Cloud Native Computing - Part II - Public Cloud (AWS)
- 1. Cloud Native Computing -Webinar Series-
- 3. “Cloud native computing uses an open source software stack to deploy applications as microservices, packaging each part into its own container, and dynamically orchestrating those containers to optimize resource utilization. Cloud native technologies enable software developers to build great products faster” - Clod Native Computing Foundation What is Cloud Native Computing? ❖ Promotes Opensource ❖ Micro Services Architecture ❖ Containers and container orchestration tools ❖ Agility
- 4. “Cloud computing is shared pools of configurable computer system resources and higher-level services that can be rapidly provisioned with minimal management effort, often over the Internet. Cloud computing relies on sharing of resources to achieve coherence and economies of scale, similar to a public utility” - Wikipedia What is Cloud Computing? ❖ On demand computing over internet ❖ Minimal management effort ❖ Cost efficiency through economies of scale
- 5. “Serverless computing is a cloud-computing execution model in which the cloud provider acts as the server, dynamically managing the allocation of machine resources. Pricing is based on the actual amount of resources consumed by an application, rather than on pre-purchased units of capacity” “Application designs that incorporate third-party “Backend as a Service” (BaaS) services, and/or that include custom code run in managed, ephemeral containers on a “Functions as a Service” (FaaS) platform. ” What is Serverless Computing? AWS Lamda API Gateway S3 Dynamo DB RDS ❖ Reduced operational cost ❖ Reduced complexity ❖ Reduced engineering lead time
- 6. Part II – Public Cloud (AWS) Presented by Linjith K Kunnon 20th Jan 2019
- 7. Part II – Public Cloud Introduction to Cloud & AWS Cloud Overview AWS Global Infrastructure AWS Service Offerings Architecture Characteristics Compute EC2 Instance Application Load balancer Launch Configuration AMI Auto Scaling Storage S3 S3 Glacier Elastic Block Storage Elastic File Storage (EFS) Security & Identity IAM User Group Role Application Integration Simple Queue Service Simple Notification Service Networking & Content Delivery Network Essentials VPC Internet Gateway & NAT Security Groups & NACL Database RDS Read Replicas Multi-AZ Management & Governance Cloud Watch Cloud Trail CloudFormation Policy
- 8. ❖ 19 Regions ❖ 57 Availability Zones ❖ 139 Edge Locations (65 Cities, 25 Countries) ❖ 11 Regional Edge Caches AWS Global Infrastructure
- 9. Compute Storage Database Security & IdentityNetworking & Content Delivery Application Integration Amazon S3 Amazon Glacier Amazon DynamoDBAmazon RDS Amazon Route 53 Amazon SQS Amazon VPC endpoints routerInternet gateway VPC NAT gateway Amazon EFS Load Balancer Auto Scaling AMIInstance Elastic IP IAM KMSAmazon SNS SDKs AWS Management Console iOS Python (boto) AWS CLI .NETJava Node.js JavaScript PHP Xamarin AWS Service Offerings
- 10. ❖ Single Page Application – UI ❖ Http APIs – Service Layer ❖ Relational Database – AWS RDS PostgreSQL ❖ Web Server – Tomcat ❖ UI Server – S3 Web ServiceUI Server Serves Static Assets DB Sample Application
- 11. Architecture Characteristics Scalability Horizontal Scaling VerticalScaling Scale in Scale out Availability & Fault Tolerance Zone A Zone B M S ❖ Scalability - Property of a system to handle bigger amounts of work, or to be easily expanded, in response to increased demand for network, processing, database access or file system resources. ❖ High Availability - The concept of ensuring critical systems are always functioning. Eliminating single point of failures and enabling automatic failover are key to guarantee high system uptime. ❖ Fault Tolerance - An application or technology infrastructure that is designed in such a way that when one component fails (be it hardware or software), a backup component takes over operations immediately so that there is no loss of service. Redundancy is a key requirement for fault tolerant systems.
- 12. Solution Architecture - AWS Amazon Route 53 VPC NAT gateway VPC NAT gateway Public Subnet-10.0.1.0/24 Public Subnet - 10.0.0.0/24 Private Subnet-10.0.2.0/24 Private Subnet-10.0.3.0/24 sgDataLayersgPublic sgWebLayer vpc-demo:us-east-1 -10.0.0.0/16 us-east-1a us-east-1b us-east-1a-public us-east-1b-public us-east-1a-private us-east-1b-private Web Server Web Server DB-Master S3 Cloudfront Route 53
- 13. ❖ User - Represent the person or service that uses it to interact with AWS. Consists of a name and credentials. ❖ Role - A set of permissions that grant access to actions and resources in AWS. These permissions are attached to the role, not to an IAM user or group. ❖ Groups - An IAM group is a collection of IAM users. ❖ Policy – Manage access in AWS by creating policies and attaching them to IAM identities or AWS resources. A policy is an object in AWS that, when associated with an entity or resource, defines their permissions. AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources. Sample Policy Security & Identity
- 14. Compute – EC2 Instance EC2 Instance Types ❖ General Purpose ❖ Compute Optimized ❖ Memory Optimized ❖ Accelerated Computing ❖ Storage Optimized EC2 Instance Purchase Options ❖ On-Demand Instances ❖ Reserved Instances ❖ Scheduled Instances ❖ Spot Instances ❖ Dedicated Hosts ❖ Dedicated Instances ❖ Capacity Reservations Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud Launch Attach AMI EC2 Instance EBS Volume EC2 Instance Lifecycle
- 15. Compute – Application Load Balancer ❖ High availability ❖ Health checks ❖ Security features ❖ TLS termination ❖ Cross-zone load balancing Target Group 2 (EC2/Containers/Private IPs) Target Group 1 (EC2/Containers/Private IPs) /admin /pipeline https myapp.com ❖ Operational monitoring ❖ Path-Based Routing ❖ WebSocket Support ❖ HTTP & HTTPS protocol support Elastic Load Balancing distributes incoming application or network traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses, in multiple Availability Zones.
- 16. ❖ EBS - Persistent, durable, low-latency block-level storage volumes for EC2 instances ❖ EC2 Instance Store -Temporary block-level storage for EC2 instances ❖ EFS - Simple, scalable, shared file storage service for Amazon EC2 instances ❖ S3 - Secure, durable, and scalable object storage infrastructure ❖ Glacier - Long-term, secure, durable object storage S3 Life Cycle Storage
- 17. Database – RDS (Relational Database Service) A web service that makes it easier to set up, operate, and scale a relational database in the cloud. ❖ Fine grained resource (compute/storage) scaling - CPU, IOPS, or storage. ❖ Manages backups, software patching, automatic failure detection, and recovery. ❖ No shell access to DB instances. Restricts access to certain system procedures and tables that require advanced privileges. ❖ Automated and manual backups. ❖ High availability with a primary instance and a synchronous secondary instance that you can fail over. ❖ Read Replicas for an increased read scaling. ❖ Support for - MySQL, MariaDB, PostgreSQL, Oracle, Microsoft SQL Server. ❖ AWS Identity and Access Management (IAM) to define users & permissions. ❖ Deploy them in your VPC
- 18. Networking & Content Delivery - VPC Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you've defined. A networking layer for Amazon EC2. ❖ VPC - A virtual network dedicated to a given AWS account. Logically isolated from other virtual networks in the AWS Cloud. Launch AWS resources, such as Amazon EC2 instances, into a VPC. You can specify an IP address range for the VPC, add subnets, associate security groups, and configure route tables ❖ Subnet - A range of IP addresses in VPC. Launch AWS resources into a specified subnet. Use a public subnet for resources that must be connected to the internet, and a private subnet for resources that won't be connected to the internet. ❖ Regions & Availability Zones - Amazon EC2 is hosted in multiple locations world-wide. These locations are composed of regions and Availability Zones. Each region is a separate geographic area. Each region has multiple, isolated locations known as Availability Zones.
- 19. ❖ IP addresses: AWS provides private and public IP addresses. VPC CIDR block determines the number of private IP addresses. ❖ Route tables: Contains the routes that determine where your network traffic is routed. A subnet can be associated with only one route table at a time. ❖ Internet gateways (IGW): Allows resources inside VPC and a public subnet to communicate with things on the Internet. ❖ NAT instances: Allows resources in a private subnet to communicate with resources or things on the Internet. ❖ Security groups: Act as stateful firewalls that operate at the instance level. You can define what ports are open and the resources that can communicate with your resources over those ports. ❖ Network access control lists (NACLs): NACLs act as stateless firewalls that allow or block traffic at the subnet level. These can be used in conjunction with your security groups to strengthen your security. Networking & Content Delivery – VPC Continued…
- 20. Networking & Content Delivery – VPC Continued…
- 21. A VPC endpoint enables you to create a private connection between your VPC and another AWS service without requiring access over the Internet. Connect via VPC endpointConnect via internet Networking & Content Delivery – VPC Endpoints
- 22. Networking & Content Delivery – CloudFront A web service that speeds up distribution of static and dynamic web content, such as .html, .css, .js, and image files. Delivers content through a worldwide network of data centers called edge locations. If the content is already in the edge location with the lowest latency, CloudFront delivers it immediately. If the content is not in that edge location, CloudFront retrieves it from an origin that you've defined—such as an Amazon S3 bucket. ▪ 139 Edge Locations (65 Cities, 25 Countries) ▪ 11 Regional Edge Caches
- 23. Application Integration Simple Notification Service (SNS) - A web service that coordinates and manages the delivery or sending of messages to subscribing endpoints or clients. In Amazon SNS, there are two types of clients—publishers and subscribers—also referred to as producers and consumers. Simple Queue Service (SQS) - Offers a secure, durable, and available hosted queue that lets you integrate and decouple distributed software systems and components. SNS allows applications to send time-critical messages to multiple subscribers through a “push” mechanism. SQS is a message queue service used by distributed applications to exchange messages through a polling model.
- 24. Cloud Watch A monitoring service for AWS cloud resources and the applications you run on AWS. Collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources.
- 25. Cloud Trail Helps you enable governance, compliance, and operational and risk auditing of your AWS account. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail.
- 26. AWS CloudFormation YAML JSON ❖ Simplify Infrastructure Management ❖ Quickly Replicate Your Infrastructure ❖ Easily Control and Track Changes to Your Infrastructure AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources. You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances), and AWS CloudFormation takes care of provisioning and configuring those resources for you.
- 27. Sample Project
- 28. Amazon Route 53 VPC NAT gateway VPC NAT gateway Public Subnet-10.0.1.0/24 Public Subnet - 10.0.0.0/24 Private Subnet-10.0.2.0/24 Private Subnet-10.0.3.0/24 sgDataLayersgPublic sgWebLayer vpc-demo:us-east-1 -10.0.0.0/16 us-east-1a us-east-1b us-east-1a-public us-east-1b-public us-east-1a-private us-east-1b-private Web Server Web Server DB-Master S3 Cloudfront Route 53
- 29. Thank You