Leverage Amazon Web Services to build

greenpepperwhinnySecurity

Nov 3, 2013 (3 years and 7 months ago)

48 views

Leverage Amazon Web Services to build
Elastic IT
-
Infrastructure Architectures…

© Zühlke 2013

Introduction to Amazon Web
Services

Christian Tschenett

Amazon Web Services

One minute introduction

13. January 2013

Slide
2

Servers

Web Storage

Load Balancer

User(s)

Client

Amazon

Web Services

AWS Management
Console

DevOp

© Zühlke 2013

Introduction to Amazon Web
Services

Christian Tschenett

Elastic Architectures

A simplistic case…

13. January 2013

Slide
4

Data Center Europe

Mitigate increasing load

with horizontal scaling





© Zühlke 2013


Manual interface to the Data Center


Hardware provisioning process partly consists of human tasks


Hardware procurement


Hardware installation


Network configuration







Adding additional servers is a matter of days to weeks!

Traditional Data Center

Introduction to Amazon Web Services | Christian Tschenett

Traditional Data Center

13. January 2013

Slide
6

© Zühlke 2013

Introduction to Amazon Web Services | Christian Tschenett

Web Interface

SOAP Interface

Infrastructure
-
as
-
a
-
Service Provider


Self
-
service interface to the Data Center (Web Console, API)


Virtual
-
Hardware provisioning is fully automated




Adding additional virtual servers is a matter of minutes!

Infrastructure
-
as
-
a
-
Service Provider

13. January 2013

Slide
7

© Zühlke 2013

Elastic Architecture with Auto Scaling

Introduction to Amazon Web Services | Christian Tschenett

t1: Medium Load






Servers Nodes: 2


IaaS
-
Provider (AWS, …)

t2: High Load



=>
Scale up!



Server
Nodes:

t3: Low Load

=>
Scale Down!

Server
Nodes:

13. January 2013

Slide
8

© Zühlke 2013

Introduction to Amazon Web
Services

Christian Tschenett

Amazon Web Services

Basic concepts and services

13. January 2013

Slide
9

© Zühlke 2013

Elastic Compute Cloud (EC2) Instances

Introduction to Amazon Web Services | Christian Tschenett

Sever Node

«on
-
premise»

EC2 Instance

Elastic Block Storage

«AWS»

attached root device

CPU,

Memory,

IO

Disk

-

OS

-

Middleware

-

Applications

13. January 2013

Slide
10

© Zühlke 2013

Amazon Machine Images (AMI)

Introduction to Amazon Web Services | Christian Tschenett

Node #1

«on
-
premise»

Node #2

Disk Image

«AWS»

Instance #1

Instance #2

Amazon Machine Image

run instance

run instance

-

OS

-

(Middleware)

-

(Applications)

13. January 2013

Slide
11

© Zühlke 2013

Security Groups

Introduction to Amazon Web Services | Christian Tschenett

App #1

«on
-
premise»

App #2

DB

Web #1

Web #2

DMZ

App Zone

Secure Zone

Admin SG: allow SSH from
Zühlke

App #1

«AWS»

App #2

Web #1

Web #2

DB

App SG:

allow 8080

from Web SG

Web SG:

allow HTTPS

from *



DB SG:

allow 1521

from App SG



13. January 2013

Slide
12

© Zühlke 2013

Elastic Load Balancers

Introduction to Amazon Web Services | Christian Tschenett

Node #1

«on
-
premise»

Node #2

Load Balancer

Load Balancer’

Instance #1

«AWS»

Instance #2

Elastic Load Balancer

availability
-

zone 1a

availability
-

zone 1b

13. January 2013

Slide
13

© Zühlke 2013

Amazon Relational Database Service (RDS)

Managed Oracle, SQL Server, MySQL

Introduction to Amazon Web Services | Christian Tschenett

«on
-
premise»

«AWS»

RDS DB
Instance

RDS DB

Instance

Standby

availability
-

zone 1a

availability
-

zone 1b

RDBMS Software,

Redundant HW,

RAID Storage,

Failover,

Snapshots,

Backup/Restore,

Patches,




13. January 2013

Slide
15

© Zühlke 2013

Introduction to Amazon Web
Services

Christian Tschenett

Amazon Web Services

Putting it all together


back to the simplistic case…

13. January 2013

Slide
16

on premises solution

Elastic Load

Balancer

EC2 Instance

EC2 Instance

EBS Volume

EBS Volume

Availability
Zone 1a

Availability
Zone 1b


EC2 Security Group


RDS Security
Group

RDS DB
Instance

Standby

© Zühlke 2013

1.
rds
-
create
-
db
-
instance

helloWorldDb



--
allocated
-
storage 5


--
db
-
instance
-
class db.t1.micro


--
engine
mysql



--
master
-
username
masteruser



--
master
-
user
-
password masterpw1234


--
db
-
security
-
groups
helloRdsSg

2.
rds
-
describe
-
db
-
instances

helloWorldDb

3.
rds
-
authorize
-
db
-
security
-
group
-
ingress

helloRdsSg



--
cidr
-
ip

188.63.186.153/32

AWS command line tools

Create an new MySQL Database Server

Introduction to Amazon Web Services | Christian Tschenett

13. January 2013

Slide
18

© Zühlke 2013

1.
echo

"
create database

helloworlddb
;


use
helloworlddb
;


create table

message(


mkey

varchar
(255),


mval

varchar
(255));


insert into

message(
mkey,mval
)


values ('
welcome','Hello

from DB');"

|
mysql

-
u
masteruser



-
pmasterpw1234


-
h helloworlddb.

.eu
-
west
-
1.rds.amazonaws.com

MySQL command line tools

Create database and tables, import data

Introduction to Amazon Web Services | Christian Tschenett

13. January 2013

Slide
19

© Zühlke 2013

1.
ec2
-
run
-
instances

ami
-
c37474b7


-
g
helloSg



-
k
myKey



-
t t1.micro

2.
ec2
-
describe
-
instances

i
-
3e15f174

AWS command line tools

Create and start a new Linux Server

(an EC2 instance based on Amazon Linux)

Introduction to Amazon Web Services | Christian Tschenett

13. January 2013

Slide
20

© Zühlke 2013

ssh

-
i

myKey.pem

ec2
-
user@$ec2
-

.amazonaws.com


1.
sudo

su

-

2.
yum
-
y install tomcat7

3.
cd /
var
/lib/tomcat7/
webapps
/

4.
wget

http://sisetestbucket.….amazonaws.com/test.war

5.
chown

tomcat:tomcat

test.war

6.
cd /
usr
/share/tomcat7/
conf
/

7.
echo 'JAVA_OPTS="${JAVA_OPTS}


-
Ddbendpoint
=
helloworlddb
.

.amazonaws.com/
helloworlddb



-
Ddbuser
=
masteruser



-
Ddbpassword
=masterpw1234"'


>> /
usr
/share/tomcat7/
conf
/tomcat7.conf

8.
service tomcat7 start

Linux Administration

Install Tomcat and deploy web application

Introduction to Amazon Web Services | Christian Tschenett

13. January 2013

Slide
21

© Zühlke 2013

Introduction to Amazon Web
Services

Christian Tschenett

Amazon Web Services

Supporting concepts for Elastic Architectures

13. January 2013

Slide
22

© Zühlke 2013

Elastic Architecture

Introduction to Amazon Web Services | Christian Tschenett


Alarm(s)

Amazon
CloudWatch

Elastic Load

Balancer

EC2 Instances

Amazon RDS

Auto scaling
Group

Down
-
/Up
-
Scale


13. January 2013

Slide
23

© Zühlke 2013

1.
elb
-
create
-
lb

helloWorldWeb


--
availability
-
zones eu
-
west
-
1a,eu
-
west
-
1b


--
listener "protocol=http,


lb
-
port=80,



instance
-
port=8080"

2.
elb
-
configure
-
healthcheck

helloWorldWeb



--
target "HTTP:8080/test/index.html"


--
interval 60


--
timeout 5


--
unhealthy
-
threshold 5


--
healthy
-
threshold 5

AWS command line tools

Create a new Elastic Load Balancer

Introduction to Amazon Web Services | Christian Tschenett

13. January 2013

Slide
24

© Zühlke 2013

1.
as
-
create
-
launch
-
config

helloWorldTomcat


--
image
-
id ami
-
c37474b7


--
instance
-
type t1.micro


--
group
helloSg


--
key
myKey



--
user
-
data
-
file cloudinit_tomcat_demoapp.sh

2.
as
-
create
-
auto
-
scaling
-
group

helloWorldAutoScaling



--
launch
-
configuration
helloWorldTomcat


--
max
-
size 2


--
min
-
size 1


--
availability
-
zones eu
-
west
-
1a,eu
-
west
-
1b


--
load
-
balancers
helloWorldWeb

AWS command line tools

Create an Auto Scaling Group

Introduction to Amazon Web Services | Christian Tschenett

13. January 2013

Slide
25

© Zühlke 2013

1.
as
-
put
-
scaling
-
policy

MyScaleUpPolicy


--
auto
-
scaling
-
group
helloWorldAutoScaling


--
adjustment=1


--
type
ChangeInCapacity



--
cooldown

300

2.
mon
-
put
-
metric
-
alarm

MyHighLatencyAlarm


--
metric
-
name Latency


--
namespace "AWS/ELB"


--
dimensions "
LoadBalancerName
=
helloWorldWeb
"


--
comparison
-
operator
GreaterThanThreshold



--
evaluation
-
periods 2


--
period 60


--
statistic Average


--
threshold 0.3


--
alarm
-
actions
arn
:

/
MyScaleUpPolicy

AWS command line tools

Setup Scaling Policies and Alarms

Introduction to Amazon Web Services | Christian Tschenett

13. January 2013

Slide
26


http://www.youtube.com/watch?v=HVGLx8OW5Ds

this presentation contains icons provided by Amazon Web Services and by openclipart.org