Design (400)Amazon Web Services
In this advanced technical session you will learn how you can use AWS to build and deploy virtual data centres as fast as you can design them. Learn how to combine CloudFormation templates together with best practice techniques that are in use by AWS customers today to optimise the design and implementation of your VPCs
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013Amazon Web Services
As more customers adopt Amazon Virtual Private Cloud architectures, the features and flexibility of the service are squaring off against increasingly complex design requirements. This session follows the evolution of a single regional VPC into a multi-VPC, multi-region design with diverse connectivity into on-premises systems and infrastructure. Along the way, we investigate creative customer solutions for scaling and securing outbound VPC traffic, managing multi-tenant VPCs, conducting VPC-to-VPC traffic, extending corporate federation and name services into VPC, running multiple hybrid environments over AWS Direct Connect, and integrating corporate multiprotocol label switching (MPLS) clouds into multi-region VPCs.
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...Amazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
The Getting Started on AWS deck serves to introduce Amazon users and prospective customers to the Amazon VPC, EC2 and the concepts and components that are necessary building Fault Tolerant & High Available environments on AWS. It also serves to introduce services like Direct Connect, Router53 (Amazon DNS Service) and one of our new additions, the Amazon
Application Load Balancer (ALB). After perusing this deck, users should have a better understanding of what these services are and their propose benefits.
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). We will discuss core VPC concepts including picking your IP space, subnetting, routing, security, NAT and VPC Endpoints.
Creating Your Virtual Data Center - AWS Summit Bahrain 2017Amazon Web Services
In this session, we walk through the fundamentals of Amazon Virtual Private Cloud (Amazon VPC). First, we cover build-out and design fundamentals for Amazon VPC, including picking your IP space, subnetting, routing, security, network address translation instances, and much more. We then examine how to optimally connect Amazon VPC to your physical data center with VPN or AWS Direct Connect.
AWS re:Invent 2016: Hybrid Architecture Design: Connecting Your On-Premises W...Amazon Web Services
You’re trying to minimize your time to deploy applications, reduce capital expenditure, and take advantage of the economies of scale made possible by using Amazon Web Services; however, you have existing on-premises applications that are not quite ready for complete migration. Hybrid architecture design can help! In this session, we discuss the fundamentals that any architect needs to consider when building a hybrid design from the ground up. Attendees get exposure to Amazon VPC, VPNs, Amazon Direct Connect, on-premises routing and connectivity, application discovery and definition, and how to tie all of these components together into a successful hybrid architecture.
Microsoft technologies form the backbone of many Enterprise IT Infrastructures. Whether you are running Microsoft Exchange, Sharepoint, SQL Server or Active Directory; chances are you rely upon you these services for your mission critical needs. Solutions Architects and IT professionals will get an overview of the common Microsoft workloads running on AWS including approaches for server migrations, design and deployment of infrastructure services and maintenance and monitoring of those services once they are in production.
Microsoft technologies form the backbone of many Enterprise IT Infrastructures. Whether you are running Microsoft Exchange, SharePoint, SQL Server or Active Directory; chances are you rely upon you these services for your mission critical needs. Solutions Architects and IT professionals will get an overview of the common Microsoft workloads running on AWS including approaches for server migrations, design and deployment of infrastructure services and maintenance and monitoring of those services once they are in production.
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
Presented by: Koen Biggelaar, Senior Manager Solutions Architecture, Amazon Web Services
Customer Guest: Jurjan Woltman, Architect, Wehkamp
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...Amazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...Amazon Web Services
In this session, we walk through the fundamentals of Amazon VPC. First, we cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This midlevel architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks that AWS makes available with VPC. Learn how you can connect your VPC with your offices and current data center footprint. This session adds a focus on AWS Partners and where they are relevant in AWS networking.
Fundamentals of Networking and Security on AWS - AWS Summit Tel Aviv 2017Amazon Web Services
In this session, we walk through the fundamentals of Amazon VPC, it’s Security features and how you should make use of Identity and Access Management (IAM). First, we cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, VPC Endpoints, IAM Policies and more. We will also briefly consider the different approaches and use cases for optionally connecting your VPC to your physical data center. This fundamentals sessions is aimed at all new users to AWS, interested in understanding some of the building blocks that AWS makes available with Amazon VPC.
ENT202 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity O...Amazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
Similar to From One to Many: Evolving VPC Design (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
7. Plan your VPC IP space before
creating it
• Consider future AWS region expansion
• Consider future connectivity to your internal networks
• Consider subnet design
• VPC can be /16 down to /28
• CIDR cannot be modified after creation
• Overlapping IP spaces = future headache
9. Public Subnet
Private Subnet
Public Subnet
Availability Zone B
Private Subnet
Instance A
10.1.1.11 /24
Instance C
10.1.3.33 /24
Instance B
10.1.2.22 /24
Instance D
10.1.4.44 /24
VPC CIDR: 10.1.0.0 /16
Availability Zone A
10. Public Subnet
Availability Zone A
Private Subnet
Public Subnet
Availability Zone B
Private Subnet
Instance A
10.1.1.11 /24
Instance C
10.1.3.33 /24
Instance B
10.1.2.22 /24
Instance D
10.1.4.44 /24
VPC CIDR: 10.1.0.0 /16
.1
.1 .1
.1
11. Public Subnet
Private Subnet
Public Subnet
Availability Zone B
Private Subnet
Instance A
10.1.1.11 /24
Instance C
10.1.3.33 /24
Instance B
10.1.2.22 /24
Instance D
10.1.4.44 /24
VPC CIDR: 10.1.0.0 /16
Route Table
Destination Target
10.1.0.0/16 local
Availability Zone A
13. Availability Zone B
Public Subnet
Availability Zone A
Private Subnet
Public Subnet
Private Subnet
Instance A
10.1.1.11 /24
Instance C
10.1.3.33 /24
Instance B
10.1.2.22 /24
Instance D
10.1.4.44 /24
VPC CIDR: 10.1.0.0 /16
Route Table
Destination Target
10.1.0.0/16 local
10.1.1.0/24 Instance B
14. Availability Zone B
Public Subnet
Availability Zone A
Private Subnet
Public Subnet
Private Subnet
Instance A
10.1.1.11 /24
Instance C
10.1.3.33 /24
Instance B
10.1.2.22 /24
Instance D
10.1.4.44 /24
VPC CIDR: 10.1.0.0 /16
Route Table
Destination Target
10.1.0.0/16 local
10.1.1.0/24 Instance B
15. Network ACLs vs. Security Groups
NACLs
• Applied to subnets (1 per)
• Stateless
• Allow & deny (blacklist)
• Rules processed in order
Security groups
• Applied to instance ENI (up
to 5 per)
• Stateful
• Allow only (whitelist)
• Rules evaluated as a whole
• Can reference other
security groups in the same
VPC
VPC Subnet
Elastic network
interface
Security group
Network ACL
16. VPC Network ACLs: What Are They Good For?
• Enforcing baseline security policy
– Example:
“No TFTP, NetBIOS or SMTP shall egress this
subnet”
• Catchall for holes in instance
security groups
• Segregation of security between
network ops and dev ops
VPC Subnet
Instance
17. VPC Network ACLs: Best Practices
• Use sparingly, keep it simple
• Avoid ephemeral port range allows
• Create rule #’s with room to grow
• Use IAM to control tightly who can alter or delete NACLs
Pushing this will hurt!
Default network ACL:
18. Create an IAM VPC Admin Group
Examples of “High Blast Radius” VPC API calls that should be restricted:
AttachInternetGateway
AssociateRouteTable
CreateRoute
DeleteCustomerGateway
DeleteInternetGateway
DeleteNetworkAcl
DeleteNetworkAclEntry
DeleteRoute
DeleteRouteTable
DeleteDhcpOptions
ReplaceNetworkAclAssociation
DisassociateRouteTable
{Support
Resource
Permissions
20. Public Subnet
Availability Zone A
Private Subnet
Public Subnet
Availability Zone B
Private Subnet
Instance A
10.1.1.11 /24
Instance C
10.1.3.33 /24
Instance B
10.1.2.22 /24
Instance D
10.1.4.44 /24
VPC CIDR: 10.1.0.0 /16
Creating ways “out”
of a VPC
21. Public Subnet
Availability Zone A
Private Subnet
Public Subnet
Availability Zone B
Private Subnet
Instance A
10.1.1.11 /24
Instance C
10.1.3.33 /24
Instance B
10.1.2.22 /24
Instance D
10.1.4.44 /24
VPC CIDR: 10.1.0.0 /16
Virtual
Private
Gateway
Internet
Gateway
Only 1 IGW and 1 VGW
per VPC
VPN
connection
Customer
data center
Customer
data center
AWS Direct
Connect
Route Table
Destination Target
10.1.0.0/16 local
Internal CIDR VGW
22. Public Subnet
Availability Zone A
Private Subnet
Public Subnet
Availability Zone B
Private Subnet
Instance A
10.1.1.11 /24
Instance C
10.1.3.33 /24
Instance B
10.1.2.22 /24
Instance D
10.1.4.44 /24
VPC CIDR: 10.1.0.0 /16
Route
Table
Route Table
Destination Target
10.1.0.0/16 local
0.0.0.0/0 IGW
23. Ways to Assign Public IPs
Elastic IP address (EIP)
• Associated with AWS account and not a specific instance
• 1 public IP to 1 private IP static NAT mapping
• Instance does not “see” an EIP associated to it
• Persists independently of the instance
• Can be assigned while instance is stopped or running
• Can be moved, reassigned to other ENIs
24. Ways to Assign Public IPs
Automatic dynamic public IP assignment
• Done on instance launch into VPC subnet
• Public IP is dynamic and could change if instance is
stopped and restarted
• Does not count against AWS account EIP limits
• Works only on instances with a single ENI
25. Public Subnet
Availability Zone A
Private Subnet
Public Subnet
Availability Zone B
Private Subnet
Instance A
Public: 54.200.129.18
Private: 10.1.1.11 /24
Instance C
10.1.3.33 /24
Instance B
10.1.2.22 /24
Instance D
10.1.4.44 /24
Route
Table
Internet
Amazon S3 Amazon Dynamo DB
AWS
region
AWS outside the VPC
26. Examples of AWS outside the VPC
• AWS API endpoints
– Think about which APIs you might be calling from instances within the
VPC
– Good examples: Amazon EC2, AWS CloudFormation, Auto Scaling,
Amazon SWF, Amazon SQS, Amazon SNS
• Regional services
– Amazon S3
– Amazon Dynamo DB
• Software and patch repositories
– Amazon Linux repo allows access only from AWS public IP blocks
27. Public Subnet
Availability Zone A
Private Subnet
Public Subnet
Availability Zone B
Private Subnet
Instance A
Public: 54.200.129.18
Private: 10.1.1.11 /24
Instance C
10.1.3.33 /24
Instance B
10.1.2.22 /24
Instance D
10.1.4.44 /24
Route
Table
Internet
Amazon S3
AWS
region
And what if instance C
in a private subnet
needs to reach outside
the VPC?
It has no route to the
IGW and no public IP.
Amazon Dynamo DB
28. Public Subnet
Availability Zone A
Private Subnet
Public Subnet
Availability Zone B
Private Subnet
NAT A
Public: 54.200.129.18
Private: 10.1.1.11 /24
Instance C
10.1.3.33 /24
Instance B
10.1.2.22 /24
Instance D
10.1.4.44 /24
Internet
Amazon S3
AWS
region
Deploy an instance that
functions as a
N etwork
A ddress
T ranslat(or)
Route Table
Destination Target
10.1.0.0/16 local
0.0.0.0/0 NAT
instanc
e
Amazon Dynamo DB
29. What makes up the
Amazon Linux NAT AMI?
$echo 1 > /proc/sys/net/ipv4/ip_forward
$echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects
$/sbin/iptables -t nat -A POSTROUTING -o eth0 –s 10.1.0.0/16 -j MASQUERADE
$/sbin/iptables-save
$aws ec2 modify-instance-attributes –instance-id i-xxxxxxxx –source-dest-
check “{”Value”:false}”
Not much to it:
1. IP forwarding enabled
2. IP NAT Masquerading enabled in iptables for VPC CIDR block
3. Source/destination check is turned off on primary interface
30. Public Subnet
Availability Zone A
Private Subnet
Public Subnet
Availability Zone B
Private Subnet
NAT A
Public: 54.200.129.18
Private: 10.1.1.11 /24
Instance C
10.1.3.33 /24
Instance B
10.1.2.22 /24
Instance D
10.1.4.44 /24
Internet
Amazon S3
AWS
region
Other private subnets
can share the same
routing table and use
the NAT
But…
Amazon Dynamo DB
31. Public Subnet
Availability Zone A
Private Subnet
Public Subnet
Availability Zone B
Private Subnet
NAT A
Public: 54.200.129.18
Private: 10.1.1.11 /24
Instance B
10.1.2.22 /24
Internet
Amazon S3
AWS
region
… you could reach
a bandwidth bottleneck
if your private instances
grow and their NAT-
bound traffic grows with
them.
Amazon Dynamo DB
33. Do bandwidth-intensive processes need to be
behind a NAT?
• Separate out application components with bandwidth needs
• Run components from public subnet instances
• Goal is full instance bandwidth out of VPC
• Auto Scaling with Public IP makes this easy
• NAT still in place for remaining private instances
• Most common use case:
Multi-Gbps streams to Amazon S3
34.
35.
36.
37.
38.
39.
40.
41. Auto Scaling Support for
Automatic Public IP Assignment
$aws autoscaling create-launch-configuration --launch-configuration-name hi-bandwidth-
public --image-id ami-xxxxxxxx --instance-type m1.xlarge --associate-public-ip-address
Sample launch configuration (named “hi-bandwidth-public”):
42. Availability Zone A
Private Subnet
Availability Zone B
Private Subnet
Internet
Amazon S3
AWS
region
Public Subnet Public Subnet
NAT
• Use Auto Scaling for NAT
availability
• Create 1 NAT per Availability
Zone
• All private subnet route tables to
point to same zone NAT
• 1 Auto Scaling group per NAT
with min and max size set to 1
• Let Auto Scaling monitor the
health and availability of your
NATs
• NAT bootstrap script updates
route tables programmatically
Auto scale HA NAT
NAT
Amazon Dynamo DB
43. Auto Scaling for Availability
$aws autoscaling create-auto-scaling-group --auto-scaling-group-name ha-
nat-asg --launch-configuration-name ha-nat-launch --min-size 1 --max-size
1 --vpc-zone-identifier subnet-xxxxxxxx
Sample HA NAT Auto Scaling group (named “ha-nat-asg”):
44. HA NAT User Data sample:
PRIVATE_SUBNETS="`aws ec2 describe-subnets --query 'Subnets[*].SubnetId’ --filters Name=availability-
zone,Values=$AVAILABILITY_ZONE Name=vpc-id,Values=$VPC_ID Name=state,Values=available
Name=tag:network,Values=private`”
if [ -z "$PRIVATE_SUBNETS" ]; then
die "No private subnets found to modify for HA NAT."
else log "Modifying Route Tables for following private subnets: $PRIVATE_SUBNETS"
fi
for subnet in $PRIVATE_SUBNETS; do
ROUTE_TABLE_ID=`aws ec2 describe-route-tables --query 'RouteTables[*].RouteTableId’
--filters Name=association.subnet-id,Values=$subnet`;
if [ "$ROUTE_TABLE_ID" = "$MAIN_RT" ]; then
log "$subnet is associated with the VPC Main Route Table. HA NAT script will NOT edit Main Route Table.”
elif [ -z "$ROUTE_TABLE_ID" ]; then
log "$subnet is not associated with a Route Table. Skipping this subnet."
else
aws ec2 create-route --route-table-id $ROUTE_TABLE_ID --destination-cidr-block 0.0.0.0/0
--instance-id $INSTANCE_ID &&
log "$ROUTE_TABLE_ID associated with $subnet modified to point default route to $INSTANCE_ID."
if [ $? -ne 0 ] ; then
aws ec2 replace-route --route-table-id $ROUTE_TABLE_ID --destination-cidr-block 0.0.0.0/0
--instance-id $INSTANCE_ID
fi
fi
done
45. Tag Early, Tag Often!
• Tagging strategy should be part of early design
• Project code, cost center, environment, version, team, business unit
• Tag resources right after creation
• Tags supported for resource permissions
• AWS Billing also supports tags
• Tight IAM controls on the creation and editing of tags
46. IAM EC2 Role for HA NAT Instance
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:ModifyInstanceAttribute",
"ec2:DescribeSubnets",
"ec2:DescribeRouteTables",
"ec2:CreateRoute",
"ec2:ReplaceRoute"
],
"Resource": "*"
}
]
}
47. Automating HA NAT with EC2 User Data
Latest version of the script:
https://github.com/ralex-aws/vpc
48. If Design Requirements Keep High
Bandwidth Streams Behind NAT:
• Use the 1 HA NAT per Availability Zone design
• Vertically scale your NAT instance type to one with a High Network
Performance rating
• Keep a close watch on your network metrics
m1.small
Low
m1.large
Moderate
m1.xlarge, c3.2xlarge
High
t1.micro
Very Low
49. Take Advantage of Enhanced
Networking
• Only available in VPC
• Higher PPS, Lower Latency, Lower Jitter
• Supported by C3, I2, R3 instance types
• Built into Amazon Linux, but supported in many flavors
(including Windows)
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking.html
52. Common Customer Use Cases:
• Application isolation
• Scope of audit containment
• Risk level separation
• Separate production from non-production
• Multi-tenant isolation
• Business unit alignment
55. Availability Zone A
Private Subnet Private Subnet
AWS
region
Virtual
Private
Gateway
VPN
connection
Customer
data center
Intranet
App
Intranet
App
Availability Zone B
Internal customers
Internal Application to VPC
Route Table
Destination Target
10.1.0.0/16 local
Corp CIDR VGW
56. But… the app will leverage this for storing data
Amazon S3
57. Availability Zone A
Private Subnet Private Subnet
AWS
region
Virtual
Private
Gateway
VPN
connection
Customer
data center
Intranet
App
Intranet
App
Availability Zone B
And you don’t really want to do this:
Amazon
S3
Internet
Customer border router
Customer VPN
Internet
58. Control IGW Access through a Proxy Layer
• Deploy a proxy control layer between application and IGW
• Restrict all outbound HTTP/S access to only approved URL
destinations like Amazon S3
• No route to IGW for private subnets
• Control access to proxy through security groups
• Must configure proxy setting in OS of instances
59. Availability Zone A
Private Subnet Private Subnet
AWS region
VPN
connection
Customer
data center
Intranet
App
Intranet
App
Availability Zone B
Internal customers
Controlling the Border
Internal
Load
balancer
Elastic Load Balancing
Private Subnet
Elastic Load Balancing
Private Subnet
ELB Multi AZ Auto Scaling group
• Deploy internal Elastic Load
Balancing layer across
Availability Zones
• Add all instances allowed
outside access to a security
group
• Use this security group as the
only source allowed access to
the proxy port in the load
balancer’s security group
60. Put Elastic Load Balancers in Their
Own Subnets
• Elastic Load Balancing is Amazon EC2 in your subnets
• Elastic Load Balancing is using your private addresses
• Separate subnets = separate control
• Distinguish load balancing layer from app layers
61.
62.
63.
64.
65.
66.
67.
68.
69. Squid.conf Sample Config:
# CIDR AND Destination Domain based Allow
# CIDR Subnet blocks for Internal ELBs
acl int_elb_cidrs src 10.1.3.0/24 10.1.4.0/24
# Destination domain for target S3 bucket
acl s3_v2_endpoints dstdomain $bucket_name.s3.amazonaws.com
# Squid does AND on both ACLs for allow match
http_access allow int_elb_cidrs s3_v2_endpoints
# Deny everything else
http_access deny all
70. Using Squid Proxy Instances for Web Service Access
in Amazon VPC:
http://aws.amazon.com/articles/5995712515781075
72. AWS region
Public-facing
web app
Internal
company
app #1
HA pair VPN
endpoints
Internal
company
app #2
Internal
company
app #3
Internal
company
app #4
Customer data center
Customer gateways (CGW):
• 1 per VPN tunnel
• 1 public IP per CGW
• AWS provides 2 tunnel
destinations per region
73. Public-facing
web app
Internal
company
app #2
HA pair VPN
endpointsCustomer data center
Internal
company
app #3
Internal
company
app #4
Internal
company
app #1
Internal
company
Dev
Internal
company
QA
AWS region
BackupAD, DNS Monitoring
Logging
100. Use IAM to Define & Enforce a
VPC’s Operational State
Use EC2 Run Resource Permissions to control:
• What AMI can be launched
• What VPC or subnet can be targeted
• What Security Groups must be in place
• Which VPCs allow Peering
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_IAM.html
For more policy examples:
103. Customer
data center
AWS Direct Connect
location
AWS Direct Connect Private Virtual
Interface (PVI) connects to VGW on
VPC
• 1 PVI per VPC
• 802.1Q VLAN Tags isolate traffic
across AWS Direct Connect
Private fiber connection
One or multiple
50 – 500 Mbps,
1 Gbps or 10 Gbps pipes
Simplify with AWS Direct Connect
Public-facing
web app
AWS
region
Prod QA Dev
104. A few bits on AWS Direct Connect…
• Dedicated, private pipes into AWS
• Create private (VPC) or public interfaces to AWS
• Cheaper data-out rates than Internet (data-in still free)
• Consistent network performance compared to Internet
• At least 1 location to each AWS region (even GovCloud!)
• Recommend redundant connections
• Multiple AWS accounts can share a connection
120. AWS Direct Connect in the United States
AWS Direct Connect
Equinix, San Jose
us-west-1
us-west-2
us-east-1
AWS Private Network
Disaster Recovery
VPN to VGW
134. Customer routers
Customer internal
network
AWS DX routers
AWS
region
AWS Direct Connect
location
Multiple physical connections:
• Active / Active links via BGP multi-pathing
• Active / Passive also an option
• BGP MEDs or local preference can influence
route
• Bidirectional Forwarding Detection (BFD)
protocol supported
136. With AWS regions just another spoke on your global network,
it’s easy to bring the cloud down to you as you expand around the world.
US customer
data center
EU-West-1 region
EU customer
data center
Customer MPLS
backbone
AWS Direct
Connect PoP
Ireland or London
US-West-1 region
AWS Direct
Connect PoP
Virginia or NYC
AP-Southeast-1
region
AWS Direct
Connect PoP
Singapore
AP customer
data center
137. Evolving VPC Design: Recap
• Elements of VPC Design
• Scalable and Available NAT
• One VPC, Two VPC
• Controlling the Border
• Directory and Name Services in the VPC
• VPC Peering
• Bringing It All Back Home