게임을 위한 Cloud Native on AWS (김일호 솔루션즈 아키텍트, AWS) :: Gaming on AWS 2018
2 likes•2,108 views
The document outlines the cloud-native value proposition for gaming architecture using AWS, detailing the benefits of scalability, automation, cost savings, and various AWS services such as Lambda, DynamoDB, and container management options. It emphasizes operational challenges, security measures, and strategies for leveraging databases like Aurora and Neptune in gaming applications. Additionally, it highlights analytics and innovative practices to improve game performance and security in a cloud environment.
![GraphDB query example
What games does skywalker123 like?
gremlin>
g.V().has('GamerAlias','skywalker123').
as('gamer').out('likes’)
==>v[ARMS]
==>v[HorizonZeroDawn]
==>v[GranTurismoSport]
==>v[Ratchet&Clank]
==>v[Fifa18]
==>v[GravityRush]
==>v[SuperMarioOdyssey]
==>v[MarioKart8]](https://image.slidesharecdn.com/cloudnativeonawsandykimfinal1-181101021222/85/Cloud-Native-on-AWS-AWS-Gaming-on-AWS-2018-40-320.jpg)
게임을 위한 Cloud Native on AWS (김일호 솔루션즈 아키텍트, AWS) :: Gaming on AWS 2018
- 1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 김일호 Solutions Architect Manager Cloud Native on AWS
- 2. •Agenda • Cloud native value proposition for game • Innovation on computing with AWS • Containers, MSA • Database • Aurora and Neptune • Data Analytics • Security
- 3. Still on-prem and doing heavy lifting
- 4. Server, Storage, Software OS, VMs Space, DC, Power, Cooling, Maintenance, Backup, Monitoring tools, Network, Patch, Outsourcing Server, Storage, Software OS, VMs Space, DC, Power, Cooling, Maintenance, Backup, Monitoring tools, Network, Patch, Outsourcing
- 5. Great, but can we impvove the architecture in a cloud-natively way? ELB Region CloudFront CDN
- 6. Cloud native architectures take full advantage of on-demand delivery, global deployment, elasticity, and higher-level services. They enable huge improvements in developer productivity, business agility, scalability, availability, utilization, and cost savings. Adrian Cockcroft, VP Cloud Architecture Strategy, AWS What is Cloud native?
- 7. Works well for the most of gaming architecture Low hanging fruits, but not fully make use of Cloud Benefits Scalability, Automation, and cost-saving DX and hybrid Still lift and shift to cloud Run workloads in the cloud Run workloads on-premises
- 10. Gaming DB PlatformDB Gaming DB Platform DB CORP Hybrid Connectivity -- Data Streams / Replication
- 11. S3 DB App Archive CORP Hybrid Connectivity – Storage / Backup / Archive
- 12. Connectivity Options - Public IPs - Elastic IPs - Internet data out pricing - IPsec authentication and encryption - Two main options - AWS Managed VPN - Software VPN (EC2) - Launched in 2011 - Private connection - Separate from the Internet - Consistent network experience - Connect through 67 locations - Port speeds of 1 Gbps, 10 Gbps or sub-1 Gbps AWS Direct ConnectVPNPublic Internet
- 13. Asynchrous online game on AWS
- 14. Operational challenges ?? ELB ScalingStuck Instances Lost VPN Gateways +/- instances Lost volumesFlapping direct connects
- 15. Serverless
- 16. Serverless related AWS services AWS Lambda Amazon DynamoDB Amazon SNS Amazon API Gateway Amazon SQS Amazon Kinesis Amazon S3 Compute and API Proxy AWS X-Ray AWS Step Functions Datastores, Storage, Orchestration, Analytics, Interprocess Messaging Developer Tools AWS CodeBuild AWS CodePipeline AWS Serverless Application Model (SAM) Lambda@Edge AWS Cloud9 Amazon Aurora Serverless (preview) AWS AppSync
- 17. Authentication example Mobile client Amazon Cognito User Pools AWS Lambda Amazon API Gateway 1. initiate auth (username & password & API key) 2. return ID Tokens Amazon Cognito Identity Pools 3. get AWS scoped credentials AWS Lambda Pre signup (auto-confirm)
- 18. Gifting example Mobile client (receiver) 2-1. record history 1. poll queue AWS Lambda Amazon DynamoDB 3. receive gift 2. get new gift Mobile client (sender) 1. send message 3. enqueue message Amazon SNS Amazon SQS Mobile client Amazon SQS 1. create queue When a game started 2. update info AWS Lambda 2-2. determine receiver Redis Amazon DynamoDB
- 19. Gifting example Mobile client (receiver) 2-1. record history 1. poll queue AWS Lambda Amazon DynamoDB 3. receive gift 2. get new gift Mobile client (sender) 1. send message 3. enqueue message Amazon SNS Amazon SQS AWS Lambda 2-2. determine receiver Amazon DynamoDB 1. create queue When a player’s registration is confirmed 2. add queue url Amazon Cognito User Pools AWS Lambda 3. registration gift
- 21. Containers EC2 Instance TaskTask Task Task EC2 Instance TaskTask Task Task EC2 Instance TaskTask Task Task EC2 Instance TaskTask Task Task EC2 Instance TaskTask Task Task Flexibility, gaming workloads using containers AWS VPC Networking, Task management, Auto Scaling, Scheduling, CloudWatch metrics, Load balancers, SDK, CLI…
- 22. Scheduling and Orchestration Cluster Manager Placement Engine Running containers with AWS ECS Availability Zone #1 Availability Zone #2 Availability Zone #3
- 24. Scheduling and Orchestration Cluster Manager Placement Engine ECS AMI Docker agent ECS agent EC2 Instance ECS AMI Docker agent ECS agent EC2 Instance ECS AMI Docker agent ECS agent EC2 Instance
- 25. Kubernetes, container management platform Open source container management platform Helps you run containers at scale Gives you primitives for building modern applications
- 26. 57%of Kubernetes workloads run on AWS today —CNCF survey
- 27. E L A S T I C C O N TA I N E R S E RV I C E F O R K U B E R N E T E S (EKS)
- 28. How Amazon Elastic Container Service for Kubernetes works
- 29. Availability Zone 1 etcd Master etcd Master Availability Zone 2 Availability Zone 3 etcd Master Run highly available and scalable Kubernetes clusters on AWS
- 30. Database
- 31. Amazon Aurora Scale out to millions of reads per second Scale-out read performance Break Apart the Stack Scale Out Each Layer Independently Leverage Distributed Services Up to 15 Read Replicas Across Three AZs Auto-Scale New Read Replicas Auto-Scale Storage (no pre-provisioning needed)
- 32. Amazon Aurora has up to 15 read replicas Master Read Replica 1 Read Replica Read Replica 15 Shared distributed storage volume Reader end-point
- 33. Amazon Aurora multi-masters (Preview) Application Read Replica 1 Master Node Read Replica 2 Shared Distributed Storage Volume Availability Zone 1 Availability Zone 2 Availability Zone 3 Application Read/Write Master 2 Read/Write Master 1 Shared Distributed Storage Volume Availability Zone 1 Availability Zone 2 Availability Zone 3 Read/Write Master 3
- 34. Multi-region Multi-master Cross-region replication happens at in the storage layer, and based on physical redo (no binlog) REGION 1 REGION 2 HEAD NODES HEAD NODES MULTI-AZ STORAGE VOLUME MULTI-AZ STORAGE VOLUME LOCAL PARTITION LOCAL PARTITIONREMOTE PARTITION REMOTE PARTITION
- 36. Amazon Route 53 A global one build • Latency based routing • Weighted routing
- 38. Use cases of GraphDB Fraud DetectionRecommendationsSocial Networks
- 40. GraphDB query example What games does skywalker123 like? gremlin> g.V().has('GamerAlias','skywalker123'). as('gamer').out('likes’) ==>v[ARMS] ==>v[HorizonZeroDawn] ==>v[GranTurismoSport] ==>v[Ratchet&Clank] ==>v[Fifa18] ==>v[GravityRush] ==>v[SuperMarioOdyssey] ==>v[MarioKart8]
- 44. Main area of fight is middle field
- 45. Unexpected area of high death rate
- 46. Identify a design failure of map
- 47. Gaming analytics architecture example Central Storage Secure, Cost Effective Storage in S3 S3 Catalog & Search Access & Search Metadata DynamoDB Amazon ES Athena Quicksight EMR Redshift Processing & Analytics Use predictive and prescriptive analytics to gain better understanding Firehose Data Ingestion Get your data into S3 quickly and securely { ‘event_id’ : ‘05b00439-6a07-4112-9c8d- 165f1643e5d1’, ‘event_type’ : ‘player_death’, ‘event_timestamp’ : ‘2017-05-01T21:05:18.000Z’, ‘arena’ : ‘el_dorado’, ‘position_x’ : 507.12, ‘position_y’ : 551.61 }
- 48. Security & DDoS mitigation
- 49. Shared responsibility model for Infrastructure
- 50. Shared responsibility model for container services
- 51. Shared responbility model for abstracted services
- 52. DDoS-Resilient Architecture Amazon Route 53 ALB Security Group Amazon EC2 Instances Application Load Balancer Amazon CloudFront Public Subnet Web Application Security Group Private Subnet AWS WAF Amazon API Gateway DDoS Attack Users Globally distributed attack mitigation capability SYN proxy feature that verifies three-way handshake before passing to the application Slowloris mitigation that reaps long-lived collections Mitigates complex attacks by allowing only the most reliable DNS queries Validates DNS Provides flexible rule language to block or rate-limit malicious requests
- 53. Session-Based Game Architecture Security Group Amazon EC2 Instances Network Load Balancer Public Subnet Web Application Security Group Private Subnet DDoS Attack Users AWS Shield Elastic IP Address
- 54. Use case, Pokemon • Massive increase in legitimate users and traffic • Massive, disproportional increase in illegitimate users and traffic • Bots • Scanners • DDoS attacks https://www.slideshare.net/AmazonWebServices/automating-ddos-response-in-the-cloud-sid324-reinvent-2017
- 55. AWS Shield advanced • Existing application on AWS • The next major Pokémon GO event was only two weeks away: •Pokémon DevOps and InfoSec worked closely with AWS •Started slowly moving traffic in a week •100% of GO login traffic was protected by AWS Shield Advanced in less than two weeks from “go” • Cloud-routed WAF issues are behind us: • No more WAF capacity issues taking us offline • Pokémon is now seeing: • Lower latency through the WAF • Superior analytics and logging
- 56. Protect your game service, GuardDuty Threat intel, ML/AI Anomaly Detection Alert and RESPOND Scouting Instance Compromise Account Compromise Amazon GuardDuty VPC flow logs DNS Logs CloudTrail Events HIGH MEDIUM LOW FindingsData SourcesThreat Detection Types
- 57. •Wrap up • Cloud native value proposition for game • Innovation on computing with AWS • Containers, MSA • Database • Aurora and Neptune • Data Analytics • Security
- 58. Thank you