+ All Categories
Home > Documents > CLOUD COMPUTING WITH AWS - Drupal · AWS Elastic Beanstalk AWS CloudFormation AWS Global...

CLOUD COMPUTING WITH AWS - Drupal · AWS Elastic Beanstalk AWS CloudFormation AWS Global...

Date post: 21-May-2020
Category:
Upload: others
View: 41 times
Download: 3 times
Share this document with a friend
46
John Hildebrandt| Solutions Architect ANZ CLOUD COMPUTING WITH AWS An INTRODUCTION
Transcript

John Hildebrandt| Solutions Architect ANZ

CLOUD COMPUTING WITH AWS An INTRODUCTION

AGENDA

Todays Agenda

• Background and Value proposition of AWS

• Global infrastructure and the Sydney Region

• AWS services

• Drupal example

• Q&A

AWS BACKGROUND

How did amazon.com…

No Up-Front Capital Expense

Pay Only for What You Use

Self-Service Infrastructure

Easily Scale Up and Down

Improve Agility & Time to Market

Low Cost

Cloud Computing Benefits

Deploy

GLOBAL INFRASTRUCTURE

9 AWS Regions

30+ AWS Edge Locations

AWS Global Infrastructure

Each day AWS adds the equivalent server

capacity to power Amazon when it was a

global, $5B enterprise

$5.2B retail business

7,800 employees

A whole lot of servers

2003

1.3 Trillion

835k peak transactions per second

Objects in S3

EMR Jobs

0

500,000

1,000,000

1,500,000

2,000,000

2,500,000

3,000,000

3,500,000

4,000,000

3.7 M clusters launched since May 2010

US REGIONS GLOBAL REGIONS

Availability

Zone A

Availability

Zone B

Availability

Zone C

EU (Ireland)

Availability

Zone A

Availability

Zone B

South America (Sao Paulo)

Availability

Zone A

Availability

Zone B

Asia Pacific (Sydney)

Availability

Zone A

Availability

Zone B

GovCloud (OR)

Availability

Zone A

Availability

Zone B

Availability

Zone C

Availability

Zone D

US East (VA)

Availability

Zone A

Availability

Zone B

US West (CA)

Availability

Zone A

Availability

Zone B

Asia Pacific (Singapore)

Availability

Zone A

Availability

Zone B

Availability

Zone C

Asia Pacific (Tokyo)

Availability

Zone A

Availability

Zone B

Availability

Zone C

US West (OR)

AWS Regions & Availability Zones

Customer Decides Where Applications and Data ResideNote: Conceptual drawing only. The number of Availability Zones may vary.

#1 enterprise questionIs the cloud secure for my apps and data?

Security is Our #1 Priority

People &

Procedures

Network

Security

Physical

Security

Platform

Security

ITAR

FIPS 140-2

ISO 27001

SOC 2 ISAE 3402 PCI DSS

HIPAA

FISMA Moderate

Many Customers’ Security Posture Improves In

the Cloud

“The improved computer security

includes, but is not limited to,

greater protection against

network attacks and real time

detection of system tampering.”

Earl E. Devaney, Chairman

Recovery.gov

“You basically turn yourself into a

polymorphic surface to which the

attack guy has a much tougher

time getting at. That, ultimately, is

the real key advantage to drive

security and make things much

better for us across the board.”

Gus Hunt, CTO

Central Intelligence Agency

SECURITY IS A SHARED

RESPONSIBLITY

Foundation Services

Compute Storage Database Networking

AWS Global

Infrastructure Regions

Availability Zones

Edge Locations

Client-side Data Encryption & Data

Integrity Authentication

Server-side Encryption

(File System and/or Data)Network Traffic Protection

(Encryption/Integrity/Identity)

Platform, Applications, Identity & Access Management

Operating System, Network & Firewall Configuration

Customer DataA

ma

zo

nC

usto

mer

• SAS-70 Type II

• ISO 27001/ 2 Certification

• Payment Card Industry (PCI)

• Data Security Standard (DSS)

• NIST Compliant Controls

• DoD Compliant Controls

• FedRAMP Compliant Controls

• HIPAA and ITAR Compliant

• Customers implement their

own set of controls

• Multiple customers with

FISMA Low and Moderate

ATOs

AWS Platform

Your Applications

Foundation Services

ComputeAmazon EC2

Auto Scale

StorageAmazon S3

Amazon EBS

Amazon StorageGateway

DatabaseAmazon RDS

Amazon SimpleDB

Amazon ElastiCache

Amazon DynamoDB

NetworkingAmazon VPC

Elastic Load Balancing

Amazon Route 53

AWS Direct Connect

Management & Administration

Application Platform Services

Content DistributionAmazon CloudFront

Application SvcsSimple Workflow Service

CloudSearch

Amazon SNS, SQS, SES

Parallel ProcessingElastic MapReduce

Libraries & SDKsJava, PHP, Python,

Ruby, .NET

Identity & AccessAWS IAM

Identity Federation

Consolidated Billing

Web InterfaceManagement Console

MonitoringAmazon CloudWatch

Deployment & AutomationAWS Elastic Beanstalk

AWS CloudFormation

AWS Global InfrastructureRegions

Availability ZonesEdge Locations

Let’s use an Example – aGov Drupal HA site

AWS Platform

Your Applications

Foundation Services

ComputeAmazon EC2

Auto Scale

StorageAmazon S3

Amazon EBS

Amazon StorageGateway

DatabaseAmazon RDS

Amazon SimpleDB

Amazon ElastiCache

Amazon DynamoDB

NetworkingAmazon VPC

Elastic Load Balancing

Amazon Route 53

AWS Direct Connect

Management & Administration

Application Platform Services

Content DistributionAmazon CloudFront

Application SvcsSimple Workflow Service

CloudSearch

Amazon SNS, SQS, SES

Parallel ProcessingElastic MapReduce

Libraries & SDKsJava, PHP, Python,

Ruby, .NET

Identity & AccessAWS IAM

Identity Federation

Consolidated Billing

Web InterfaceManagement Console

MonitoringAmazon CloudWatch

Deployment & AutomationAWS Elastic Beanstalk

AWS CloudFormation

AWS Global InfrastructureRegions

Availability ZonesEdge Locations

Built to Enterprise & Gov Standards

Security & Compliance Resources

• Security & Compliance Center:

http://aws.amazon.com/security

• Security Overview & Best Practices

• AWS Risk & Compliance Whitepaper

• Creating HIPAA Compliant Applications

Hardware, Software & Network

• Systematic change management

• Phased updates deployment

• Safe storage decommission

• Automated monitoring and self-audit

• Advanced network protection systems

Certifications and Accreditations

• ISO 27001

• SSAE 16 / ISAE 3402 / SOC1 (formerly U.S.

standard SAS-70 Type II)

• FISMA Moderate & DIACAP Controls; ITAR region

• HIPAA applications certified on AWS

• Payment Card Industry (PCI) Data Security

Standard (DSS) Level 1

Physical

• Datacenters in nondescript facilities

• Physical access strictly controlled

• Must pass two-factor authentication at least

twice for floor access

• Physical access logged and audited

Foundation Services

Your Applications

Foundation Services

ComputeAmazon EC2

Auto Scale

StorageAmazon S3

Amazon EBS

Amazon StorageGateway

DatabaseAmazon RDS

Amazon SimpleDB

Amazon ElastiCache

Amazon DynamoDB

NetworkingAmazon VPC

Elastic Load Balancing

Amazon Route 53

AWS Direct Connect

Management & Administration

Application Platform Services

Content DistributionAmazon CloudFront

Application SvcsSimple Workflow Service

CloudSearch

Amazon SNS, SQS, SES

Parallel ProcessingElastic MapReduce

Libraries & SDKsJava, PHP, Python,

Ruby, .NET

Identity & AccessAWS IAM

Identity Federation

Consolidated Billing

Web InterfaceManagement Console

MonitoringAmazon CloudWatch

Deployment & AutomationAWS Elastic Beanstalk

AWS CloudFormation

AWS Global InfrastructureRegions

Availability ZonesEdge Locations

Compute

Auto Scaling

Elastic Compute Cloud

Amazon Machine Image

Compute

EC2 Instances = Virtual Servers

• Resizable compute capacity in 16 instance types

• Reduces the time required to obtain and boot new server instances to minutes or seconds

• Scale capacity as your computing requirements change

• Pay only for capacity that you actually use

• Choose Linux or Windows

• Deploy across Regions and Availability Zones for reliability

• Flexible networking (NAT/classic, VPC, Elastic IPs)

• Support for virtual network interfaces that can be attached to EC2 instances in your VPC

Amazon Elastic Compute Cloud (Amazon EC2)

Compute

• Building blocks of EC2 instances

• An AMI is like a template of a computer's root volume.

• Can be public or private

• Create hardened or gold “Images” of your EC2 infrastructure

Amazon Machine Image

Compute

• Client Defined Business Rules

• Scale your Amazon EC2 capacity automatically once you define the conditions (may be

1000’s of servers)

• Can scale up just a little…doesn’t need to be massive number of servers (may be simply 2

servers)

• Well suited for applications that experience variability in usage

• Set minimum and maximum scaling policies

• Alternate Use is for Fault Tolerance

Auto Scaling

"WebServerGroup" : {"Type" : "AWS::AutoScaling::AutoScalingGroup","Properties" : {"AvailabilityZones" : { "Fn::GetAZs" : "" },"LaunchConfigurationName" : { "Ref" : "LaunchConfig" },"MinSize" : "1","MaxSize" : "5","DesiredCapacity" : { "Ref" : "WebServerCapacity" },"LoadBalancerNames" : [ { "Ref" : "ElasticLoadBalancer" } ]

}},

Storage

S3

EBS

Import/Export

Glacier

Storage

Gateway

G

Storage

Web-scale Internet Storage

• A “Bucket” is equivalent to a “folder”

• Able to store unlimited number of Objects in a Bucket

• Objects from 1B-5 TB; no bucket size limit

• Highly available storage for the Internet (object store)

• HTTP/S endpoint to store and retrieve any amount of data, at any time, from anywhere on the web

• Highly scalable, reliable, fast, and inexpensive

• Over 2 trillion objects stored

• Peak requests 1M+ per second

• Ideal Use Cases:

• Static web content – often used with CloudFront CDN

• Source and output storage for large-scale “Big Data” analytics

• Backup, archival, and DR storage that is always “live”

Simple Storage Service (S3)

Storage

EBS Volumes = Virtual Disks

• Use for persistent storage

• Can use to create RAID configuration for a server

• Off-instance block storage that persists independently

• Storage volumes for use with Amazon EC2 instances – create, attach, backup, restore and

delete

• Can be attached to a running Amazon EC2 instance and exposed as a block device for raw

or formatted (filesystem) access

• Volumes behave like unformatted block devices for Linux or Windows instances

• Ideas use cases:

• OS Boot device / root file system; secondary volumes/filesystems

• Typical basis for database storage

• Raw block devices for RAID, some databases

Elastic Block Store (EBS)

Database

SimpleDB

DynamoDB

RDSRDS

ElastiCache

RDS

Database

• Fully-managed, tuned MySQL, Oracle 11g, or MS SQL databases

• Cost-efficient and resizable capacity

• Manages time-consuming database admin tasks

• Code, applications, and tools you already use today work seamlessly

• Automatically patches the database software and backs up your database

• Flexible Licensing: BYOL or License Include

Amazon Relational Database Service (RDS)

"DBInstance" : {"Type": "AWS::RDS::DBInstance","Properties": {

"DBName" : { "Ref" : "DBName" },"Engine" : "MySQL","MultiAZ" : { "Ref": "MultiAZDatabase" },"MasterUsername" : { "Ref" : "DBUsername" },"DBInstanceClass" : { "Ref" : "DBClass" },"DBSecurityGroups" : [{ "Ref" : "DBSecurityGroup" }],"AllocatedStorage" : { "Ref" : "DBAllocatedStorage" },"MasterUserPassword": { "Ref" : "DBPassword" }

}},

Networking

ELB VPCRoute 53

Networking

• Supports the routing and load balancing of HTTP, HTTPS and generic TCP traffic to EC2

instances

• Supports health checks to ensure detect and remove failing instances

• Dynamically grows and shrinks required resources based on traffic

• Seamlessly integrates with Auto-scaling to add and remove instances based on scaling

activities

• Single CNAME provides stable entry point for DNS configuration

Amazon Elastic Load Balancing

Networking

• Secure and seamless bridge between a company’s existing private network and the AWS

cloud

• Connect existing infrastructure to a set of isolated AWS compute resources via a Virtual

Private Network (VPN) connection

• Bring your own address space and extend existing management capabilities

Amazon Virtual Private Cloud (VPC)

Application Platform Services

Your Applications

Foundation Services

ComputeAmazon EC2

Auto Scale

StorageAmazon S3

Amazon EBS

Amazon StorageGateway

DatabaseAmazon RDS

Amazon SimpleDB

Amazon ElastiCache

Amazon DynamoDB

NetworkingAmazon VPC

Elastic Load Balancing

Amazon Route 53

AWS Direct Connect

Management & Administration

Application Platform Services

Content DistributionAmazon CloudFront

Application SvcsSimple Workflow Service

CloudSearch

Amazon SNS, SQS, SES

Parallel ProcessingElastic MapReduce

Libraries & SDKsJava, PHP, Python,

Ruby, .NET

Identity & AccessAWS IAM

Identity Federation

Consolidated Billing

Web InterfaceManagement Console

MonitoringAmazon CloudWatch

Deployment & AutomationAWS Elastic Beanstalk

AWS CloudFormation

AWS Global InfrastructureRegions

Availability ZonesEdge Locations

Management & Administration

Your Applications

Foundation Services

ComputeAmazon EC2

Auto Scale

StorageAmazon S3

Amazon EBS

Amazon StorageGateway

DatabaseAmazon RDS

Amazon SimpleDB

Amazon ElastiCache

Amazon DynamoDB

NetworkingAmazon VPC

Elastic Load Balancing

Amazon Route 53

AWS Direct Connect

Management & Administration

Application Platform Services

Content DistributionAmazon CloudFront

Application SvcsSimple Workflow Service

CloudSearch

Amazon SNS, SQS, SES

Parallel ProcessingElastic MapReduce

Libraries & SDKsJava, PHP, Python,

Ruby, .NET

Identity & AccessAWS IAM

Identity Federation

Consolidated Billing

Web InterfaceManagement Console

MonitoringAmazon CloudWatch

Deployment & AutomationAWS Elastic Beanstalk

AWS CloudFormation

AWS Global InfrastructureRegions

Availability ZonesEdge Locations

Web Console

On-demand, Self Service

Management Access

Identity & Access Management

• IAM enables customers to create and manage users in AWS’s

identity system

• Identity Federation with local directory is an option for

enterprises

• Very familiar security model

• Users, groups, permissions

• Allows customers to

• Create users

• Assign individual passwords, access keys, multi-factor

authentication devices

• Grant fine-grained permissions

• Optionally grant them access to the AWS Console

• Organize users in groups

Deployment and Management

• Visibility into resource utilization, operational performance, and overall demand patterns

• Metrics such as CPU utilization, disk reads and writes, and network traffic

• Accessible via the AWS Management Console, web service APIs or Command Line Tools

• Add custom metrics of your own

• Alarms (which tie into auto-scaling, SNS, SQS, etc.)

• Billing Alerts to help manage charges on AWS bill

Amazon CloudWatch

Deployment and Management

• Create templates of stack of resources

• Deploy stack from template with runtime parameters

• Templates are simple JSON formatted text files

• CloudFormer supports generating templates from running environments

AWS CloudFormation

"Resources" : {

"Ec2Instance" : {

"Type" : "AWS::EC2::Instance",

"Properties" : {

"SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" } ],

"ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]},

"Tags" : [{

"Key" : "MyTag",

"Value" : "TagValue"

}]

}

},

aGov Drupal HA Script

• Based on sample at:

– https://s3-ap-southeast-2.amazonaws.com/cloudformation-templates-ap-southeast-2/Drupal_Multi_AZ.template

• Leveraged aGov Drupal 7 distribution:

– http://agov.com.au/download

Availability Zone #2Availability Zone #1

S3 StaticContent:.jpg, .css, .js

User

Web Auto Scaling Group

WebServer

WebServer

SiteContent

SiteContentSlave

Support repeatable processes

Template File Defining Stack

GitSubversionMercurial

Dev

Test

Prod

Useful Resources & Links

• Architecture Center: http://aws.amazon.com/architecture

• Security Center: http://aws.amazon.com/security

• Whitepapers: http://aws.amazon.com/whitepapers

• Resources: http://aws.amazon.com/resources

• Case Studies: http://aws.amazon.com/solutions/case-studies

• Solution Providers: http://aws.amazon.com/solutions/global-solution-providers/

• Calculator: http://calculator.s3.amazonaws.com/calc5.html

• TCO Calculator: http://aws.amazon.com/tco-calculator/

• AWS Blog: http://aws.typepad.com/

• The Power of 60: http://www.powerof60.com/

THANK YOU


Recommended