SlideShare a Scribd company logo

實際架構實踐演化與解決方案

Download as PPTX, PDF
C
Camel Camel

【議程說明】 1、Architecture建立指標 2、AWS Service選擇 3、Architecture階段性演化 4、Support 維運管理工具 5、Serverless & CICD

Education
1 of 98
Copyright © CKmates. All rights reserved 1 實際架構實踐演化與解決方案 Camel Camel P r o v i d e a l l y o u n e e d
Copyright © CKmates. All rights reserved Agenda 2 • Hello, How about me • Architecture Design • Maintenance • Serverless CI/CD Work on AWS
Copyright © CKmates. All rights reserved About me 3 • Focus on AWS - 2012 • Handled hundreds of customers • Get Professional Certified
Copyright © CKmates. All rights reserved Architecture Think? 4
Copyright © CKmates. All rights reserved 5 Meeting discussion • 團隊認知或程度 • 考量需求、改善或目標 • 架構上共識(階段性) • 角色所負責及無法勝任工作 • 團隊整合及分權劃分
Copyright © CKmates. All rights reserved Architecture Design Metric[1] 6 • 主要客群所在區域- Area • 服務類型- AP/Live Stream • 預算成本/可靠度- Cost • 安全性/網路效能- ACL • 自已維護能力- Ability • 未來擴展延申性- Scalability Service Security Monitor
Copyright © CKmates. All rights reserved Metric got the answer 7 • Region Choose – Region • AWS Service Choose – EC2/RDS/CDN/R53/AS • AWS Service Define – EC2/AZ • Public/Private subnet/CDN/VPN/DC/WAF/Shield – VPC • IAM/CloudTrail/CloudWatch/trusted advisor – Support team • Serverless/AS/ELB/SQS/dynamodb – Loose Coupling
Copyright © CKmates. All rights reserved 88 • 主要客群所在區域(Region Choose)[2] Cloudping
Copyright © CKmates. All rights reserved 99 • 服務類型(AWS Service)[3]
Copyright © CKmates. All rights reserved 1010 • 預算成本- Cost[4]
Copyright © CKmates. All rights reserved 1111 • 進階成本預算- RI
Copyright © CKmates. All rights reserved 1212 • 以秒計費,網內互打不用錢
Copyright © CKmates. All rights reserved 1313 • 安全性/網路效能-ELB
Copyright © CKmates. All rights reserved 1414 • 安全性/網路效能分析對照表-ELB[5]
Copyright © CKmates. All rights reserved 1515 • 安全性/網路效能-VPC
Copyright © CKmates. All rights reserved 1616 • 安全性/網路效能-CDN
Copyright © CKmates. All rights reserved 1717 • 安全性/網路效能-VPN
Copyright © CKmates. All rights reserved 1818 • 安全性/網路效能-Direct Connect
Copyright © CKmates. All rights reserved 1919 • 為何選擇-Direct Connect
Copyright © CKmates. All rights reserved 2020 • 安全性/網路效能-Direct Connect
Copyright © CKmates. All rights reserved 2121 • 未來擴展延申性- Loose Coupling
Copyright © CKmates. All rights reserved 2222 • 我們都知道,永遠都有適合的新服務 • (各司其職)
Copyright © CKmates. All rights reserved 2323
Copyright © CKmates. All rights reserved 2424 經討論後實際架構圖stage 1 region Private subnet Public subnet Availability Zone Availability Zone Private subnet Public subnet security group Amazon EC2
Copyright © CKmates. All rights reserved 2525 經討論後實際架構圖stage 1 region Private subnet Public subnet Availability Zone Availability Zone Private subnet Public subnet security group Amazon EC2 Performance
Copyright © CKmates. All rights reserved 2626 數據增長實際架構圖stage 2 region Private subnet Public subnet Availability Zone Availability Zone Private subnet Public subnet Amazon EC2 Amazon RDS
Copyright © CKmates. All rights reserved 2727 數據增長實際架構圖stage 2 region Private subnet Public subnet Availability Zone Availability Zone Private subnet Public subnet Amazon EC2 Amazon RDS Loose Coupling
Copyright © CKmates. All rights reserved 2828 活動人數增長實際架構圖stag 3 region Private subnet Public subnet Availability Zone Availability Zone Private subnet Public subnet Amazon EC2 Amazon RDS Amazon EC2 Elastic Load Balancing S3 bucket
Copyright © CKmates. All rights reserved 2929 活動人數增長實際架構圖stag 3 region Private subnet Public subnet Availability Zone Availability Zone Private subnet Public subnet Amazon EC2 Amazon RDS Amazon EC2 Elastic Load Balancing S3 bucket Reliability
Copyright © CKmates. All rights reserved 3030 活動指標後實際架構圖stag 4 region Private subnet Public subnet Availability Zone Availability Zone Private subnet Public subnet Amazon EC2 Amazon RDS Amazon EC2 S3 bucket Amazon RDS multi-az CloudFront distribution Auto Scaling
Copyright © CKmates. All rights reserved 3131 活動指標後實際架構圖stag 4 region Private subnet Public subnet Availability Zone Availability Zone Private subnet Public subnet Amazon EC2 Amazon RDS Amazon EC2 S3 bucket Failover Amazon RDS multi-az CloudFront distribution Auto Scaling
Copyright © CKmates. All rights reserved 3232 Cost Security DR Serverless CI/CD MA Group
Copyright © CKmates. All rights reserved 運維要件 1.Identity and a ccess man agement(身份和成本管理) 2.Detective controls(檢測控制) 3.Infrastructure protection(基礎設施保護) 4.Data protection(數據保護) 5.Incident response(回應)
Copyright © CKmates. All rights reserved 運維要件 1.Identity and a ccess man agement(身份和成本管理)-IAM 2.Detective controls(檢測控制)-CloudWatch 3.Infrastructure protection(基礎設施保護)-VPC/WAF/-Trusted Advisor 4.Data protection(數據保護)-Private/DC/堡壘/AD-CloudTrail 5.Incident response(回應)-VPC Flow Logs/CLI/CloudWatch-SNS/Slack
Copyright © CKmates. All rights reserved • 身份和成本管理-IAM[6] 隱藏您的 AWS 賬戶根用戶訪問密鑰 創建單獨的 IAM 用戶 盡量使用由 AWS 定義的策略分配權限 使用組向 IAM 用戶分配權限 授予最低權限 使用訪問權限級別查看 IAM 權限 為您的用戶配置強密碼策略 為特權用戶啟用 MFA 針對在 Amazon EC2 實例上運行的應用程序使用角色 通過使用角色而非共享憑證來委託訪問 定期輪換憑證 刪除不需要的憑證 使用策略條件來增強安全性
Copyright © CKmates. All rights reserved • 身份管理-IAM[7]
Copyright © CKmates. All rights reserved • 成本管理-Cost Explorer &CW
Copyright © CKmates. All rights reserved • 系統活動監控- CW&SNS • CloudWatch log • CloudWatch event
Copyright © CKmates. All rights reserved • 說真的CloudWatch好用,不用嗎[8]
Copyright © CKmates. All rights reserved • elasticsearch/ELK
Copyright © CKmates. All rights reserved • 異常資訊管理-VPC F&CWL[9]
Copyright © CKmates. All rights reserved • 凡走過必流痕跡- CloudTrail
Copyright © CKmates. All rights reserved • 監控差異恢復- Config
Copyright © CKmates. All rights reserved • 系統活動監控-NoC • 7 X 24 NoC • SOP
Copyright © CKmates. All rights reserved 4545 • 顧問分析工具- Trusted Advisor
Copyright © CKmates. All rights reserved 4646 • 顧問分析工具- Trusted Advisor 分析四象限:成本最佳化/資源利用率/資訊安全/架構可靠度 Cost Optimization / Performance / Security /Fault Tolerance
Copyright © CKmates. All rights reserved 4747 • 技術&障礙詢問求解- Support 7 x 24hrBusiness Support
Copyright © CKmates. All rights reserved 4848 自已維護能力- Business Support 7 x 24hrBusiness Support • Prewarm • 技術咨詢 • 系統障礙 • 攻擊壓測 • 使用建議 • RI
Copyright © CKmates. All rights reserved 4949 • 在地化服務- Support 每位專業服務人員都擁有AWS的Associate&Professional架構師證照, 並且承諾SLA答覆時間於指定時間內回覆您的問題,為您做專業的解答。 顧問
Copyright © CKmates. All rights reserved 5050 個人能力及管理YouTube-AWS[10]
Copyright © CKmates. All rights reserved 5151 Security Console MFA/CloudTrail/IAM(最低) 架構 DC/VPC/SG(最低) 正常服務,異常行為 CDN/WAF/清洗/BW
Copyright © CKmates. All rights reserved 5252 Security-針對性 異常 CDN/R53 高可靠快速擴展 防禦:WAF/清洗 正常 PTVA 事先預防 Arc Sight Log事件分析
Copyright © CKmates. All rights reserved 5353 WAF
Copyright © CKmates. All rights reserved 5454 Shield&AWS WAF&清洗
Copyright © CKmates. All rights reserved 5555 Security-PTVA 掃描顯示出網站或主機的弱點及潛在隱藏風險。可藉此修復, 避免被有心人士 利用,當完全掃描完畢後,將以報告方式呈現。
Copyright © CKmates. All rights reserved 資訊安全檢測服務項目 56 • 根據弱點掃描結果,對主機的弱點進行模擬攻擊行 為,確認該弱點的有效性與影響範圍 • 建議每年對重要系統至少執行一次滲透測試 • 為基礎弱點掃描的延伸,會根據其掃描結果加入人 工檢測動作來進一步判斷,以減少誤判 • 建議每一季的基礎弱點掃描可提升為進階掃描 • 使用自動工具進行檢測一般常見弱點,例如:未上 Patch的軟體、弱密碼認證和設定錯誤等等項目 • 建議每月執行一次,其結果可用於趨勢分析、偵測 網路上的新增設備,以及發現新的弱點等等 進階弱點掃描 滲透測試 基礎弱點掃描
Copyright © CKmates. All rights reserved 什麼是弱點掃描? • 弱點掃描是針對企業組織資訊系統的弱點,進行偵測、有效性評估,和判定影響程度的一連串過 程 • 弱點掃描服務可分為: - 基礎弱點掃描服務 ‣ 使用自動化掃描工具檢測一般弱點 ‣ 建議每月執行一次 - 進階弱點掃描服務 ‣ 人工進行判讀與檢測相關弱點,降低誤判機率 ‣ 建議每季執行一次 57
Copyright © CKmates. All rights reserved 什麼是滲透測試? • 滲透測試是: - 利用模擬攻擊的方式來檢測資訊系統和網路的安全性 - 主動分析可能導致系統漏洞的潛在弱點 - 利用弱點進行實際驗證 • 滲透測試可以達成 : - 模擬大部分駭客的攻擊方式來檢測系統漏洞 - 試圖找出大部分可被入侵的弱點 • 滲透測試不可以達成: - 在測試期間找出所有的潛在或未知的弱點 • 在現實環境下,我們會假設駭客有無限的時間來試圖攻破系統 • 建議每年執行一次滲透測試 58
Copyright © CKmates. All rights reserved 採用業界資安測試標準 • OSSTMM - 參考公開標準OSSTMM(Open Source Security Testing Methodology Manual)框架進行測試步驟 • SANS Top 20 Internet Vulnerabilities - 參考SANS所列出的前20大資安嚴重弱點,範圍涵蓋Windows、Unix,及其他跨平台軟體和網路設 備的弱點 • OWASP - OWASP(開放Web軟體安全計畫 - Open Web Application Security Project)是一個開放社群、非營利 性組織,長期致力於改善網頁應用程式與網頁服務的安全性,本測試亦參考OWASP定期公布的前 10大Web弱點 59
Copyright © CKmates. All rights reserved 資訊安全檢測服務最佳實務 60 時間軸 (月) n+12n+11n+10n+9n+8n+7n+6n+5n+4n+3n+2n+1n 基礎弱點掃描建議每月執行 進階弱點掃描建議每季執行 滲透測試建議每年執行 ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓✓ ✓ ✓ ✓ ✓ ✓✓ ✓
Copyright © CKmates. All rights reserved 6161 Security
Copyright © CKmates. All rights reserved 6262 Security
Copyright © CKmates. All rights reserved 63 剛說的可能是都系統人員或 網管可以處理 那Program??
Copyright © CKmates. All rights reserved 6464 Serverless應用 功能抽離,易於建置維護、去耦和擴展的應用程式元件。 Amazon API Gateway + AWS Lambda ? + AWS Lambda + ?
Copyright © CKmates. All rights reserved 6565 • 未來擴展延申性- Loose Coupling
Copyright © CKmates. All rights reserved 6666 • 未來擴展延申性- Loose Coupling
Copyright © CKmates. All rights reserved 6767 • 未來擴展延申性- Loose Coupling
Copyright © CKmates. All rights reserved 68 Why to do this?
Copyright © CKmates. All rights reserved 69 Why to do this? Find Distinct People in a Video with Amazon Rekognition[11]
Copyright © CKmates. All rights reserved 70 Why to do this?
Copyright © CKmates. All rights reserved 71
Copyright © CKmates. All rights reserved Difficulty 7272 • Version MA & Security • Decentralized version • Deployed a lot… • Rollback ? • Different environment (Test. Dev. Prod.) • Server trouble
Copyright © CKmates. All rights reserved 73 How CI/CD Work on AWS
Copyright © CKmates. All rights reserved 74 Introduction CI/CD Service
Copyright © CKmates. All rights reserved 75 Version RISK
Copyright © CKmates. All rights reserved 76 Introduction CodeCommit (Version) • Fully Managed • Secure store • High Availability • Faster Development Lifecycle • Use Your Existing Tools
Copyright © CKmates. All rights reserved 77 Introduction CodeCommit (IAM by user key or Credentials)
Copyright © CKmates. All rights reserved 78 CodeCommit
Copyright © CKmates. All rights reserved 79 Introduction CodeCommit (Version)
Copyright © CKmates. All rights reserved 80 Environment Confusion
Copyright © CKmates. All rights reserved 81 Introduction CodePipeline (Environment) • Rapid Delivery • Improved Quality • Configurable Workflow • Get Started Fast • Easy to Integrate
Copyright © CKmates. All rights reserved 82 CodePipeline 開發環境repo 驗証環境repo 線上環境repo
Copyright © CKmates. All rights reserved 83 Introduction CodePipeline (Environment)
Copyright © CKmates. All rights reserved 84 Verify integration Slow
Copyright © CKmates. All rights reserved 85 Introduction CodeBuild (Verify integration) • Build and Test Your Code • Configurable Settings • CI and Delivery Workflows • Security and Permissions • Monitoring
Copyright © CKmates. All rights reserved 86 Introduction CodeBuild (Verify integration)
Copyright © CKmates. All rights reserved 87 CodeBuild-YAML格式 Unit Test Support
Copyright © CKmates. All rights reserved 88 Deploy Process
Copyright © CKmates. All rights reserved 89 Introduction CodeDeploy (Deploy) • Automated Deployments • Minimize Downtime • Centralized Control • Easy To Adopt
Copyright © CKmates. All rights reserved 90 CodeDeploy
Copyright © CKmates. All rights reserved 91 Introduction Code Deploy (Deploy)
Copyright © CKmates. All rights reserved 92 CI/CD Work on AWS
Copyright © CKmates. All rights reserved 93 最後最難管理的-團隊間溝通 定義Flow/權責分明
Copyright © CKmates. All rights reserved 94 雲端是一條學無止盡的不歸路
Copyright © CKmates. All rights reserved 95 Architecture Design Metric[1] https://d0.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf 主要客群所在區域(Region Choose)[2] http://www.cloudping.info/ 服務類型(AWS Service)[3] https://aws.amazon.com/tw/architecture/ 預算成本- Cost[4] http://calculator.s3.amazonaws.com/index.html 安全性/網路效能分析對照表-ELB[5] https://aws.amazon.com/tw/elasticloadbalancing/details/
Copyright © CKmates. All rights reserved 96 身份和成本管理-IAM[6] http://docs.aws.amazon.com/zh_cn/IAM/latest/UserGuide/best-practices.html 身份管理-IAM[7] https://www.sumologic.com/blog/amazon-web-services/security-analytics-in-aws/ 說真的CloudWatch好用,不用嗎[8] https://cloudpack.media/20642 異常資訊管理-VPC F&CWL[9] https://www.sumologic.com/blog/amazon-web-services/security-analytics-in-aws/ 個人能力及管理YouTube-AWS[10] https://www.youtube.com/watch?v=1x20FxpiTVE&t=314s Find Distinct People in a Video with Amazon Rekognition[11] https://aws.amazon.com/tw/blogs/ai/find-distinct-people-in-a-video-with-amazon-rekog
Copyright © CKmates. All rights reserved LIKE US NOW! aws@ckmates.com 97
Copyright © CKmates. All rights reserved Thanks Q & A aws@ckmates.com 98

Recommended

Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
smalltown
 
Kubernetes User Group: 維運 Kubernetes 的兩三事
Kubernetes User Group: 維運 Kubernetes 的兩三事Kubernetes User Group: 維運 Kubernetes 的兩三事
Kubernetes User Group: 維運 Kubernetes 的兩三事
smalltown
 
DevEx | there’s no place like k3s
DevEx | there’s no place like k3sDevEx | there’s no place like k3s
DevEx | there’s no place like k3s
Haggai Philip Zagury
 
OpenStack on Kubernetes (BOS Summit / May 2017 update)
OpenStack on Kubernetes (BOS Summit / May 2017 update)OpenStack on Kubernetes (BOS Summit / May 2017 update)
OpenStack on Kubernetes (BOS Summit / May 2017 update)
rhirschfeld
 
Sf bay area Kubernetes meetup dec8 2016 - deployment models
Sf bay area Kubernetes meetup dec8 2016 - deployment modelsSf bay area Kubernetes meetup dec8 2016 - deployment models
Sf bay area Kubernetes meetup dec8 2016 - deployment models
Peter Ss
 
The elements of kubernetes
The elements of kubernetesThe elements of kubernetes
The elements of kubernetes
Aaron Schlesinger
 
Copr HD OpenStack Day India
Copr HD OpenStack Day IndiaCopr HD OpenStack Day India
Copr HD OpenStack Day India
openstackindia
 
Web後端技術的演變
Web後端技術的演變Web後端技術的演變
Web後端技術的演變
inwin stack
 

Recommended

Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
smalltown
 
Kubernetes User Group: 維運 Kubernetes 的兩三事
Kubernetes User Group: 維運 Kubernetes 的兩三事Kubernetes User Group: 維運 Kubernetes 的兩三事
Kubernetes User Group: 維運 Kubernetes 的兩三事
smalltown
 
DevEx | there’s no place like k3s
DevEx | there’s no place like k3sDevEx | there’s no place like k3s
DevEx | there’s no place like k3s
Haggai Philip Zagury
 
OpenStack on Kubernetes (BOS Summit / May 2017 update)
OpenStack on Kubernetes (BOS Summit / May 2017 update)OpenStack on Kubernetes (BOS Summit / May 2017 update)
OpenStack on Kubernetes (BOS Summit / May 2017 update)
rhirschfeld
 
Sf bay area Kubernetes meetup dec8 2016 - deployment models
Sf bay area Kubernetes meetup dec8 2016 - deployment modelsSf bay area Kubernetes meetup dec8 2016 - deployment models
Sf bay area Kubernetes meetup dec8 2016 - deployment models
Peter Ss
 
The elements of kubernetes
The elements of kubernetesThe elements of kubernetes
The elements of kubernetes
Aaron Schlesinger
 
Copr HD OpenStack Day India
Copr HD OpenStack Day IndiaCopr HD OpenStack Day India
Copr HD OpenStack Day India
openstackindia
 
Web後端技術的演變
Web後端技術的演變Web後端技術的演變
Web後端技術的演變
inwin stack
 
Baylisa - Dive Into OpenStack
Baylisa - Dive Into OpenStackBaylisa - Dive Into OpenStack
Baylisa - Dive Into OpenStack
Jesse Andrews
 
Muli Ben-Yehuda, Stratoscale - The Road to a Hyper-Converged OpenStack, OpenS...
Muli Ben-Yehuda, Stratoscale - The Road to a Hyper-Converged OpenStack, OpenS...Muli Ben-Yehuda, Stratoscale - The Road to a Hyper-Converged OpenStack, OpenS...
Muli Ben-Yehuda, Stratoscale - The Road to a Hyper-Converged OpenStack, OpenS...
Cloud Native Day Tel Aviv
 
Docker Summit 2016 - Kubernetes: Sweets and Bitters
Docker Summit 2016 - Kubernetes: Sweets and BittersDocker Summit 2016 - Kubernetes: Sweets and Bitters
Docker Summit 2016 - Kubernetes: Sweets and Bitters
smalltown
 
Setup Hybrid Clusters Using Kubernetes Federation
Setup Hybrid Clusters Using Kubernetes FederationSetup Hybrid Clusters Using Kubernetes Federation
Setup Hybrid Clusters Using Kubernetes Federation
inwin stack
 
StarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
StarlingX - A Platform for the Distributed Edge | Ildiko VancsaStarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
StarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
Vietnam Open Infrastructure User Group
 
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
inwin stack
 
Intro into Rook and Ceph on Kubernetes
Intro into Rook and Ceph on KubernetesIntro into Rook and Ceph on Kubernetes
Intro into Rook and Ceph on Kubernetes
Kublr
 
Openstack Summit Container Day Keynote
Openstack Summit Container Day KeynoteOpenstack Summit Container Day Keynote
Openstack Summit Container Day Keynote
Boyd Hemphill
 
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
Sanjeev Rampal
 
Demystifying Application Connectivity with Kubernetes in the Docker Platform
Demystifying Application Connectivity with Kubernetes in the Docker PlatformDemystifying Application Connectivity with Kubernetes in the Docker Platform
Demystifying Application Connectivity with Kubernetes in the Docker Platform
Nicola Kabar
 
Kubernetes Meetup - Seattle 2017-06-01
Kubernetes Meetup - Seattle 2017-06-01Kubernetes Meetup - Seattle 2017-06-01
Kubernetes Meetup - Seattle 2017-06-01
Bassam Tabbara
 
[OpenStack Day in Korea 2015] Track 3-1 - OpenStack Storage Infrastructure & ...
[OpenStack Day in Korea 2015] Track 3-1 - OpenStack Storage Infrastructure & ...[OpenStack Day in Korea 2015] Track 3-1 - OpenStack Storage Infrastructure & ...
[OpenStack Day in Korea 2015] Track 3-1 - OpenStack Storage Infrastructure & ...
OpenStack Korea Community
 
使用 Prometheus 監控 Kubernetes Cluster
使用 Prometheus 監控 Kubernetes Cluster 使用 Prometheus 監控 Kubernetes Cluster
使用 Prometheus 監控 Kubernetes Cluster
inwin stack
 
Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...
Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...
Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...
Cloud Native Day Tel Aviv
 
Kubernetes Summit 2021: Multi-Cluster - The Good, the Bad and the Ugly
Kubernetes Summit 2021: Multi-Cluster - The Good, the Bad and the UglyKubernetes Summit 2021: Multi-Cluster - The Good, the Bad and the Ugly
Kubernetes Summit 2021: Multi-Cluster - The Good, the Bad and the Ugly
smalltown
 
Introduction to OpenStack Cinder
Introduction to OpenStack CinderIntroduction to OpenStack Cinder
Introduction to OpenStack Cinder
Sean McGinnis
 
The Enterprise IT Checklist for Docker Operations
The Enterprise IT Checklist for Docker Operations The Enterprise IT Checklist for Docker Operations
The Enterprise IT Checklist for Docker Operations
Nicola Kabar
 
Application Portability with Kubernetes (k8)
Application Portability with Kubernetes (k8)Application Portability with Kubernetes (k8)
Application Portability with Kubernetes (k8)
Kublr
 
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Vietnam Open Infrastructure User Group
 
Stateful set in kubernetes implementation & usecases
Stateful set in kubernetes implementation & usecases Stateful set in kubernetes implementation & usecases
Stateful set in kubernetes implementation & usecases
Krishna-Kumar
 
20191201 kubernetes managed weblogic revival - part 2
20191201 kubernetes managed weblogic revival - part 220191201 kubernetes managed weblogic revival - part 2
20191201 kubernetes managed weblogic revival - part 2
makker_nl
 
The Kubernetes WebLogic revival (part 2)
The Kubernetes WebLogic revival (part 2)The Kubernetes WebLogic revival (part 2)
The Kubernetes WebLogic revival (part 2)
Simon Haslam
 

More Related Content

What's hot

Baylisa - Dive Into OpenStack
Baylisa - Dive Into OpenStackBaylisa - Dive Into OpenStack
Baylisa - Dive Into OpenStack
Jesse Andrews
 
Muli Ben-Yehuda, Stratoscale - The Road to a Hyper-Converged OpenStack, OpenS...
Muli Ben-Yehuda, Stratoscale - The Road to a Hyper-Converged OpenStack, OpenS...Muli Ben-Yehuda, Stratoscale - The Road to a Hyper-Converged OpenStack, OpenS...
Muli Ben-Yehuda, Stratoscale - The Road to a Hyper-Converged OpenStack, OpenS...
Cloud Native Day Tel Aviv
 
Docker Summit 2016 - Kubernetes: Sweets and Bitters
Docker Summit 2016 - Kubernetes: Sweets and BittersDocker Summit 2016 - Kubernetes: Sweets and Bitters
Docker Summit 2016 - Kubernetes: Sweets and Bitters
smalltown
 
Setup Hybrid Clusters Using Kubernetes Federation
Setup Hybrid Clusters Using Kubernetes FederationSetup Hybrid Clusters Using Kubernetes Federation
Setup Hybrid Clusters Using Kubernetes Federation
inwin stack
 
StarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
StarlingX - A Platform for the Distributed Edge | Ildiko VancsaStarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
StarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
Vietnam Open Infrastructure User Group
 
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
inwin stack
 
Intro into Rook and Ceph on Kubernetes
Intro into Rook and Ceph on KubernetesIntro into Rook and Ceph on Kubernetes
Intro into Rook and Ceph on Kubernetes
Kublr
 
Openstack Summit Container Day Keynote
Openstack Summit Container Day KeynoteOpenstack Summit Container Day Keynote
Openstack Summit Container Day Keynote
Boyd Hemphill
 
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
Sanjeev Rampal
 
Demystifying Application Connectivity with Kubernetes in the Docker Platform
Demystifying Application Connectivity with Kubernetes in the Docker PlatformDemystifying Application Connectivity with Kubernetes in the Docker Platform
Demystifying Application Connectivity with Kubernetes in the Docker Platform
Nicola Kabar
 
Kubernetes Meetup - Seattle 2017-06-01
Kubernetes Meetup - Seattle 2017-06-01Kubernetes Meetup - Seattle 2017-06-01
Kubernetes Meetup - Seattle 2017-06-01
Bassam Tabbara
 
[OpenStack Day in Korea 2015] Track 3-1 - OpenStack Storage Infrastructure & ...
[OpenStack Day in Korea 2015] Track 3-1 - OpenStack Storage Infrastructure & ...[OpenStack Day in Korea 2015] Track 3-1 - OpenStack Storage Infrastructure & ...
[OpenStack Day in Korea 2015] Track 3-1 - OpenStack Storage Infrastructure & ...
OpenStack Korea Community
 
使用 Prometheus 監控 Kubernetes Cluster
使用 Prometheus 監控 Kubernetes Cluster 使用 Prometheus 監控 Kubernetes Cluster
使用 Prometheus 監控 Kubernetes Cluster
inwin stack
 
Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...
Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...
Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...
Cloud Native Day Tel Aviv
 
Kubernetes Summit 2021: Multi-Cluster - The Good, the Bad and the Ugly
Kubernetes Summit 2021: Multi-Cluster - The Good, the Bad and the UglyKubernetes Summit 2021: Multi-Cluster - The Good, the Bad and the Ugly
Kubernetes Summit 2021: Multi-Cluster - The Good, the Bad and the Ugly
smalltown
 
Introduction to OpenStack Cinder
Introduction to OpenStack CinderIntroduction to OpenStack Cinder
Introduction to OpenStack Cinder
Sean McGinnis
 
The Enterprise IT Checklist for Docker Operations
The Enterprise IT Checklist for Docker Operations The Enterprise IT Checklist for Docker Operations
The Enterprise IT Checklist for Docker Operations
Nicola Kabar
 
Application Portability with Kubernetes (k8)
Application Portability with Kubernetes (k8)Application Portability with Kubernetes (k8)
Application Portability with Kubernetes (k8)
Kublr
 
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Vietnam Open Infrastructure User Group
 
Stateful set in kubernetes implementation & usecases
Stateful set in kubernetes implementation & usecases Stateful set in kubernetes implementation & usecases
Stateful set in kubernetes implementation & usecases
Krishna-Kumar
 

What's hot (20)

Baylisa - Dive Into OpenStack
Baylisa - Dive Into OpenStackBaylisa - Dive Into OpenStack
Baylisa - Dive Into OpenStack
 
Muli Ben-Yehuda, Stratoscale - The Road to a Hyper-Converged OpenStack, OpenS...
Muli Ben-Yehuda, Stratoscale - The Road to a Hyper-Converged OpenStack, OpenS...Muli Ben-Yehuda, Stratoscale - The Road to a Hyper-Converged OpenStack, OpenS...
Muli Ben-Yehuda, Stratoscale - The Road to a Hyper-Converged OpenStack, OpenS...
 
Docker Summit 2016 - Kubernetes: Sweets and Bitters
Docker Summit 2016 - Kubernetes: Sweets and BittersDocker Summit 2016 - Kubernetes: Sweets and Bitters
Docker Summit 2016 - Kubernetes: Sweets and Bitters
 
Setup Hybrid Clusters Using Kubernetes Federation
Setup Hybrid Clusters Using Kubernetes FederationSetup Hybrid Clusters Using Kubernetes Federation
Setup Hybrid Clusters Using Kubernetes Federation
 
StarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
StarlingX - A Platform for the Distributed Edge | Ildiko VancsaStarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
StarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
 
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
 
Intro into Rook and Ceph on Kubernetes
Intro into Rook and Ceph on KubernetesIntro into Rook and Ceph on Kubernetes
Intro into Rook and Ceph on Kubernetes
 
Openstack Summit Container Day Keynote
Openstack Summit Container Day KeynoteOpenstack Summit Container Day Keynote
Openstack Summit Container Day Keynote
 
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
 
Demystifying Application Connectivity with Kubernetes in the Docker Platform
Demystifying Application Connectivity with Kubernetes in the Docker PlatformDemystifying Application Connectivity with Kubernetes in the Docker Platform
Demystifying Application Connectivity with Kubernetes in the Docker Platform
 
Kubernetes Meetup - Seattle 2017-06-01
Kubernetes Meetup - Seattle 2017-06-01Kubernetes Meetup - Seattle 2017-06-01
Kubernetes Meetup - Seattle 2017-06-01
 
[OpenStack Day in Korea 2015] Track 3-1 - OpenStack Storage Infrastructure & ...
[OpenStack Day in Korea 2015] Track 3-1 - OpenStack Storage Infrastructure & ...[OpenStack Day in Korea 2015] Track 3-1 - OpenStack Storage Infrastructure & ...
[OpenStack Day in Korea 2015] Track 3-1 - OpenStack Storage Infrastructure & ...
 
使用 Prometheus 監控 Kubernetes Cluster
使用 Prometheus 監控 Kubernetes Cluster 使用 Prometheus 監控 Kubernetes Cluster
使用 Prometheus 監控 Kubernetes Cluster
 
Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...
Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...
Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...
 
Kubernetes Summit 2021: Multi-Cluster - The Good, the Bad and the Ugly
Kubernetes Summit 2021: Multi-Cluster - The Good, the Bad and the UglyKubernetes Summit 2021: Multi-Cluster - The Good, the Bad and the Ugly
Kubernetes Summit 2021: Multi-Cluster - The Good, the Bad and the Ugly
 
Introduction to OpenStack Cinder
Introduction to OpenStack CinderIntroduction to OpenStack Cinder
Introduction to OpenStack Cinder
 
The Enterprise IT Checklist for Docker Operations
The Enterprise IT Checklist for Docker Operations The Enterprise IT Checklist for Docker Operations
The Enterprise IT Checklist for Docker Operations
 
Application Portability with Kubernetes (k8)
Application Portability with Kubernetes (k8)Application Portability with Kubernetes (k8)
Application Portability with Kubernetes (k8)
 
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
 
Stateful set in kubernetes implementation & usecases
Stateful set in kubernetes implementation & usecases Stateful set in kubernetes implementation & usecases
Stateful set in kubernetes implementation & usecases
 

Similar to 實際架構實踐演化與解決方案

20191201 kubernetes managed weblogic revival - part 2
20191201 kubernetes managed weblogic revival - part 220191201 kubernetes managed weblogic revival - part 2
20191201 kubernetes managed weblogic revival - part 2
makker_nl
 
The Kubernetes WebLogic revival (part 2)
The Kubernetes WebLogic revival (part 2)The Kubernetes WebLogic revival (part 2)
The Kubernetes WebLogic revival (part 2)
Simon Haslam
 
Big data journey to the cloud 5.30.18 asher bartch
Big data journey to the cloud 5.30.18 asher bartchBig data journey to the cloud 5.30.18 asher bartch
Big data journey to the cloud 5.30.18 asher bartch
Cloudera, Inc.
 
Creating Polyglot Communication Between Kubernetes Clusters and Legacy System...
Creating Polyglot Communication Between Kubernetes Clusters and Legacy System...Creating Polyglot Communication Between Kubernetes Clusters and Legacy System...
Creating Polyglot Communication Between Kubernetes Clusters and Legacy System...
VMware Tanzu
 
Oracle database in cloud, dr in cloud and overview of oracle database 18c
Oracle database in cloud, dr in cloud and overview of oracle database 18cOracle database in cloud, dr in cloud and overview of oracle database 18c
Oracle database in cloud, dr in cloud and overview of oracle database 18c
AiougVizagChapter
 
Rightscale webinar-key-design-considerations-private-hybrid-clouds
Rightscale webinar-key-design-considerations-private-hybrid-cloudsRightscale webinar-key-design-considerations-private-hybrid-clouds
Rightscale webinar-key-design-considerations-private-hybrid-cloudsRightScale
 
YARN Containerized Services: Fading The Lines Between On-Prem And Cloud
YARN Containerized Services: Fading The Lines Between On-Prem And CloudYARN Containerized Services: Fading The Lines Between On-Prem And Cloud
YARN Containerized Services: Fading The Lines Between On-Prem And Cloud
DataWorks Summit
 
Oracle on AWS
Oracle on AWSOracle on AWS
Oracle on AWS
Amazon Web Services
 
Oracle on AWS
Oracle on AWSOracle on AWS
Oracle on AWS
Amazon Web Services
 
Enhancing Data Protection Workflows with Kanister And Argo Workflows
Enhancing Data Protection Workflows with Kanister And Argo WorkflowsEnhancing Data Protection Workflows with Kanister And Argo Workflows
Enhancing Data Protection Workflows with Kanister And Argo Workflows
LibbySchulze
 
Community Session: Strategic Private Cloud in SKY UK
Community Session: Strategic Private Cloud in SKY UKCommunity Session: Strategic Private Cloud in SKY UK
Community Session: Strategic Private Cloud in SKY UK
VMUG IT
 
Oracle NoSQL
Oracle NoSQLOracle NoSQL
Oracle NoSQL
Oracle Korea
 
Trusted Application Delivery: Achieving Ultimate Security
Trusted Application Delivery: Achieving Ultimate SecurityTrusted Application Delivery: Achieving Ultimate Security
Trusted Application Delivery: Achieving Ultimate Security
Weaveworks
 
What’s New in Cloudera Enterprise 6.0: The Inside Scoop 6.14.18
What’s New in Cloudera Enterprise 6.0: The Inside Scoop 6.14.18What’s New in Cloudera Enterprise 6.0: The Inside Scoop 6.14.18
What’s New in Cloudera Enterprise 6.0: The Inside Scoop 6.14.18
Cloudera, Inc.
 
MySQL Enterprise Edition Overview
MySQL Enterprise Edition OverviewMySQL Enterprise Edition Overview
MySQL Enterprise Edition Overview
Mario Beck
 
Five Tips for Running Cloudera on AWS
Five Tips for Running Cloudera on AWSFive Tips for Running Cloudera on AWS
Five Tips for Running Cloudera on AWS
Cloudera, Inc.
 
Using Databases and Containers From Development to Deployment
Using Databases and Containers From Development to DeploymentUsing Databases and Containers From Development to Deployment
Using Databases and Containers From Development to Deployment
Aerospike, Inc.
 
Kubernetes for the VI Admin
Kubernetes for the VI AdminKubernetes for the VI Admin
Kubernetes for the VI Admin
Kendrick Coleman
 
Presentation building and running your private cloud
Presentation building and running your private cloudPresentation building and running your private cloud
Presentation building and running your private cloudsolarisyourep
 
Presentation building and running your private cloud
Presentation building and running your private cloudPresentation building and running your private cloud
Presentation building and running your private cloud
xKinAnx
 

Similar to 實際架構實踐演化與解決方案 (20)

20191201 kubernetes managed weblogic revival - part 2
20191201 kubernetes managed weblogic revival - part 220191201 kubernetes managed weblogic revival - part 2
20191201 kubernetes managed weblogic revival - part 2
 
The Kubernetes WebLogic revival (part 2)
The Kubernetes WebLogic revival (part 2)The Kubernetes WebLogic revival (part 2)
The Kubernetes WebLogic revival (part 2)
 
Big data journey to the cloud 5.30.18 asher bartch
Big data journey to the cloud 5.30.18 asher bartchBig data journey to the cloud 5.30.18 asher bartch
Big data journey to the cloud 5.30.18 asher bartch
 
Creating Polyglot Communication Between Kubernetes Clusters and Legacy System...
Creating Polyglot Communication Between Kubernetes Clusters and Legacy System...Creating Polyglot Communication Between Kubernetes Clusters and Legacy System...
Creating Polyglot Communication Between Kubernetes Clusters and Legacy System...
 
Oracle database in cloud, dr in cloud and overview of oracle database 18c
Oracle database in cloud, dr in cloud and overview of oracle database 18cOracle database in cloud, dr in cloud and overview of oracle database 18c
Oracle database in cloud, dr in cloud and overview of oracle database 18c
 
Rightscale webinar-key-design-considerations-private-hybrid-clouds
Rightscale webinar-key-design-considerations-private-hybrid-cloudsRightscale webinar-key-design-considerations-private-hybrid-clouds
Rightscale webinar-key-design-considerations-private-hybrid-clouds
 
YARN Containerized Services: Fading The Lines Between On-Prem And Cloud
YARN Containerized Services: Fading The Lines Between On-Prem And CloudYARN Containerized Services: Fading The Lines Between On-Prem And Cloud
YARN Containerized Services: Fading The Lines Between On-Prem And Cloud
 
Oracle on AWS
Oracle on AWSOracle on AWS
Oracle on AWS
 
Oracle on AWS
Oracle on AWSOracle on AWS
Oracle on AWS
 
Enhancing Data Protection Workflows with Kanister And Argo Workflows
Enhancing Data Protection Workflows with Kanister And Argo WorkflowsEnhancing Data Protection Workflows with Kanister And Argo Workflows
Enhancing Data Protection Workflows with Kanister And Argo Workflows
 
Community Session: Strategic Private Cloud in SKY UK
Community Session: Strategic Private Cloud in SKY UKCommunity Session: Strategic Private Cloud in SKY UK
Community Session: Strategic Private Cloud in SKY UK
 
Oracle NoSQL
Oracle NoSQLOracle NoSQL
Oracle NoSQL
 
Trusted Application Delivery: Achieving Ultimate Security
Trusted Application Delivery: Achieving Ultimate SecurityTrusted Application Delivery: Achieving Ultimate Security
Trusted Application Delivery: Achieving Ultimate Security
 
What’s New in Cloudera Enterprise 6.0: The Inside Scoop 6.14.18
What’s New in Cloudera Enterprise 6.0: The Inside Scoop 6.14.18What’s New in Cloudera Enterprise 6.0: The Inside Scoop 6.14.18
What’s New in Cloudera Enterprise 6.0: The Inside Scoop 6.14.18
 
MySQL Enterprise Edition Overview
MySQL Enterprise Edition OverviewMySQL Enterprise Edition Overview
MySQL Enterprise Edition Overview
 
Five Tips for Running Cloudera on AWS
Five Tips for Running Cloudera on AWSFive Tips for Running Cloudera on AWS
Five Tips for Running Cloudera on AWS
 
Using Databases and Containers From Development to Deployment
Using Databases and Containers From Development to DeploymentUsing Databases and Containers From Development to Deployment
Using Databases and Containers From Development to Deployment
 
Kubernetes for the VI Admin
Kubernetes for the VI AdminKubernetes for the VI Admin
Kubernetes for the VI Admin
 
Presentation building and running your private cloud
Presentation building and running your private cloudPresentation building and running your private cloud
Presentation building and running your private cloud
 
Presentation building and running your private cloud
Presentation building and running your private cloudPresentation building and running your private cloud
Presentation building and running your private cloud
 

Recently uploaded

2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
Special education needs
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
Peter Windle
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
Thiyagu K
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
Jheel Barad
 
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdfAdversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Po-Chuan Chen
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
Tamralipta Mahavidyalaya
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
siemaillard
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
TechSoup
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
Vikramjit Singh
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
MIRIAMSALINAS13
 
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
Nguyen Thanh Tu Collection
 
Palestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptxPalestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptx
RaedMohamed3
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
EugeneSaldivar
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
vaibhavrinwa19
 
Honest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptxHonest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptx
timhan337
 
Polish students' mobility in the Czech Republic
Polish students' mobility in the Czech RepublicPolish students' mobility in the Czech Republic
Polish students' mobility in the Czech Republic
Anna Sz.
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
Peter Windle
 

Recently uploaded (20)

2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
 
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdfAdversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
 
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
 
Palestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptxPalestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptx
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
 
Honest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptxHonest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptx
 
Polish students' mobility in the Czech Republic
Polish students' mobility in the Czech RepublicPolish students' mobility in the Czech Republic
Polish students' mobility in the Czech Republic
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
 

實際架構實踐演化與解決方案

  • 1. Copyright © CKmates. All rights reserved 1 實際架構實踐演化與解決方案 Camel Camel P r o v i d e a l l y o u n e e d
  • 2. Copyright © CKmates. All rights reserved Agenda 2 • Hello, How about me • Architecture Design • Maintenance • Serverless CI/CD Work on AWS
  • 3. Copyright © CKmates. All rights reserved About me 3 • Focus on AWS - 2012 • Handled hundreds of customers • Get Professional Certified
  • 4. Copyright © CKmates. All rights reserved Architecture Think? 4
  • 5. Copyright © CKmates. All rights reserved 5 Meeting discussion • 團隊認知或程度 • 考量需求、改善或目標 • 架構上共識(階段性) • 角色所負責及無法勝任工作 • 團隊整合及分權劃分
  • 6. Copyright © CKmates. All rights reserved Architecture Design Metric[1] 6 • 主要客群所在區域- Area • 服務類型- AP/Live Stream • 預算成本/可靠度- Cost • 安全性/網路效能- ACL • 自已維護能力- Ability • 未來擴展延申性- Scalability Service Security Monitor
  • 7. Copyright © CKmates. All rights reserved Metric got the answer 7 • Region Choose – Region • AWS Service Choose – EC2/RDS/CDN/R53/AS • AWS Service Define – EC2/AZ • Public/Private subnet/CDN/VPN/DC/WAF/Shield – VPC • IAM/CloudTrail/CloudWatch/trusted advisor – Support team • Serverless/AS/ELB/SQS/dynamodb – Loose Coupling
  • 8. Copyright © CKmates. All rights reserved 88 • 主要客群所在區域(Region Choose)[2] Cloudping
  • 9. Copyright © CKmates. All rights reserved 99 • 服務類型(AWS Service)[3]
  • 10. Copyright © CKmates. All rights reserved 1010 • 預算成本- Cost[4]
  • 11. Copyright © CKmates. All rights reserved 1111 • 進階成本預算- RI
  • 12. Copyright © CKmates. All rights reserved 1212 • 以秒計費,網內互打不用錢
  • 13. Copyright © CKmates. All rights reserved 1313 • 安全性/網路效能-ELB
  • 14. Copyright © CKmates. All rights reserved 1414 • 安全性/網路效能分析對照表-ELB[5]
  • 15. Copyright © CKmates. All rights reserved 1515 • 安全性/網路效能-VPC
  • 16. Copyright © CKmates. All rights reserved 1616 • 安全性/網路效能-CDN
  • 17. Copyright © CKmates. All rights reserved 1717 • 安全性/網路效能-VPN
  • 18. Copyright © CKmates. All rights reserved 1818 • 安全性/網路效能-Direct Connect
  • 19. Copyright © CKmates. All rights reserved 1919 • 為何選擇-Direct Connect
  • 20. Copyright © CKmates. All rights reserved 2020 • 安全性/網路效能-Direct Connect
  • 21. Copyright © CKmates. All rights reserved 2121 • 未來擴展延申性- Loose Coupling
  • 22. Copyright © CKmates. All rights reserved 2222 • 我們都知道,永遠都有適合的新服務 • (各司其職)
  • 23. Copyright © CKmates. All rights reserved 2323
  • 24. Copyright © CKmates. All rights reserved 2424 經討論後實際架構圖stage 1 region Private subnet Public subnet Availability Zone Availability Zone Private subnet Public subnet security group Amazon EC2
  • 25. Copyright © CKmates. All rights reserved 2525 經討論後實際架構圖stage 1 region Private subnet Public subnet Availability Zone Availability Zone Private subnet Public subnet security group Amazon EC2 Performance
  • 26. Copyright © CKmates. All rights reserved 2626 數據增長實際架構圖stage 2 region Private subnet Public subnet Availability Zone Availability Zone Private subnet Public subnet Amazon EC2 Amazon RDS
  • 27. Copyright © CKmates. All rights reserved 2727 數據增長實際架構圖stage 2 region Private subnet Public subnet Availability Zone Availability Zone Private subnet Public subnet Amazon EC2 Amazon RDS Loose Coupling
  • 28. Copyright © CKmates. All rights reserved 2828 活動人數增長實際架構圖stag 3 region Private subnet Public subnet Availability Zone Availability Zone Private subnet Public subnet Amazon EC2 Amazon RDS Amazon EC2 Elastic Load Balancing S3 bucket
  • 29. Copyright © CKmates. All rights reserved 2929 活動人數增長實際架構圖stag 3 region Private subnet Public subnet Availability Zone Availability Zone Private subnet Public subnet Amazon EC2 Amazon RDS Amazon EC2 Elastic Load Balancing S3 bucket Reliability
  • 30. Copyright © CKmates. All rights reserved 3030 活動指標後實際架構圖stag 4 region Private subnet Public subnet Availability Zone Availability Zone Private subnet Public subnet Amazon EC2 Amazon RDS Amazon EC2 S3 bucket Amazon RDS multi-az CloudFront distribution Auto Scaling
  • 31. Copyright © CKmates. All rights reserved 3131 活動指標後實際架構圖stag 4 region Private subnet Public subnet Availability Zone Availability Zone Private subnet Public subnet Amazon EC2 Amazon RDS Amazon EC2 S3 bucket Failover Amazon RDS multi-az CloudFront distribution Auto Scaling
  • 32. Copyright © CKmates. All rights reserved 3232 Cost Security DR Serverless CI/CD MA Group
  • 33. Copyright © CKmates. All rights reserved 運維要件 1.Identity and a ccess man agement(身份和成本管理) 2.Detective controls(檢測控制) 3.Infrastructure protection(基礎設施保護) 4.Data protection(數據保護) 5.Incident response(回應)
  • 34. Copyright © CKmates. All rights reserved 運維要件 1.Identity and a ccess man agement(身份和成本管理)-IAM 2.Detective controls(檢測控制)-CloudWatch 3.Infrastructure protection(基礎設施保護)-VPC/WAF/-Trusted Advisor 4.Data protection(數據保護)-Private/DC/堡壘/AD-CloudTrail 5.Incident response(回應)-VPC Flow Logs/CLI/CloudWatch-SNS/Slack
  • 35. Copyright © CKmates. All rights reserved • 身份和成本管理-IAM[6] 隱藏您的 AWS 賬戶根用戶訪問密鑰 創建單獨的 IAM 用戶 盡量使用由 AWS 定義的策略分配權限 使用組向 IAM 用戶分配權限 授予最低權限 使用訪問權限級別查看 IAM 權限 為您的用戶配置強密碼策略 為特權用戶啟用 MFA 針對在 Amazon EC2 實例上運行的應用程序使用角色 通過使用角色而非共享憑證來委託訪問 定期輪換憑證 刪除不需要的憑證 使用策略條件來增強安全性
  • 36. Copyright © CKmates. All rights reserved • 身份管理-IAM[7]
  • 37. Copyright © CKmates. All rights reserved • 成本管理-Cost Explorer &CW
  • 38. Copyright © CKmates. All rights reserved • 系統活動監控- CW&SNS • CloudWatch log • CloudWatch event
  • 39. Copyright © CKmates. All rights reserved • 說真的CloudWatch好用,不用嗎[8]
  • 40. Copyright © CKmates. All rights reserved • elasticsearch/ELK
  • 41. Copyright © CKmates. All rights reserved • 異常資訊管理-VPC F&CWL[9]
  • 42. Copyright © CKmates. All rights reserved • 凡走過必流痕跡- CloudTrail
  • 43. Copyright © CKmates. All rights reserved • 監控差異恢復- Config
  • 44. Copyright © CKmates. All rights reserved • 系統活動監控-NoC • 7 X 24 NoC • SOP
  • 45. Copyright © CKmates. All rights reserved 4545 • 顧問分析工具- Trusted Advisor
  • 46. Copyright © CKmates. All rights reserved 4646 • 顧問分析工具- Trusted Advisor 分析四象限:成本最佳化/資源利用率/資訊安全/架構可靠度 Cost Optimization / Performance / Security /Fault Tolerance
  • 47. Copyright © CKmates. All rights reserved 4747 • 技術&障礙詢問求解- Support 7 x 24hrBusiness Support
  • 48. Copyright © CKmates. All rights reserved 4848 自已維護能力- Business Support 7 x 24hrBusiness Support • Prewarm • 技術咨詢 • 系統障礙 • 攻擊壓測 • 使用建議 • RI
  • 49. Copyright © CKmates. All rights reserved 4949 • 在地化服務- Support 每位專業服務人員都擁有AWS的Associate&Professional架構師證照, 並且承諾SLA答覆時間於指定時間內回覆您的問題,為您做專業的解答。 顧問
  • 50. Copyright © CKmates. All rights reserved 5050 個人能力及管理YouTube-AWS[10]
  • 51. Copyright © CKmates. All rights reserved 5151 Security Console MFA/CloudTrail/IAM(最低) 架構 DC/VPC/SG(最低) 正常服務,異常行為 CDN/WAF/清洗/BW
  • 52. Copyright © CKmates. All rights reserved 5252 Security-針對性 異常 CDN/R53 高可靠快速擴展 防禦:WAF/清洗 正常 PTVA 事先預防 Arc Sight Log事件分析
  • 53. Copyright © CKmates. All rights reserved 5353 WAF
  • 54. Copyright © CKmates. All rights reserved 5454 Shield&AWS WAF&清洗
  • 55. Copyright © CKmates. All rights reserved 5555 Security-PTVA 掃描顯示出網站或主機的弱點及潛在隱藏風險。可藉此修復, 避免被有心人士 利用,當完全掃描完畢後,將以報告方式呈現。
  • 56. Copyright © CKmates. All rights reserved 資訊安全檢測服務項目 56 • 根據弱點掃描結果,對主機的弱點進行模擬攻擊行 為,確認該弱點的有效性與影響範圍 • 建議每年對重要系統至少執行一次滲透測試 • 為基礎弱點掃描的延伸,會根據其掃描結果加入人 工檢測動作來進一步判斷,以減少誤判 • 建議每一季的基礎弱點掃描可提升為進階掃描 • 使用自動工具進行檢測一般常見弱點,例如:未上 Patch的軟體、弱密碼認證和設定錯誤等等項目 • 建議每月執行一次,其結果可用於趨勢分析、偵測 網路上的新增設備,以及發現新的弱點等等 進階弱點掃描 滲透測試 基礎弱點掃描
  • 57. Copyright © CKmates. All rights reserved 什麼是弱點掃描? • 弱點掃描是針對企業組織資訊系統的弱點,進行偵測、有效性評估,和判定影響程度的一連串過 程 • 弱點掃描服務可分為: - 基礎弱點掃描服務 ‣ 使用自動化掃描工具檢測一般弱點 ‣ 建議每月執行一次 - 進階弱點掃描服務 ‣ 人工進行判讀與檢測相關弱點,降低誤判機率 ‣ 建議每季執行一次 57
  • 58. Copyright © CKmates. All rights reserved 什麼是滲透測試? • 滲透測試是: - 利用模擬攻擊的方式來檢測資訊系統和網路的安全性 - 主動分析可能導致系統漏洞的潛在弱點 - 利用弱點進行實際驗證 • 滲透測試可以達成 : - 模擬大部分駭客的攻擊方式來檢測系統漏洞 - 試圖找出大部分可被入侵的弱點 • 滲透測試不可以達成: - 在測試期間找出所有的潛在或未知的弱點 • 在現實環境下,我們會假設駭客有無限的時間來試圖攻破系統 • 建議每年執行一次滲透測試 58
  • 59. Copyright © CKmates. All rights reserved 採用業界資安測試標準 • OSSTMM - 參考公開標準OSSTMM(Open Source Security Testing Methodology Manual)框架進行測試步驟 • SANS Top 20 Internet Vulnerabilities - 參考SANS所列出的前20大資安嚴重弱點,範圍涵蓋Windows、Unix,及其他跨平台軟體和網路設 備的弱點 • OWASP - OWASP(開放Web軟體安全計畫 - Open Web Application Security Project)是一個開放社群、非營利 性組織,長期致力於改善網頁應用程式與網頁服務的安全性,本測試亦參考OWASP定期公布的前 10大Web弱點 59
  • 60. Copyright © CKmates. All rights reserved 資訊安全檢測服務最佳實務 60 時間軸 (月) n+12n+11n+10n+9n+8n+7n+6n+5n+4n+3n+2n+1n 基礎弱點掃描建議每月執行 進階弱點掃描建議每季執行 滲透測試建議每年執行 ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓✓ ✓ ✓ ✓ ✓ ✓✓ ✓
  • 61. Copyright © CKmates. All rights reserved 6161 Security
  • 62. Copyright © CKmates. All rights reserved 6262 Security
  • 63. Copyright © CKmates. All rights reserved 63 剛說的可能是都系統人員或 網管可以處理 那Program??
  • 64. Copyright © CKmates. All rights reserved 6464 Serverless應用 功能抽離,易於建置維護、去耦和擴展的應用程式元件。 Amazon API Gateway + AWS Lambda ? + AWS Lambda + ?
  • 65. Copyright © CKmates. All rights reserved 6565 • 未來擴展延申性- Loose Coupling
  • 66. Copyright © CKmates. All rights reserved 6666 • 未來擴展延申性- Loose Coupling
  • 67. Copyright © CKmates. All rights reserved 6767 • 未來擴展延申性- Loose Coupling
  • 68. Copyright © CKmates. All rights reserved 68 Why to do this?
  • 69. Copyright © CKmates. All rights reserved 69 Why to do this? Find Distinct People in a Video with Amazon Rekognition[11]
  • 70. Copyright © CKmates. All rights reserved 70 Why to do this?
  • 71. Copyright © CKmates. All rights reserved 71
  • 72. Copyright © CKmates. All rights reserved Difficulty 7272 • Version MA & Security • Decentralized version • Deployed a lot… • Rollback ? • Different environment (Test. Dev. Prod.) • Server trouble
  • 73. Copyright © CKmates. All rights reserved 73 How CI/CD Work on AWS
  • 74. Copyright © CKmates. All rights reserved 74 Introduction CI/CD Service
  • 75. Copyright © CKmates. All rights reserved 75 Version RISK
  • 76. Copyright © CKmates. All rights reserved 76 Introduction CodeCommit (Version) • Fully Managed • Secure store • High Availability • Faster Development Lifecycle • Use Your Existing Tools
  • 77. Copyright © CKmates. All rights reserved 77 Introduction CodeCommit (IAM by user key or Credentials)
  • 78. Copyright © CKmates. All rights reserved 78 CodeCommit
  • 79. Copyright © CKmates. All rights reserved 79 Introduction CodeCommit (Version)
  • 80. Copyright © CKmates. All rights reserved 80 Environment Confusion
  • 81. Copyright © CKmates. All rights reserved 81 Introduction CodePipeline (Environment) • Rapid Delivery • Improved Quality • Configurable Workflow • Get Started Fast • Easy to Integrate
  • 82. Copyright © CKmates. All rights reserved 82 CodePipeline 開發環境repo 驗証環境repo 線上環境repo
  • 83. Copyright © CKmates. All rights reserved 83 Introduction CodePipeline (Environment)
  • 84. Copyright © CKmates. All rights reserved 84 Verify integration Slow
  • 85. Copyright © CKmates. All rights reserved 85 Introduction CodeBuild (Verify integration) • Build and Test Your Code • Configurable Settings • CI and Delivery Workflows • Security and Permissions • Monitoring
  • 86. Copyright © CKmates. All rights reserved 86 Introduction CodeBuild (Verify integration)
  • 87. Copyright © CKmates. All rights reserved 87 CodeBuild-YAML格式 Unit Test Support
  • 88. Copyright © CKmates. All rights reserved 88 Deploy Process
  • 89. Copyright © CKmates. All rights reserved 89 Introduction CodeDeploy (Deploy) • Automated Deployments • Minimize Downtime • Centralized Control • Easy To Adopt
  • 90. Copyright © CKmates. All rights reserved 90 CodeDeploy
  • 91. Copyright © CKmates. All rights reserved 91 Introduction Code Deploy (Deploy)
  • 92. Copyright © CKmates. All rights reserved 92 CI/CD Work on AWS
  • 93. Copyright © CKmates. All rights reserved 93 最後最難管理的-團隊間溝通 定義Flow/權責分明
  • 94. Copyright © CKmates. All rights reserved 94 雲端是一條學無止盡的不歸路
  • 95. Copyright © CKmates. All rights reserved 95 Architecture Design Metric[1] https://d0.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf 主要客群所在區域(Region Choose)[2] http://www.cloudping.info/ 服務類型(AWS Service)[3] https://aws.amazon.com/tw/architecture/ 預算成本- Cost[4] http://calculator.s3.amazonaws.com/index.html 安全性/網路效能分析對照表-ELB[5] https://aws.amazon.com/tw/elasticloadbalancing/details/
  • 96. Copyright © CKmates. All rights reserved 96 身份和成本管理-IAM[6] http://docs.aws.amazon.com/zh_cn/IAM/latest/UserGuide/best-practices.html 身份管理-IAM[7] https://www.sumologic.com/blog/amazon-web-services/security-analytics-in-aws/ 說真的CloudWatch好用,不用嗎[8] https://cloudpack.media/20642 異常資訊管理-VPC F&CWL[9] https://www.sumologic.com/blog/amazon-web-services/security-analytics-in-aws/ 個人能力及管理YouTube-AWS[10] https://www.youtube.com/watch?v=1x20FxpiTVE&t=314s Find Distinct People in a Video with Amazon Rekognition[11] https://aws.amazon.com/tw/blogs/ai/find-distinct-people-in-a-video-with-amazon-rekog
  • 97. Copyright © CKmates. All rights reserved LIKE US NOW! aws@ckmates.com 97
  • 98. Copyright © CKmates. All rights reserved Thanks Q & A aws@ckmates.com 98

Editor's Notes

  1. 我的工作是業務所以比較偏向客戶需求確認及提供合適解溝方案。 如果是想來聽很多技術分享可能會有點失望,要跟大家說聲抱歉 我代表個人,跟大家 每次我講完課,介紹完,比較多人來問我怎麼考到認証 那我們直接進入主題
  2. 那我們直接進入主題 時間不多,我們開始吧, 我們先不要討論適不適合上cloud這件事, 假設已評估完成適合上去,其中要討論關於架構設計 通常我會用詢問的方式去跟客戶或團隊溝通討論 我先詢問大家,在架構設計上,大家會重視那些 跟大家討論,這沒有對錯,就只是討論,能提出都很好
  3. 討論有幾個好處, 會比較知道客戶或公司想要改善,或傾向使用的原因, 對我來說主要想要透過溝通了解以上幾點 了解之後會開始進行架構設計溝通
  4. 了解之後會開始進行架構設計溝通,還是需要了解以上訊息 https://d0.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf 16 42 50+
  5. https://d0.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf
  6. Tokyo, HK 這是用我手機測試的,如果一開始有規劃或有GA可以請當地用戶或員工測試一下
  7. 先了解大約會用到那些Service,再去研究 如果可以跟原廠或代理商討論當然是最好的 https://aws.amazon.com/tw/architecture/ 但是看到上面架構或scenario這麼大,不用擔心,這僅供您參考, 可以當未來架構,所以我們的題目是實際,不是最佳實踐 很多東西很好,價格也蠻漂亮,所以可能還是會討論採行可用替代方案
  8. 先了解大約會用到那些Service討論出來後, 當然公司最關心的就是成本,如果超出預算可能也不用討論下去, 所以當然還是要符合目前的成本(這計算機缺點就是比較新的服務沒有,可能還是要參考FAQ那simple) http://calculator.s3.amazonaws.com/index.html
  9. 當後觀察2-3個月也穩定,也確認這個架構暫會用水平方式擴展, 當然就可以把RI納入一起來計算節省的成本 大家應該都知道,有些服務可以買EC2/RDS/elasticache/dynamodb 但至少要使用1年或3年期,比較少客戶會選擇可轉換方式。
  10. 當後觀察2-3個月也穩定,也確認這個架構暫會用水平方式擴展, 當然就可以把RI納入一起來計算節省的成本 大家應該都知道,有些服務可以買EC2/RDS/elasticache/dynamodb 但至少要使用1年或3年期,比較少客戶會選擇可轉換方式。
  11. 安全性跟一開始網路架構規劃很有關係, 需要考量子網段劃分,用戶如何控制這些資源等等,這後面還會介紹到
  12. 安全性跟一開始網路架構規劃很有關係, 需要考量子網段劃分,用戶如何控制這些資源等等,這後面還會介紹到
  13. 安全性跟一開始網路架構規劃很有關係, 需要考量子網段劃分,用戶如何控制這些資源等等,這後面還會介紹到
  14. 某一部份效能跟服務也有關聯,e.g. ELB Public出來,但我們所有的server都是在內部環境。 或是CDN只供用戶來讀取,設定WAF來block一些異常行為,ALB也可以用 以根據 IP 地址、HTTP 標頭、HTTP 內文或 URI 字串篩選 Web 請求,以阻擋常見的攻擊模式,例如 SQL injection 或跨網站指令碼攻擊。 建立規則,封鎖來自特定使用者代理程式、不良 Bot 或內容清除程式的攻擊。若要查看範例,請參閱 AWS WAF Developer Guide。 允許您指定的請求之外的所有請求 – 當您希望 CloudFront 或 應用程序負載均衡器 為公共網站提供內容、但同時又想阻止來自攻擊者的請求時,此行為很有用。 阻止您指定的請求之外的所有請求 – 當您要為其用戶可通過 Web 請求中的屬性 (如他們用於瀏覽網站的 IP 地址) 輕鬆識別的受限網站提供內容時,此行為很有用。 對與您指定的屬性匹配的請求計數 – 當您要根據 Web 請求中的新屬性允許或阻止請求時,首先可將 AWS WAF 配置為對與屬性匹配的請求計數,而不允許或阻止這些請求。這樣,您便可以確保不會意外將 AWS WAF 配置為阻止進入網站的所有流量。當您確信已指定正確的屬性後,可以更改行為以允許或阻止請求。 使用 AWS WAF 有幾個優勢:     使用您指定的條件針對 Web 攻擊提供額外保護。您可以使用 Web 請求的如下特徵來定義條件:         請求源自的 IP 地址.         請求標頭中的值.         請求中顯示的字符串.         請求的長度.         存在可能是惡意的 SQL 代碼 (稱為 SQL 注入).         存在可能是惡意的腳本 (稱為跨站點腳本).     規則可以允許、阻止或統計滿足指定條件的 Web 請求。或者,規則可以阻止或統計不僅滿足指定條件,還在任何 5 分鐘週期內超過指定請求數的 Web 請求。     可以重複用於多個 Web 應用程序的規則.     實時指標和採樣的 Web 請求.     使用 AWS WAF API 的自動化管理.
  15. 再來就是VPN/AD等混合雲架構連線方式 這是蠻多公司在用典型的架構,
  16. 今年其實蠻多客戶在走專線方式,route 走內網方式,相對安全 經常需要兩地溝通的架構
  17. 今年其實蠻多客戶在走專線方式,route 走內網方式,相對安全 經常需要兩地溝通的架構
  18. 今年其實蠻多客戶在走專線方式,route 走內網方式,相對安全 經常需要兩地溝通的架構
  19. 整個架構最好做到losse coupling 去偶,依賴程度,不要因為一個影響全部 Ex:程序上用DNS,不要綁死固ip,假設其中一個環結有問題會如何等等, 最差的狀況是否有設置cloudwatch sns來告警。至少有後知後覺…不知不覺就,可能明天就看不到
  20. 整個架構最好做到losse coupling 去偶,依賴程度,不要因為一個影響全部 Ex:程序上用DNS,不要綁死固ip,假設其中一個環結有問題會如何等等, 最差的狀況是否有設置cloudwatch sns來告警。至少有後知後覺…不知不覺就,可能明天就看不到
  21. 評估先在AWS上一台server,可能所有三層式都在一台完成, 土法煉鋼的方式,但有開始我就覺的很好了 我們用雲的特性就在於擴展上的需求 1、不用管底層 2、穩定高度擴展 3、主機/流量 --成本也跟著擴展
  22. Amazon EBS Volume Performance on Linux Instances Resize/VPC
  23. 資料庫數據增長,可能會導致AP DB相互影響 在要求資料安全及效能上則會開始建議拆分 Dump/DMS/conf
  24. 開始分離web+ap/DB
  25. Reliability security 可靠度提升,較能承受一定人數 櫃台概念,多一個窗口也可以做health check
  26. Reliability security 可靠度提升
  27. Reliability security 有此單位公司,從一開始到現在這架構可能就經歷一年之久 妳會發現他們的業績隨著架構不斷增加, RDS multi-az
  28. Reliability security 找到特定指標進行設置,購票不行,(指標 時間/人數/CPU/MEMORY) 可以預熱5-10分鐘, CDN可能在之前就有加入
  29. 增長到後面就會變成一定程度的大魔王, 等到架構增長的到一程度,就會開始浮現需求或問題, 因為這架構對商業來說是相當的重要, 可能重視的部份會如上: 翻. 這次時間不會很多,我們可能就先談談標紅的部份
  30. 可能會用到至少以下aws服務元件
  31. 我想這是大家最熟悉的部份 Implement a principle of least privilege 實行最低權限的原則
  32. https://www.sumologic.com/blog/amazon-web-services/security-analytics-in-aws/ 只有特定權限可以訪問log s3,不能刪
  33. https://www.sumologic.com/blog/amazon-web-services/security-analytics-in-aws/
  34. https://cloudpack.media/20642
  35. https://cloudpack.media/20642
  36. 關於網路流程或及系統異常部份,我們可以收集來監查 https://www.sumologic.com/blog/amazon-web-services/security-analytics-in-aws/
  37. 如果發生在週五的晚上是最難發現的, 有發現的話大部份是客戶端才知道
  38. https://www.youtube.com/watch?v=1x20FxpiTVE&t=314s 教妳用console cli
  39. implement a principle of least privilege
  40. I mplement a principle of least privilege
  41. I mplement a principle of least privilege
  42. I mplement a principle of least privilege
  43. 在功能邏輯上可以切割出來,推動在進行的拉出來看 使用 Apigateway L
  44. 在功能邏輯上可以切割出來,推動在進行的拉出來看 使用 Apigateway L
  45. Pass Ec- Ai –媒體 廣告 Game 1vs 1 土法
  46. Cli 我要學什麼
  47. 全受管 AWS CodeCommit 讓您無須託管、維護、備份和擴展自己的原始程式碼控制伺服器。此服務會自動擴展以滿足您專案不斷增加的需求。 安全 AWS CodeCommit 會自動加密傳輸中和靜態的檔案。CodeCommit 已經與 AWS Identity and Access Management (IAM) 整合,讓您能夠指派使用者特定權限給儲存庫。 高可用性 AWS CodeCommit 具有高可擴展性、冗餘和耐用性架構。該服務旨在讓儲存庫保有高可用性和存取性。 存放任何內容 您可以使用 AWS CodeCommit 存放任何檔案類型,而且沒有儲存庫大小限制。這讓您能存放和對應用程式資產 (如映像和程式庫) 以及程式碼進行版本控制。 更快的開發生命週期 AWS CodeCommit 讓儲存庫更接近 AWS 雲端中的建置、分段和生產環境。您可以傳輸遞增值,而不是整個應用程式。這能讓您增加開發生命週期的速度和頻率。 使用現有的工具 AWS CodeCommit 支援所有 Git 命令並能與現有 Git 工具搭配使用。您可以在 CodeCommit 繼續使用您偏好的開發環境外掛程式、持續整合/持續交付系統,以及圖形化用戶端。
  48. 快速交付 AWS CodePipeline 可自動化您的軟體發行程序,讓您將新功能快速釋出給使用者。您可以使用 CodePipeline 快速逐一查看意見回饋,並將新功能快速提供給客戶。 提升的品質 將建置、測試及發行程序自動化可讓您在每次程式碼變更時輕鬆進行測試,並在錯誤不大且易於修正時發現它們。您可以將每次的變更重新放入標準化的發行程序中執行,以確保應用程式或基礎設施的品質。 可設定的工作流程 AWS CodePipeline 可讓您透過圖形使用者界面模擬軟體發行程序的各個階段。您可以指定要執行的測試及部署應用程式和其相依項的步驟。 快速開始使用 您可以使用 AWS CodePipeline 立即開始製作軟體發行程序的模型。無須佈建或設定伺服器。CodePipeline 是連接至您現有工具和系統的完全受管持續交付服務。 易於整合 AWS CodePipeline 可輕鬆擴展以符合您的特定需求。您可以在發行程序中的任何步驟使用我們預先建置的外掛程式或自己的自訂外掛程式。例如,您可以從 GitHub 提取原始程式碼、使用現場部署 Jenkins 建置伺服器、使用第三方服務執行載入測試,或者將部署資訊傳送至您的自訂操作儀表板。
  49. 建置和測試程式碼 AWS CodeBuild 在預先設定的建置環境中執行您的組建,其中包含作業系統、程式設計語言執行時間,以及完成工作所需的建置工具 (如 Apache Maven、Gradle、npm)。您只需指定原始程式碼的位置並選擇組建的設定,像是要使用的建置環境,以及組建期間要執行的建置命令。AWS CodeBuild 建立您的程式碼並將成品存放到 Amazon S3 儲存貯體,或者,您可以使用建置命令將成品上傳到成品儲存庫。您可以使用 AWS CodePipeline、AWS 管理主控台、AWS CLI 或軟體開發套件,建立、管理及啟動建置專案。 預先設定的建置環境 AWS CodeBuild 提供適用於 Java、Python、Node.js、Ruby、Go、Android 及 Docker 的建置環境。 在這裡查看完整的預先設定建置環境清單。 自訂建置環境 您可帶入自己的建置環境與 AWS CodeBuild 搭配使用。您可以將組建所需的執行時間和工具封裝到 Docker 影像,然後將它上傳到公有 Docker Hub 儲存庫或 Amazon EC2 Container Registry (Amazon ECR)。建立新的建置專案時,您可指定 Docker 影像的位置,CodeBuild 將會提取影像並使用它做為建置專案組態。 可設定的各項設定值 指定建置命令 您可以定義想要 AWS CodeBuild 執行的特定命令,像是安裝建置工具套件、執行單元測試,以及封裝程式碼。建置規格是 YAML 檔案,可讓您選擇在每個建置階段執行的命令,以及其他設定。CodeBuild 提供適用於常見案例的範例建置規格檔案以協助您快速上手,包括使用 Apache Maven、Gradle 或 npm 的組建。 在這裡查看建置規格範例檔案。 選擇運算類型 您可以選擇最適合自己開發需求的運算類型。您可選擇三種不同層級的運算容量,每個層級都有不同的 CPU 和記憶體數量。如果您想要更快完成組建,或者您的組建需要最低層級的 CPU 和記憶體才能完成時,可選擇較高的 CPU 和記憶體運算。 選擇原始碼整合 有數種方式可使用 AWS CodeBuild 啟動組建。例如,您可以在連接到 AWS CodeCommit、GitHub 或 Amazon S3 之後,在 CodeBuild 中啟動組建。您也可以利用 AWS CodePipeline 連接 CodeBuild 與原始碼儲存庫,如此一來,只要遞交變更就會自動啟動組建。 持續整合與交付工作流程 AWS CodeBuild 的隨需運算和按用量付費模型,能讓您更頻繁地建立及整合程式碼、協助您在較易於修正的開發程式早期找出和修正錯誤。您可使用 CodeBuild 的原始碼整合、建置命令或 Jenkins 整合,將它整合到現有的持續整合和持續交付 (CI/CD) 工作流程。同時,CodeBuild 也屬於 AWS Code 服務系列,可協助您實踐 CI/CD。您可將 CodeBuild 外掛到 AWS CodePipeline,這樣只要您將變更遞交到原始碼儲存庫,就能在 CodeBuild 自動建立及測試程式碼。您可使用 AWS CodePipeline 精靈連接到原始碼儲存庫,然後選取 CodeBuild 做為建置提供者,就能建立此 CI 工作流程。 使用 CodePipeline 可輕易地將持續整合工作流程延伸到持續交付,方法是整合第三方的載入或使用者界面測試工具 (例如 BlazeMeter、Ghost Inspector),當 CodeBuild 完成組建之後,這些工具就會啟動。然後使用與 AWS CodePipeline 整合的服務,像是 AWS CodeDeploy 和 AWS Elastic Beanstalk,即可部署到執行個體或現場部署伺服器。 使用 AWS CodeBuild 搭配 AWS CodePipeline (按一下以放大) 安全與許可 您的組建成品使用 AWS Key Management Service (KMS) 管理的客戶特定金鑰進行加密。AWS CodeBuild 已與 AWS Identity and Access Management 整合,因此您可以精細的控制哪些使用者和 AWS 資源能夠存取您的組建。 監控 您可以使用 AWS 管理主控台、AWS CLI、軟體開發套件和 API 來查看組建的詳細資訊。AWS CodeBuild 可為您顯示組建開始和結束時間、組建狀態、遞交 ID 和分支等資訊。CodeBuild 也可將組建日誌串流到 Amazon CloudWatch Logs。
  50. 自動化部署 可重複部署 您可以透過 AWS CodeDeploy,在不同執行個體群組之間輕鬆地重複應用程式部署。CodeDeploy 使用以檔案和命令為基礎的安裝模式,因此可以部署任何應用程式和重複使用現有的安裝程式碼。您用於將修訂版部署到開發執行個體供偵錯之用的安裝程式碼,與用於部署到分段執行個體供測試之用的安裝程式碼相同,然後再使用同一個安裝程式碼部署到生產,以發佈給客戶。消除部署中的手動操作可提升軟體交付程序的速度和可靠性。 Auto Scaling 整合 AWS CodeDeploy 已與 Auto Scaling 整合,以協助您的應用程式軟體在動態變化的基礎設施中保持在最新狀態。Auto Scaling 可讓您根據您定義的條件 (如流量高峰),自動向上或向下擴展 Amazon EC2 容量。當有新執行個體啟動到 Auto Scaling 群組時,CodeDeploy 會收到通知,且會在新執行個體新增到 Elastic Load Balancer 之前,在該執行個體上自動執行應用程式部署。 現場部署 您可以使用 AWS CodeDeploy 在執行於任意執行個體上的開發、測試和生產環境自動化程式碼部署,這些執行個體包括您自己資料中心的執行個體 (您的執行個體必須能夠連接至 AWS 公用終端節點)。這可讓您跨混合架構使用單一服務持續地部署應用程式。 將停機時間降到最低 輪流更新和藍/綠更新 使用 AWS CodeDeploy 時,將應用程式更新到新版本時不需要停機。CodeDeploy 可以在一組執行個體間執行輪流更新。執行更新時,一個時間只有一小部分執行個體是離線狀態。CodeDeploy 在執行個體間逐步執行工作,讓應用程式保持可用並繼續提供流量。CodeDeploy 也可執行藍/綠部署,在部署期間會使用最新的修訂版佈建並安裝一組新的執行個體。在新的執行個體上安裝新的修訂版之後,CodeDeploy 會將流量從您的生產執行個體重新路由到新的執行個體。 部署運作狀態追蹤 部署運作狀態追蹤與輪流更新一起執行,以保持應用程式在部署期間高度可用。如果部署不佳的更新,可能發生未預期的停機。AWS CodeDeploy 會在多執行個體部署中監控每個執行個體更新的成功狀態。您可以指定需要保持正常運作狀態的最低執行個體數量,如果執行個體更新失敗過多,CodeDeploy 將停止部署。 停止和復原 您可以使用 AWS 管理主控台、AWS CLI 或任何 AWS 開發套件,隨時停止執行中的應用程式部署。如果您稍後想繼續進行停止的部署,只需重新部署該修訂版即可。您也可以重新部署之前的修訂版,立即復原。 集中化控制 監控和控制 您可以直接從 AWS 管理主控台或使用 AWS CLI、軟體開發套件或 API,在目標執行個體啟動、控制和監控所有應用程式的部署。您可以檢視部署進度,也可以仔細檢視每個執行個體上執行的個別設定活動。如果發生故障,您可以查明確切的執行個體和發生故障的指令碼,無需登入個別執行個體。您也可以設定推送通知,允許您透過 Amazon Simple Notification Service 以SMS 或電子郵件訊息來監控部署的狀態。 部署群組 應用程式可部署到多個部署群組中。部署群組由一組執行個體組成,例如分段或生產環境。您可以在分段環境中測試修訂版,然後在滿意後再將該修訂版部署到生產環境。AWS CodeDeploy 使用標籤或 Auto Scaling 群組名稱定義部署群組。要將執行個體新增到部署群組中,您只需在執行個體加上標籤,AWS CodeDeploy 就會在您下次部署時,將最新的應用程式修訂版自動部署到其中。 部署歷史記錄 AWS CodeDeploy 會追蹤並儲存部署的最近歷史記錄。您可以檢視各個目標部署群組中目前部署哪些應用程式版本。您可以檢查過去在特定部署群組中進行之部署的變更歷史記錄和成功率。您也可以調查執行個體層級事件和過去部署的時間軸,以詳細查看部署成功和錯誤的情況。 易於採用 適用於各種語言和架構 AWS CodeDeploy 使用以檔案和命令為基礎的安裝模式,因此可以部署任何應用程式和重複使用現有的安裝程式碼。CodeDeploy 使用單一 AppSpec 設定檔,將您應用程式中的檔案映射到其主機目的地,並指定在每個生命週期事件 (部署階段) 執行的命令,例如 "install dependencies" 或 "stop server"。這些命令可以是任何程式碼 (如 shell 指令碼)、自訂程式,甚至是設定管理工具。 工具鏈整合 使用 AWS CodeDeploy API 可以輕鬆地整合應用程式部署與您現有的軟體交付工具鏈。有些 AWS 合作夥伴提供預先建立的 CodeDeploy 整合搭配其持續整合與持續交付服務,讓最新應用程式組建能輕鬆地自動部署到您的執行個體中。