The AWS cloud infrastructure is architected to be one of the most flexible and secure cloud computing environments available today. By leveraging services such as EC2, you are able to build highly scalable and performant architectures. AWS also provides a rich set of services which help to remove much of the potentially undifferentiated heavy lifting associated to managing your EC2 based infrastructure. This session will introduce some of these services in the areas of Application Management, Database, Analytics, Security and Enterprise Applications.
3. If you host your applications on-premises
Power, HVAC, net
Rack and stack
Server maintenance
OS patches
App/DB patches
Backups
Scaling
High availability
App/DB installs
OS installation
you
App optimization
4. If you host your applications in Amazon EC2
Power, HVAC, net
Rack and stack
Server maintenance
OS patches
App/DB patches
Backups
Scaling
High availability
App/DB installs
OS installation
you
App optimization
5. If you choose a managed service
Power, HVAC, net
Rack and stack
Server maintenance
OS patches
App/DB patches
Backups
App optimization
High availability
App/DB installs
OS installation
you
Scaling
8. You can create a new directory or extend your existing directory by
using AWS Directory Service or by creating one or more domain
controllers in your AWS environment.
AWS Directory Service
Microsoft AD
Simple AD
AD Connector
9. AD Connector
AD Connector is a proxy service for connecting your on-premises
Microsoft Active Directory to the AWS Cloud without requiring complex
directory synchronization or the cost and complexity of hosting a
federation infrastructure.
When to use
AD Connector is your best choice when you want to use your existing
on-premises directory with AWS services.
10. Simple AD
Simple AD is a Microsoft Active Directory–compatible directory from
AWS Directory Service that is powered by Samba 4. Simple AD
supports commonly used Active Directory features such as user
accounts, group memberships, domain-joining EC2 instances running
Linux and Microsoft Windows.
When to use
In most cases, Simple AD is the least expensive option and your best
choice if you have 5,000 or less users and don’t need the more
advanced Microsoft Active Directory features.
11. Microsoft AD
AWS Directory Service for Microsoft Active Directory is a managed Microsoft
Active Directory hosted on the AWS Cloud. It provides much of the
functionality offered by Microsoft Active Directory plus integration with AWS
applications. With the additional Active Directory functionality, you can, for
example, easily set up trust relationships with your existing Active Directory
domains to extend those directories to AWS services.
When to use
Microsoft AD is your best choice if you have more than 5,000 users and
need a trust relationship set up between an AWS hosted directory and your
on-premises directories.
*May not be compatible with all applications due to AD Forest Trust
14. Cross-region
replication
- Amazon CloudWatch
metrics for Amazon S3
- AWS CloudTrail support
VPC endpoint
for Amazon S3
Amazon S3 bucket
limit increase
Event notifications
Read-after-write
consistency in all regions
Innovation for Amazon S3
15. Amazon S3
Standard-IA
Expired object delete
marker
Incomplete multipart
upload expiration
Lifecycle policy
Transfer
acceleration
Innovation for Amazon S3
16. Choice of storage classes on Amazon S3
Standard
Active data Archive dataInfrequently accessed data
Standard—Infrequent Access Amazon Glacier
17. 11 9s of durability
Standard—Infrequent Access storage
Designed for
99.9% availability
Durable Available
Same throughput as
Amazon S3 Standard storage
High performance
• Server-side encryption
• Use your encryption keys
• AWS KMS-managed encryption keys
Secure
• Lifecycle management
• Versioning
• Event notifications
• Metrics
Integrated
• No impact on user
experience
• Simple REST API
• Single bucket
Easy to use
18. Storage tiered to your requirements
L
i
f
e
c
y
c
l
e
Available
S3: 99.99%
S3-IA: 99.9%
Performant
Low latency
high throughput
Secure
SSE, client
encryption, AWS
Identity & Access
Management
integration
Event
Notifications
Amazon SQS,
Amazon SNS, and
AWS Lambda
Versioning
Keep multiple
copies
automatically
Cross region
replication
Common
namespace
Define storage
class per object
Durable
99.999999999%
Scalable
Elastic capacity
No preset limits
“Hot” data
Active and/or
temporary data
“Warm” data
Infrequently
accessed data
“Cold” data
Archive and
compliance data
S3-IA
Amazon
Glacier
S3
19. L
i
f
e
c
y
c
l
e
Available
S3: 99.99%
S3-IA: 99.9%
Performant
Low latency
High throughput
≥ 30 Days≥ 128K
≥ 90 Days
Durable
99.999999999%
Scalable
Elastic capacity
No preset limits
> 0K$0.007/GB per month
$0.0125/GB per month
“Hot” data
Active and/or
temporary data
“Warm” data
Infrequently
accessed data
“Cold” data
Archive and
compliance data
≥ 0 Days> 0K$0.03/GB per month
3 – 5 Hrs
$0.01/GB retrieval
$0.01/GB retrieval > 5%
Storage tiered to your requirements
S3-IA
Amazon
Glacier
S3
21. What is Route 53?
Route 53 is AWS’s authoritative domain name (DNS)
service
DNS translates domain names (like
www.amazon.com) into IP addresses—think of it as a
“phone book” for the Internet
DNS is a Tier-0 service—availability is most important
We chose the name “Route 53″ as a play on the fact
that DNS servers respond to queries on port 53
22. How it works
Users DNS resolver Route 53
Where is
www.example.com?
I don’t know – I’ll ask
the authority
1.2.3.4 1.2.3.4
53
23. Design principles
Reliable
Fast
Integrated
with AWS
Easy to use
Cost
effective
Flexible
• Redundant locations
• Backed with SLA
• Worldwide anycast network
• Fast propagation of changes
• Elastic Load Balancing alias
queries
• Latency based routing
• More to come
• Console
• Programmatic API
• Domain name management
• Inexpensive rates
• Pay as you go model
• Geo DNS
• Weighted round robin
• Self-aliasing
24. Route 53’s key features
High
availability
DNS
• Highly available and
scalable DNS service
• DNS failover to route
around region- and AZ-
level issues
• Map the root or apex of
your hosted zone to your
load balancer
• Run applications in
multiple AWS Regions
and route users based on
location to optimize
latency, load balancing,
and other considerations
• Manage domain name
purchases and renewals
by using the Route 53
console and API
Alias records
Domain name
registration
Advanced
routing: Geo
DNS, LBR, and
WRR
25. Private DNS within VPC
Use Route 53 to manage custom DNS names for resources internal to a VPC, such as Amazon
EC2 instances, Amazon RDS databases, and Amazon ElastiCache nodes
Private DNS prevents these names and your network topology from being exposed to the
public Internet
Features
Domain name registration
Customers can now buy and manage domain names by using Route 53
Geolocation Routing
Route end users to different endpoints based on the end user’s geographic location
Allows traffic to balance load across regions as well as to localize/restrict content
26. Health checks
Custom application status requests
CloudWatch alarm notifications can be created for specific thresholds
DNS failover
Single resource record can have multiple targets (EC2 and S3)
Health-check failure event can cut traffic over to second origin automatically
Features
28. AWS Elastic Beanstalk vs. do it yourself
Your code
HTTP server
Application server
Language interpreter
Operating system
Host
Elastic Beanstalk configures
each EC2 instance in your
environment with the
components necessary to run
applications for the selected
platform. No more worrying
about logging into instances to
install and configure you
application stack.
Focus on building your
application
Provided by you
Provided and managed by AWS Elastic Beanstalk
On-instance configuration
29. AWS Elastic Beanstalk vs. do it yourself
• Preconfigured infrastructure
• Single instance (dev, low cost)
• Load balanced, auto scaling (production)
• Web & worker tiers
• Elastic Beanstalk provisions necessary
infrastructure resources such as the load
balancer, auto scaling group, security
groups, database (optional), etc.
• Provides a unique domain name for your
application
(for example: youapp.elasticbeanstalk.com)
Infrastructure stack
30. Information required to deploy application
01
02
03
04
AWS Region
Stack (container) type
Single Instance
Load balanced with
auto-scaling
OR
Database (RDS) Optional
Your code
Supported Platforms
31. How to deploy applications
1. By using AWS Management Console
2. By using AWS Toolkit for Eclipse and Visual
Studio IDE
3. By using Elastic Beanstalk command line
interface
$ eb deploy
32. Keep your application platform up-to-date, automatically
Stay in control of platform updates
Safely perform updates while maintaining availability
Managed platform updates for elastic beanstalk
43. Amazon Aurora: Fast, available, and MySQL-compatible
SQL
Trans-
actions
AZ 1 AZ 2 AZ 3
Caching
Amazon
S3
5x faster than MySQL on
same hardware
SysBench: 100 K writes/sec
and 500 K reads/sec
Designed for 99.99%
availability
6-way replicated storage
across 3 AZs
Scale to 64 TB and 15 Read
Replicas
44. Amazon RDS is simple and fast to scale
Database instance types
offer a range of CPU and
memory selections
Scale up or down among
instance types on demand
Database storage is
scalable on demand
45. Amazon RDS offers fast, predictable storage
General Purpose
(SSD) for most
workloads
Provisioned IOPS
(SSD) for OLTP
workloads up to
30,000 IOPS
Magnetic for small
workloads with
infrequent access
46. High availability Multi-AZ deployments
Enterprise-grade fault tolerance solution for
production databases
47. Choose Read Replicas for scalability and enhanced
data locality
Relieve pressure on your master
node for supporting reads and
writes
Even faster recovery in the event
of disaster
Bring data close to your
customers
Promote to a master for easy
migration
48. Choose cross-region snapshot copy for even
greater durability, ease of migration
Copy a database snapshot
to a different AWS Region
Warm standby for disaster
recovery
Base for migration to a
different region
50. Amazon
Redshift
a lot faster
a lot cheaper
a whole lot simpler
Relational data warehouse
Massively parallel; petabyte scale
Fully managed
HDD and SSD platforms
$1,000/TB/year; starts at $0.25/hour
51. Amazon Redshift architecture
Leader node
• Simple SQL endpoint
• Stores metadata
• Optimizes query plan
• Coordinates query execution
Compute nodes
• Local columnar storage
• Parallel/distributed execution of all
queries, loads, backups, restores,
resizes
Start at just $0.25/hour, grow to 2 PB
(compressed)
• DC1: SSD; scale 160 GB–326 TB
• DS2: HDD; scale 2 TB–2 PB
10 GigE
(HPC)
Ingestion
Backup
Restore
JDBC/ODBC
52. Amazon Redshift is fast
Dramatically less I/O
Column storage
Data compression
Zone maps
Direct-attached storage
Large data block sizes
10 | 13 | 14 | 26 |…
… | 100 | 245 | 324
375 | 393 | 417…
… 512 | 549 | 623
637 | 712 | 809 …
… | 834 | 921 | 959
10
324
375
623
637
959
ID Age State Amount
123 20 CA 500
345 25 WA 250
678 40 FL 125
957 37 WA 375
53. Fully managed, continuous/incremental backups
Multiple copies within cluster
Continuous and incremental backups
to Amazon S3
Continuous and incremental backups
across regions
Streaming restore
Amazon S3
Amazon S3
Region 1
Region 2
54. Amazon Redshift offers rock-solid fault tolerance
Amazon S3
Amazon S3
Region 1
Region 2
Disk failures
Node failures
Network failure
Availability Zone—or region-level
disasters
55. Security is built-in
• Load encrypted from S3
• SSL to secure data in transit
• Amazon VPC for network isolation
• Encryption to secure data at rest
• On-premises HSM and AWS
CloudHSM support
• SOC 1, 2, and 3; PCI-DSS;
FedRAMP; BAA
10 GigE
(HPC)
Ingestion
Backup
Restore
Customer VPC
Internal
VPC
JDBC/ODBC
57. AWS Certificate Manager
• Provision trusted SSL/TLS certificates from AWS for use
with AWS resources:
• Elastic Load Balancing
• Amazon CloudFront distributions
• AWS handles the muck
• Key pair and CSR generation
• Managed renewal and deployment
• Domain validation (DV) through email
• Available through AWS Management Console, CLI, or API
58. AWS Certificate Manager (ACM) Benefits
• Protect and secure websites and applications
• Provision certificates quickly and easily
• Free
• Managed certificate renewal
• Secure key management
• Centrally manage certificates on the AWS Cloud
• Integrated with other AWS Cloud services
59. ACM-Provided Certificates
Domain names
• Single domain name: www.example.com
• Wildcard domain names: *.example.com
• Combination of wildcard and non-wildcard names
• Multiple domain names in the same certificate (up to 10)
ACM-provided certificates are managed
• Private keys are generated, protected, and managed
• ACM-provided certificates cannot be used on EC2 instances or on-
premises servers
• Can be used with AWS services, such as ELB and CloudFront
Algorithms
• RSA 2048 and SHA-256