2. A Simple Definition
At a basic level Cloud Computing is a collection of:
• Compute
• Storage
• Networking
Resources that can be consumed on demand.
3. Public and Private
• Public Clouds allow you to consume resource that’s
managed by a third party
• Private Clouds allow you to better allocate resource in
your own data centre
• Both provide Networking, Compute and Storage
Resources
4. Cloud vs Traditional DC
Cloud
Advantages
• Flexible Infrastructure
– Quick to provision
• “On demand” servers
– Power on/off as you need
• Pay as you go service
– Public cloud only
Disadvantages
• Lack of physical access
Traditional Data Centres
Advantages
• Complete Control
Disadvantages
• Wasted Resources
• Long lead times for new
equipment
• Always on Infrastructure
5. Problems With Scale
Cloud provides us with a method of allocating the resources we need, without the risk
of wastage. Public cloud allows us to consume resources with a greater elasticity
than a Traditional DC or Private Cloud and an ability to handle high demand without
crashing our systems without a large upfront investment.
6. Problems in a Traditional DC
• You need to plan capacity carefully
• Often an unknown quantity
• Best guess
• Finite resource
• Limited ability to burst
• Wasted resource
7. Cloud Advantages
Public Clouds
• Better Allocation of resources
• Flexible Environments
• Lower Capital Expenditure
– No upfront costs
• Business Continuity
– Built in redundancy
• Easier and Automatic Upgrades
• Massive Scale
• Accredited Security Standards
(ISO)
Private Clouds
• Better Allocation of resources
• Flexible Environments
• Your own Data Centre can be
repurposed
• Complete control over your
systems and facilities
• The big problem with private cloud
is you are still limited by your own
hardware
8. Why Public Cloud Makes Sense
• No upfront investment / Low cost to entry
• Virtually limitless storage, compute and
networking capability
• No long lead times to provision servers
• Pay as you go (no wasted spend on IT resource)
• Excellent security standards (ISO)
• Value added services delivered by PaaS
offerings
13. Why Choose IaaS?
• Complete control of environment
– Allows you to customise the settings for your
use case
• Full access to the underlying systems
– Use existing tools
• Ability to use custom software stacks
– In house or bespoke software
14. Why Choose PaaS?
• Very quick to provision a fully functional
service (DB, Email, File Storage, etc, etc)
– Minimal configuration
• Reduce management overhead for IT staff
– Automated updates
– Automated backup and recovery
• Highly available at a fraction of the cost
• Tried and tested
15. Monitoring and Logging
• CloudWatch
– System Level Monitoring by default
– Custom Metric Support for specialist
monitoring
• CloudTrail
– An audit trail of console and programmatic
access to AWS
– Ability to push EC2 logs to storage
16. CloudWatch
Monitoring for AWS Resources
• Hypervisor level metrics
• CPU
• Disk IO
• Network Traffic
• Elastic Load Balancer Stats
• Backend Connections
• Backend Errors
• Latency
• Elastic Block Storage
• More detailed disk IO
Alarms
• Can be used to trigger autoscale events
• Adding EC2 resource
• Removing EC2 resource when no longer
needed
Custom Metrics
• Application level metrics
• Memory usage
• Disk Space
• Apache/Nginx connections
• Anything you can script
• Metric Sample Rates
• Standard is 5 min average (no cost)
• Advanced is 1 min average (extra cost)
Resources
• Statsd: https://github.com/camitz/aws-cloudwatch-
statsd-backend
• Nginx:
https://github.com/newsapps/awsmonitors
• More info: http://aws.amazon.com/cloudwatch/
18. Network Security
• VPC (Virtual Private Cloud)
– Your own network within amazon
• Define your own subnets
– Access Controls
• Security Groups (software firewall)
• NACLs (network access control lists)
– External Access
• Direct Connect
• VPN (Virtual Private network)
• Public Subnets (Elastic IP’s)
19. Data Security
• AWS provides a key management service
• EBS Encrypted Volumes
– Automatically encrypted at rest
• Do it yourself!
– Use encryption within EC2 on EBS voumes
• S3 encryption
– Server side encryption
20. User Security
• IAM (Identity Access management)
– Controls on a per user basis access to
services
– Granular control of services
– Logs via CloudTrail
– Supports MFA (multifactor authentication)