SlideShare uma empresa Scribd logo

Aws Architecture Fundamentals

2nd Watch
2nd Watch

Walk through this hands-on workshop to expand your AWS technical skills. Gain credibility for your experience working with AWS by building proficiency with services and solutions in the areas of AWS Architecture Fundamentals.

Tecnologia
1 de 80
Baixar para ler offline
AWS Bootcamp Vince Lo Faso, Solutions Architect Scott Turvey, Solutions Architect
Agenda 8:30am – 9:00am: Check-in 9:00am – 12:00pm: AWS Bootcamp Bootcamp Introduction Introduction to Cloud Computing AWS Overview and Regions AWS Networking VPC - Route 53 AWS Compute EC2 – ELB - ASG – IAM - Directory Services AWS Storage EBS - S3 - Glacier AWS Databases RDS – DynamoDB - Redshift Security Overview 12:00pm – 1:00pm: Break & Lunch 1:00pm – 3:00pm: Hands-On Lab - Building AWS Infrastructure
Bootcamp Introductions Name: Company: Title/Work Area: What was the 1st computer you used?
Introduction to Cloud Computing
IT and the Business A man is flying in a hot air balloon and realizes he is lost. He reduces height and spots a man down below. He lowers the balloon further and shouts: “Excuse me, can you tell me where I am?” The man below says: “yes, you’re in a hot air balloon hovering 30 feet above this field.” “You must work in the Information Technology,” says the balloonist. “I do,” replies the man, “How did you know.” “Well” says the balloonist,, “everything you have told me is technically correct, but it’s of no use to anyone.” The man below says, “you must work in business”. “I do” replies the balloonist, “but how did you know?” “Well”, says the man, ,”you don’t know where you are, or where you’re going, but you expect me to be able to help. You’re in the same position you were before we met, but now it’s my fault.”
New IT Business Model Cloud Computing is first and foremost a Business Model
Business Reasons for Adopting Cloud Computing GoodNot Good Go global in minutes Remove undifferentiated heavy lifting Stop guessing capacity Increased agility Lower variable expense than they could achieve on their own Move from capital expense to variable expense$
Defining Cloud Computing NIST defined a well accepted, industry standard definition of Cloud Computing url: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf Covers:  5 Key Characteristics of Cloud Computing  3 Service Model  4 Deployment Models plus  5 Cloud Actors  A Cloud Reference Architecture  Shared Security model
What is Cloud Computing? NIST 5 Key Characteristics #1 On-demand self service “as easy as buying candy from a vending machine” #2 Broad network access “access it anytime from anywhere” #3 Resource pooling “you’re not the only user” #4 Rapid elasticity “scale up and scale down in real-time” #5 Measured service “pay only for what you consume”
Why Amazon Web Services? “It is the overwhelming market share leader, with over 10 times more cloud IaaS compute capacity in use than the aggregate total of the other 14 providers in this Magic Quadrant” Gartner Report May, 2015. In 2013, IT research firm Gartner had to rescale its famed infrastructure-as- a- service “Magic Quadrant” to accommodate Amazon Web Services’ enormous competitive lead.
AWS Today - 2016 Public cloud market share Amazon Web Services: 31% Microsoft: 9% IBM Cloud/SoftLayer: 7% Google: 4% per Synergy Research Group AWS generating > $12 billion a year.
AWS Services and Regions Overview
AWS Services
Core Services
AWS Regions – Global Infrastructure
Regions and Availability Zones  Global Resources » IAM Users » Route 53 Records  Regional Resources » S3 Buckets » VPCs » ELB » EIPs  AZ Resources » EBS Volumes » EC2 Instances » RDS Instances » Subnets » ENIs
AWS Networking Overview
VPC - Virtual Private Cloud
VPC - Virtual Private Cloud
Virtual Private Cloud – NACL – Traffic Flow
Security Groups o Security Groups are similar to a firewall rule o They can be associated to resources independent of a subnet or CIDR range o Security Groups are limited only to the VPC in which you create them Example of Security Group configuration
Security Groups Deny by default  IP Whitelisting  Specify a CIDR block that is allowed to access resources in your AWS environment.  This can be as large or small as you desire, giving it extreme flexibility.  Specifying a 32 bit block will whitelist a single IP ( 50.99.20.230/32 )  Allow port and protocol  You can allow TCP, UDP, ICMP or a combination of all three
Security Groups o SG trust relationships  SGs can establish trust relationships  These trust relationships link resources and security policies  Not required to specify an IP address  Trust relationships are only valid within a VPC o Ingress and Egress  VPC security groups have both ingress and egress  Security groups are stateful
Client Ingress SSH and RDP Ingress Platform Server Ingress Platform Server Egress Database Access SID App APP SID_App_Ingress SID Database SID View VIEW SID_Admin_Ingress Protocol Port Range Source TCP 22 10.99.101.0/24 TCP 3389 10.99.101.0/24 SID_App_Egress Protocol Port Range Destination TCP 443 10.87.14.29/32 TCP 3306 10.24.3.102/32 SID_DB_Ingress Protocol Port Range Source TCP 3306 SID_APP_SG SID_View_Ingress Protocol Port Range Source TCP 80 10.12.0.0/16 TCP 80 10.45.2.0/24 TCP 80 10.62.31.0/24 View Firewall Policies SID_View_Ingress SID_Admin_Ingress App Firewall Policies SID_App_Ingress SID_Admin_Ingress SID_App_Egress Database Firewall Policies SID_DB_Ingress Protocol Port Range Source TCP 80 10.241.25.0/24 TCP 443 10.241.25.0/24 TCP 8080 SID_VIEW_SG Security Group/Firewall Rules
Virtual Private Cloud – On-Premises Connection
Virtual Private Cloud – Overview
Virtual Private Cloud – Network and Subnets • Network Topology o Private address space  Any range is valid, but we suggest a non-routable CIDR  Public CIDR ranges are only reachable via a Virtual Private Gateway  CIDR ranges can be as large as a /16 to as small as a /28 • Subnets o Public subnets have a 0.0.0.0/0 route to the Internet Gateway (IGW)  Instances that require a public IP need to reside in a public subnet o Private subnets do not have an outbound route through the IGW  NAT instances are commonly used as an outbound gateway for private instances o Subnets cannot span AZ’s, but subnets can share routing tables, which provides similar functionality.
Virtual Private Cloud – Route Tables • Route Tables o Can be applied to multiple subnets o Typical routing entries  10.0.0.0/16 = Local  0.0.0.0/16 = Internet Gateway (Public Subnet)  -or-  0.0.0.0/16 = eni-12345678 (Private Subnet)
Virtual Private Cloud – Peering • Peering o VPC -> VPC peering o Unique CIDR o VPN solutions  OpenVPN  OpenSwan
Route53 - Basic Feature Set • Zone Creation • Zone Import o Import your zone file from a previous provider o Delegate this zone to the AWS name servers • Record Types o A o CNAME o TXT,MX,DKIM o Alias o S3 buckets and ELBs can be an alias target, allows zone apex magic
Route53 - Advanced Feature Set •Weighted Resource Record Sets •Health Checks •Global Load Balancer o Using weighted record sets, you can create a pool of endpoints from which to balance traffic o Enabling a health-check on this pool allows for a DNS based load balancer which can be applied to any resource (AWS or non-AWS) •Latency Resource Record Sets •Geolocation Resource Record Sets
Route53 – Global Failover • Global Failover Pattern • Uses R53 Health Checks Route 53 Virginia Region myapp.example.com Ireland Region
AWS Compute Overview
EC2 – Elastic Cloud Compute AMI • Instances are based on an Amazon Machine Image • You can create new AMIs from a running instance • AMIs are stored in S3 for 11 9’s of durability • AMIs are unique to each region
EC2 - Instance Types Choosing the correct instance type for the required workload o T2 for light weight general purpose – but with burstable performance o M4 for general purpose o R3, X1 for memory and database heavy applications o C3, C4 for compute heavy applications o G2, P2 for GPU intensive applications o I2, D2 for storage heavy applications (random) o HS1 for storage heavy applications (sequential) Example of M3 family of instance type
EC2 - Running Instances Running instances •Instances are launched into an existing VPC subnet •CloudWatch monitoring is enabled by default o CPU Utilization, Network I/O are the primary data points of interest o Memory and Disk require an additional script that will post a to a custom CloudWatch metric •Status checks o OS check o Network reachability check
EC2 - Monitoring
EC2 - Bootstrapping  User Data • Provides a hook to inject scripting into any standard instance you decide to launch o These include the Amazon Linux, Windows and Ubuntu AMIs o User Data can only be modified while the instance is stopped • Suggested patterns o Install security updates  yum update -y o Install middleware  yum install -y httpd  chkconfig httpd on o Download and execute a remote script  Assign an IAM Profile to the EC2 instance  Aws s3 cp s3://mybucket/myscript.sh /tmp/myscript.sh  ./tmp/myscript.sh
EC2 - Pricing 1 > On Demand Instance • This is the most common and flexible pricing option • Pay only for what you use • Stopped instances will not accrue hourly compute costs • Pay by the instance hour 2 > Reserved Instance (RI) • 1 or 3 year commitment • Pay for EC2 hourly at reduced rates (from On Demand rates) • Payment Options • No Upfront payment: no CapEx, lower hourly rate than On Demand • Partial Upfront payment: someCapEx, lower hourly rate than No Upfront • All Upfront payment: larger Capex, lowest hourly rate possible
EC2 - Pricing 3 > Spot • Useful for “worker pool” scenarios oTranscode, map reduce task nodes • Can be lost as soon as someone is willing to pay more for that instance
AWS Elastic Load Balancing
ELB - Elastic Load Balancer Elastic Pool of Virtual Load Balancers  Public Side • Consists of an endpoint which is the equivalent to a traditional VIP • Does not use a static IPv4, but rather an Alias/CNAME • The endpoint will not always resolve to the same IP  Private Side • Minimum of one virtual ELB node per AZ  Certificate Termination • Only one SSL certificate per ELB • Multi-Domain certificates are valid
ELB – Spans Multiple Availability Zones
 Auto Scaling Key Features • Adds or removes servers based on load • Self-healing pool of resources • Every instance is based on a “gold” master image Auto Scaling - Overview
 Auto scaling group • Instance location o Subnet o Load Balancer • Number of instances o Min o Max o Desired  Launch config • Instance details o Size o PEM key o IAM Profile o Security Group(s) o User data Auto Scaling - Components
Auto Scaling - Multi-AZ  Multi-AZ Auto Scaling • Highly Available • Production Standard • Spans Datacenters
Auto Scaling - CloudWatch CloudWatch is the final piece of the auto scaling puzzle. You can create alarms based on instance metrics which trigger auto scaling actions. Scaling policies Scale up alarm • Execute policy when: CPU is greater than 60% • Take the action: Add 2 instances • And then wait: 10 minutes Scale down alarm • Execute policy when: CPU is less than 20% • Take the action: Remove 2 instances • And then wait: 10 minutes
AWS Directory Service
Directory Service - Overview Three types of directory services: o Microsoft AD o A managed Microsoft Active Directory service running on Windows Server 2012 R12 o Highly availability (multi-AZ), patched, and monitored o Can support up to 50,000 users o Fully functional MS AD o Simple AD o Powered by Samba 4 Active Directory o Users and Groups can be created directly in the AWS console o Windows servers can auto-join this domain as they would in an AD environment o Can support 500 users o AD Connector o Connect your on-prem AD to your AWS account o Associate AD users/groups with IAM users/groups o Windows servers can auto-join this domain as they would in an AD environment o Manage the AWS console using your AD credentials
Directory Service – AD Connector • Active Directory Connector instances are launched into your VPC • AD Connectors communicate with on- prem AD servers • AD credentials are no longer necessary when joining instances to a domain (Auto-Join)
AD Connector - Single Sign On Flow
Identity & Access Management
IAM Users o Identity and Access Management o Create Users and Groups o Establish Trust Relationships o Govern Access via Policy Documents
IAM - Groups, Roles & Instance Profiles o Deny by default  Explicit allow required to grant access  Explicit deny always trumps an explicit allow o Users/Groups  Policies can be applied at the group or user level o Roles  Policies can be applied to roles o Instance Profile  Assumes role  Credentials are stored in instance metadata  Only Access Key ID and Temporary Token
Amazon S3 Amazon DynamoDB Role: Allow Amazon S3 access but nothing else Amazon EC2 Instance Overview of AWS IAM Identity & Access Management IAM - Instance Profiles
IAM – AWS Master Account AWS Account  Master/Root Account Permissions  Always treat the master account credentials as if they could launch an ICBM  Allow by default  MFA
AWS Storage Overview
Storage Services • EBS – Elastic Block Store - (not actually a ”service”) • S3 – Simple Storage Service - (object storage) • Standard • Standard I/A – Infrequent Access • Glacier – Archival/Long-term • AWS Storage Gateway • Gateway-cached volumes – store primary data in AWS and cache most recently used data locally • Gateway-stored volumes – store entire dataset onsite and asynchronously replicate data back to S3 • Gateway-virtual tape library – store your virtual tapes in either S3 or Glacier • EFS – Elastic File System
Traditional Platform - Storage Architecture In the old days… • Hardware acquisition and datacenter space required advanced planning • Disk space and I/O allocation juggling for the entire application lifecycle • Volume and file redundancy not built-in • Capital commitment and refresh budget considerations /root C: /swap Pagefile Temp Dir /app /data Program Files Data Server Head NAS or Fileserver /DirShare 01/ File01 File02 /DirShare 02/ File01 Tape Library ArchiveVol 02 ArchiveVol 01 SMB /CIFS Platform Monitoring Tools
AWS Instance Volumes and Data Storage The new [improved] way of doing things… • Elastic pay-as-you-go model • Redundancy and snapshot utilities built-in • New APIs and tools simplify application development, administration and data lifecycle management
EBS - Elastic Block Store Block storage ideal for creating versatile OS volumes • Define type, size and optionally I/O capacities [within service limits] • Magnetic, SSD and Provisioned IOPS • Mount to a single instance, similar to local drive • Simplified Encryption options Persistent and durable • Redundant copies stored in single AZ • Not permanently bound to a server instance and will survive server crash or shutdown Snapshot capabilities for point-in-time backups • Resizing and duplicating volumes • Moving across AZs; Exporting across Regions Performance metrics available through CloudWatch
Elastic Block Store (EBS) – Best Practices Recommended for applications • Making frequent data changes • Requiring consistent I/O performance • Needing to persist data beyond server instance stop/start cycles • Requiring fine-grain control of raw, unformatted data blocks Define appropriate configuration options • EBS Optimized instances can handle higher I/O bandwidth • Underlying technology (Magnetic, General Purpose (SSD), Provisioned IOPS (SSD) /root C: /swap Pagefile Temp Dir /app /data Program Files Data Server Virtual Head
Ephemeral Drives (EC2 Instance Store) Overview Block device attached to the host machine • Available to server instance • May be mounted and used for temporary storage • No additional usage charges for disk space or I/O Not redundant: no built-in RAID or snapshot function Data loss will result if any of the following occur: • Host server or instance crash • Instance termination • Disk failure /root C: /swap Pagefile Temp Dir /app /data Program Files Data Server Virtual Head
S3 - Simple Storage Service Object storage container with virtually unlimited capacity • Store files (objects) in containers (buckets) • Redundant copies for high durability and reliability • Available on the internet via REST requests directly or through SDK • Multiple strategies to secure contents • Set permissions, access policies and optionally require MFA • Encryption: Server (simplified) or Client-side • Audit logging (optional) will record all access requests via APIs • Built-in tools for managing versioning, object lifecycle and creating static websites • Provides 99.999999999% durability (11 ‘9s’) • Provides 99.99% availability /mybucket01/ File01 File02 /mybucket02/ File01 Http / Https Amazon S3
Amazon Glacier - Overview Storage service optimized for reliable and low cost storage of archive data • Data objects are securely archived, however not immediately accessible • Create vaults (containers) to hold archives (any file based object) • Upload archives programmatically • Submit requests to retrieve archives. Available in about 4 hours • Cost is approximately $.01/GB/Month plus modest API and retrieval charges [if applicable]
EFS – Elastic File System Fully managed file server storage • Uses NFS (v4.1) protocol • Linux server only, Windows support planned for future release • Can be mounted by 1,000s of EC2s • Can be accessed from on-prem Data Center if using Direct Connect • Highly available, redundant across multiple AZs
EFS – Comparing EFS and EBS
AWS Database Overwiew
AWS Structured Data Services Deploying structured data systems (for example SQL, NoSQL and Data Warehouse applications) in a traditional environment may be complex, costly, and time consuming. Amazon provides a set of structured data services with the following advantages: • Simple to deploy, operate and scale • Many common administrative and operational tasks are automated • Pay-as-you-go pricing • Support for a wide variety of standard and emerging application models
RDS - Relational Data Services Fully managed relational database service offering popular platforms with the following key advantages: • Amazon manages resource redundancy, software patching, backups, failure detection and recovery • Ability to configure specific resources to cost-effectively scale your application • Pay-as-you-go model offering included license or license portability [see fine print to ensure license compliance] • Streamlined management options to easily configure highly available topologies, create database snapshots and deploy test instances
Relational Data Services Key Concepts  Database Instance  Database Storage  DB Instance Class  5 Platforms 1. Oracle 2. MS SQL 3. MySQL 4. PostgreSQL 5. MariaDB
AWS Aurora AWS’s version of MySQL database that is tailored for cloud environment Key features: o Architected for 99.99% availability o Enterprise performance (5x) at 1/10 the cost o Compatible with MySQL 5.6 o Automatically grows storage as needed, up to 64 TB o Easy migration from MySQL o Up to 15 Aurora Replicas in a region o Cross-region replication o Encryption in-transit and at rest o Continuous backup to S3 (11 9’s data durability) o Fully managed
DynamoDB Fully managed NoSQL database service offering the following key advantages: • Seamless and virtually unlimited scalability conveniently managed automatically by Amazon • Ability to define specific resource allocation limits to ensure predictable performance while containing costs • Easy administration and well-supported development model • Integration with other core Amazon data services (for example Redshift and EMR)
Redshift Fully managed Enterprise-class data warehouse service offering the following advantages: • High performance, massively parallel columnar storage architecture providing streamlined scalability • Mainstream SQL query syntax allowing for rapid platform adoption • Flexible node type and RI options allowing for workload alignment and cost efficiency
AWS Security Overview
Security and Compliance – Shared Security Model
Client Ingress SSH and RDP Ingress Platform Server Ingress Platform Server Egress Database Access SID App APP SID_App_Ingress SID Database SID View VIEW SID_Admin_Ingress Protocol Port Range Source TCP 22 10.99.101.0/24 TCP 3389 10.99.101.0/24 SID_App_Egress Protocol Port Range Destination TCP 443 10.87.14.29/32 TCP 3306 10.24.3.102/32 SID_DB_Ingress Protocol Port Range Source TCP 3306 SID_APP_SG SID_View_Ingress Protocol Port Range Source TCP 80 10.12.0.0/16 TCP 80 10.45.2.0/24 TCP 80 10.62.31.0/24 View Firewall Policies SID_View_Ingress SID_Admin_Ingress App Firewall Policies SID_App_Ingress SID_Admin_Ingress SID_App_Egress Database Firewall Policies SID_DB_Ingress Protocol Port Range Source TCP 80 10.241.25.0/24 TCP 443 10.241.25.0/24 TCP 8080 SID_VIEW_SG Security - Security Group/Firewall Rules
AWS Certifications
General Information 1-888-317-7920 info@2ndwatch.com www.2ndwatch.com Contact Us Vince Lo Faso Solutions Architect vlofaso@2ndwatch.com Scott Turvey Solutions Architect sturvey@2ndwatch.com Locations SEATTLE NEW YORK VIRGINIA ATLANTA PHILADELPHIA HOUSTON LIBERTY LAKE LOS ANGELES CHICAGOCameron Hatten Regional Territory Manager chatten@2ndwatch.com
Thank You | Questions?

Recomendados

What is Cloud Computing with Amazon Web Services?
What is Cloud Computing with Amazon Web Services?What is Cloud Computing with Amazon Web Services?
What is Cloud Computing with Amazon Web Services?
Amazon Web Services
 
Getting Started with Amazon ElastiCache
Getting Started with Amazon ElastiCacheGetting Started with Amazon ElastiCache
Getting Started with Amazon ElastiCache
Amazon Web Services
 
AWS 101: Introduction to AWS
AWS 101: Introduction to AWSAWS 101: Introduction to AWS
AWS 101: Introduction to AWS
Ian Massingham
 
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Amazon Web Services
 
ElastiCache & Redis
ElastiCache & RedisElastiCache & Redis
ElastiCache & Redis
Amazon Web Services
 
Introduction to Amazon Relational Database Service
Introduction to Amazon Relational Database ServiceIntroduction to Amazon Relational Database Service
Introduction to Amazon Relational Database Service
Amazon Web Services
 
AWS EC2
AWS EC2AWS EC2
AWS EC2
Mahesh Raj
 
Getting Started with AWS Lambda and Serverless
Getting Started with AWS Lambda and ServerlessGetting Started with AWS Lambda and Serverless
Getting Started with AWS Lambda and Serverless
Amazon Web Services
 

Recomendados

What is Cloud Computing with Amazon Web Services?
What is Cloud Computing with Amazon Web Services?What is Cloud Computing with Amazon Web Services?
What is Cloud Computing with Amazon Web Services?
Amazon Web Services
 
Getting Started with Amazon ElastiCache
Getting Started with Amazon ElastiCacheGetting Started with Amazon ElastiCache
Getting Started with Amazon ElastiCache
Amazon Web Services
 
AWS 101: Introduction to AWS
AWS 101: Introduction to AWSAWS 101: Introduction to AWS
AWS 101: Introduction to AWS
Ian Massingham
 
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Amazon Web Services
 
ElastiCache & Redis
ElastiCache & RedisElastiCache & Redis
ElastiCache & Redis
Amazon Web Services
 
Introduction to Amazon Relational Database Service
Introduction to Amazon Relational Database ServiceIntroduction to Amazon Relational Database Service
Introduction to Amazon Relational Database Service
Amazon Web Services
 
AWS EC2
AWS EC2AWS EC2
AWS EC2
Mahesh Raj
 
Getting Started with AWS Lambda and Serverless
Getting Started with AWS Lambda and ServerlessGetting Started with AWS Lambda and Serverless
Getting Started with AWS Lambda and Serverless
Amazon Web Services
 
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
Simplilearn
 
Amazon EC2 Masterclass
Amazon EC2 MasterclassAmazon EC2 Masterclass
Amazon EC2 Masterclass
Amazon Web Services
 
Amazon EC2 Instance Types.pptx
Amazon EC2 Instance Types.pptxAmazon EC2 Instance Types.pptx
Amazon EC2 Instance Types.pptx
RomitSingh17
 
The AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeThe AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in Practice
Amazon Web Services
 
Aws introduction
Aws introductionAws introduction
Aws introduction
MouryaKumar Reddy Rajala
 
AWS basics
AWS basicsAWS basics
AWS basics
mbaric
 
Introduction to AWS Cloud Computing
Introduction to AWS Cloud ComputingIntroduction to AWS Cloud Computing
Introduction to AWS Cloud Computing
Amazon Web Services
 
Serverless Architecture on AWS
Serverless Architecture on AWSServerless Architecture on AWS
Serverless Architecture on AWS
Rajind Ruparathna
 
Amazon Relational Database Service (Amazon RDS)
Amazon Relational Database Service (Amazon RDS)Amazon Relational Database Service (Amazon RDS)
Amazon Relational Database Service (Amazon RDS)
Amazon Web Services
 
AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019
Amazon Web Services
 
Amazon ElastiCache and Redis
Amazon ElastiCache and RedisAmazon ElastiCache and Redis
Amazon ElastiCache and Redis
Amazon Web Services
 
Aws
AwsAws
Aws
mahes3231
 
AWS 101
AWS 101AWS 101
AWS 101
Amazon Web Services
 
Deep Dive on AWS Lambda
Deep Dive on AWS LambdaDeep Dive on AWS Lambda
Deep Dive on AWS Lambda
Amazon Web Services
 
AWS Architecting In The Cloud
AWS Architecting In The CloudAWS Architecting In The Cloud
AWS Architecting In The Cloud
Amazon Web Services
 
AWS networking fundamentals
AWS networking fundamentalsAWS networking fundamentals
AWS networking fundamentals
Amazon Web Services
 
Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...
Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...
Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...
Amazon Web Services
 
Amazon EC2 Instances, Featuring Performance Optimisation Best Practices
Amazon EC2 Instances, Featuring Performance Optimisation Best PracticesAmazon EC2 Instances, Featuring Performance Optimisation Best Practices
Amazon EC2 Instances, Featuring Performance Optimisation Best Practices
Amazon Web Services
 
Intro to AWS: Database Services
Intro to AWS: Database ServicesIntro to AWS: Database Services
Intro to AWS: Database Services
Amazon Web Services
 
AWS Lambda
AWS LambdaAWS Lambda
AWS Lambda
Scott Leberknight
 
AWS BaseCamp: AWS Architecture Fundamentals
AWS BaseCamp: AWS Architecture FundamentalsAWS BaseCamp: AWS Architecture Fundamentals
AWS BaseCamp: AWS Architecture Fundamentals
Nicole Maus
 
Aws Architecture Fundamentals
Aws Architecture FundamentalsAws Architecture Fundamentals
Aws Architecture Fundamentals
2nd Watch
 

Mais conteúdo relacionado

Mais procurados

AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
Simplilearn
 
Amazon EC2 Masterclass
Amazon EC2 MasterclassAmazon EC2 Masterclass
Amazon EC2 Masterclass
Amazon Web Services
 
Introduction to AWS Cloud Computing
Introduction to AWS Cloud ComputingIntroduction to AWS Cloud Computing
Introduction to AWS Cloud Computing
Amazon Web Services
 
Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...
Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...
Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...
Amazon Web Services
 
Intro to AWS: Database Services
Intro to AWS: Database ServicesIntro to AWS: Database Services
Intro to AWS: Database Services
Amazon Web Services
 

Mais procurados (20)

AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
 
Amazon EC2 Masterclass
Amazon EC2 MasterclassAmazon EC2 Masterclass
Amazon EC2 Masterclass
 
Amazon EC2 Instance Types.pptx
Amazon EC2 Instance Types.pptxAmazon EC2 Instance Types.pptx
Amazon EC2 Instance Types.pptx
 
The AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeThe AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in Practice
 
Aws introduction
Aws introductionAws introduction
Aws introduction
 
AWS basics
AWS basicsAWS basics
AWS basics
 
Introduction to AWS Cloud Computing
Introduction to AWS Cloud ComputingIntroduction to AWS Cloud Computing
Introduction to AWS Cloud Computing
 
Serverless Architecture on AWS
Serverless Architecture on AWSServerless Architecture on AWS
Serverless Architecture on AWS
 
Amazon Relational Database Service (Amazon RDS)
Amazon Relational Database Service (Amazon RDS)Amazon Relational Database Service (Amazon RDS)
Amazon Relational Database Service (Amazon RDS)
 
AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019
 
Amazon ElastiCache and Redis
Amazon ElastiCache and RedisAmazon ElastiCache and Redis
Amazon ElastiCache and Redis
 
Aws
AwsAws
Aws
 
AWS 101
AWS 101AWS 101
AWS 101
 
Deep Dive on AWS Lambda
Deep Dive on AWS LambdaDeep Dive on AWS Lambda
Deep Dive on AWS Lambda
 
AWS Architecting In The Cloud
AWS Architecting In The CloudAWS Architecting In The Cloud
AWS Architecting In The Cloud
 
AWS networking fundamentals
AWS networking fundamentalsAWS networking fundamentals
AWS networking fundamentals
 
Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...
Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...
Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...
 
Amazon EC2 Instances, Featuring Performance Optimisation Best Practices
Amazon EC2 Instances, Featuring Performance Optimisation Best PracticesAmazon EC2 Instances, Featuring Performance Optimisation Best Practices
Amazon EC2 Instances, Featuring Performance Optimisation Best Practices
 
Intro to AWS: Database Services
Intro to AWS: Database ServicesIntro to AWS: Database Services
Intro to AWS: Database Services
 
AWS Lambda
AWS LambdaAWS Lambda
AWS Lambda
 

Semelhante a Aws Architecture Fundamentals

Understanding Virtual Networking in the Cloud - RightScale Compute 2013
Understanding Virtual Networking in the Cloud - RightScale Compute 2013Understanding Virtual Networking in the Cloud - RightScale Compute 2013
Understanding Virtual Networking in the Cloud - RightScale Compute 2013
RightScale
 
Building a Just-in-Time Application Stack for Analysts
Building a Just-in-Time Application Stack for AnalystsBuilding a Just-in-Time Application Stack for Analysts
Building a Just-in-Time Application Stack for Analysts
Avere Systems
 

Semelhante a Aws Architecture Fundamentals (20)

AWS BaseCamp: AWS Architecture Fundamentals
AWS BaseCamp: AWS Architecture FundamentalsAWS BaseCamp: AWS Architecture Fundamentals
AWS BaseCamp: AWS Architecture Fundamentals
 
Aws Architecture Fundamentals
Aws Architecture FundamentalsAws Architecture Fundamentals
Aws Architecture Fundamentals
 
AWS Architecture Fundamentals - Houston
AWS Architecture Fundamentals - HoustonAWS Architecture Fundamentals - Houston
AWS Architecture Fundamentals - Houston
 
cc.pptx
cc.pptxcc.pptx
cc.pptx
 
Kinney j aws
Kinney j awsKinney j aws
Kinney j aws
 
002 AWSSlides.pdf
002 AWSSlides.pdf002 AWSSlides.pdf
002 AWSSlides.pdf
 
Aws Architecture Fundamentals | Dallas
Aws Architecture Fundamentals | DallasAws Architecture Fundamentals | Dallas
Aws Architecture Fundamentals | Dallas
 
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep DiveNEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
 
Building a Bigdata Architecture on AWS
Building a Bigdata Architecture on AWSBuilding a Bigdata Architecture on AWS
Building a Bigdata Architecture on AWS
 
Self-Service Supercomputing
Self-Service SupercomputingSelf-Service Supercomputing
Self-Service Supercomputing
 
Building A Cloud Security Strategy for Scale
Building A Cloud Security Strategy for ScaleBuilding A Cloud Security Strategy for Scale
Building A Cloud Security Strategy for Scale
 
Getting started with Public Cloud and AWS
Getting started with Public Cloud and AWSGetting started with Public Cloud and AWS
Getting started with Public Cloud and AWS
 
Understanding Virtual Networking in the Cloud - RightScale Compute 2013
Understanding Virtual Networking in the Cloud - RightScale Compute 2013Understanding Virtual Networking in the Cloud - RightScale Compute 2013
Understanding Virtual Networking in the Cloud - RightScale Compute 2013
 
Building a Just-in-Time Application Stack for Analysts
Building a Just-in-Time Application Stack for AnalystsBuilding a Just-in-Time Application Stack for Analysts
Building a Just-in-Time Application Stack for Analysts
 
Cloud and its job oppertunities
Cloud and its job oppertunitiesCloud and its job oppertunities
Cloud and its job oppertunities
 
XCloudLabs- AWS Overview
XCloudLabs- AWS Overview XCloudLabs- AWS Overview
XCloudLabs- AWS Overview
 
AWS Architecture Fundamentals - Denver
AWS Architecture Fundamentals - DenverAWS Architecture Fundamentals - Denver
AWS Architecture Fundamentals - Denver
 
AWS Webcast - AWS Webinar Series for Education #3 - Discover the Ease of AWS ...
AWS Webcast - AWS Webinar Series for Education #3 - Discover the Ease of AWS ...AWS Webcast - AWS Webinar Series for Education #3 - Discover the Ease of AWS ...
AWS Webcast - AWS Webinar Series for Education #3 - Discover the Ease of AWS ...
 
Cloud computing benefits
Cloud computing benefitsCloud computing benefits
Cloud computing benefits
 
AWS Webcast - Website Hosting
AWS Webcast - Website HostingAWS Webcast - Website Hosting
AWS Webcast - Website Hosting
 

Mais de 2nd Watch

Mais de 2nd Watch (20)

Managing Multi-Cloud and On-Premises with Microsoft Azure
Managing Multi-Cloud and On-Premises with Microsoft AzureManaging Multi-Cloud and On-Premises with Microsoft Azure
Managing Multi-Cloud and On-Premises with Microsoft Azure
 
Containers, from Production to Development
Containers, from Production to DevelopmentContainers, from Production to Development
Containers, from Production to Development
 
Containers, From Development to Production
Containers, From Development to ProductionContainers, From Development to Production
Containers, From Development to Production
 
Getting Started with VMware Cloud on AWS
Getting Started with VMware Cloud on AWSGetting Started with VMware Cloud on AWS
Getting Started with VMware Cloud on AWS
 
Operating Windows on AWS Using SSM
Operating Windows on AWS Using SSMOperating Windows on AWS Using SSM
Operating Windows on AWS Using SSM
 
Cloud Optimization: Filling in the Gaps
Cloud Optimization: Filling in the GapsCloud Optimization: Filling in the Gaps
Cloud Optimization: Filling in the Gaps
 
Automated Security & Continuous Compliance on Microsoft Azure
Automated Security & Continuous Compliance on Microsoft AzureAutomated Security & Continuous Compliance on Microsoft Azure
Automated Security & Continuous Compliance on Microsoft Azure
 
Migrating Your Windows Datacenter to AWS
Migrating Your Windows Datacenter to AWSMigrating Your Windows Datacenter to AWS
Migrating Your Windows Datacenter to AWS
 
Single Realm Multi-Cloud Security Management with Palo Alto Networks
Single Realm Multi-Cloud Security Management with Palo Alto NetworksSingle Realm Multi-Cloud Security Management with Palo Alto Networks
Single Realm Multi-Cloud Security Management with Palo Alto Networks
 
Drive Thru DevOps, Moving Forward Securely
Drive Thru DevOps, Moving Forward SecurelyDrive Thru DevOps, Moving Forward Securely
Drive Thru DevOps, Moving Forward Securely
 
Secure Clouds are Happy Clouds
Secure Clouds are Happy CloudsSecure Clouds are Happy Clouds
Secure Clouds are Happy Clouds
 
Money Pitfalls and Failed Expectations: Optimizing Essentials for the Cloud
Money Pitfalls and Failed Expectations: Optimizing Essentials for the CloudMoney Pitfalls and Failed Expectations: Optimizing Essentials for the Cloud
Money Pitfalls and Failed Expectations: Optimizing Essentials for the Cloud
 
Big data and Analytics on AWS
Big data and Analytics on AWSBig data and Analytics on AWS
Big data and Analytics on AWS
 
Enabling High Performance IT with 2nd Watch, Docker & AWS
Enabling High Performance IT with 2nd Watch, Docker & AWSEnabling High Performance IT with 2nd Watch, Docker & AWS
Enabling High Performance IT with 2nd Watch, Docker & AWS
 
Backup to the Cloud
Backup to the CloudBackup to the Cloud
Backup to the Cloud
 
Enterprise Management for the AWS Cloud
Enterprise Management for the AWS CloudEnterprise Management for the AWS Cloud
Enterprise Management for the AWS Cloud
 
Backup on the cloud 10.1.13
Backup on the cloud 10.1.13Backup on the cloud 10.1.13
Backup on the cloud 10.1.13
 
Optimizing your cloud
Optimizing your cloudOptimizing your cloud
Optimizing your cloud
 
Backup on the cloud Webinar
Backup on the cloud WebinarBackup on the cloud Webinar
Backup on the cloud Webinar
 
Building Bulletproof Infrastructure on AWS
Building Bulletproof Infrastructure on AWSBuilding Bulletproof Infrastructure on AWS
Building Bulletproof Infrastructure on AWS
 

Último

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Último (20)

MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

Aws Architecture Fundamentals

  • 1. AWS Bootcamp Vince Lo Faso, Solutions Architect Scott Turvey, Solutions Architect
  • 2. Agenda 8:30am – 9:00am: Check-in 9:00am – 12:00pm: AWS Bootcamp Bootcamp Introduction Introduction to Cloud Computing AWS Overview and Regions AWS Networking VPC - Route 53 AWS Compute EC2 – ELB - ASG – IAM - Directory Services AWS Storage EBS - S3 - Glacier AWS Databases RDS – DynamoDB - Redshift Security Overview 12:00pm – 1:00pm: Break & Lunch 1:00pm – 3:00pm: Hands-On Lab - Building AWS Infrastructure
  • 5. IT and the Business A man is flying in a hot air balloon and realizes he is lost. He reduces height and spots a man down below. He lowers the balloon further and shouts: “Excuse me, can you tell me where I am?” The man below says: “yes, you’re in a hot air balloon hovering 30 feet above this field.” “You must work in the Information Technology,” says the balloonist. “I do,” replies the man, “How did you know.” “Well” says the balloonist,, “everything you have told me is technically correct, but it’s of no use to anyone.” The man below says, “you must work in business”. “I do” replies the balloonist, “but how did you know?” “Well”, says the man, ,”you don’t know where you are, or where you’re going, but you expect me to be able to help. You’re in the same position you were before we met, but now it’s my fault.”
  • 6. New IT Business Model Cloud Computing is first and foremost a Business Model
  • 7. Business Reasons for Adopting Cloud Computing GoodNot Good Go global in minutes Remove undifferentiated heavy lifting Stop guessing capacity Increased agility Lower variable expense than they could achieve on their own Move from capital expense to variable expense$
  • 8. Defining Cloud Computing NIST defined a well accepted, industry standard definition of Cloud Computing url: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf Covers:  5 Key Characteristics of Cloud Computing  3 Service Model  4 Deployment Models plus  5 Cloud Actors  A Cloud Reference Architecture  Shared Security model
  • 9. What is Cloud Computing? NIST 5 Key Characteristics #1 On-demand self service “as easy as buying candy from a vending machine” #2 Broad network access “access it anytime from anywhere” #3 Resource pooling “you’re not the only user” #4 Rapid elasticity “scale up and scale down in real-time” #5 Measured service “pay only for what you consume”
  • 10. Why Amazon Web Services? “It is the overwhelming market share leader, with over 10 times more cloud IaaS compute capacity in use than the aggregate total of the other 14 providers in this Magic Quadrant” Gartner Report May, 2015. In 2013, IT research firm Gartner had to rescale its famed infrastructure-as- a- service “Magic Quadrant” to accommodate Amazon Web Services’ enormous competitive lead.
  • 11. AWS Today - 2016 Public cloud market share Amazon Web Services: 31% Microsoft: 9% IBM Cloud/SoftLayer: 7% Google: 4% per Synergy Research Group AWS generating > $12 billion a year.
  • 15. AWS Regions – Global Infrastructure
  • 16. Regions and Availability Zones  Global Resources » IAM Users » Route 53 Records  Regional Resources » S3 Buckets » VPCs » ELB » EIPs  AZ Resources » EBS Volumes » EC2 Instances » RDS Instances » Subnets » ENIs
  • 18. VPC - Virtual Private Cloud
  • 19. VPC - Virtual Private Cloud
  • 20. Virtual Private Cloud – NACL – Traffic Flow
  • 21. Security Groups o Security Groups are similar to a firewall rule o They can be associated to resources independent of a subnet or CIDR range o Security Groups are limited only to the VPC in which you create them Example of Security Group configuration
  • 22. Security Groups Deny by default  IP Whitelisting  Specify a CIDR block that is allowed to access resources in your AWS environment.  This can be as large or small as you desire, giving it extreme flexibility.  Specifying a 32 bit block will whitelist a single IP ( 50.99.20.230/32 )  Allow port and protocol  You can allow TCP, UDP, ICMP or a combination of all three
  • 23. Security Groups o SG trust relationships  SGs can establish trust relationships  These trust relationships link resources and security policies  Not required to specify an IP address  Trust relationships are only valid within a VPC o Ingress and Egress  VPC security groups have both ingress and egress  Security groups are stateful
  • 24. Client Ingress SSH and RDP Ingress Platform Server Ingress Platform Server Egress Database Access SID App APP SID_App_Ingress SID Database SID View VIEW SID_Admin_Ingress Protocol Port Range Source TCP 22 10.99.101.0/24 TCP 3389 10.99.101.0/24 SID_App_Egress Protocol Port Range Destination TCP 443 10.87.14.29/32 TCP 3306 10.24.3.102/32 SID_DB_Ingress Protocol Port Range Source TCP 3306 SID_APP_SG SID_View_Ingress Protocol Port Range Source TCP 80 10.12.0.0/16 TCP 80 10.45.2.0/24 TCP 80 10.62.31.0/24 View Firewall Policies SID_View_Ingress SID_Admin_Ingress App Firewall Policies SID_App_Ingress SID_Admin_Ingress SID_App_Egress Database Firewall Policies SID_DB_Ingress Protocol Port Range Source TCP 80 10.241.25.0/24 TCP 443 10.241.25.0/24 TCP 8080 SID_VIEW_SG Security Group/Firewall Rules
  • 25. Virtual Private Cloud – On-Premises Connection
  • 26. Virtual Private Cloud – Overview
  • 27. Virtual Private Cloud – Network and Subnets • Network Topology o Private address space  Any range is valid, but we suggest a non-routable CIDR  Public CIDR ranges are only reachable via a Virtual Private Gateway  CIDR ranges can be as large as a /16 to as small as a /28 • Subnets o Public subnets have a 0.0.0.0/0 route to the Internet Gateway (IGW)  Instances that require a public IP need to reside in a public subnet o Private subnets do not have an outbound route through the IGW  NAT instances are commonly used as an outbound gateway for private instances o Subnets cannot span AZ’s, but subnets can share routing tables, which provides similar functionality.
  • 28. Virtual Private Cloud – Route Tables • Route Tables o Can be applied to multiple subnets o Typical routing entries  10.0.0.0/16 = Local  0.0.0.0/16 = Internet Gateway (Public Subnet)  -or-  0.0.0.0/16 = eni-12345678 (Private Subnet)
  • 29. Virtual Private Cloud – Peering • Peering o VPC -> VPC peering o Unique CIDR o VPN solutions  OpenVPN  OpenSwan
  • 30. Route53 - Basic Feature Set • Zone Creation • Zone Import o Import your zone file from a previous provider o Delegate this zone to the AWS name servers • Record Types o A o CNAME o TXT,MX,DKIM o Alias o S3 buckets and ELBs can be an alias target, allows zone apex magic
  • 31. Route53 - Advanced Feature Set •Weighted Resource Record Sets •Health Checks •Global Load Balancer o Using weighted record sets, you can create a pool of endpoints from which to balance traffic o Enabling a health-check on this pool allows for a DNS based load balancer which can be applied to any resource (AWS or non-AWS) •Latency Resource Record Sets •Geolocation Resource Record Sets
  • 32. Route53 – Global Failover • Global Failover Pattern • Uses R53 Health Checks Route 53 Virginia Region myapp.example.com Ireland Region
  • 34. EC2 – Elastic Cloud Compute AMI • Instances are based on an Amazon Machine Image • You can create new AMIs from a running instance • AMIs are stored in S3 for 11 9’s of durability • AMIs are unique to each region
  • 35. EC2 - Instance Types Choosing the correct instance type for the required workload o T2 for light weight general purpose – but with burstable performance o M4 for general purpose o R3, X1 for memory and database heavy applications o C3, C4 for compute heavy applications o G2, P2 for GPU intensive applications o I2, D2 for storage heavy applications (random) o HS1 for storage heavy applications (sequential) Example of M3 family of instance type
  • 36. EC2 - Running Instances Running instances •Instances are launched into an existing VPC subnet •CloudWatch monitoring is enabled by default o CPU Utilization, Network I/O are the primary data points of interest o Memory and Disk require an additional script that will post a to a custom CloudWatch metric •Status checks o OS check o Network reachability check
  • 38. EC2 - Bootstrapping  User Data • Provides a hook to inject scripting into any standard instance you decide to launch o These include the Amazon Linux, Windows and Ubuntu AMIs o User Data can only be modified while the instance is stopped • Suggested patterns o Install security updates  yum update -y o Install middleware  yum install -y httpd  chkconfig httpd on o Download and execute a remote script  Assign an IAM Profile to the EC2 instance  Aws s3 cp s3://mybucket/myscript.sh /tmp/myscript.sh  ./tmp/myscript.sh
  • 39. EC2 - Pricing 1 > On Demand Instance • This is the most common and flexible pricing option • Pay only for what you use • Stopped instances will not accrue hourly compute costs • Pay by the instance hour 2 > Reserved Instance (RI) • 1 or 3 year commitment • Pay for EC2 hourly at reduced rates (from On Demand rates) • Payment Options • No Upfront payment: no CapEx, lower hourly rate than On Demand • Partial Upfront payment: someCapEx, lower hourly rate than No Upfront • All Upfront payment: larger Capex, lowest hourly rate possible
  • 40. EC2 - Pricing 3 > Spot • Useful for “worker pool” scenarios oTranscode, map reduce task nodes • Can be lost as soon as someone is willing to pay more for that instance
  • 42. ELB - Elastic Load Balancer Elastic Pool of Virtual Load Balancers  Public Side • Consists of an endpoint which is the equivalent to a traditional VIP • Does not use a static IPv4, but rather an Alias/CNAME • The endpoint will not always resolve to the same IP  Private Side • Minimum of one virtual ELB node per AZ  Certificate Termination • Only one SSL certificate per ELB • Multi-Domain certificates are valid
  • 43. ELB – Spans Multiple Availability Zones
  • 44.  Auto Scaling Key Features • Adds or removes servers based on load • Self-healing pool of resources • Every instance is based on a “gold” master image Auto Scaling - Overview
  • 45.  Auto scaling group • Instance location o Subnet o Load Balancer • Number of instances o Min o Max o Desired  Launch config • Instance details o Size o PEM key o IAM Profile o Security Group(s) o User data Auto Scaling - Components
  • 46. Auto Scaling - Multi-AZ  Multi-AZ Auto Scaling • Highly Available • Production Standard • Spans Datacenters
  • 47. Auto Scaling - CloudWatch CloudWatch is the final piece of the auto scaling puzzle. You can create alarms based on instance metrics which trigger auto scaling actions. Scaling policies Scale up alarm • Execute policy when: CPU is greater than 60% • Take the action: Add 2 instances • And then wait: 10 minutes Scale down alarm • Execute policy when: CPU is less than 20% • Take the action: Remove 2 instances • And then wait: 10 minutes
  • 49. Directory Service - Overview Three types of directory services: o Microsoft AD o A managed Microsoft Active Directory service running on Windows Server 2012 R12 o Highly availability (multi-AZ), patched, and monitored o Can support up to 50,000 users o Fully functional MS AD o Simple AD o Powered by Samba 4 Active Directory o Users and Groups can be created directly in the AWS console o Windows servers can auto-join this domain as they would in an AD environment o Can support 500 users o AD Connector o Connect your on-prem AD to your AWS account o Associate AD users/groups with IAM users/groups o Windows servers can auto-join this domain as they would in an AD environment o Manage the AWS console using your AD credentials
  • 50. Directory Service – AD Connector • Active Directory Connector instances are launched into your VPC • AD Connectors communicate with on- prem AD servers • AD credentials are no longer necessary when joining instances to a domain (Auto-Join)
  • 51. AD Connector - Single Sign On Flow
  • 53. IAM Users o Identity and Access Management o Create Users and Groups o Establish Trust Relationships o Govern Access via Policy Documents
  • 54. IAM - Groups, Roles & Instance Profiles o Deny by default  Explicit allow required to grant access  Explicit deny always trumps an explicit allow o Users/Groups  Policies can be applied at the group or user level o Roles  Policies can be applied to roles o Instance Profile  Assumes role  Credentials are stored in instance metadata  Only Access Key ID and Temporary Token
  • 55. Amazon S3 Amazon DynamoDB Role: Allow Amazon S3 access but nothing else Amazon EC2 Instance Overview of AWS IAM Identity & Access Management IAM - Instance Profiles
  • 56. IAM – AWS Master Account AWS Account  Master/Root Account Permissions  Always treat the master account credentials as if they could launch an ICBM  Allow by default  MFA
  • 58. Storage Services • EBS – Elastic Block Store - (not actually a ”service”) • S3 – Simple Storage Service - (object storage) • Standard • Standard I/A – Infrequent Access • Glacier – Archival/Long-term • AWS Storage Gateway • Gateway-cached volumes – store primary data in AWS and cache most recently used data locally • Gateway-stored volumes – store entire dataset onsite and asynchronously replicate data back to S3 • Gateway-virtual tape library – store your virtual tapes in either S3 or Glacier • EFS – Elastic File System
  • 59. Traditional Platform - Storage Architecture In the old days… • Hardware acquisition and datacenter space required advanced planning • Disk space and I/O allocation juggling for the entire application lifecycle • Volume and file redundancy not built-in • Capital commitment and refresh budget considerations /root C: /swap Pagefile Temp Dir /app /data Program Files Data Server Head NAS or Fileserver /DirShare 01/ File01 File02 /DirShare 02/ File01 Tape Library ArchiveVol 02 ArchiveVol 01 SMB /CIFS Platform Monitoring Tools
  • 60. AWS Instance Volumes and Data Storage The new [improved] way of doing things… • Elastic pay-as-you-go model • Redundancy and snapshot utilities built-in • New APIs and tools simplify application development, administration and data lifecycle management
  • 61. EBS - Elastic Block Store Block storage ideal for creating versatile OS volumes • Define type, size and optionally I/O capacities [within service limits] • Magnetic, SSD and Provisioned IOPS • Mount to a single instance, similar to local drive • Simplified Encryption options Persistent and durable • Redundant copies stored in single AZ • Not permanently bound to a server instance and will survive server crash or shutdown Snapshot capabilities for point-in-time backups • Resizing and duplicating volumes • Moving across AZs; Exporting across Regions Performance metrics available through CloudWatch
  • 62. Elastic Block Store (EBS) – Best Practices Recommended for applications • Making frequent data changes • Requiring consistent I/O performance • Needing to persist data beyond server instance stop/start cycles • Requiring fine-grain control of raw, unformatted data blocks Define appropriate configuration options • EBS Optimized instances can handle higher I/O bandwidth • Underlying technology (Magnetic, General Purpose (SSD), Provisioned IOPS (SSD) /root C: /swap Pagefile Temp Dir /app /data Program Files Data Server Virtual Head
  • 63. Ephemeral Drives (EC2 Instance Store) Overview Block device attached to the host machine • Available to server instance • May be mounted and used for temporary storage • No additional usage charges for disk space or I/O Not redundant: no built-in RAID or snapshot function Data loss will result if any of the following occur: • Host server or instance crash • Instance termination • Disk failure /root C: /swap Pagefile Temp Dir /app /data Program Files Data Server Virtual Head
  • 64. S3 - Simple Storage Service Object storage container with virtually unlimited capacity • Store files (objects) in containers (buckets) • Redundant copies for high durability and reliability • Available on the internet via REST requests directly or through SDK • Multiple strategies to secure contents • Set permissions, access policies and optionally require MFA • Encryption: Server (simplified) or Client-side • Audit logging (optional) will record all access requests via APIs • Built-in tools for managing versioning, object lifecycle and creating static websites • Provides 99.999999999% durability (11 ‘9s’) • Provides 99.99% availability /mybucket01/ File01 File02 /mybucket02/ File01 Http / Https Amazon S3
  • 65. Amazon Glacier - Overview Storage service optimized for reliable and low cost storage of archive data • Data objects are securely archived, however not immediately accessible • Create vaults (containers) to hold archives (any file based object) • Upload archives programmatically • Submit requests to retrieve archives. Available in about 4 hours • Cost is approximately $.01/GB/Month plus modest API and retrieval charges [if applicable]
  • 66. EFS – Elastic File System Fully managed file server storage • Uses NFS (v4.1) protocol • Linux server only, Windows support planned for future release • Can be mounted by 1,000s of EC2s • Can be accessed from on-prem Data Center if using Direct Connect • Highly available, redundant across multiple AZs
  • 67. EFS – Comparing EFS and EBS
  • 69. AWS Structured Data Services Deploying structured data systems (for example SQL, NoSQL and Data Warehouse applications) in a traditional environment may be complex, costly, and time consuming. Amazon provides a set of structured data services with the following advantages: • Simple to deploy, operate and scale • Many common administrative and operational tasks are automated • Pay-as-you-go pricing • Support for a wide variety of standard and emerging application models
  • 70. RDS - Relational Data Services Fully managed relational database service offering popular platforms with the following key advantages: • Amazon manages resource redundancy, software patching, backups, failure detection and recovery • Ability to configure specific resources to cost-effectively scale your application • Pay-as-you-go model offering included license or license portability [see fine print to ensure license compliance] • Streamlined management options to easily configure highly available topologies, create database snapshots and deploy test instances
  • 71. Relational Data Services Key Concepts  Database Instance  Database Storage  DB Instance Class  5 Platforms 1. Oracle 2. MS SQL 3. MySQL 4. PostgreSQL 5. MariaDB
  • 72. AWS Aurora AWS’s version of MySQL database that is tailored for cloud environment Key features: o Architected for 99.99% availability o Enterprise performance (5x) at 1/10 the cost o Compatible with MySQL 5.6 o Automatically grows storage as needed, up to 64 TB o Easy migration from MySQL o Up to 15 Aurora Replicas in a region o Cross-region replication o Encryption in-transit and at rest o Continuous backup to S3 (11 9’s data durability) o Fully managed
  • 73. DynamoDB Fully managed NoSQL database service offering the following key advantages: • Seamless and virtually unlimited scalability conveniently managed automatically by Amazon • Ability to define specific resource allocation limits to ensure predictable performance while containing costs • Easy administration and well-supported development model • Integration with other core Amazon data services (for example Redshift and EMR)
  • 74. Redshift Fully managed Enterprise-class data warehouse service offering the following advantages: • High performance, massively parallel columnar storage architecture providing streamlined scalability • Mainstream SQL query syntax allowing for rapid platform adoption • Flexible node type and RI options allowing for workload alignment and cost efficiency
  • 76. Security and Compliance – Shared Security Model
  • 77. Client Ingress SSH and RDP Ingress Platform Server Ingress Platform Server Egress Database Access SID App APP SID_App_Ingress SID Database SID View VIEW SID_Admin_Ingress Protocol Port Range Source TCP 22 10.99.101.0/24 TCP 3389 10.99.101.0/24 SID_App_Egress Protocol Port Range Destination TCP 443 10.87.14.29/32 TCP 3306 10.24.3.102/32 SID_DB_Ingress Protocol Port Range Source TCP 3306 SID_APP_SG SID_View_Ingress Protocol Port Range Source TCP 80 10.12.0.0/16 TCP 80 10.45.2.0/24 TCP 80 10.62.31.0/24 View Firewall Policies SID_View_Ingress SID_Admin_Ingress App Firewall Policies SID_App_Ingress SID_Admin_Ingress SID_App_Egress Database Firewall Policies SID_DB_Ingress Protocol Port Range Source TCP 80 10.241.25.0/24 TCP 443 10.241.25.0/24 TCP 8080 SID_VIEW_SG Security - Security Group/Firewall Rules
  • 79. General Information 1-888-317-7920 info@2ndwatch.com www.2ndwatch.com Contact Us Vince Lo Faso Solutions Architect vlofaso@2ndwatch.com Scott Turvey Solutions Architect sturvey@2ndwatch.com Locations SEATTLE NEW YORK VIRGINIA ATLANTA PHILADELPHIA HOUSTON LIBERTY LAKE LOS ANGELES CHICAGOCameron Hatten Regional Territory Manager chatten@2ndwatch.com
  • 80. Thank You | Questions?