SECTION 2 The Building Blocks of Cloud Computing Compute – Basic architecture of a computer Compute – Basic architecture of a computer RAM is nonpersistent storage Central Processing Unit (CPU) Processor (CPU) Memory (RAM) Random Access Memory (RAM) Files/data are loaded into memory Measurements: Ø CPU is measured in Gigahertz (Ghz) Ø RAM is measured in Gigabyte (GB) Ø HDD is measured in Gigabyte (GB) Ø NIC is measured in Megabits per second (Mbps) or Gigabits per second (Gbps) Network Switch/Router Hard Disk Drive (HDD) Data is persistent Network Interface Card (NIC) Internet Compute – Basic architecture of a computer Processor (CPU) Memory (RAM) Network Switch/Router Hard Disk Drive (HDD) Network Interface Card (NIC) Internet Compute – Servers vs Desktops/Laptops Server Server Hardware Build: Ø Hardware is more specialized Ø Much higher prices compared to desktops / laptops Ø Includes redundancy Desktop Laptop Servers can be used by many users over a network Compute – Client / Server Computing Port: 80 The client application finds the server by IP address Protocol: HTTP A port is like a door into the server Web Server Port: 445 Protocol: SMB File Server Port: 25 Email Server Protocol: SMTP Storage – Hard Drives Hard Disk Drive (HDD) Solid State Drive (SSD) Ø Also known as magnetic drives Ø Older technology Ø Much slower than SSD Ø Much cheaper than SSD Ø Ø Ø Ø Uses flash memory Newer technology MUCH faster than HDD More expensive than HDD Storage – Hard Drives Disk Management Hard drives are block-based storage systems C:Volume D: 8001000 GB GB200 GB The Operating System (OS) sees a volume. A volume can be partitioned and formatted Hard Disk Drive (HDD) Hard drives are block-based storage systems Storage – Network Attached Storage The Operating System (OS) sees a filesystem that is mapped to a local drive letter The NAS “shares” filesystems over the network NIC Network Switch Network Attached Storage Server (NAS) NAS devices are file-based storage systems Storage – Object Storage Systems User uploads objects using a web browser There is no hierarchy of objects in the container Objects can be files, videos, images etc. The HTTP protocol is used with a REST API (e.g. GET, PUT, POST, SELECT, DELETE) Object Storage Container Storage – Block vs File vs Object The OS sees volumes that can be partitioned and formatted A filesystem can be shared by many users Block Storage Massively scalable, low cost File Storage Object Storage Disk Management There is no hierarchy of objects in the container C:Volume D: 8001000 GB GB200 GB Object Storage Container The OS reads/writes at the block level. Disks can be internal, or network attached A filesystem is “mounted” to the OS using a network share Uses a REST API IP Addressing Primer User enters website address in browser Name Type Value mycompany.local A 192.168.0.1 emailserver.local A 192.168.0.2 DNS Server Domain name is resolved to the IP address of the webserver Computer connects to 192.168.0.1 Web Server IP Addressing Primer Each part of the address is a binary octet An IPv4 address has a network and host ID 192 . 168 . 11111111 00000000 Host ID 0 . 1 255 . 255 . 255 . Network ID The subnet mask is used to define the network and host ID 0 IP Addressing Primer 11000000 192 11111111 10101000 . 168 . 0 1 . 255 . 00000000 255 . 255 . 0 00000001 Most significant bit 1 1 1 1 1 1 1 1 128 64 32 16 8 4 2 1 Binary Values Least significant bit IP Addressing Primer A network and subnet mask can also be written in this format Network 192 . 168 . 0 . 0 255 . 255 . 255 . 0 Subnet Mask = 192.168.0.0/24 IP Addressing Primer – How many host addresses? 8 bits Class A 10 8 bits . 0 8 bits . 0 8 bits . 0 Class B 172 . 16 . 0 . 0 Class C 192 . 168 . 0 . 0 First address = 10.0.0.1 Last address = 10.255.255.255 Total addresses = 16777214 First address = 172.16.0.0 Last address = 172.16.255.255 Total addresses = 65534 First address = 192.168.0.1 Last address = 192.168.0.255 Total addresses = 255 Networking – Routers and Switches IP Subnet A: 192.168.0.0/24 Destination Interface 192.168.0.0/24 eth0 10.0.0.0/24 eth1 Route Table 192.168.0.1 192.168.0.2 192.168.0.6 Switch eth0 eth1 10.0.0.1 10.0.0.6 192.168.0.3 10.0.0.2 Switch Router 192.168.0.5 192.168.0.4 IP Subnet B: 10.0.0.0/24 10.0.0.3 10.0.0.5 10.0.0.4 Networking - Firewalls POLICY PROTOCOL PORT DESTINATION SOURCE ALLOW HTTP 80 INTERNAL ANY ALLOW HTTPS 443 INTERNAL ANY DENY ANY ANY INTERNAL ANY Firewall Rules IP Subnet A Database Server IP Subnet B Application Server Firewall Database Server Application Server Web Server Firewall Web Server Firewall The Internet Databases Structured Query Language (SQL) query: SELECT FirstName FROM employees WHERE Location = Sydney Application servers are specialized computers running software Database servers are specialized computers running a database engine Application Servers Database Server Popular database engines: Ø Microsoft SQL Server Ø MySQL Ø Oracle Ø PostgreSQL Ø DB2 Ø SAP HANA Server without Virtualization Application Operating System Limitations: Ø OS is tied to hardware (no portability) Ø Hardware resources may be underutilized Website Windows OS Hardware Server Server with Virtualization Website Windows OS Many VMs can run on the same physical hardware This is known as a virtual server or ”virtual machine” Website Windows OS Virtual hardware is presented to the OS The hypervisor creates a layer of abstraction Hypervisor Server Server with Virtualization Website Windows OS Website Windows OS Website Windows OS Website Windows OS Hypervisor Server Website Windows OS Website Windows OS Server Virtualization: Portability Website Windows OS Hypervisor Server Hypervisor Server Server Virtualization: Portability Website Windows OS Hypervisor Server Hypervisor Server Docker Containers Every VM needs an operating system which uses significant resources Website Windows OS Docker Engine Hypervisor Server Windows OS Server Docker Containers Containers are very resource efficient Containers start up very quickly A container includes all the code, settings, and dependencies for running the application Each container is isolated from other containers Docker Engine Windows OS Server Application Programming Interfaces (APIs) – Building a house analogy Builder provides set of standard options Client Builder Application Programming Interfaces (APIs) – Building a house analogy Electrician Client Builder The builder gives instructions to the workers in a language they understand Carpenter Construction Application Programming Interfaces (APIs) The API provides the instructions developers use in their code HTTP Protocol Client Web Site API Application RESTful API Instructions are sent to API using the HTTP protocol Database SECTION 3 Cloud Computing Overview Legacy IT / Traditional IT This model is very capital intensive Corporate data center The IT equipment is owned by the company Storage Servers Servers A company typically leases space in a data center, or may own the whole building Router Switch Firewall Backup System Legacy IT / Traditional IT Corporate data center Corporate Office Storage Servers Servers Router Switch Firewall Backup System IT staff must design, build, operate, and manage equipment Legacy IT / Traditional IT Corporate data center Storage Servers Servers Router Switch Firewall Backup System Costs: Ø Data center building Ø Data center security Ø Physical IT hardware Ø Software licensing costs Ø Maintenance contracts Ø Power Ø Internet connectivity Ø Staff wages (design, build, operations, maintenance) What is Cloud Computing? Well-known examples Non-Cloud Services: Email Server Cloud Services: Gmail You don’t own or manage the infrastructure on which the service runs Cloud services are offered on a subscription / consumption model File Server Dropbox The service scales as demand changes Customer Relationship Management (CRM) Salesforce What is Cloud Computing? The Key Characteristics Name Description On-demand, self-service A user can consume cloud resources, as needed, automatically, and without human interaction Broad network access Capabilities are available over the network using standard mechanisms. Can be the Internet or a Wide Area Network (WAN) Resource pooling The providers resources are pooled and serve multiple consumers using a multi-tenant model Rapid elasticity Capabilities can scale “elastically” based on demand Measured service Resource usage is monitored and metered Deploying an eCommerce Website on-premises (aka the old way) Assumes you don’t have a private cloud, or don’t have enough capacity Activity: 1) Purchase hardware Timeline: 4-12 weeks 2) Install and build 3) Acceptance testing 1) Handover to operations 4-8 weeks 2-4 weeks 1-2 weeks 3-6 months Deploying an eCommerce Website in the Cloud Customers connect over the Internet to place orders Customers AWS Cloud Corporate Office Website Admin The Internet The admin deploys an eCommerce website / database to AWS using the AWS Management Console Database Launching Cloud Services: Management Console Management Console A web-based console accessed through a standard web browser Launching Cloud Services: Command Line Command Line This command launches a virtual server (instances) on Amazon Web Services aws ec2 run-instances --image-id ami-xxxxxxxx --count 1 --instance-type t2.micro aws s3 ls s3://mys3databucket This command lists the contents of a storage container (bucket) on Amazon S3 Launching Cloud Services: Software Development Kit Code (SDK) A developer writes code in an integrated development environment (IDE) The code leverages the SDK to work with cloud services Cloud Service Models: Private Cloud Java WebApp Data Java Runtime Managed by you Linux OS Hypervisor Server A private cloud must also include self-service, multi-tenancy, metering, and elasticity Cloud Service Models: Infrastructure as a Service (IaaS) Java WebApp Managed by you Data Java Runtime Linux OS Examples: Ø Amazon Elastic Compute Cloud (EC2) Ø Azure Virtual Machines Ø Google Compute Engine Cloud Service Models: Platform as a Service (PaaS) Managed by you Java WebApp Data Examples: Ø AWS Elastic Beanstalk Ø Azure WebApps Ø Compute App Engine Cloud Service Models: Software as a Service (SaaS) Managed by you Java WebApp Pure consumption model Examples: Ø Google Apps Ø Salesforce.com Ø Zoom Cloud Service Models: Comparison Private Cloud IaaS PaaS Java WebApp Java WebApp Java WebApp Data Data Data Java Runtime Linux OS Java Runtime Linux OS Hypervisor You manage from the virtual server upwards You manage everything greater responsibility + greater control You simply upload your code/data to create your application SaaS Java WebApp You simply consume the service - little responsibility + little control Cloud Computing Deployment Models Name Description Examples Private Cloud An enterprise deploys their own infrastructure VMware, Microsoft, and applications into their own data center RedHat, OpenStack The IT services that you consume are hosted and AWS, Microsoft Azure, Public Cloud delivered from a third-party and accessed over the Google Cloud Platform Internet Hybrid Cloud A combination of on-premises, private cloud, and public cloud services are consumed Multicloud Usage of two or more public clouds at a time, and possibly multiple private clouds Deployment Models – Private Cloud Data center Self Service Portal / Service Catalog Network & Firewall You build and manage the cloud deployment Automation and Configuration Management Billing and Reporting Virtualization Cluster Multi-tenancy controller Storage & Backup Cloud management software layer Benefits Ø Complete control of the entire stack Ø Security – in a few cases, organizations may need to keep all or some of their applications and data in house Deployment Models – Public Cloud Benefits: Ø Variable expense, instead of capital expense Ø Economies of scale Ø Massive elasticity Public Cloud AWS Cloud Corporate Office Compute The Internet Connected using either the Internet or a private link Network Storage Database Deployment Models – Hybrid Cloud Benefits: Ø Allows companies to keep the critical applications and sensitive data in a traditional data center environment or private cloud Ø Take advantage of public cloud resources like SaaS, for the latest applications, and IaaS, for elastic virtual resources Ø Facilitates portability of data, apps and services and more choices for deployment models Public Cloud AWS Cloud Private Cloud Data center Organization The Internet Connected using either the Internet or a private link SECTION 4 Demystifying Cloud Architecture Stateful vs Stateless Applications Stateless: Stateful: Netflix records what has been watched No “state” is recorded about the user's session Person check a news website Person logs into Netflix Stateful vs Stateless Applications No data is stored on the web server, it is stateless eCommerce Application Database Server Application Server Web Server When the user purchases, the application layer processes the order and records the data in the database. This is stateful User The cart items are stored in cookies on the computer Stateful vs Stateless Applications No data is stored on the web server, it is stateless eCommerce Application Database Server Application Server Web Server When the user purchases, the application layer processes the order and records the data in the database. This is stateful User The cart items are stored in cookies on the computer Scalability and Elasticity: Scaling Up Application Windows OS Server Scalability and Elasticity: Scaling Up Application Scaling up means adding resources to the server Windows OS Server Scalability and Elasticity: Scaling Up Application Windows OS Scaling up means adding resources to the server Server Scalability and Elasticity: Scaling Out Application Windows OS Server Scalability and Elasticity: Scaling Out Application Windows OS Server Scalability and Elasticity: Scaling Out Scaling out means adding additional servers Application Windows OS Application Application Windows OS Application Windows OS Windows OS Server Server Load Balancing Each user connects to example.com Cloud Web Server 1 Web Server 2 Web Server 3 User 1 Load Balancer User 2 The load balancer re-routes the connection User 3 Fault Tolerance Redundant components allow the system to continue to operate Processor (CPU) Hard Disk Drive Memory (RAM) Hard Disk Drive Network Card The system may fail if there is no built-in redundancy High Availability and Fault Tolerance Cloud Availability Zone Think of an availability zone as a separate data center Web Server 1 User 1 Web Server 2 Availability Zone Web Server 3 Web Server 4 Load Balancer User 2 User 3 High Availability and Fault Tolerance Cloud Availability Zone Auto Scaling launches a new web server Think of an availability zone as a separate data center Web Server 1 User 1 Web Server 5 Availability Zone Auto Scaling Web Server 3 Web Server 4 Load Balancer User 2 User 3 High Availability and Fault Tolerance Cloud Availability Zone Think of an availability zone as a separate data center Web Server 1 User 1 Web Server 5 Load Balancer User 2 User 3 Tight Coupling Web Tier App Tier App tier cannot keep up with demand Loose Coupling Web Tier App Tier Messages wait in the queue for processing Message Queue Producers send messages to the queue Loose Coupling Web Tier App Tier Messages wait in the queue for processing Consumers poll the queue for messages Message Queue Monolithic Application Storefront User Interface Mobile Interface Order Service Account Management Payment Service Shipping Service Database Monolithic Application Updates to, or failures of, any single component can take down the whole application Storefront User Interface Mobile Interface Order Service Account Management Payment Service Shipping Service Database The user interface, business logic, and data access layer are combined on a single platform Monolithic Application Monolithic Application Linux OS User 1 Monolithic Application Linux OS Monolithic Application Linux OS Load Balancer User 2 User 3 Monolithic Application Storefront User Interface Mobile Interface Order Service Account Management Payment Service Shipping Service Database A microservice is an independently deployable unit of code Microservices Architecture Microservices are often loosely coupled Order Microservice Order Database Storefront User Interface Microservice Account Microservice Customer Database Mobile Interface Microservice Payment Microservice Billing Database Microservices are organized around business capabilities Shipping Microservice Shipping Database Microservices using Docker Containers Storefront User Interface Microservice Shipping Microservice Order Microservice Docker Engine Linux OS Server Microservices using Docker Containers Many instances of each microservice can run on each host Microservices can also be spread across hosts Docker Engine Docker Engine Docker Engine Linux OS Linux OS Linux OS Server Server Server Microservices: Attributes and Benefits Microservices Attribute Microservices Benefit Use of Application Programming Interfaces (APIs) Easier integrations between application components; assists with loose coupling Independently deployable blocks of code Can be scaled and maintained independently Business-oriented architecture Development organized around business capabilities; teams may be cross-functional and services may be reused Flexible use of technologies Each microservice can be written using different technologies (e.g. programming languages) Speed and agility Fast to deploy and update. Easy to include high availability and fault tolerance for each microservice Event-driven Architecture eCommerce Application Database Server Application Server Web Server User User places an order Event-driven Architecture eCommerce Application Database Server Application Server Web Server User User places an order Event-driven Architecture eCommerce Application Database Server Application Server Web Server User Event-driven Architecture A record of the order is written to the database eCommerce Application Database Server Application Server Web Server User The event publisher notifies an event processor Event Processor The event processor processes the record from the database Database Server The processed data is written to a separate database SECTION 5 Getting Started with AWS Amazon Web Services History Internally launched in 2002 Amazon SQS public launch 2004 Vision set out for AWS publicly with potential for public offerings 2003 Re-launch with S3, SQS, EC2 2006 All amazon.com retail sites migrated to AWS 2010 Sales of $1.57 billion 2015 Revenue of $25 billion 2018 Amazon Web Services (AWS) This is actually a snapshot of AWS services from a few years ago.. There are now well over 200 services! Gartner Magic Quadrant 2019 Ø According to Gartner in 2018 AWS was the leader in IaaS with over 48% share Ø AWS has been the leader for 10 years in a row! Ø $40 billion in revenue in 2019 The AWS Global Infrastructure Every region is connected via a high bandwidth, fully redundant network Region – us-east-1 Availability Zone Availability Zone Region – eu-west-1 Availability Zone Availability Zone Availability Zone Availability Zone An Availability Zone is composed of one or more data centers Each region consists of two or more Availability Zones There are 24 regions around the world Region – ap-southeast-2 Availability Zone Availability Zone Availability Zone Each region is completely independent Fundamentals of AWS Pricing Compute Storage Outbound Data Transfer Quantity of data that is transferred out from all services Amount of resources such as CPU and RAM and duration Quantity of data stored AWS Identity and Access Management Service (IAM) AWS Identity and Access Management (IAM) Policies are documents that define permissions and can be applied to users, groups and roles IAM Policy IAM Policy Roles are “assumed” by trusted entities and can be used for delegation IAM Policy IAM User An IAM user is an entity that represents a person or service Groups are collections of users and have policies attached to them IAM Group IAM Role Authentication Methods Consists of an Access key ID and secret access key Used for programmatic access to the API Access Key API EJPx!*21p9% IAM User Password AWS Management Console Used for authenticating to the AWS Management console Amazon Virtual Private Cloud (VPC) A VPC is a logically isolated portion of the AWS cloud within a region Region VPC Subnets are created within AZs Main Route Table Availability Zone Public subnet Destination Target 172.31.0.0/16 Local 0.0.0.0/0 igw-id EC2 Instance Availability Zone Router Private subnet You can launch virtual servers into your VPC subnets Internet gateway EC2 Instance An Internet Gateway is used to connect to the Internet The route table is used to configure the VPC router Multiple VPCs Each VPC has a different block of IP addresses CIDR stands for Classless Interdomain Routing Region VPC VPC CIDR 172.31.0.0/16 CIDR 10.0.0.0/16 Availability Zone Availability Zone Availability Zone Availability Zone Public subnet Public subnet Public subnet Public subnet Private subnet Private subnet Private subnet Private subnet Each subnet has a block of IP addresses from the CIDR block You can create multiple VPCs within each region AWS Public and Private Services AWS Cloud VPC Availability Zone Amazon DynamoDB Amazon S3 EC2 Instance Public services have public IP addresses / endpoints Public Internet Internet gateway Amazon CloudFront Amazon RDS Private subnet EC2 Instance Amazon Route 53 Private services can have public IP addresses but exist within the VPC Public subnet Amazon Elastic File System Security Groups & Network Access Control Lists (NACLs) VPC Availability Zone Private subnet Public subnet Security Group B Security Groups apply at the Instance level Security Group A Network ACL Network ACL Availability Zone Private subnet Security Group A Security Group B NACLs apply at the subnet level Public subnet Security Groups can be applied to Network ACL instances in any subnet Router Security Group A Network ACL Stateful vs Stateless Firewalls PROTOCOL SOURCE IP HTTP 10.1.1.1 10.2.1.10 65188 80 HTTP 10.2.1.10 10.1.1.1 80 65188 Web Server (10.2.1.10) DESTINATION IP SOURCE PORT Src Port: 80 Dest Port: 65188 Dest Port: 80 Src Port: 65188 A stateful firewall allows the return traffic automatically Firewall DESTINATION PORT Client (10.1.1.1) A stateless firewall checks for an allow rule for both connections Security Groups & Network Access Control Lists (NACLs) Security Group Network ACL Operates at the instance (interface) level Operates at the subnet level Supports allow rules only Supports allow and deny rules Stateful Stateless Evaluates all rules Processes rules in order Applies to an instance only if associated Automatically applies to all instances in with a group the subnets its associated with SECTION 6 Amazon Elastic Compute Cloud (EC2) Amazon Elastic Compute Cloud EC2 instances run Windows or Linux OS EC2 Instance EC2 Instance EC2 Instance EC2 hosts are managed by AWS An EC2 instance is a virtual server Website Windows OS EC2 Instance EC2 Instance EC2 Instance EC2 Instance EC2 Instance EC2 Instance EC2 Host Server Public, Private, and Elastic IP addresses Type Description Public IP address Lost when the instance is stopped Used in Public Subnets No charge Associated with a private IP address on the instance Cannot be moved between instances Private IP address Retained when the instance is stopped Used in Public and Private Subnets Elastic IP address Static Public IP address You are charged if not used Associated with a private IP address on the instance Can be moved between instances and Elastic Network Adapters Public Subnets Region Public Subnet Route Table VPC Availability Zone Public subnet Public-IP or Elastic IP EC2 Instance Private subnet Internet gateway Destination Target 172.31.0.0/16 Local 0.0.0.0/0 igw-id Private Subnets NAT = Network Address Translation Region NAT Gateway forwards connections to the Internet VPC Availability Zone Public subnet NAT gateway Elastic-IP Public Subnet Route Table Destination Target 172.31.0.0/16 Local 0.0.0.0/0 igw-id Private-IP Private subnet Private-IP EC2 Instance Internet gateway Private Subnet Route Table Destination Target 172.31.0.0/16 Local 0.0.0.0/0 nat-gateway-id Launching an Amazon EC2 instance Amazon Machine Image (AMI) EBS Snapshot Linux Microsoft Windows Instance Type Family Type vCPUs Memory (GiB) General purpose t2.micro 1 1 Compute optimized c5n.large 2 5.25 Memory optimized r5ad.large 2 16 Storage optimized d2.xlarge 4 30.5 GPU instances g2.2xlarge 8 15 Using Key Pairs with Amazon EC2 AWS Cloud The key pair is associated with an IAM account VPC Availability Zone Public subnet S3 Bucket IAM User EC2 Instance Private subnet The key pair will use any permissions assigned to the IAM user Policy AWS CLI configured with key pair Using Roles with Amazon EC2 AWS Cloud VPC The role is assumed by the EC2 instance S3 Bucket IAM Role Availability Zone Public subnet EC2 Instance Private subnet Policy No credentials are stored on the instance Amazon EC2 Auto Scaling Auto Scaling launches extra instance Availability Zone Availability Zone Public subnet EC2 Status Checks fail Public subnet EC2 Instances Auto Scaling group EC2 Instances CloudWatch notifies Auto Scaling to scale ASG replaces failed instance Metric reports CPU > 80% Metrics Amazon CloudWatch Metrics Amazon Elastic Load Balancing Availability Zone Public subnet EC2 Auto Scaling terminates instance 1 Instance 1 ELB takes instance 1 out of service (failed health check) User 1 Instance 2 Auto Scaling Availability Zone Public subnet Elastic Load Balancer Instance 3 Instance 4 User 2 User 3 User 1 is connected to instance 4 Amazon Elastic Load Balancing Availability Zone Public subnet EC2 Auto Scaling Launches instance 5 User 1 Instance 5 Instance 2 User 2 Auto Scaling Availability Zone Public subnet Elastic Load Balancer User 3 Instance 3 Instance 4 This architecture includes high availability and fault tolerance User 4 SECTION 7 AWS Storage Block, File, and Object Storage Amazon Elastic Block Store (EBS) Amazon Elastic File System Corporate data center http://s3.aws-region.amazonaws.com/bucket/object Availability Zone HDD/SSD Amazon S3 File system On-premises client Volume REST API: GET, PUT, POST, SELECT, DELETE Uses the NFS Protocol /dev/xvdf or C: Linux only Availability Zone /efs-mnt EC2 Instance EC2 Instance Availability Zone Object /efs-mnt EC2 Instance Internet Client Amazon Elastic Block Store (EBS) Availability Zone EBS volumes exist within an Availability Zone The volume is automatically replicated within the AZ EBS Volume EBS Volume The volume is mounted over a network C: D: EC2 Instance Amazon Elastic Block Store (EBS) Solid State Drives (SSD) Volume Type Short Description Use Cases Hard Disk Drives (HDD) EBS Provisioned EBS General Purpose Throughput Optimized HDD Cold HDD (sc1) IOPS SSD (io1) SSD (gp2) (st1) Highest General Purpose SSD Low cost HDD volume Lowest cost HDD performance volume I/O-Intensive Boot volumes, low- Big data, data warehouses, Colder data requiring NoSQL and latency interactive apps, log processing fewer scans per day relational dev & test databases Volume Size 4GB – 16TB 1 GB – 16 TB 500 GB – 16 TB 500 GB – 16 TB Max IOPS/Volume 64,000 16,000 500 250 Max 1,000 MB/s 250 MB/s 500 MB/s 250 MB/s Throughput/Volume Amazon Elastic Block Store (EBS) vs Instance Store EBS volumes are attached over the network Availability Zone EBS Volume EBS Volume Instance Store volumes are ephemeral (nonpersistent Instance Store volumes are physically attached to the host and offer high -performance EC2 Host Server EBS volumes offer persistent storage Amazon EBS Snapshots Region Availability Zone A EBS Volume EC2 Instance Snapshots are incremental and are stored on S3 Amazon S3 A snapshot is a pointin-time backup of your volume Availability Zone B EC2 Instance Snap A EBS Volume You can restore to a volume in another AZ Snap B You only need the most recent snapshot to restore Snap C Amazon Elastic File System (EFS) Amazon Elastic File System File system Uses the NFS Protocol Corporate data center On-premises client Linux only Availability Zone /efs-mnt EC2 Instance Availability Zone /efs-mnt EC2 Instance Amazon Simple Storage Service (S3) Bucket A bucket is a container for objects http://bucket.s3.aws-region.amazonaws.com EC2 instances connect using private addresses Private Connection Amazon S3 http://s3.aws-region.amazonaws.com/bucket VPC S3 Gateway Endpoint Public subnet Object An objects consists of: Ø Key (name of objects) Ø Version ID Ø Value (actual data) Ø Metadata Ø Subresources Ø Access control information Public Internet Internet gateway EC2 instances connect using public addresses EC2 Instance Private subnet EC2 Instance Internet Client SECTION 8 AWS Databases Amazon Relational Database Service (RDS) RDS runs on EC2 instances, so you choose an instance type RDS is a managed, relational database Amazon RDS RDS supports the following database engines: Ø Amazon Aurora Ø MySQL Ø MariaDB Ø Oracle Ø Microsoft SQL Server Ø PostgreSQL EC2 Amazon RDS – Scaling up (vertically) M4 Instance M4 instance db.m4.large 2 vCPUs, 8 GiB RAM db.m4.2xlarge 4 vCPUs, 32 GiB RAM Amazon RDS – Disaster Recovery (DR) and Scaling Out (horizontally) Region VPC Application servers can read from the read replica and write to the master Availability Zone Multi-AZ creates a passive standby. Primarily used for disaster recovery Writes RDS Standby EC2 App Server Writes EC2 App Server Synchronous replication Availability Zone Asynchronous replication RDS Master RDS Read Replica Reads only Read Replicas are used for scaling database queries (reads) Amazon DynamoDB Fully managed service. You create tables on an existing database Offers seamless, horizontal, scaling DynamoDB Table DynamoDB is a NoSQL, key-value type of database Data is replicated across multiple AZs within a region Amazon DynamoDB Ø DynamoDB is made up of: Ø Tables Ø Items Ø Attributes userid orderid book price date user001 1000092 ISBN100.. 9.99 2020.04.. user002 1000102 ISBN100.. 24.99 2020.03.. user003 1000168 ISBN2X0.. 12.50 2020.04.. SECTION 9 Automating Your Deployments AWS CloudFormation CloudFormation deploys infrastructure using code You define the AWS services to create in a template AWS CloudFormation CloudFormation creates and configures resources according the the template AWS Elastic Beanstalk Region VPC Elastic Beanstalk environment AWS Elastic Beanstalk Availability Zone Everything within the EB environment is launched and managed by EB Developer Client Public subnet Upload source code in ZIP file Instance Auto Scaling group Availability Zone Application Load Balancer Public subnet Instance SECTION 10 DevOps on AWS – Creating a Code Pipeline Continuous Integration Build servers build and test code Code repository could be GitHub, CodeCommit etc. AWS CodeCommit Developer pushes code AWS CodeBuild Results returned to Developer Continuous Integration & Continuous Delivery AWS CodePipeline Build servers build and test code AWS CodeCommit Developer pushes code Code released for deployment AWS CodeBuild Code pushed to application AWS CodeDeploy Results returned to Developer Application Application AWS CodePipeline with Elastic Beanstalk AWS CodePipeline AWS CodeCommit AWS Elastic Beanstalk Elastic Beanstalk environment Node.js App Developer AWS CodeStar IDE connects to CodeStar AWS CodeStar AWS CloudFormation Bucket AWS CodeCommit AWS CodeBuild Lambda function Developers AWS CodeDeploy API Endpoint SECTION 11 Content Delivery and DNS Services Amazon Route 53 Amazon Route 53 Health Checks Domain Registration .net .com .org Hosted zone example.com dctlabs.com EC2 Instances Traffic Flow DNS Resolution User enters website address in browser Name Type Value mycompany.local A 192.168.0.1 emailserver.local A 192.168.0.2 DNS Server Domain name is resolved to the IP address of the webserver Computer connects to 192.168.0.1 Web Server DNS Resolution with AWS Route 53 Amazon Route 53 What’s the address for example.com? A hosted zone represents a set of records belonging to a domain example.com Region Address is 8.1.2.1 VPC Availability Zone Public subnet HTTP GET to 8.1.2.1 Web Server: 8.1.2.1 Route 53 DNS Record Types Routing Policy What it does Simple Simple DNS response providing the IP address associated with a name Failover If primary is down (based on health checks), routes to secondary destination Geolocation Uses geographic location you’re in (e.g. Europe) to route you to the closest region Geoproximity Routes you to the closest region within a geographic area Latency Directs you based on the lowest latency route to resources Multivalue answer Weighted Returns several IP addresses and functions as a basic load balancer Uses the relative weights assigned to resources to determine which to route to Amazon CloudFront CloudFront Origins Content is pushed from the origin and cached Users Region Amazon S3 Amazon EC2 Users Edge location Edge location Edge locations are distributed around the world Edge location Edge location Users are directed to the nearest edge location Users Edge location Users Edge location Users Users Edge location Users SECTION 12 Containers and Serverless Amazon Elastic Container Service (ECS) Availability Zone Availability Zone ECS Cluster An Amazon ECS Cluster is a logical grouping of tasks or services ECS Service Task Task Task Task An ECS Task is created from a Task Definition Task Task An ECS Task is a running Docker container ECS Services are used to maintain a desired count of tasks Task Task Task Definition { "containerDefinitions": [ { "name": "wordpress", "links": [ "mysql" ], "image": "wordpress", "essential": true, "portMappings": [ { "containerPort": 80, "hostPort": 80 } ], "memory": 500, "cpu": 10 } AWS Lambda Code is executed Developer uploads some code Event occurs: Source can be CLI, API, SDK or a trigger Lambda function Developer AWS Lambda – Hello World Region Event is written to CloudWatch Logs Amazon CloudWatch Run test event AWS Lambda User SECTION 13 Loose Coupling Amazon Simple Notification Service (SNS) Transport Protocols Subscribers Lambda Decoupling Amazon Simple Queue Service Publisher Amazon Simple Notification Service Topic HTTP/HTTPS Email/EmailJSON Web Application Email SMS Text Amazon Simple Queue Service (SQS) Auto Scaling Group Auto Scaling Group Direct integration Web Tier Auto Scaling Group App Tier Decoupled integration Auto Scaling Group Queue Amazon Simple Queue Service Web Tier EC2 instance polls SQS App Tier AWS Lambda to Amazon SQS Event Source Mapping Add message to SQS queue Region AWS Lambda Event written to CloudWatch Logs Lambda polls the SQS queue Amazon CloudWatch Amazon Simple Queue Service User Serverless application: Amazon SQS, SNS, and Lambda Amazon CloudWatch Event is written to CloudWatch Logs Amazon SNS Topic Amazon Simple Queue Service Submit notification to SNS Topic User Lambda polls SQS AWS Lambda Function SECTION 14 Get Certified on AWS Why work in cloud computing? 1) 2) 3) 4) Job demand Globally relevant skills Rewarding career paths Great salaries Why get AWS certified? 1) 2) 3) 4) Demonstrate skills to employers Differentiate yourself Gain knowledge Develop practical skills AWS Certification THE END Hope you enjoyed the course!