Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Data Management

Deploying an Application on the Cloud Chapter 4

advertisement 
Deploying an Application on the
Cloud
Chapter 4
Topics
• Your experience with Google App Engine and
mine with Pop!World
• Web application Architecture
• Machine Image design
Amazon S3 API (REST/SOAP)
• http://docs.amazonwebservices.com/Amazon
S3/latest/
Fig. 4-1Web Application Architecture
•
•
•
•
Use an MVC pattern
Display, UI, Content: View
Objects, (Database): Model
Activities, Operations: Controller
Machine Image Design
• Important indirect benefits of the cloud are:
– It forces discipline in deployment planning
– It forces discipline in disaster recovery
• First step in moving to the cloud is to prepare
a repeat redeployment process
• Machine image helps in this process.
– Is a very important concept (: comes from
virtualization.
– Ideal for cloud environment.
AMI
• Amazon machine image is a raw copy of the
operating system and the core software, any
installed applications.
• AMI is used for launching an instance.
• More importantly you can store a snapshot of
your instance in an AMI for use by others or
by for later use.
AMI Security
• In order to programmatically activate an
instance you need: AMI key and your security
credentials.
• Access id key, security access key are needed.
• Never store data in amazon AMI.
• Data is yours irrespective of the method
(patented etc.), right?
So what belongs in the AMI?
1. Create a component model that identifies what components
and versions are required to run the service that the new
machine image will support. (Ex: MYSQL… EBS)
2. Separate out stateful data in the component model. You will
need to keep it out of your machine image.
3. Identify the operating system on which you will deploy.
4. Search for an existing, trusted baseline public machine
image for that operating system.
5. Harden your system using a tool such as Bastille.
6. Install all of the components in your component model.
7. Verify the functioning of a virtual instance of your machine.
8. Build and save the machine image.
Hardening the system
• Hardening an operating system is the act of minimizing attack
vectors into a server.
– Removing unnecessary services.
– Removing unnecessary accounts.
– Running all services as a role account (not root) when
possible.
– Running all services in a restricted jail when possible.
– Verifying proper permissions for necessary system
services.
• The best way to harden your Linux system is to use a proven
hardening tool such as Bastille.
Privacy Design
• Consider a credit card using e-commerce
application.
– The application server and credit card server sit in two different
security zones with only web services traffic from the application
server being allowed into the credit card processor zone.
– Credit card numbers are encrypted using a customer-specific
encryption key.
– The credit card processor has no access to the encryption key, except
for a short period of time (in memory) while it is processing a
transaction on that card.
– The application server never has the ability to read the credit card
number from the credit card server.
– No person has administrative access to both servers
•
Availability zones are quite useful in this respect.
Database Management
• The trickiest part of the cloud management is
the management of persistent data.
• Use block storage, snapshot it, check point
periodically.
• In case of a failure recover to the latest
checkpointed state.
• Use EBS for database.
• Clustering or replication: replication is cheaper
and simpler.
Related documents
Theory Lecture for AMI Schools - International Montessori Training
Theory Lecture for AMI Schools - International Montessori Training
Environmental Policy - ami
Environmental Policy - ami
presentation
presentation
Press Release
Press Release
Under Armour Case
Under Armour Case
Hermosa Montessori Charter School, located in sunny Tucson
Hermosa Montessori Charter School, located in sunny Tucson
Distribution Automation Using AMI Communications
Distribution Automation Using AMI Communications
Effects of Decreased Emergency Department g y p
Effects of Decreased Emergency Department g y p
Field Asset Security in a Smart Grid World Æ Advanced Metering Infrastructure
Field Asset Security in a Smart Grid World Æ Advanced Metering Infrastructure
sunups
sunups
AMI and MDMS Deployment Best Practices White Paper July 2008
AMI and MDMS Deployment Best Practices White Paper July 2008
Inclusionary Housing Program Summary ! Characteristics:
Inclusionary Housing Program Summary ! Characteristics:
AUTOMATED UAV-BASED VIDEO EXPLOITATION FOR MAPPING AND SURVEILLANCE
AUTOMATED UAV-BASED VIDEO EXPLOITATION FOR MAPPING AND SURVEILLANCE
DEMAND RESPONSE AND ADVANCED METERING INFRASTRUCTURE IN CALIFORNIA:
DEMAND RESPONSE AND ADVANCED METERING INFRASTRUCTURE IN CALIFORNIA:
AMI T t i l AMI Tutorial J
AMI T t i l AMI Tutorial J
Estimating the Cost of a GIS in the Amazon Cloud
Estimating the Cost of a GIS in the Amazon Cloud
Realizing the smart grid of the future through AMI technology Carl LaPlace
Realizing the smart grid of the future through AMI technology Carl LaPlace
A Review of Ambient Intelligence Assisted
A Review of Ambient Intelligence Assisted
COMPILING OBJECTS AND OTHER LANGUAGE IMPLEMENTATION ISSUES Credit: Mostly Bryant & O’Hallaron
COMPILING OBJECTS AND OTHER LANGUAGE IMPLEMENTATION ISSUES Credit: Mostly Bryant & O’Hallaron
Object Interconnections
Object Interconnections
fed talk
fed talk
H-02 Holy Cross Hospital, Chicago 13-076
H-02 Holy Cross Hospital, Chicago 13-076
Download
advertisement