Architecting Enterprise Applications in the Cloud presentation by Matt Tavis, AWS Solutions Architect, and the Cloud for the Enterprise Event in NY on October 19, 2009
2. What Does the Enterprise Application Demand? High Availability Manageability Security Monitoring Scalability Reliability
3. T T T S3 Replicas EC2 Regions Availability Zone A Availability Zone B Availability Zone C Auto Scaling Amazon CloudWatch Elastic Load Balancing Note: Conceptual drawing only. The number of Availability Zones may vary. S3 guarantees 3 or more copies across 2 or more AZs. AWS has the Tools for Enterprise Demands
4. Achieving Enterprise Needs is an Agreement between Architecture and Infrastructure Leveraging a scalable, on-demand infrastructure requires an application that can take advantage of it. Corollary: Fork-lifting a broken architecture into the AWS cloud will not make it any better Architecture and Infrastructure Must Work Together
5. There are Many Paths into the Cloud Move to the Cloud Build for the Cloud
6. Design for Failure and Nothing Fails Loose Coupling Sets You Free Design for Dynamism Security is Everywhere Don’t Fear Constraints Leverage a Variety of Storage Services Cloud Architecture Lessons Learned
7. Never expect your systems to be stable Everything fails Hard disks Power supplies Cabling Network ports Switches Load-balancers Ethernet chips IO controllers Fans Even software fails If you can add it, it can fail Design for Failure and Nothing Fails
8. Elastic IPs enable consistent endpoints and a re-mappable Leverage multiple Amazon EC2 Availability Zones (AZs) Replicate databases and persistence layers across AZs Use real-time monitoring across key access points Use Elastic Block Store (EBS) for persistent file systems Snapshot EBS for disaster recovery and increased persistence Auto Scaling and Elastic Load Balancing can automatically provision new resources Use Amazon CloudWatch to monitor instance health Designing for Failure with AWS
9. Components should not make no assumptions about the inner workings of other components Design for a jumble of black boxes Loosely coupled systems and AWS De-coupling systems allows for hybrid models (in-cloud + in-physical data center) Balancing between clusters enables easier scaling Using queues (Amazon SQS) buffers against failures Loose Coupling Sets You Free
10. Components should not assume the health or location of other components Bootstrapping and dynamic configuration helps you scale dynamically Add or build management components to enable scale-out and scale-in on-demand Design for Dynamism
11. With AWS, physical security is free, network security is easy, and other security can be added Building secure systems with AWS Create distinct Security Groups for each Amazon EC2 cluster Use group-based rules for controlling access between layers Restrict external access to specific IP ranges and ports Use strong passwords and certificate-based authentication Encrypt data stored in Amazon S3 Encrypt information transmitted across the wire Use encrypted file systems for sensitive data Security is Everywhere
12. Having a flexible, on-demand pool of resources allows for different architectures that remove constraints Don’t Fear Constraints I need more than xxGB of RAM per instance Distribute load across multiple instances; use a shared distributed cache I need more than xxK IOPS on my database Run multiple read-only copies; sharding; database clustering software My current server specs are better than the EC2 instances Run more Amazon EC2 instances but only when you need them I need static IPs for my servers Boot scripts that re-configure software from configuration database
13. AWS offers a wide variety of storage services designed for reliability, low latency, ease of access, indexing and throughput. Amazon S3 is optimized for easy access to highly durable and available storage of objects Store persistent data needing durability and easy access Amazon CloudFront for performance Push popular objects to worldwide edge locations Amazon SimpleDB for indexing, speed, scale, and simplicity Store small bits of data that have no dependencies, such as metadata Amazon EBS acts like a disk drive for persistent storage with high throughput and basic durability Store dynamic content or a traditional RDBMS Amazon EC2 local disk space for transient data Leverage a Variety of Storage Services
14. Deploy internal applications for greater cost savings Development, test, staging and training environments Hosting of quick and effective marketing campaign (micro-sites) Faster time to market for new business opportunities Recurring or on-demand batch data processing jobs Large scale analytics (Hadoop) Disaster recovery Load testing applications on your own infrastructure What Can an Enterprise Do on AWS?
16. A typical enterprise application could need: A secure environment that is part of the enterprises’ existing network (Amazon VPC) Computing power (Amazon EC2) Storage capacity for images, videos, backups, files, etc. (Amazon S3) Indexed storage (Amazon SimpleDB) Relational Database (Your favorite on EBS) Messaging between components (Amazon SQS) Load balancing for optimal performance Enterprise Application Design on AWS
17. Create a secure connection between assets and applications within your corporate network and assets and applications that reside in AWS Users and applications within your existing infrastructure securely interact with assets in AWS as if they were local Amazon VPC Extends Your Datacenter Your existing infrastructure Amazon VPC
18. Customer’s isolated AWS resources Amazon VPC Architecture 10.32.2.0/24 Subnets 10.32.3.0/24 10.32.1.0/24 VPN Gateway AmazonWeb Services Cloud Secure VPN Connection over the Internet External Customers YourNetwork
19. Establish subnets to control who and what can access your resources Connect your isolated AWS resources and your IT infrastructure via a VPN connection Launch AWS resources within the isolated network Use your existing security and networking technologies to examine traffic to/from your isolated resources Extend your existing security and management policies within your IT infrastructure to your isolated AWS resources as if they were running within your infrastructure Amazon VPC Creates an isolated environment within AWS
20. Advantages of your on-premises infrastructure Ensure network isolation Works with your security tools Employ your existing identity and authentication infrastructure Integrates seamlessly with the rest of your infrastructure via VPN Plus, the benefits of a cloud-based infrastructure Don’t get trapped by CapEx True company-level elasticity Lower operational responsibilities and costs Super-fast provisioning of on-demand resources Realize the Best of Both Worlds
21. Available now Amazon EBS Single AZ in us-east-1 Amazon CloudWatch On-Demand and Reserved Instances Linux/UNIX and Windows Upcoming features Direct Internet access Multiple AZs Elastic IPs Security groups Amazon DevPay Auto Scaling Elastic Load Balancing Amazon VPC: Supported AWS Features
22. Internal new employee provisioning application A hiring manager visits an internal website Enters employee information, including start date, office location, computer type, and so on The website kicks off a series of workflows on existing systems already deployed within the company Facilities: setup the office space IT: setup the new computer Hiring manager: email with forms for employee to fill out …and so on… Spiky usage around Summer (new interns) No internal resources available for the application, so the organization has chosen to deploy in AWS Our Sample Enterprise Application (Old Way)
23. Setup the Web Server in Amazon VPC AWS Cloud Amazon VPC Existing Network
24. Flexible Choose your programming model, application platform, databases, and operating system stack Cost-effective, pay only for what you use Scalable Automatically add and delete resources as they are needed Reliable Built on the world-class Amazon infrastructure Secure Connection with Amazon VPC ensures that only users within your organization can see your AWS resources Web Server Running on Amazon EC2
25. Use Amazon S3 for Raw Storage AWS Cloud Store persistent files in Amazon S3 for lower costs, higher reliability Encrypt sensitive data
26. Use Amazon EBS to Host Databases AWS Cloud Configure an Amazon EBS device to host your existing relational database. Snapshots can be automatically backed up to Amazon S3.
27. Interact With Existing Corporate Systems Amazon VPC provides a two-way secure connection so that applications hosted in AWS can communicate with systems hosted in our existing network.
28. Amazon SimpleDB can be used as a cost-effective, zero-administration indexed store for your application Amazon CloudWatch, Elastic Load Balancing, and Auto-Scaling services enable greater fault-tolerance and scalability Amazon Elastic MapReduce can be used to crunch and analyze large amounts of data Amazon Flexible Payments Service can handle checkout pipelines and payment methods Amazon Mechanical Turk can be used for tasks best suited for human intervention (e.g., image upload and content approval, database cleansing, etc.) Additional Capabilities
29. AWS Management Console Numerous cloud-based third-party providers BMC, RightScale, others API-based control enables existing workflow applications to manage AWS resources Existing IT management systems can extend to cloud Amazon VPC enables existing management and operations systems, security policies, etc. to extend to cloud resources Amazon CloudWatch provides easy to use monitoring Management and Operations
This slide discusses the corresponding AWS functionality that we will support at limited public beta launch. Please note that the items under "Launch ++" are other AWS capabilities that we are currently evaluating for operability within VPC, but do not have a date as yet. Direct Internet/AWS access is our most important feature.
As you can recall, we’ve setup Amazon VPC in the AWS cloud. We’ve also configured a secure connection between our existing network and Amazon VPC. All of our activity inside our VPC and all traffic to and from our existing network and Amazon VPC can be monitored, managed, and secured by all of our existing security apparatus and procedures/policies.We will deploy our web server and full application platform stack on Amazon EC2 instances that are spawned within Amazon VPC.
Benefits of using Amazon EC2 to host your web application.
We will host all of our static and large files over on Amazon S3. Things like images, music, PDFs, and the like are best suited for Amazon S3. Amazon S3 provides a low-cost, highly reliable and scalable storage environment for your web applications. We will encrypt this data for security reasons.
You can host your relational database on top of Amazon EBS. Companies like IBM and Oracle have even enabled license portability so that you can bring your existing database licenses into the AWS cloud.
As you’ll recall, we want our application to be able to kickoff workflows with a bunch of systems we’re already running internally. While it may make sense, both economically and technically, to eventually migrate these systems into AWS as well, as of right now that isn’t the case. So, we’ll need to be able to have our Employee Provisioning application that is hosted in AWS be able to communicate with our internal systems. With Amazon VPC, this is easy.
These are some additional AWS features that we could use as part of our application.