Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) cloud where you can launch AWS resources in a virtual data center that you define. In this session you learn how to leverage the VPC networking constructs to configure a highly available and secure virtual data center on AWS for your application. We cover best practices around choosing an IP range for your VPC, creating subnets, configuring routing, securing your VPC, establishing VPN connectivity, and much more. The session culminates in creating a highly available web application stack inside of VPC and testing its availability with Chaos Monkey.
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
I crafted this presentation for the AWS Chicago Meetup. This deck covers the rationale, building blocks, guidelines, and several best practices for Amazon Web Services Virtual Private Cloud. I classify it as a somewhere between a 101 and 201 level presentation.
If you like the presentation, I would appreciate you clicking the Like button.
영상 다시보기: https://youtu.be/aoQOqhVtdGo
기존 온-프레미스 환경에서 운영 중인 서버들을 AWS 클라우드로 옮겨오기 위한 방법은 무엇일까요? 본 세션에서는 리눅스 서버, 윈도우 서버 그리고 VMWare 등에서 운영되는 기존 서버의 클라우드 이전 방법을 소개합니다. 이를 통해 AWS의 기업 고객이 대량 마이그레이션을 진행했는지 고객 사례도 함께 공유합니다. 뿐만 아니라 VMware on AWS 및 AWS Outpost 같은 하이브리드 옵션을 통해 클라우드 도입을 가속화 하는 신규 서비스 동향도 살펴봅니다.
발표영상 다시보기: https://youtu.be/BZhbRQFwkMQ
AWS의 기본 서비스 중 가상 네트워크에서 AWS 리소스를 구동할 수 있는 클라우드 상의 논리적으로 격리된 공간인 VPC와 애플리케이션 트래픽을 로드 발란싱 할 수 있는 ELB, OnPremise와 연결할 수 있는 Direct Connect 및 VPN에 대해 이해할 수 있습니다.
다시보기 영상 링크: https://youtu.be/QGgQOcA3W6w
클라우드로의 마이그레이션이 증가하면서, 퍼블릭 클라우드를 목표로 한 공격도 폭증하고 있습니다. 특히, 클라우드 관리자의 자격증명을 탈취하려는 시도나 탈취된 자격증명을 이용하여 중요정보를 유출하고 대규모로 비트코인 채굴을 시도하는 행위들이 늘어가고 있습니다. AWS로의 이관을 고려하고 있거나 사용중인 고객들이라면, 이와 같이 클라우드의 특성을 활용하여 발생하고 있는 정교한 보안 위협들에 대응하기 위한 방법을 고민하셔야 합니다. 본 세션에서는 이러한 클라우드 네이티브 위협들에 효과적으로 대응하는 기능을 제공하는 GuardDuty, Inspector, Config, SecurityHub와 같은 AWS 보안 서비스들에 대한 설명을 진행합니다.
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
I crafted this presentation for the AWS Chicago Meetup. This deck covers the rationale, building blocks, guidelines, and several best practices for Amazon Web Services Virtual Private Cloud. I classify it as a somewhere between a 101 and 201 level presentation.
If you like the presentation, I would appreciate you clicking the Like button.
영상 다시보기: https://youtu.be/aoQOqhVtdGo
기존 온-프레미스 환경에서 운영 중인 서버들을 AWS 클라우드로 옮겨오기 위한 방법은 무엇일까요? 본 세션에서는 리눅스 서버, 윈도우 서버 그리고 VMWare 등에서 운영되는 기존 서버의 클라우드 이전 방법을 소개합니다. 이를 통해 AWS의 기업 고객이 대량 마이그레이션을 진행했는지 고객 사례도 함께 공유합니다. 뿐만 아니라 VMware on AWS 및 AWS Outpost 같은 하이브리드 옵션을 통해 클라우드 도입을 가속화 하는 신규 서비스 동향도 살펴봅니다.
발표영상 다시보기: https://youtu.be/BZhbRQFwkMQ
AWS의 기본 서비스 중 가상 네트워크에서 AWS 리소스를 구동할 수 있는 클라우드 상의 논리적으로 격리된 공간인 VPC와 애플리케이션 트래픽을 로드 발란싱 할 수 있는 ELB, OnPremise와 연결할 수 있는 Direct Connect 및 VPN에 대해 이해할 수 있습니다.
다시보기 영상 링크: https://youtu.be/QGgQOcA3W6w
클라우드로의 마이그레이션이 증가하면서, 퍼블릭 클라우드를 목표로 한 공격도 폭증하고 있습니다. 특히, 클라우드 관리자의 자격증명을 탈취하려는 시도나 탈취된 자격증명을 이용하여 중요정보를 유출하고 대규모로 비트코인 채굴을 시도하는 행위들이 늘어가고 있습니다. AWS로의 이관을 고려하고 있거나 사용중인 고객들이라면, 이와 같이 클라우드의 특성을 활용하여 발생하고 있는 정교한 보안 위협들에 대응하기 위한 방법을 고민하셔야 합니다. 본 세션에서는 이러한 클라우드 네이티브 위협들에 효과적으로 대응하는 기능을 제공하는 GuardDuty, Inspector, Config, SecurityHub와 같은 AWS 보안 서비스들에 대한 설명을 진행합니다.
AWS Workshop Series: Microsoft licensing and active directory on AWSAmazon Web Services
Extend your on-premise Microsoft infrastructure to the cloud using Active Directory. In this workshop we will show you how to set up new domain controllers using Amazon EC2 instances, or create a new standalone forest with AWS Directory Services such as AWS AD Connector and AWS Microsoft AD. Easily administer and monitor your new Active Directory domains using already-familiar tools.
Amazon Route 53 is a highly available, scalable, and easy to use cloud Domain Name System (DNS) web service. With an SLA of 100% availability, Route 53 is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications. By using Route 53 as your DNS provider, you can ensure your application’s up-time, run architecture that delivers better performance, and provide your end users with a better experience through lower latency and faster load times, all at the fraction of the cost of other DNS providers. Learning Objective: In this webinar, you will learn the following: - General overview of DNS, and how Route 53 is built to provide reliable and secure DNS - Using the Route 53 console to manage your DNS, easily and seamlessly - Utilizing health checks and failover to ensure high availability - Configuring advanced routing policies, including running your application in multiple regions with LBR and Geo for better performance for your end users. - Saving costs by using Route 53 - Registering or transferring your domains into Route 53 to manage all of your domain resources from one place - How to start using Route 53, including migrating your DNS without experiencing any downtime.
온디맨드 다시보기: https://www.youtube.com/watch?v=LMBSWl9Uo-4
2021년 1분기에 서울 리전에 출시 예정인 AWS Control Tower는 모범 사례를 기반으로 고객의 다중 AWS 계정 환경을 자동으로 구성해 줍니다. 본 세션에서는 AWS Control Tower를 활용하여 고객의 조직에서 필요로 하는 다중 AWS 계정 구조을 설계 및 구현하고, 각 계정에 포함해야 하는 기본 가드레일을 정의 및 생성하고, 거버넌스 체계를 구현하는 방법에 대해서 다룹니다.
Part 03: Azure Virtual Networks – Understanding and Creating Point-to-Site VP...Neeraj Kumar
In this session, we will learn to create a Point-to-Site VPN connection using VPN Gateway. We will see how the Virtual Network Gateways are created in Azure, and what are the scenarios where Point-to-Site VPNs are useful
This is the extension to the previous session, which was Part 02 of the Azure Virtual Network series.
1. Part 01 - https://www.youtube.com/watch?v=JPdo8...
2. Part 02 - https://www.youtube.com/watch?v=wQeg_...
더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021Amazon Web Services Korea
Amazon VPC 내의 주요 자원을 보호하거나 규정 준수를 위해 사용되어야 하는 보안 어플라이언스의 효율적인 구성을 돕는 AWS Gateway Load Balancer의 사용 방법과 동작 원리를 알려 드립니다. Amazon VPC 내부에서 인터넷 사이트의 접근을 제한하거나 외부로부터의 침입 탐지 및 차단 기능을 사용할 수 있는 IPS 기능을 포함하는 AWS 의 관리형 방화벽인 AWS Network Firewall 의 사용 방법과 구성 가능한 다양한 레퍼런스 케이스에 대해서도 설명해 드립니다.
Announcing AWS Shield - Protect Web Applications from DDoS AttacksAmazon Web Services
AWS Shield is a managed DDoS protection service. With AWS Shield, you can help protect Amazon CloudFront, Elastic Load Balancing, and Amazon Route 53 resources from DDoS attacks. In addition to introducing AWS Shield, this session presents some of the things we do behind the scenes to detect and mitigate Layer 3/4 network attacks and highlights ways you can use this new service to protect against Layer 7 application attacks.
Learning Objectives:
• Learn about the different types of DDoS protections AWS Shield offers
• Understand the difference between the Standard and Advanced tiers
• Hear how AWS WAF works with AWS Shield to provide a strong defense against DDoS attacks
• Learn how to get started with AWS Shield
Initially presented at AWS User Group Meetup Surabaya, Indonesia.
The AWS Cloud Development Kit is an open source software development framework to model and provision your cloud application resources using familiar programming languages. In this session, we will start with why IaC (Infrastructure as Code) is a good practice and explore various ways on its implementation. Then, we'll do a live coding as a step-by-step guidance on how you can use AWS CDK to programmatically provision a serverless APIs system.
Docker containers have become a key component of modern application design. Increasingly, developers are breaking their applications apart into smaller components and distributing them across a pool of compute resources.
AWS Fargate와 Amazon ECS를 사용한 CI/CD 베스트 프랙티스 - 유재석, AWS 솔루션즈 아키텍트 :: AWS Build...Amazon Web Services Korea
발표영상 다시보기: https://youtu.be/il8wpd7gxe8
CI/CD 기술을 통해 팀은 민첩성을 높이고 고품질 제품을 신속하게 출시 할 수 있습니다. 이 강의에서는 컨테이너화 된 응용 프로그램을 관리 할 수 있도록 CI/CD 워크 플로우 작성을위한 모범 사례를 안내합니다. AWS Cloud Development Kit를 사용하여 코드 애플리케이션 모델로 인프라를 다루고 AWS CodePipeline 및 AWS CodeBuild를 사용하여 CI/CD 릴리스 파이프 라인을 설정하는 방법을 보여줍니다. 마지막으로 AWS CodeDeploy를 사용한 안전한 배포 자동화에 대해 설명합니다.
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...Amazon Web Services
Notice: This Workshop requires a laptop computer and an active AWS account with Administrator privileges.
Are you curious about how to authenticate and authorize your applications on AWS? Have you thought about how to integrate AWS Identity and Access Management (IAM) with your app authentication? Have you tried to integrate third-party SAML providers with your app authentication? Look no further. This workshop walks you through step by step to configure and create Amazon Cognito user pools and identity pools. This workshop presents you with the framework to build an application using Java, .NET, and serverless. You choose the stack and build the app with local users. See the service being used not only with mobile applications, but with other stacks that normally don’t include Amazon Cognito.
Do you want to run your code without the cost and effort of provisioning and managing servers? Find out how in this deep dive session on AWS Lambda, which allows you to run code for virtually any type of application or back end service – all with zero administration. During the session, we’ll look at a number of key AWS Lambda features and benefits, including automated application scaling with high availability; pay-as-you-consume billing; and the ability to automatically trigger your code from other AWS services or from any web or mobile app.
The Getting Started on AWS deck serves to introduce Amazon users and prospective customers to the Amazon VPC, EC2 and the concepts and components that are necessary building Fault Tolerant & High Available environments on AWS. It also serves to introduce services like Direct Connect, Router53 (Amazon DNS Service) and one of our new additions, the Amazon
Application Load Balancer (ALB). After perusing this deck, users should have a better understanding of what these services are and their propose benefits.
AWS Workshop Series: Microsoft licensing and active directory on AWSAmazon Web Services
Extend your on-premise Microsoft infrastructure to the cloud using Active Directory. In this workshop we will show you how to set up new domain controllers using Amazon EC2 instances, or create a new standalone forest with AWS Directory Services such as AWS AD Connector and AWS Microsoft AD. Easily administer and monitor your new Active Directory domains using already-familiar tools.
Amazon Route 53 is a highly available, scalable, and easy to use cloud Domain Name System (DNS) web service. With an SLA of 100% availability, Route 53 is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications. By using Route 53 as your DNS provider, you can ensure your application’s up-time, run architecture that delivers better performance, and provide your end users with a better experience through lower latency and faster load times, all at the fraction of the cost of other DNS providers. Learning Objective: In this webinar, you will learn the following: - General overview of DNS, and how Route 53 is built to provide reliable and secure DNS - Using the Route 53 console to manage your DNS, easily and seamlessly - Utilizing health checks and failover to ensure high availability - Configuring advanced routing policies, including running your application in multiple regions with LBR and Geo for better performance for your end users. - Saving costs by using Route 53 - Registering or transferring your domains into Route 53 to manage all of your domain resources from one place - How to start using Route 53, including migrating your DNS without experiencing any downtime.
온디맨드 다시보기: https://www.youtube.com/watch?v=LMBSWl9Uo-4
2021년 1분기에 서울 리전에 출시 예정인 AWS Control Tower는 모범 사례를 기반으로 고객의 다중 AWS 계정 환경을 자동으로 구성해 줍니다. 본 세션에서는 AWS Control Tower를 활용하여 고객의 조직에서 필요로 하는 다중 AWS 계정 구조을 설계 및 구현하고, 각 계정에 포함해야 하는 기본 가드레일을 정의 및 생성하고, 거버넌스 체계를 구현하는 방법에 대해서 다룹니다.
Part 03: Azure Virtual Networks – Understanding and Creating Point-to-Site VP...Neeraj Kumar
In this session, we will learn to create a Point-to-Site VPN connection using VPN Gateway. We will see how the Virtual Network Gateways are created in Azure, and what are the scenarios where Point-to-Site VPNs are useful
This is the extension to the previous session, which was Part 02 of the Azure Virtual Network series.
1. Part 01 - https://www.youtube.com/watch?v=JPdo8...
2. Part 02 - https://www.youtube.com/watch?v=wQeg_...
더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021Amazon Web Services Korea
Amazon VPC 내의 주요 자원을 보호하거나 규정 준수를 위해 사용되어야 하는 보안 어플라이언스의 효율적인 구성을 돕는 AWS Gateway Load Balancer의 사용 방법과 동작 원리를 알려 드립니다. Amazon VPC 내부에서 인터넷 사이트의 접근을 제한하거나 외부로부터의 침입 탐지 및 차단 기능을 사용할 수 있는 IPS 기능을 포함하는 AWS 의 관리형 방화벽인 AWS Network Firewall 의 사용 방법과 구성 가능한 다양한 레퍼런스 케이스에 대해서도 설명해 드립니다.
Announcing AWS Shield - Protect Web Applications from DDoS AttacksAmazon Web Services
AWS Shield is a managed DDoS protection service. With AWS Shield, you can help protect Amazon CloudFront, Elastic Load Balancing, and Amazon Route 53 resources from DDoS attacks. In addition to introducing AWS Shield, this session presents some of the things we do behind the scenes to detect and mitigate Layer 3/4 network attacks and highlights ways you can use this new service to protect against Layer 7 application attacks.
Learning Objectives:
• Learn about the different types of DDoS protections AWS Shield offers
• Understand the difference between the Standard and Advanced tiers
• Hear how AWS WAF works with AWS Shield to provide a strong defense against DDoS attacks
• Learn how to get started with AWS Shield
Initially presented at AWS User Group Meetup Surabaya, Indonesia.
The AWS Cloud Development Kit is an open source software development framework to model and provision your cloud application resources using familiar programming languages. In this session, we will start with why IaC (Infrastructure as Code) is a good practice and explore various ways on its implementation. Then, we'll do a live coding as a step-by-step guidance on how you can use AWS CDK to programmatically provision a serverless APIs system.
Docker containers have become a key component of modern application design. Increasingly, developers are breaking their applications apart into smaller components and distributing them across a pool of compute resources.
AWS Fargate와 Amazon ECS를 사용한 CI/CD 베스트 프랙티스 - 유재석, AWS 솔루션즈 아키텍트 :: AWS Build...Amazon Web Services Korea
발표영상 다시보기: https://youtu.be/il8wpd7gxe8
CI/CD 기술을 통해 팀은 민첩성을 높이고 고품질 제품을 신속하게 출시 할 수 있습니다. 이 강의에서는 컨테이너화 된 응용 프로그램을 관리 할 수 있도록 CI/CD 워크 플로우 작성을위한 모범 사례를 안내합니다. AWS Cloud Development Kit를 사용하여 코드 애플리케이션 모델로 인프라를 다루고 AWS CodePipeline 및 AWS CodeBuild를 사용하여 CI/CD 릴리스 파이프 라인을 설정하는 방법을 보여줍니다. 마지막으로 AWS CodeDeploy를 사용한 안전한 배포 자동화에 대해 설명합니다.
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...Amazon Web Services
Notice: This Workshop requires a laptop computer and an active AWS account with Administrator privileges.
Are you curious about how to authenticate and authorize your applications on AWS? Have you thought about how to integrate AWS Identity and Access Management (IAM) with your app authentication? Have you tried to integrate third-party SAML providers with your app authentication? Look no further. This workshop walks you through step by step to configure and create Amazon Cognito user pools and identity pools. This workshop presents you with the framework to build an application using Java, .NET, and serverless. You choose the stack and build the app with local users. See the service being used not only with mobile applications, but with other stacks that normally don’t include Amazon Cognito.
Do you want to run your code without the cost and effort of provisioning and managing servers? Find out how in this deep dive session on AWS Lambda, which allows you to run code for virtually any type of application or back end service – all with zero administration. During the session, we’ll look at a number of key AWS Lambda features and benefits, including automated application scaling with high availability; pay-as-you-consume billing; and the ability to automatically trigger your code from other AWS services or from any web or mobile app.
The Getting Started on AWS deck serves to introduce Amazon users and prospective customers to the Amazon VPC, EC2 and the concepts and components that are necessary building Fault Tolerant & High Available environments on AWS. It also serves to introduce services like Direct Connect, Router53 (Amazon DNS Service) and one of our new additions, the Amazon
Application Load Balancer (ALB). After perusing this deck, users should have a better understanding of what these services are and their propose benefits.
A brief introduction to Amazon Virtual Private Cloud (VPC).
Amazon VPC is a very important service that provides a logically isolated area of the AWS cloud where you can launch AWS resources in a virtual network that you define.
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...Amazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
AWS Enterprise Day | Hybrid IT with AWS: Best of Both WorldsAmazon Web Services
One of the first steps to achieving the benefits of a robust Hybrid IT strategy is the integration of existing on-premise workloads with cloud resources. Learn how to leverage the AWS platform to create your first Hybrid IT solutions based on real-life enterprise customer use cases. Understand how to build your own Virtual Private Cloud, the robust security controls and network connectivity options at your disposal to create fast and reliable connectivity as the foundation of your Hybrid IT vision with AWS.
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
Presented by: Koen Biggelaar, Senior Manager Solutions Architecture, Amazon Web Services
Customer Guest: Jurjan Woltman, Architect, Wehkamp
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). We will discuss core VPC concepts including picking your IP space, subnetting, routing, security, NAT and VPC Endpoints.
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...Amazon Web Services
In this session, we walk through the fundamentals of Amazon VPC. First, we cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This midlevel architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks that AWS makes available with VPC. Learn how you can connect your VPC with your offices and current data center footprint. This session adds a focus on AWS Partners and where they are relevant in AWS networking.
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep DiveAmazon Web Services
In this session, we explore AWS support for IPv6 for full end-to-end connectivity for EC2 instances inside of a VPC. IPv6 on EC2 instances introduces new capabilities and interesting new wrinkles into the VPC model. Customer VPCs receive IPv6 addresses from an Amazon address block, and existing features such as security groups, network ACLs, route tables, peering, and gateways have been enhanced to support IPv6. Finally, we look at some future capabilities planned for IPv6 in VPC.
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013Amazon Web Services
As more customers adopt Amazon Virtual Private Cloud architectures, the features and flexibility of the service are squaring off against increasingly complex design requirements. This session follows the evolution of a single regional VPC into a multi-VPC, multi-region design with diverse connectivity into on-premises systems and infrastructure. Along the way, we investigate creative customer solutions for scaling and securing outbound VPC traffic, managing multi-tenant VPCs, conducting VPC-to-VPC traffic, extending corporate federation and name services into VPC, running multiple hybrid environments over AWS Direct Connect, and integrating corporate multiprotocol label switching (MPLS) clouds into multi-region VPCs.
AWS re:Invent 2016: Hybrid Architecture Design: Connecting Your On-Premises W...Amazon Web Services
You’re trying to minimize your time to deploy applications, reduce capital expenditure, and take advantage of the economies of scale made possible by using Amazon Web Services; however, you have existing on-premises applications that are not quite ready for complete migration. Hybrid architecture design can help! In this session, we discuss the fundamentals that any architect needs to consider when building a hybrid design from the ground up. Attendees get exposure to Amazon VPC, VPNs, Amazon Direct Connect, on-premises routing and connectivity, application discovery and definition, and how to tie all of these components together into a successful hybrid architecture.
In this session, learn how you evaluate, design, build, and manage distributed applications over hybrid infrastructures using Amazon Web Services. This session follows the evolution of a simple legacy data center expansion with basic connectivity into managing complex hybrid applications. Along the way, we investigate best practice designs in use by AWS customers. Topics covered include interconnectivity, availability, security, and hybrid networks with Amazon VPC and AWS Direct Connect, as well as automated provisioning with AWS CloudFormation and configuration management with AWS OpsWorks.
AWS June Webinar Series - Deep dive: Hybrid ArchitecturesAmazon Web Services
In this webinar, learn how you evaluate, design, build, and manage distributed applications over hybrid infrastructures using Amazon Web Services. This webinar follows the evolution of a simple legacy data center expansion with basic connectivity into managing complex hybrid applications. Along the way, we investigate best practice designs in use by AWS customers. Topics covered include: interconnectivity, availability, security, hybrid networks with Amazon VPC and AWS Direct Connect as well as how AWS makes it easy to automate provisioning.
Learning Objectives: • Learn how to evaluate, design, build, and manage distributed applications over hybrid infrastructures using AWS. • Understand hybrid architecture topology and points of integration with AWS. • See example architectures and hear best practices from successful hybrid implementations
Who Should Attend: • Network managers, Infrastructure architects, Application owners
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity OptionsAmazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
Similar to High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:Invent 2013 (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
2. Learning about High Availability Applications in VPC
•
What is Amazon Virtual Private Cloud (VPC)?
•
VPC common use cases
•
VPC basics
•
Why move to VPC?
•
Connecting VPC with your data centers
•
Making your VPC infrastructure highly available
•
Making your application highly available
•
Testing our highly available application
4. What is Amazon VPC?
• A private, isolated section of the AWS cloud
• A virtual network topology you can deploy and
customize
• Complete control of your networking
5. Most easily put, it is a virtual data center you
can build out and control on AWS!
7. Design a Virtual Data Center on AWS
Corporate Data Centers
Active Directory
Users & Access Rules
Network Configuration
Your Private Network
Encryption
HSM Appliance
Backup Appliances
Cloud Backups
Your On-premises Apps
Your Cloud Apps
AWS Direct Connect
8. Create Multi-tier Public Web Applications
Internet Gateway
Amazon
Route 53
Static
Assets
User
Public ELB
Public Subnet
Public Subnet
Amazon
CloudFront
EC2
EC2
Private Subnet
Private Subnet
Private ELB
EC2
EC2
Amazon
Simple
Storage
Service
(S3)
Private Subnet
Private Subnet
Amazon RDS
Read Replica
Private Subnet
Availability Zone A
Amazon RDS
Master
Amazon
RDS
Slave
Amazon RDS
Read Replica
Private Subnet
Availability Zone B
9. Create Private and/or Hybrid Applications
Private
or Internet
VPN Gateway
Private ELB
CGW
Private Subnet
Private Subnet
EC2
Internal
User
EC2
Private Subnet
Private Subnet
Corporate Data Center
Private ELB
EC2
EC2
Private Subnet
Private Subnet
Amazon RDS
Read Replica
Private Subnet
Availability Zone A
Amazon RDS
Master
Amazon
RDS
Slave
Amazon RDS
Read Replica
Private Subnet
Availability Zone B
10. Disaster Recovery – Pilot Light
Route 53
User
Web
Server
Repoint DNS in an
Outage
Application
Server
Data Mirroring/
Replication
Corporate Data Center
Amazon Elastic
Compute Cloud
(EC2) instances are
stopped and AMIs
are created.
Instances can be
restarted if primary
application goes
down.
EC2
Application
Server
DB
Server
Data Volume
EC2 Web
Server
EC2 DB
Server
Smaller EC2 Instance for
DB but may be stopped
and restarted as a larger
EC2 instance.
EBS Data
Volume
12. VPC Component Definitions
•
VPC = Virtual Private Cloud
•
Subnets = A range of IP addresses in your VPC
•
Network ACLs = Network access control lists that are applied to subnets
•
Route tables = Applied to subnet(s) specifying route policies
•
VPN connection = A pair of redundant encrypted connections between
your data center and your Amazon VPC
•
AWS Direct Connect = Private connection between your data center and
your VPC(s)
13. VPC Component Definitions
•
IGW = Internet gateway, which provides access to the Internet
•
VGW = Virtual gateway, which provides access to your data centers
•
CGW = Customer gateway or your router / firewall
•
NAT = Network address translation server providing Internet to your private
instances
•
Security groups = Specify inbound and outbound access policies for an
Amazon EC2 instance
•
AZs = Availability Zones
14. VPC Features
•
Control of IP addressing CIDR block for your VPC
•
Ability to subnet your VPC CIDR block
•
Network access control lists
•
Assign multiple IP addresses and multiple elastic network Interfaces
•
Run private ELBs accessible from only within your VPC or over your VPN
•
Bridge your VPC and your onsite IT infrastructure with private connectivity
19. All new accounts today already default to
VPC* for EC2 and many other products.
What does this mean?
* Except in US-EAST
20. What Is Default VPC / Default Subnet?
• Default VPC
– Special VPC that is used with services when new accounts don’t
specify a target VPC
Amazon EC2, Amazon Relational Database Service (RDS), Elastic Load
Balancing, Amazon Elastic MapReduce (EMR), AWS Elastic Beanstalk
– One default VPC per region
– Configurable the same as other VPCs; e.g., adding more subnets
• Default Subnets in Default VPC
– Special subnet automatically created for each AZ for new accounts
21. Functionalities Delivered to EC2 by Move to VPC
• Static private IP address allocation
• Multiple IP address allocation and multiple ENIs
• Dynamic security group membership configuration
• Outbound packet filtering by security group
• Network access control lists (ACLs)
• Private ELBs
23. VPC Connectivity Options
• VPN connectivity
Connect dual redundant tunnels between your on-premises
equipment and AWS
• AWS Direct Connect
Establish a private network connection between your network and
one of the AWS Regions
29. What is AWS Direct Connect?
•
Alternative to using the Internet to access AWS cloud services
•
Private network connection between AWS and your data center
•
Can reduce costs, increase bandwidth, and provide a more consistent
network experience than Internet-based connections
30. Why AWS Direct Connect?
•
Reduces your bandwidth costs
•
Consistent network performance
•
Compatible with all AWS services
•
Private connectivity to your Amazon VPC
31. We have many AWS Direct Connect locations.
http://aws.amazon.com/directconnect/#details
32. We also have many AWS Direct Connect partners.
http://aws.amazon.com/directconnect/partners/
34. DX with Single Router Port
Direct Connect
Connection
Public Virtual Interface
Private
Virtual Interface 1
VGW VPC 1
Private Virtual Interface 2
VGW VPC 2
35. DX with Single Router and Dual Ports
Direct Connect
Connections
Public Virtual Interface
Private Virtual
Interface 1
VGW VPC 1
Private Virtual Interface 2
VGW VPC 2
36. Dual DX Locations with Single Routers
Direct Connect
Connection
Direct Connect
Connection
Private Virtual
Interface 1
Private Virtual
Interface 1
VGW VPC 1
Private Virtual Interface 2
VGW VPC 2
Public Virtual Interface
37. Let’s look at some design patterns for making your
VPC infrastructure highly available.
38. Floating Interface Pattern
•
Problem
If my instance fails or I need to upgrade it, I need to push traffic to
another instance with the same public and private IP addresses
and same network interface
•
Amazon Route 53
Solution
ENI (eth1)
Deploy your application in VPC and use an elastic network
interface (ENI) on eth1 that can be moved between instances and
retain same MAC, public, and private IP addresses
•
Pros
–
–
–
–
Since we are moving the ENI, DNS will not need to be updated
Fallback is as easy as moving the ENI back to the original
instance
Anything pointing to the public or private IP on the instance will
not need to be updated.
ENIs can be moved across instances in a subnet
EC2
EC2
VPC Subnet
Availability Zone
Virtual Private Cloud
39. On Demand NAT in VPC
Internet
•
Problem
EC2 instances in a private subnet need access to the Internet
to call APIs, for downloads and updates to software packages
and the OS
Internet Gateway
VPC Public Subnet
•
Solution
Deploy a NAT server on an EC2 instance that will provide
Internet access to servers in private subnets
•
EC2 / NAT
Pros
–
–
Your devices are not publicly addressable but still have
Internet access
NAT gives instances in private subnet capability to access
AWS services and APIs outside of VPC
Route Table
EC2
EC2
VPC Private Subnet
Availability Zone
Virtual Private Cloud
40. High Availability (HA) NAT
•
Problem
Internet
Internet Gateway
NAT inside of VPC is confined to a single
instance, which could fail
VPC Public Subnet
•
VPC Public Subnet
Solution
–
–
–
Run NAT in independent ASGs per AZ.
If NAT instance goes down, Auto
Scaling will launch new NAT instance
As part of launch config, assign a
public IP and call VPC APIs to update
routes
EC2 / NAT
EC2 / NAT
Route Table
Route Table
EC2
EC2
EC2
EC2
VPC Private Subnet
•
Pros
–
The NAT application is more HA with
limited downtime
VPC Private Subnet
Availability Zone A
Availability Zone B
Virtual Private Cloud
41. HA NAT – Squid Proxy
•
Problem
–
–
•
Internet Gateway
VPC Public Subnet
VPC Public Subnet
Run Squid in proxy configuration in an ASG
On boot, configure instances to point to proxy for
all HTTP(S) requests
EC2 Squid Proxy
EC2 Squid Proxy
Pros
–
–
•
Standard NAT inside of VPC is confined to a single
instance, which could fail
I also need to perform large puts and gets to
Amazon S3
Solution
–
–
•
Internet
If a Squid proxy server dies, there are many and it
will self heal and scale based on ASG policies
Much greater throughput can be achieved here as
there is not a single-server per route table
Notes
–
–
This is great for high-throughput requirements to
get and put in Amazon S3 or elsewhere outside of
the VPC
Need to manage a separate cluster of servers so
this is more costly and requires more management
Elastic Load Balancing
EC2
EC2
VPC Private Subnet
Availability Zone A
EC2
Route Table
EC2
VPC Private Subnet
Route Table
Availability Zone B
Virtual Private Cloud
42. Next, let’s look at some design patterns for making
your application highly available.
43. Multi–Data Center Pattern
•
Problem
Increase availability of my application as everything fails when you least
expect it
•
Solution
Distribute load between instances using Elastic Load Balancing across
multiple AZs
•
Pros
–
–
–
•
Elastic Load Balancing
If an EC2 instance fails, the systems is still available as a whole
If an Availability Zone fails, the system is still available as a whole
Using Auto Scaling, you can add or replace with new instances when
instances become unhealthy
Notes
–
–
Need to store user-generated data in a common location such as
Amazon S3 or NFS
Need to use sticky sessions or move session state off of web server
EC2
Availability
Zone A
EC2
Availability
Zone B
44. Web Storage Pattern
•
Problem
–
–
•
Solution
–
–
•
Delivery of large files from a web server can become a problem in terms of
network load
User generated content needs to be distributed across all my web servers
Store static asset files in Amazon S3 and deliver the files directly from there
Objects that are stored in S3 can be accessed directly by users if set to
being public
Pros
–
–
–
The use of Amazon S3 eliminates the need to worry about network loads
and data capacity on your web servers
Amazon S3 performs backups in at least three different data centers, and
thus has extremely high durability.
The CloudFront CDN can be leveraged as a global caching layer in front of
S3 to accelerate content to your end users
Yes, you can
technically ship
your static objects
to AWS in a box
with AWS Import /
Export
45. State Sharing
•
Problem
State is stored on my server so scaling horizontally does not work
that well
•
Solution
–
–
•
In order to scale horizontally and not have a user locked into a
single server, I need to move state off of my server into a KVS
Moving session data into Amazon DynamoDB or Amazon
ElastiCache allows my application to be stateless
Pros
This lets you use a scale-out pattern without having to worry about
inheritance or loss of state information.
•
Notes
Because access to state information from multiple web/APP servers
is concentrated on a single location, you must use caution to
prevent the performance of the data store from becoming a
bottleneck
46. High Availability Database Pattern
•
Problem
Need to have high availability solution that will withstand an outage
of the DB master and can sustain high volume of reads
•
Solution
Deploy Amazon RDS with a master and slave configuration. In
addition, deploy a read replica in each Availability Zone for reads
and offline reporting
•
Amazon RDS
Read Replica
Amazon RDS
Read Replica
Pros
–
–
–
One connection string for master and slave with automatic
failover (takes approx. 3 min.) creates an HA database solution
Maintenance does not bring down DB but causes failover
Read replicas take load off of master so overall solution
provides greater I/O for reads and writes
Amazon RDS Master
Availability
Zone A
Amazon RDS Slave
Availability
Zone B
47. Bootstrap Instance
•
Problem
Code releases happen often and creating a new AMI every time you
have a release and managing these AMIs across multiple regions adds
complexity
•
Solution
Develop a base AMI, and then bootstrap the instance during the boot
process to install software, get updates, and install source code so that
your AMI rarely changes
•
Pros
Amazon S3
Do not need to update AMI regularly and move customized AMI between
regions for each software release
AMI
•
Notes
–
–
Github
EC2
During boot, it will most likely take more time to install and perform
configuration than it would with a golden AMI
Bootstrapping can also be done through Auto Scaling and AWS
CloudFormation
52. Elastic Load Balancing
EC2
Amazon
Route 53
EC2
Primary
User
Amazon RDS Master
Secondary
Availability
Zone A
Amazon S3
Static
Website
Amazon RDS Slave
Availability
Zone B
53. Elastic Load Balancing
EC2
Amazon
Route 53
EC2
Primary
User
Amazon RDS Master
Secondary
Availability
Zone A
Amazon S3
Static
Website
Amazon RDS Slave
Availability
Zone B
54. So what might a highly available application VPC
look like using the best practices we learned?
55. HA Multi-Tier Web Application in VPC
Static
Assets
User
Internet Gateway
Primary
State Sharing / Sessions
Secondary
Amazon
Route 53
DynamoDB
Public ELB
NAT
Public Subnet
CloudFront Amazon S3
NAT
Public Subnet
Public Subnet
EC2
Public Subnet
EC2
Private Subnet
Private Subnet
Private ELB
EC2
EC2
Private Subnet
Private Subnet
Amazon RDS
Read Replica
Private Subnet
Availability Zone A
Amazon RDS
Master
Amazon
RDS
Slave
Amazon RDS
Read Replica
Private Subnet
Availability Zone B
Internal
User
Private
or Internet
Customer Gateway
VPN Gateway
Backups
57. Load and Fault Testing Tools
•
•
•
•
Apache Bench
Bees with Machine Guns
HP LoadRunner
Chaos Monkey
58. Chaos Monkey
•
What is Chaos Monkey?
–
–
Chaos Monkey targets and terminates instances in a region
Implementations
•
•
•
Why run Chaos Monkey?
–
–
•
Failures happen when you least expect it
Best to be prepared by testing
Auto Scaling groups
–
•
Open source Java code for a service implementation
Command-line tool
Targets terminating instances in Auto Scaling groups
Configuration
–
–
–
Opt in or out model
Tunable so you can terminate one instance per ASG per day
At Netflix, Chaos Monkey runs Monday – Thursday 9AM – 3PM for random instance kill
59. Chaos Monkey Demo
•
We will demo Chaos Monkey against a mock three-tier application that has
Auto Scaling groups at each layer
–
•
http://chaosdemo.hollman.me/
Using Chaos Monkey CLI tool for demo
> ChaosMonkey
-l=chaoslog.txt
-S=ec2.us-west-2.amazonaws.com
-a=XXXXXXXXXXXXXXXXXXXXXXXXX
-s=XXXXXXXXXXXXXXXXXXXXXXXXXXXX
-t=chaos
-v=1
-r=4
-d=15000
61. Other Sessions You May Want to Attend
ARC401: From One to Many: Evolving VPC Design Patterns
Thursday, November 14 at 5:30 PM in Lando 4303
ARC304: Hybrid Cloud Architectures with AWS Direct Connect
Friday, November 15 at 9:00 AM in Lando 4303
62. AWS re:Invent Pub Crawl
Join the AWS Startup Team this evening at the AWS Pub Crawl
When: Wednesday November 13, 5:30pm - 7:30pm
Where: Canaletto at The Venetian, 2nd Floor
Who Will Be There: Startups, The AWS Startup Team,
Startup Launch Companies and
AWS re:Invent Hackathon winners
63. Startup Spotlight Sessions with Dr. Werner Vogels
Thurs. Nov 14, Marcello Room 4406
SPOT 203 - Fireside Chats – Startup Founders, 1:30-2:30pm
– Eliot Horowitz, CTO of MongoDB
– Jeff Lawson, CEO of Twilio
– Valentino Volonghi, Chief Architect of AdRoll
SPOT 204 - Fireside Chats – Startup Influencers, 3:00-4:00pm
– Albert Wegner, Managing Partner at Union Square Ventures
– David Cohen, Founder and CEO of TechStars
SPOT 101 - Startup Launches, 4:15-5:15pm
– 5 companies powered by AWS launching at AWS re:Invent 2013
64. Please give us your feedback on this
presentation
ARC202 - High Availability Application Architectures
in Amazon VPC
As a thank you, we will select prize
winners daily for completed surveys!