Beyond EC2 and S3

Editor's Notes

• #3: Welcome Agenda Introduction Amazon Web Services (History, What it is, Misconceptions, Assurance, Big-Name Clients) Quick overview of AWS Products and Services Focusing on Entry/Mid-Level Frequently Used Services Skipping Enterprise-Level Dinner Use Cases / Practical Applications (including Q&A and Discussions around optimal AWS utilization)
• #5: Late 1990s/Early 2000s Big Companies had scaling problems “Classic” server deployments in custom-built datacenters Oracle, IBM servers High overhead Expensive maintenance Google, Amazon and Microsoft all had the solve the problem and did so by building their own “Cloud” environments. Virtualized environments… Take advantage of all physical hardware by allowing multi-tenant environments Allowed near-instant provisioning and scaling (minutes vs hours) Allow software and hardware teams to work independently of each other Amazon launched their first public AWS Service (Simple Queue Service) in NOV 2004 Google and Microsoft started making their cloud environments publicly available in 2008
• #6: Less Reliable Originates from poorly architected environments and applications not designed to gracefully fail. 99.999999999 (9 9’s) of reliability guaranteed Applications can be built to have automated failure recovery on top of Amazon’s failure recovery 11 Geographic Regions Each region is geographically separated across the world Each region has 3-5 availability zones exposed to each client (there are actually more than that in each region) Each Availability zone is physically separated (building/campus) from each other Entire AWS Ecosystem is designed to continue functioning with loss of AZ or even Region (if the application is designed to allow for it) ------ More Expensive Originates from not fully understanding the billing process and rate reduction options available. Pay as you go (PAYG) – pay for what you use, when you use it Prices listed online are often all “on-demand”. Options are available for “reserved” and “bulk” pricing. Spot Instances / Overcapacity also available (can discuss later). AutoScale application infrastructure as needed, automatically ------ Less Secure Originates from not fully understanding what shared responsibilities exist. Amazon managed infrastructure, you managed application. Clients own all of the data AWS offers options to encryption data both in motion (SSL) and at rest (Data Encryption) Clients can choose where data stored geographically (political or compliance) Data Versioning and Automated Backups of entire services and databases are all one-click on/off *Favorite Feature* -- Firewalls made easy (Security Groups) – fully managed, AWS handles hardware and network infrastructure security Provision dedicated hardware (only you are allowed to use) Physical Security Badge Controlled Access Guard Stations Armed Guards 24/7 Undisclosed Locations Monitored Security Cameras Alarms Segmented Rack Cages Completely Audited Access, Procedures and Processes Security often increases when using AWS due to security policies, countermeasures of scale Compliance List (next slide)
• #8: Netflix – Perhaps one of the most well known on here Services 57 million members in 50 countries Delivers billions of hours of content per month Collects and tracks 10PB of analytics per month to improve the streaming experience SAP – The biggest enterprise software company on the planet Enterprise software handles and tracks 60% of the world’s GDP US Department of State – Pretty self explanatory Amazon.com – Amazon runs amazon.com entirely on the AWS infrastructure
• #9: VPC is the your private network By default, instance can only communicate with each other (no outside access) It is possible to have services that have no external/public access Include an Internet Gateway for internet routing In its most basic configuration, works just like at home Internet Gateway = Router Security Groups = Firewall Set who can access what ports Eg. Port 80 (HTTP) and Port 443 (HTTPS) are globally accessible while your office/home IP has FTP access Eg. No-one can access MySQL outside of the VPC Network
• #10: Instance Actual server Comparable to a VPS/Dedicated Server Multiple Distributions Ability to upload custom distribution ENI Elastic Network Interface Re-Assignable between instances Every piece of infrastructure has an ENI NAT = Network Address Translation AMI Amazon Machine Image Complete snapshot (disk and configurations) Type Independent (launch same AMI on multiple instance types)
• #11: ENI Elastic Network Interface Re-Assignable between instances Every piece of infrastructure has an ENI ELB Elastic Load Balancer Infinitely Scalable with a single provisioned ELB (happens on the backend) Multiple Protocols Simultaneously SSL Termination Dual Stack Networking (IPv4 and IPv6) Auto Scaling Auto Scaling Groups (Rules) Launch Configurations (AMI + Instance Type) Handles the triggers and automated behavior for scaling
• #12: Hosted Zone DNS Server Globally Distributed
• #21: Use Auto-Scaling of 1 One ASG , min: 1, max: 1, desired 1: Provides failover/redundancy automatically No Cost